| blob | 2da1b57012b20a8d0ecc90e32780ec5b8cd4da94 |
1 /*
2 * This file is PRIVATE to SSL and should be the first thing included by
3 * any SSL implementation file.
4 *
5 * ***** BEGIN LICENSE BLOCK *****
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7 *
8 * The contents of this file are subject to the Mozilla Public License Version
9 * 1.1 (the "License"); you may not use this file except in compliance with
10 * the License. You may obtain a copy of the License at
11 * http://www.mozilla.org/MPL/
12 *
13 * Software distributed under the License is distributed on an "AS IS" basis,
14 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
15 * for the specific language governing rights and limitations under the
16 * License.
17 *
18 * The Original Code is the Netscape security libraries.
19 *
20 * The Initial Developer of the Original Code is
21 * Netscape Communications Corporation.
22 * Portions created by the Initial Developer are Copyright (C) 1994-2000
23 * the Initial Developer. All Rights Reserved.
24 *
25 * Contributor(s):
26 * Dr Stephen Henson <stephen.henson@gemplus.com>
27 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
28 *
29 * Alternatively, the contents of this file may be used under the terms of
30 * either the GNU General Public License Version 2 or later (the "GPL"), or
31 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
32 * in which case the provisions of the GPL or the LGPL are applicable instead
33 * of those above. If you wish to allow use of your version of this file only
34 * under the terms of either the GPL or the LGPL, and not to allow others to
35 * use your version of this file under the terms of the MPL, indicate your
36 * decision by deleting the provisions above and replace them with the notice
37 * and other provisions required by the GPL or the LGPL. If you do not delete
38 * the provisions above, a recipient may use your version of this file under
39 * the terms of any one of the MPL, the GPL or the LGPL.
40 *
41 * ***** END LICENSE BLOCK ***** */
42 /* $Id: sslimpl.h,v 1.56 2007/05/01 03:54:58 nelson%bolyard.com Exp $ */
44 #ifndef __sslimpl_h_
45 #define __sslimpl_h_
47 #ifdef DEBUG
48 #undef NDEBUG
49 #else
50 #undef NDEBUG
51 #define NDEBUG
52 #endif
60 #if defined(XP_UNIX) || defined(XP_BEOS)
62 #endif
68 /* to make some of these old enums public without namespace pollution,
69 ** it was necessary to prepend ssl_ to the names.
70 ** These #defines preserve compatibility with the old code here in libssl.
71 */
76 #define sign_null ssl_sign_null
77 #define sign_rsa ssl_sign_rsa
78 #define sign_dsa ssl_sign_dsa
79 #define sign_ecdsa ssl_sign_ecdsa
81 #define calg_null ssl_calg_null
82 #define calg_rc4 ssl_calg_rc4
83 #define calg_rc2 ssl_calg_rc2
84 #define calg_des ssl_calg_des
85 #define calg_3des ssl_calg_3des
86 #define calg_idea ssl_calg_idea
88 #define calg_aes ssl_calg_aes
89 #define calg_camellia ssl_calg_camellia
91 #define mac_null ssl_mac_null
92 #define mac_md5 ssl_mac_md5
93 #define mac_sha ssl_mac_sha
94 #define hmac_md5 ssl_hmac_md5
95 #define hmac_sha ssl_hmac_sha
102 #if defined(DEBUG) || defined(TRACE)
103 #ifdef __cplusplus
104 #define Debug 1
105 #else
107 #endif
108 #else
109 #undef Debug
110 #endif
112 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
113 #define TRACE
114 #endif
116 #ifdef TRACE
117 #define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
118 #define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
119 #define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
120 #else
121 #define SSL_TRC(a,b)
122 #define PRINT_BUF(a,b)
123 #define DUMP_MSG(a,b)
124 #endif
126 #ifdef DEBUG
127 #define SSL_DBG(b) if (ssl_debug) ssl_Trace b
128 #else
129 #define SSL_DBG(b)
130 #endif
132 #if defined (DEBUG)
133 #ifdef macintosh
135 #else
137 #endif
138 #define ssl_InMonitor(m) PZ_InMonitor(m)
139 #endif
141 #define LSB(x) ((unsigned char) (x & 0xff))
142 #define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
144 /************************************************************************/
147 SSLAppOpWrite,
148 SSLAppOpRDWR,
149 SSLAppOpPost,
150 SSLAppOpHeader
153 #define SSL_MIN_MASTER_KEY_BYTES 5
154 #define SSL_MAX_MASTER_KEY_BYTES 64
156 #define SSL2_SESSIONID_BYTES 16
157 #define SSL3_SESSIONID_BYTES 32
159 #define SSL_MIN_CHALLENGE_BYTES 16
160 #define SSL_MAX_CHALLENGE_BYTES 32
161 #define SSL_CHALLENGE_BYTES 16
163 #define SSL_CONNECTIONID_BYTES 16
165 #define SSL_MIN_CYPHER_ARG_BYTES 0
166 #define SSL_MAX_CYPHER_ARG_BYTES 32
168 #define SSL_MAX_MAC_BYTES 16
170 #define SSL3_RSA_PMS_LENGTH 48
171 #define SSL3_MASTER_SECRET_LENGTH 48
173 /* number of wrap mechanisms potentially used to wrap master secrets. */
174 #define SSL_NUM_WRAP_MECHS 15
176 /* This makes the cert cache entry exactly 4k. */
177 #define SSL_MAX_CACHED_CERT_LEN 4060
179 #define MAX_EXTENSION_SENDERS 3
181 #define NUM_MIXERS 9
183 /* Mask of the 25 named curves we support. */
184 #ifndef NSS_ECC_MORE_THAN_SUITE_B
186 #else
187 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
188 #endif
190 #ifndef BPB
192 #endif
211 };
215 /* This type points to the low layer send func,
216 ** e.g. ssl2_SendStream or ssl3_SendPlainText.
217 ** These functions return the same values as PR_Send,
218 ** i.e. >= 0 means number of bytes sent, < 0 means error.
219 */
230 /* registerable callback function that either appends extension to buffer
231 * or returns length of data that it would have appended.
232 */
234 PRUint32 maxBytes);
236 /* registerable callback function that handles a received extension,
237 * of the given type.
238 */
240 PRUint16 ex_type,
243 /* row in a table of hello extension senders */
245 PRInt32 ex_type;
246 ssl3HelloExtensionSenderFunc ex_sender;
249 /* row in a table of hello extension handlers */
251 PRInt32 ex_type;
252 ssl3HelloExtensionHandlerFunc ex_handler;
255 extern SECStatus
257 ssl3HelloExtensionSenderFunc cb);
259 extern PRInt32
263 /* Socket ops */
274 /* points to the higher-layer send func, e.g. ssl_SecureSend. */
281 };
283 /* Flags interpreted by ssl send functions. */
284 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
285 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000
286 #define ssl_SEND_FLAG_MASK 0x7f000000
288 /*
289 ** A buffer object.
290 */
295 };
297 /*
298 ** SSL3 cipher suite policy and preference struct.
299 */
301 #if !defined(_WIN32)
306 #else
307 ssl3CipherSuite cipher_suite;
308 PRUint8 policy;
311 #endif
314 #ifdef NSS_ENABLE_ECC
315 #define ssl_V3_SUITES_IMPLEMENTED 49
316 #else
317 #define ssl_V3_SUITES_IMPLEMENTED 29
340 sslHandshakingAsClient,
341 sslHandshakingAsServer
345 /* Configuration state for server sockets */
352 #define SERVERKEY serverKeyPair->privKey
354 #define SSL_LOCK_RANK_SPEC 255
355 #define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE
357 /* These are the valid values for shutdownHow.
358 ** These values are each 1 greater than the NSPR values, and the code
359 ** depends on that relation to efficiently convert PR_SHUTDOWN values
360 ** into ssl_SHUTDOWN values. These values use one bit for read, and
361 ** another bit for write, and can be used as bitmasks.
362 */
368 /*
369 ** A gather object. Used to read some data until a count has been
370 ** satisfied. Primarily for support of async sockets.
371 ** Everything in here is protected by the recvBufLock.
372 */
376 /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
377 * SSL2: recv'd ciphertext records are put here, then decrypted in place.
378 * SSL3: recv'd ciphertext records are put in inbuf (see below), then
379 * decrypted into buf.
380 */
383 /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
384 ** (offset - writeOffset) is the number of ciphertext bytes read in but
385 ** not yet deciphered.
386 */
389 /* number of bytes to read in next call to ssl_DefRecv (recv) */
392 /* Number of ciphertext bytes to read in after 2-byte SSL record header. */
395 /* size of the final plaintext record.
396 ** == count - (recordPadding + MAC size)
397 */
400 /* number of bytes of padding to be removed after decrypting. */
401 /* This value is taken from the record's hdr[2], which means a too large
402 * value could crash us.
403 */
406 /* plaintext DATA begins this many bytes into "buf". */
411 /* These next two values are used by SSL2 and SSL3.
412 ** DoRecv uses them to extract application data.
413 ** The difference between writeOffset and readOffset is the amount of
414 ** data available to the application. Note that the actual offset of
415 ** the data in "buf" is recordOffset (above), not readOffset.
416 ** In the current implementation, this is made available before the
417 ** MAC is checked!!
418 */
420 ** or handshake code) will read next.
421 ** Always zero for SSl3 application data.
422 */
423 /* offset in buf/inbuf/hdr into which new data will be read from socket. */
426 /* Buffer for ssl3 to read (encrypted) data from the socket */
429 /* The ssl[23]_GatherData functions read data into this buffer, rather
430 ** than into buf or inbuf, while in the GS_HEADER state.
431 ** The portion of the SSL record header put here always comes off the wire
432 ** as plaintext, never ciphertext.
433 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5.
434 */
436 };
438 /* sslGather.state */
439 #define GS_INIT 0
440 #define GS_HEADER 1
441 #define GS_MAC 2
442 #define GS_DATA 3
443 #define GS_PAD 4
455 /*
456 ** ssl3State and CipherSpec structs
457 */
459 /* The SSL bulk cipher definition */
461 cipher_null,
462 cipher_rc4,
463 cipher_rc4_40,
464 cipher_rc4_56,
465 cipher_rc2,
466 cipher_rc2_40,
467 cipher_des,
468 cipher_3des,
469 cipher_des40,
470 cipher_idea,
471 cipher_aes_128,
472 cipher_aes_256,
473 cipher_camellia_128,
474 cipher_camellia_256,
475 cipher_missing /* reserved for no such supported cipher */
476 /* This enum must match ssl3_cipherName[] in ssl3con.c. */
481 #define MAX_IV_LENGTH 64
483 /*
484 * Do not depend upon 64 bit arithmetic in the underlying machine.
485 */
487 uint32 high;
488 uint32 low;
491 #define MAX_MAC_CONTEXT_BYTES 400
492 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
494 #define MAX_CIPHER_CONTEXT_BYTES 2080
495 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
501 PRUint16 wrapped_master_secret_len;
502 PRUint8 msIsWrapped;
503 PRUint8 resumable;
510 SECItem write_key_item;
511 SECItem write_iv_item;
512 SECItem write_mac_key_item;
517 /*
518 ** These are the "specs" in the "ssl3" struct.
519 ** Access to the pointers to these specs, and all the specs' contents
520 ** (direct and indirect) is protected by the reader/writer lock ss->specLock.
521 */
526 SSLCipher encode;
527 SSLCipher decode;
528 SSLDestroy destroy;
533 SSL3SequenceNumber write_seq_num;
534 SSL3SequenceNumber read_seq_num;
535 SSL3ProtocolVersion version;
536 ssl3KeyMaterial client;
537 ssl3KeyMaterial server;
538 SECItem msItem;
544 in_client_cache,
545 in_server_cache,
546 invalid_cache /* no longer in any cache. */
557 PRIPv6Addr addr;
558 PRUint16 port;
560 SSL3ProtocolVersion version;
565 Cached cached;
568 SSLSignType authAlgorithm;
569 PRUint32 authKeyBits;
570 SSLKEAType keaType;
571 PRUint32 keaKeyBits;
575 /* the V2 code depends upon the size of sessionID. */
578 /* Stuff used to recreate key and read/write cipher objects */
581 SECItem cipherArg;
586 /* values that are copied into the server's on-disk SID cache. */
587 uint8 sessionIDLength;
590 ssl3CipherSuite cipherSuite;
591 SSL3CompressionMethod compression;
593 ssl3SidKeys keys;
594 CK_MECHANISM_TYPE masterWrapMech;
595 /* mechanism used to wrap master secret */
596 SSL3KEAType exchKeyType;
597 /* key type used in exchange algorithm,
598 * and to wrap the sym wrapping key. */
599 #ifdef NSS_ENABLE_ECC
600 PRUint32 negotiatedECCurves;
603 /* The following values are NOT restored from the server's on-disk
604 * session cache, but are restored from the client's cache.
605 */
609 /* The following values pertain to the slot that wrapped the
610 ** master secret. (used only in client)
611 */
612 SECMODModuleID masterModuleID;
613 /* what module wrapped the master secret */
614 CK_SLOT_ID masterSlotID;
615 PRUint16 masterWrapIndex;
616 /* what's the key index for the wrapping key */
617 PRUint16 masterWrapSeries;
618 /* keep track of the slot series, so we don't
619 * accidently try to use new keys after the
620 * card gets removed and replaced.*/
622 /* The following values pertain to the slot that did the signature
623 ** for client auth. (used only in client)
624 */
625 SECMODModuleID clAuthModuleID;
626 CK_SLOT_ID clAuthSlotID;
627 PRUint16 clAuthSeries;
634 };
638 ssl3CipherSuite cipher_suite;
639 SSL3BulkCipher bulk_cipher_alg;
640 SSL3MACAlgorithm mac_alg;
641 SSL3KeyExchangeAlgorithm key_exchange_alg;
644 /*
645 ** There are tables of these, all const.
646 */
648 SSL3KeyExchangeAlgorithm kea;
649 SSL3KEAType exchKeyType;
650 SSL3SignType signKeyType;
651 PRBool is_limited;
653 PRBool tls_keygen;
658 /*
659 ** There are tables of these, all const.
660 */
662 SSL3BulkCipher cipher;
663 SSLCipherAlgorithm calg;
666 CipherType type;
669 SSL3KeyGenMode keygen_mode;
670 };
672 /*
673 ** There are tables of these, all const.
674 */
676 SSL3MACAlgorithm mac;
677 CK_MECHANISM_TYPE mmech;
680 };
683 wait_client_hello,
684 wait_client_cert,
685 wait_client_key,
686 wait_cert_verify,
687 wait_change_cipher,
688 wait_finished,
689 wait_server_hello,
690 wait_server_cert,
691 wait_server_key,
692 wait_cert_request,
693 wait_hello_done,
694 idle_handshake
697 /*
698 ** This is the "hs" member of the "ssl3" struct.
699 ** This entire struct is protected by ssl3HandshakeLock
700 */
702 SSL3Random server_random;
703 SSL3Random client_random;
704 SSL3WaitState ws;
710 ssl3CipherSuite cipher_suite;
712 SSL3CompressionMethod compression;
714 /* partial handshake message from record layer */
716 /* number of bytes consumed from handshake */
717 /* message for message type and header length */
718 SSL3HandshakeType msg_type;
723 * when this one finishes */
726 /* protected by recvBufLock */
728 #ifdef NSS_ENABLE_ECC
735 /*
736 ** This is the "ssl3" struct, as in "ss->ssl3".
737 ** note:
738 ** usually, crSpec == cwSpec and prSpec == pwSpec.
739 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
740 ** But there are never more than 2 actual specs.
741 ** No spec must ever be modified if either "current" pointer points to it.
742 */
745 /*
746 ** The following Specs and Spec pointers must be protected using the
747 ** Spec Lock.
748 */
760 /* This says what cipher suites we can do, and should
761 * be either SSL_ALLOWED or SSL_RESTRICTED
762 */
764 /* These are used to keep track of the peer CA */
766 /* chain while we are trying to validate it. */
768 /* used by server. trusted CAs for this socket. */
769 PRBool initialized;
770 SSL3HandshakeState hs;
772 };
775 SSL3ContentType type;
776 SSL3ProtocolVersion version;
784 };
789 CK_MECHANISM_TYPE symWrapMechanism;
790 /* unwrapped symmetric wrapping key uses this mechanism */
791 CK_MECHANISM_TYPE asymWrapMechanism;
792 /* mechanism used to wrap the SymmetricWrappingKey using
793 * server's public and/or private keys. */
795 PRInt32 symWrapMechIndex;
796 PRUint16 wrappedSymKeyLen;
797 PRUint16 wrapIVLen;
809 /*
810 * SSL2 buffers used in SSL3.
811 * writeBuf in the SecurityInfo maintained by sslsecur.c is used
812 * to hold the data just about to be passed to the kernel
813 * sendBuf in the ConnectInfo maintained by sslcon.c is used
814 * to hold handshake messages as they are accumulated
815 */
817 /*
818 ** This is "ci", as in "ss->sec.ci".
819 **
820 ** Protection: All the variables in here are protected by
821 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
822 */
824 /* outgoing handshakes appended to this. */
832 /* see CIS_HAVE defines below for the bit values in *elements. */
839 /* Length of server challenge. Used by client when saving challenge */
841 /* type of authentication requested by server */
844 /* Challenge sent by client to server in client-hello message */
845 /* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */
848 /* Connection-id sent by server to client in server-hello message */
851 /* Challenge sent by server to client in request-certificate message */
854 /* Information kept to handle a request-certificate message */
858 };
860 /* bit values for ci->elements, ci->requiredElements, sentElements. */
861 #define CIS_HAVE_MASTER_KEY 0x01
862 #define CIS_HAVE_CERTIFICATE 0x02
863 #define CIS_HAVE_FINISHED 0x04
864 #define CIS_HAVE_VERIFY 0x08
866 /* Note: The entire content of this struct and whatever it points to gets
867 * blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec".
868 *
869 * Unless otherwise specified below, the contents of this struct are
870 * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
871 */
884 SSLSignType authAlgorithm;
885 PRUint32 authKeyBits;
886 SSLKEAType keaType;
887 PRUint32 keaKeyBits;
889 /*
890 ** Procs used for SID cache (nonce) management.
891 ** Different implementations exist for clients/servers
892 ** The lookup proc is only used for servers. Baloney!
893 */
897 /*
898 ** everything below here is for ssl2 only.
899 ** This stuff is equivalent to SSL3's "spec", and is protected by the
900 ** same "Spec Lock" as used for SSL3's specs.
901 */
905 /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
912 /* Session cypher contexts; one for each direction */
919 /* Blocking information for the session cypher */
923 /* These are used during a connection handshake */
926 };
929 /*
930 ** SSL Socket struct
931 **
932 ** Protection: XXX
933 */
937 /* Pointer to operations vector for this socket */
940 /* SSL socket options */
941 sslOptions opt;
943 /* State flags */
953 /* version of the protocol to use */
954 SSL3ProtocolVersion version;
959 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
966 /* registered callbacks that send server hello extensions */
969 /* the following variable is only used with socks or other proxies. */
978 /* Callbacks */
979 SSLAuthCertificate authCertificate;
981 SSLGetClientAuthData getClientAuthData;
983 SSLBadCertHandler handleBadCert;
985 SSLHandshakeCallback handshakeCallback;
999 /* Only one thread may operate on the socket until the initial handshake
1000 ** is complete. This Monitor ensures that. Since SSL2 handshake is
1001 ** only done once, this is also effectively the SSL2 handshake lock.
1002 */
1005 /* This monitor protects the ssl3 handshake state machine data.
1006 ** Only one thread (reader or writer) may be in the ssl3 handshake state
1007 ** machine at any time. */
1010 /* reader/writer lock, protects the secret data needed to encrypt and MAC
1011 ** outgoing records, and to decrypt and MAC check incoming ciphertext
1012 ** records. */
1015 /* handle to perm cert db (and implicitly to the temp cert db) used
1016 ** with this socket.
1017 */
1028 sslHandshakingType handshaking;
1030 /* Gather object used for gathering data */
1036 /* Configuration state for server sockets */
1037 /* server cert and key for each KEA type */
1043 /* SSL3 state info. Formerly was a pointer */
1044 ssl3State ssl3;
1045 };
1049 /* All the global data items declared here should be protected using the
1050 ** ssl_global_data_lock, which is a reader/writer lock.
1051 */
1068 /************************************************************************/
1070 SEC_BEGIN_PROTOS
1072 /* Implementation of ops for default (non socks, non secure) case */
1091 /* Implementation of ops for socks only case */
1103 /* Implementation of ops for secure only case */
1115 /* Implementation of ops for secure socks case */
1120 /* Gather funcs. */
1174 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock)
1175 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock)
1176 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock)
1177 #define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock)
1179 #define ssl_Get1stHandshakeLock(ss) \
1180 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
1181 #define ssl_Release1stHandshakeLock(ss) \
1182 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
1183 #define ssl_Have1stHandshakeLock(ss) \
1184 (PZ_InMonitor((ss)->firstHandshakeLock))
1186 #define ssl_GetSSL3HandshakeLock(ss) \
1187 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
1188 #define ssl_ReleaseSSL3HandshakeLock(ss) \
1189 { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
1190 #define ssl_HaveSSL3HandshakeLock(ss) \
1191 (PZ_InMonitor((ss)->ssl3HandshakeLock))
1193 #define ssl_GetSpecReadLock(ss) \
1194 { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
1195 #define ssl_ReleaseSpecReadLock(ss) \
1196 { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
1198 #define ssl_GetSpecWriteLock(ss) \
1199 { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
1200 #define ssl_ReleaseSpecWriteLock(ss) \
1201 { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }
1202 #define ssl_HaveSpecWriteLock(ss) \
1203 (NSSRWLock_HaveWriteLock((ss)->specLock))
1205 #define ssl_GetRecvBufLock(ss) \
1206 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
1207 #define ssl_ReleaseRecvBufLock(ss) \
1208 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
1209 #define ssl_HaveRecvBufLock(ss) \
1210 (PZ_InMonitor((ss)->recvBufLock))
1212 #define ssl_GetXmitBufLock(ss) \
1213 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
1214 #define ssl_ReleaseXmitBufLock(ss) \
1215 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }
1216 #define ssl_HaveXmitBufLock(ss) \
1217 (PZ_InMonitor((ss)->xmitBufLock))
1227 /* These functions are called from secnav, even though they're "private". */
1238 SSL3AlertDescription desc);
1252 /*
1253 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
1254 */
1260 /*
1261 * SSL3 specific routines
1262 */
1265 /*
1266 * input into the SSL3 machinery from the actualy network reading code
1267 */
1273 /*
1274 * When talking to export clients or using export cipher suites, servers
1275 * with public RSA keys larger than 512 bits need to use a 512-bit public
1276 * key, signed by the larger key. The smaller key is a "step down" key.
1277 * Generate that key pair and keep it around.
1278 */
1281 #ifdef NSS_ENABLE_ECC
1314 SSL3ProtocolVersion peerVersion);
1318 #ifdef NSS_ENABLE_ECC
1319 /* ECDH functions */
1329 #endif
1333 PRBool bypassPKCS11);
1336 PRInt32 bytes);
1340 PRInt32 lenSize);
1355 /* functions that append extensions to hello messages. */
1359 /* call the registered extension handlers. */
1363 /* Construct a new NSPR socket for the app to use */
1367 /* Internal config function so SSL2 can initialize the present state of
1368 * various ciphers */
1372 /* Create a new ref counted key pair object from two keys. */
1376 /* get a new reference (bump ref count) to an ssl3KeyPair. */
1379 /* Decrement keypair's ref count and free if zero. */
1382 /* calls for accessing wrapping keys across processes. */
1383 extern PRBool
1385 SSL3KEAType exchKeyType,
1388 /* The caller passes in the new value it wants
1389 * to set. This code tests the wrapped sym key entry in the file on disk.
1390 * If it is uninitialized, this function writes the caller's value into
1391 * the disk entry, and returns false.
1392 * Otherwise, it overwrites the caller's wswk with the value obtained from
1393 * the disk, and returns PR_TRUE.
1394 * This is all done while holding the locks/semaphores necessary to make
1395 * the operation atomic.
1396 */
1397 extern PRBool
1400 /* get rid of the symmetric wrapping key references. */
1407 /********************** misc calls *********************/
1419 #ifdef TRACE
1420 #define SSL_TRACE(msg) ssl_Trace msg
1421 #else
1422 #define SSL_TRACE(msg)
1423 #endif
1427 SEC_END_PROTOS
1429 #ifdef XP_OS2_VACPP
1430 #include <process.h>
1431 #endif
1433 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
1434 #define SSL_GETPID getpid
1435 #elif defined(_WIN32_WCE)
1436 #define SSL_GETPID GetCurrentProcessId
1437 #elif defined(WIN32)
1439 #define SSL_GETPID _getpid
1440 #else
1441 #define SSL_GETPID() 0
1442 #endif