mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
3243 lines
96 KiB
C
3243 lines
96 KiB
C
/*
|
|
* vtables (and methods that call through them) for the 4 types of
|
|
* SSLSockets supported. Only one type is still supported.
|
|
* Various other functions.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
#include "seccomon.h"
|
|
#include "cert.h"
|
|
#include "keyhi.h"
|
|
#include "ssl.h"
|
|
#include "sslimpl.h"
|
|
#include "sslproto.h"
|
|
#include "nspr.h"
|
|
#include "private/pprio.h"
|
|
#ifndef NO_PKCS11_BYPASS
|
|
#include "blapi.h"
|
|
#endif
|
|
#include "nss.h"
|
|
#include "pk11pqg.h"
|
|
|
|
#define SET_ERROR_CODE /* reminder */
|
|
|
|
static const sslSocketOps ssl_default_ops = { /* No SSL. */
|
|
ssl_DefConnect,
|
|
NULL,
|
|
ssl_DefBind,
|
|
ssl_DefListen,
|
|
ssl_DefShutdown,
|
|
ssl_DefClose,
|
|
ssl_DefRecv,
|
|
ssl_DefSend,
|
|
ssl_DefRead,
|
|
ssl_DefWrite,
|
|
ssl_DefGetpeername,
|
|
ssl_DefGetsockname
|
|
};
|
|
|
|
static const sslSocketOps ssl_secure_ops = { /* SSL. */
|
|
ssl_SecureConnect,
|
|
NULL,
|
|
ssl_DefBind,
|
|
ssl_DefListen,
|
|
ssl_SecureShutdown,
|
|
ssl_SecureClose,
|
|
ssl_SecureRecv,
|
|
ssl_SecureSend,
|
|
ssl_SecureRead,
|
|
ssl_SecureWrite,
|
|
ssl_DefGetpeername,
|
|
ssl_DefGetsockname
|
|
};
|
|
|
|
/*
|
|
** default settings for socket enables
|
|
*/
|
|
static sslOptions ssl_defaults = {
|
|
{ siBuffer, NULL, 0 }, /* nextProtoNego */
|
|
PR_TRUE, /* useSecurity */
|
|
PR_FALSE, /* useSocks */
|
|
PR_FALSE, /* requestCertificate */
|
|
2, /* requireCertificate */
|
|
PR_FALSE, /* handshakeAsClient */
|
|
PR_FALSE, /* handshakeAsServer */
|
|
PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */
|
|
PR_FALSE, /* unusedBit9 */
|
|
PR_FALSE, /* unusedBit10 */
|
|
PR_FALSE, /* noCache */
|
|
PR_FALSE, /* fdx */
|
|
PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */
|
|
PR_TRUE, /* detectRollBack */
|
|
PR_FALSE, /* noStepDown */
|
|
PR_FALSE, /* bypassPKCS11 */
|
|
PR_FALSE, /* noLocks */
|
|
PR_FALSE, /* enableSessionTickets */
|
|
PR_FALSE, /* enableDeflate */
|
|
2, /* enableRenegotiation (default: requires extension) */
|
|
PR_FALSE, /* requireSafeNegotiation */
|
|
PR_FALSE, /* enableFalseStart */
|
|
PR_TRUE, /* cbcRandomIV */
|
|
PR_FALSE, /* enableOCSPStapling */
|
|
PR_TRUE, /* enableNPN */
|
|
PR_FALSE, /* enableALPN */
|
|
PR_TRUE, /* reuseServerECDHEKey */
|
|
PR_FALSE, /* enableFallbackSCSV */
|
|
PR_TRUE, /* enableServerDhe */
|
|
};
|
|
|
|
/*
|
|
* default range of enabled SSL/TLS protocols
|
|
*/
|
|
static SSLVersionRange versions_defaults_stream = {
|
|
SSL_LIBRARY_VERSION_TLS_1_0,
|
|
SSL_LIBRARY_VERSION_TLS_1_2
|
|
};
|
|
|
|
static SSLVersionRange versions_defaults_datagram = {
|
|
SSL_LIBRARY_VERSION_TLS_1_1,
|
|
SSL_LIBRARY_VERSION_TLS_1_2
|
|
};
|
|
|
|
#define VERSIONS_DEFAULTS(variant) \
|
|
(variant == ssl_variant_stream ? &versions_defaults_stream : \
|
|
&versions_defaults_datagram)
|
|
|
|
sslSessionIDLookupFunc ssl_sid_lookup;
|
|
sslSessionIDCacheFunc ssl_sid_cache;
|
|
sslSessionIDUncacheFunc ssl_sid_uncache;
|
|
|
|
static PRBool ssl_inited = PR_FALSE;
|
|
static PRDescIdentity ssl_layer_id;
|
|
|
|
PRBool locksEverDisabled; /* implicitly PR_FALSE */
|
|
PRBool ssl_force_locks; /* implicitly PR_FALSE */
|
|
int ssl_lock_readers = 1; /* default true. */
|
|
char ssl_debug;
|
|
char ssl_trace;
|
|
FILE * ssl_trace_iob;
|
|
FILE * ssl_keylog_iob;
|
|
char lockStatus[] = "Locks are ENABLED. ";
|
|
#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
|
|
|
|
/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
|
|
static const PRUint16 srtpCiphers[] = {
|
|
SRTP_AES128_CM_HMAC_SHA1_80,
|
|
SRTP_AES128_CM_HMAC_SHA1_32,
|
|
0
|
|
};
|
|
|
|
/* forward declarations. */
|
|
static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
|
|
static SECStatus ssl_MakeLocks(sslSocket *ss);
|
|
static void ssl_SetDefaultsFromEnvironment(void);
|
|
static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
|
|
PRDescIdentity id);
|
|
|
|
/************************************************************************/
|
|
|
|
/*
|
|
** Lookup a socket structure from a file descriptor.
|
|
** Only functions called through the PRIOMethods table should use this.
|
|
** Other app-callable functions should use ssl_FindSocket.
|
|
*/
|
|
static sslSocket *
|
|
ssl_GetPrivate(PRFileDesc *fd)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
PORT_Assert(fd != NULL);
|
|
PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
|
|
PORT_Assert(fd->identity == ssl_layer_id);
|
|
|
|
if (fd->methods->file_type != PR_DESC_LAYERED ||
|
|
fd->identity != ssl_layer_id) {
|
|
PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
|
|
return NULL;
|
|
}
|
|
|
|
ss = (sslSocket *)fd->secret;
|
|
/* Set ss->fd lazily. We can't rely on the value of ss->fd set by
|
|
* ssl_PushIOLayer because another PR_PushIOLayer call will switch the
|
|
* contents of the PRFileDesc pointed by ss->fd and the new layer.
|
|
* See bug 807250.
|
|
*/
|
|
ss->fd = fd;
|
|
return ss;
|
|
}
|
|
|
|
/* This function tries to find the SSL layer in the stack.
|
|
* It searches for the first SSL layer at or below the argument fd,
|
|
* and failing that, it searches for the nearest SSL layer above the
|
|
* argument fd. It returns the private sslSocket from the found layer.
|
|
*/
|
|
sslSocket *
|
|
ssl_FindSocket(PRFileDesc *fd)
|
|
{
|
|
PRFileDesc *layer;
|
|
sslSocket *ss;
|
|
|
|
PORT_Assert(fd != NULL);
|
|
PORT_Assert(ssl_layer_id != 0);
|
|
|
|
layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
|
|
if (layer == NULL) {
|
|
PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
|
|
return NULL;
|
|
}
|
|
|
|
ss = (sslSocket *)layer->secret;
|
|
/* Set ss->fd lazily. We can't rely on the value of ss->fd set by
|
|
* ssl_PushIOLayer because another PR_PushIOLayer call will switch the
|
|
* contents of the PRFileDesc pointed by ss->fd and the new layer.
|
|
* See bug 807250.
|
|
*/
|
|
ss->fd = layer;
|
|
return ss;
|
|
}
|
|
|
|
static sslSocket *
|
|
ssl_DupSocket(sslSocket *os)
|
|
{
|
|
sslSocket *ss;
|
|
SECStatus rv;
|
|
|
|
ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
|
|
if (ss) {
|
|
ss->opt = os->opt;
|
|
ss->opt.useSocks = PR_FALSE;
|
|
ss->vrange = os->vrange;
|
|
|
|
ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
|
|
ss->url = !os->url ? NULL : PORT_Strdup(os->url);
|
|
|
|
ss->ops = os->ops;
|
|
ss->rTimeout = os->rTimeout;
|
|
ss->wTimeout = os->wTimeout;
|
|
ss->cTimeout = os->cTimeout;
|
|
ss->dbHandle = os->dbHandle;
|
|
|
|
/* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
|
|
ss->allowedByPolicy = os->allowedByPolicy;
|
|
ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy;
|
|
ss->chosenPreference = os->chosenPreference;
|
|
PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
|
|
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
|
|
sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
|
|
ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
|
|
|
|
ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
|
|
ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
|
|
if (os->ssl3.dheGroups) {
|
|
ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
|
|
os->ssl3.numDHEGroups);
|
|
if (!ss->ssl3.dheGroups) {
|
|
goto loser;
|
|
}
|
|
PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
|
|
sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
|
|
} else {
|
|
ss->ssl3.dheGroups = NULL;
|
|
}
|
|
|
|
if (os->cipherSpecs) {
|
|
ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
|
|
if (ss->cipherSpecs)
|
|
PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs,
|
|
os->sizeCipherSpecs);
|
|
ss->sizeCipherSpecs = os->sizeCipherSpecs;
|
|
ss->preferredCipher = os->preferredCipher;
|
|
} else {
|
|
ss->cipherSpecs = NULL; /* produced lazily */
|
|
ss->sizeCipherSpecs = 0;
|
|
ss->preferredCipher = NULL;
|
|
}
|
|
if (ss->opt.useSecurity) {
|
|
/* This int should be SSLKEAType, but CC on Irix complains,
|
|
* during the for loop.
|
|
*/
|
|
int i;
|
|
sslServerCerts * oc = os->serverCerts;
|
|
sslServerCerts * sc = ss->serverCerts;
|
|
|
|
for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) {
|
|
if (oc->serverCert && oc->serverCertChain) {
|
|
sc->serverCert = CERT_DupCertificate(oc->serverCert);
|
|
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
|
|
if (!sc->serverCertChain)
|
|
goto loser;
|
|
} else {
|
|
sc->serverCert = NULL;
|
|
sc->serverCertChain = NULL;
|
|
}
|
|
sc->serverKeyPair = oc->serverKeyPair ?
|
|
ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL;
|
|
if (oc->serverKeyPair && !sc->serverKeyPair)
|
|
goto loser;
|
|
sc->serverKeyBits = oc->serverKeyBits;
|
|
ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL :
|
|
SECITEM_DupArray(NULL, os->certStatusArray[i]);
|
|
}
|
|
ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL :
|
|
ssl3_GetKeyPairRef(os->stepDownKeyPair);
|
|
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
|
|
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
|
|
ss->dheKeyPair = !os->dheKeyPair ? NULL :
|
|
ssl3_GetKeyPairRef(os->dheKeyPair);
|
|
ss->dheParams = os->dheParams;
|
|
|
|
/*
|
|
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
|
|
* XXX We should detect this, and not just march on with NULL pointers.
|
|
*/
|
|
ss->authCertificate = os->authCertificate;
|
|
ss->authCertificateArg = os->authCertificateArg;
|
|
ss->getClientAuthData = os->getClientAuthData;
|
|
ss->getClientAuthDataArg = os->getClientAuthDataArg;
|
|
ss->sniSocketConfig = os->sniSocketConfig;
|
|
ss->sniSocketConfigArg = os->sniSocketConfigArg;
|
|
ss->handleBadCert = os->handleBadCert;
|
|
ss->badCertArg = os->badCertArg;
|
|
ss->handshakeCallback = os->handshakeCallback;
|
|
ss->handshakeCallbackData = os->handshakeCallbackData;
|
|
ss->canFalseStartCallback = os->canFalseStartCallback;
|
|
ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
|
|
ss->pkcs11PinArg = os->pkcs11PinArg;
|
|
|
|
/* Create security data */
|
|
rv = ssl_CopySecurityInfo(ss, os);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
}
|
|
return ss;
|
|
|
|
loser:
|
|
ssl_FreeSocket(ss);
|
|
return NULL;
|
|
}
|
|
|
|
static void
|
|
ssl_DestroyLocks(sslSocket *ss)
|
|
{
|
|
/* Destroy locks. */
|
|
if (ss->firstHandshakeLock) {
|
|
PZ_DestroyMonitor(ss->firstHandshakeLock);
|
|
ss->firstHandshakeLock = NULL;
|
|
}
|
|
if (ss->ssl3HandshakeLock) {
|
|
PZ_DestroyMonitor(ss->ssl3HandshakeLock);
|
|
ss->ssl3HandshakeLock = NULL;
|
|
}
|
|
if (ss->specLock) {
|
|
NSSRWLock_Destroy(ss->specLock);
|
|
ss->specLock = NULL;
|
|
}
|
|
|
|
if (ss->recvLock) {
|
|
PZ_DestroyLock(ss->recvLock);
|
|
ss->recvLock = NULL;
|
|
}
|
|
if (ss->sendLock) {
|
|
PZ_DestroyLock(ss->sendLock);
|
|
ss->sendLock = NULL;
|
|
}
|
|
if (ss->xmitBufLock) {
|
|
PZ_DestroyMonitor(ss->xmitBufLock);
|
|
ss->xmitBufLock = NULL;
|
|
}
|
|
if (ss->recvBufLock) {
|
|
PZ_DestroyMonitor(ss->recvBufLock);
|
|
ss->recvBufLock = NULL;
|
|
}
|
|
}
|
|
|
|
/* Caller holds any relevant locks */
|
|
static void
|
|
ssl_DestroySocketContents(sslSocket *ss)
|
|
{
|
|
/* "i" should be of type SSLKEAType, but CC on IRIX complains during
|
|
* the for loop.
|
|
*/
|
|
int i;
|
|
|
|
/* Free up socket */
|
|
ssl_DestroySecurityInfo(&ss->sec);
|
|
|
|
ssl3_DestroySSL3Info(ss);
|
|
|
|
PORT_Free(ss->saveBuf.buf);
|
|
PORT_Free(ss->pendingBuf.buf);
|
|
ssl_DestroyGather(&ss->gs);
|
|
|
|
if (ss->peerID != NULL)
|
|
PORT_Free(ss->peerID);
|
|
if (ss->url != NULL)
|
|
PORT_Free((void *)ss->url); /* CONST */
|
|
if (ss->cipherSpecs) {
|
|
PORT_Free(ss->cipherSpecs);
|
|
ss->cipherSpecs = NULL;
|
|
ss->sizeCipherSpecs = 0;
|
|
}
|
|
|
|
/* Clean up server configuration */
|
|
for (i=kt_null; i < kt_kea_size; i++) {
|
|
sslServerCerts * sc = ss->serverCerts + i;
|
|
if (sc->serverCert != NULL)
|
|
CERT_DestroyCertificate(sc->serverCert);
|
|
if (sc->serverCertChain != NULL)
|
|
CERT_DestroyCertificateList(sc->serverCertChain);
|
|
if (sc->serverKeyPair != NULL)
|
|
ssl3_FreeKeyPair(sc->serverKeyPair);
|
|
if (ss->certStatusArray[i] != NULL) {
|
|
SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
|
|
ss->certStatusArray[i] = NULL;
|
|
}
|
|
}
|
|
if (ss->stepDownKeyPair) {
|
|
ssl3_FreeKeyPair(ss->stepDownKeyPair);
|
|
ss->stepDownKeyPair = NULL;
|
|
}
|
|
if (ss->ephemeralECDHKeyPair) {
|
|
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
|
|
ss->ephemeralECDHKeyPair = NULL;
|
|
}
|
|
if (ss->dheKeyPair) {
|
|
ssl3_FreeKeyPair(ss->dheKeyPair);
|
|
ss->dheKeyPair = NULL;
|
|
}
|
|
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
|
|
PORT_Assert(!ss->xtnData.sniNameArr);
|
|
if (ss->xtnData.sniNameArr) {
|
|
PORT_Free(ss->xtnData.sniNameArr);
|
|
ss->xtnData.sniNameArr = NULL;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* free an sslSocket struct, and all the stuff that hangs off of it
|
|
*/
|
|
void
|
|
ssl_FreeSocket(sslSocket *ss)
|
|
{
|
|
/* Get every lock you can imagine!
|
|
** Caller already holds these:
|
|
** SSL_LOCK_READER(ss);
|
|
** SSL_LOCK_WRITER(ss);
|
|
*/
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetRecvBufLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
ssl_GetXmitBufLock(ss);
|
|
ssl_GetSpecWriteLock(ss);
|
|
|
|
ssl_DestroySocketContents(ss);
|
|
|
|
/* Release all the locks acquired above. */
|
|
SSL_UNLOCK_READER(ss);
|
|
SSL_UNLOCK_WRITER(ss);
|
|
ssl_Release1stHandshakeLock(ss);
|
|
ssl_ReleaseRecvBufLock(ss);
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
ssl_ReleaseXmitBufLock(ss);
|
|
ssl_ReleaseSpecWriteLock(ss);
|
|
|
|
ssl_DestroyLocks(ss);
|
|
|
|
#ifdef DEBUG
|
|
PORT_Memset(ss, 0x1f, sizeof *ss);
|
|
#endif
|
|
PORT_Free(ss);
|
|
return;
|
|
}
|
|
|
|
/************************************************************************/
|
|
SECStatus
|
|
ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
|
|
{
|
|
PRFileDesc * osfd = ss->fd->lower;
|
|
SECStatus rv = SECFailure;
|
|
PRSocketOptionData opt;
|
|
|
|
opt.option = PR_SockOpt_NoDelay;
|
|
opt.value.no_delay = (PRBool)!enabled;
|
|
|
|
if (osfd->methods->setsocketoption) {
|
|
rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt);
|
|
} else {
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
static void
|
|
ssl_ChooseOps(sslSocket *ss)
|
|
{
|
|
ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
|
|
}
|
|
|
|
/* Called from SSL_Enable (immediately below) */
|
|
static SECStatus
|
|
PrepareSocket(sslSocket *ss)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
|
|
ssl_ChooseOps(ss);
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_Enable(PRFileDesc *fd, int which, PRBool on)
|
|
{
|
|
return SSL_OptionSet(fd, which, on);
|
|
}
|
|
|
|
#ifndef NO_PKCS11_BYPASS
|
|
static const PRCallOnceType pristineCallOnce;
|
|
static PRCallOnceType setupBypassOnce;
|
|
|
|
static SECStatus SSL_BypassShutdown(void* appData, void* nssData)
|
|
{
|
|
/* unload freeBL shared library from memory */
|
|
BL_Unload();
|
|
setupBypassOnce = pristineCallOnce;
|
|
return SECSuccess;
|
|
}
|
|
|
|
static PRStatus SSL_BypassRegisterShutdown(void)
|
|
{
|
|
SECStatus rv = NSS_RegisterShutdown(SSL_BypassShutdown, NULL);
|
|
PORT_Assert(SECSuccess == rv);
|
|
return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE;
|
|
}
|
|
#endif
|
|
|
|
static PRStatus SSL_BypassSetup(void)
|
|
{
|
|
#ifdef NO_PKCS11_BYPASS
|
|
/* Guarantee binary compatibility */
|
|
return PR_SUCCESS;
|
|
#else
|
|
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
|
|
#endif
|
|
}
|
|
|
|
/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
|
|
* ssl.h in the section "SSL version range setting API".
|
|
*/
|
|
static void
|
|
ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
|
|
{
|
|
if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
|
|
if (on) {
|
|
vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
|
vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
|
|
} /* else don't change anything */
|
|
return;
|
|
}
|
|
|
|
if (on) {
|
|
/* Expand the range of enabled version to include TLS 1.0 */
|
|
vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
|
vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
|
|
} else {
|
|
/* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
|
|
if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
|
|
vrange->max = SSL_LIBRARY_VERSION_3_0;
|
|
} else {
|
|
/* Only TLS was enabled, so now no versions are. */
|
|
vrange->min = SSL_LIBRARY_VERSION_NONE;
|
|
vrange->max = SSL_LIBRARY_VERSION_NONE;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
|
|
* ssl.h in the section "SSL version range setting API".
|
|
*/
|
|
static void
|
|
ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
|
|
{
|
|
if (SSL3_ALL_VERSIONS_DISABLED(vrange)) {
|
|
if (on) {
|
|
vrange->min = SSL_LIBRARY_VERSION_3_0;
|
|
vrange->max = SSL_LIBRARY_VERSION_3_0;
|
|
} /* else don't change anything */
|
|
return;
|
|
}
|
|
|
|
if (on) {
|
|
/* Expand the range of enabled versions to include SSL 3.0. We know
|
|
* SSL 3.0 or some version of TLS is already enabled at this point, so
|
|
* we don't need to change vrange->max.
|
|
*/
|
|
vrange->min = SSL_LIBRARY_VERSION_3_0;
|
|
} else {
|
|
/* Disable SSL 3.0, leaving TLS unaffected. */
|
|
if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
|
|
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
|
} else {
|
|
/* Only SSL 3.0 was enabled, so now no versions are. */
|
|
vrange->min = SSL_LIBRARY_VERSION_NONE;
|
|
vrange->max = SSL_LIBRARY_VERSION_NONE;
|
|
}
|
|
}
|
|
}
|
|
|
|
SECStatus
|
|
SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
SECStatus rv = SECSuccess;
|
|
PRBool holdingLocks;
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
holdingLocks = (!ss->opt.noLocks);
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
switch (which) {
|
|
case SSL_SOCKS:
|
|
ss->opt.useSocks = PR_FALSE;
|
|
rv = PrepareSocket(ss);
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
break;
|
|
|
|
case SSL_SECURITY:
|
|
ss->opt.useSecurity = on;
|
|
rv = PrepareSocket(ss);
|
|
break;
|
|
|
|
case SSL_REQUEST_CERTIFICATE:
|
|
ss->opt.requestCertificate = on;
|
|
break;
|
|
|
|
case SSL_REQUIRE_CERTIFICATE:
|
|
ss->opt.requireCertificate = on;
|
|
break;
|
|
|
|
case SSL_HANDSHAKE_AS_CLIENT:
|
|
if ( ss->opt.handshakeAsServer && on ) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
break;
|
|
}
|
|
ss->opt.handshakeAsClient = on;
|
|
break;
|
|
|
|
case SSL_HANDSHAKE_AS_SERVER:
|
|
if ( ss->opt.handshakeAsClient && on ) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
break;
|
|
}
|
|
ss->opt.handshakeAsServer = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_TLS:
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure; /* not allowed */
|
|
}
|
|
break;
|
|
}
|
|
ssl_EnableTLS(&ss->vrange, on);
|
|
ss->preferredCipher = NULL;
|
|
if (ss->cipherSpecs) {
|
|
PORT_Free(ss->cipherSpecs);
|
|
ss->cipherSpecs = NULL;
|
|
ss->sizeCipherSpecs = 0;
|
|
}
|
|
break;
|
|
|
|
case SSL_ENABLE_SSL3:
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure; /* not allowed */
|
|
}
|
|
break;
|
|
}
|
|
ssl_EnableSSL3(&ss->vrange, on);
|
|
ss->preferredCipher = NULL;
|
|
if (ss->cipherSpecs) {
|
|
PORT_Free(ss->cipherSpecs);
|
|
ss->cipherSpecs = NULL;
|
|
ss->sizeCipherSpecs = 0;
|
|
}
|
|
break;
|
|
|
|
case SSL_ENABLE_SSL2:
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure; /* not allowed */
|
|
}
|
|
break;
|
|
}
|
|
ss->opt.enableSSL2 = on;
|
|
if (on) {
|
|
ss->opt.v2CompatibleHello = on;
|
|
}
|
|
ss->preferredCipher = NULL;
|
|
if (ss->cipherSpecs) {
|
|
PORT_Free(ss->cipherSpecs);
|
|
ss->cipherSpecs = NULL;
|
|
ss->sizeCipherSpecs = 0;
|
|
}
|
|
break;
|
|
|
|
case SSL_NO_CACHE:
|
|
ss->opt.noCache = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FDX:
|
|
if (on && ss->opt.noLocks) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
ss->opt.fdx = on;
|
|
break;
|
|
|
|
case SSL_V2_COMPATIBLE_HELLO:
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure; /* not allowed */
|
|
}
|
|
break;
|
|
}
|
|
ss->opt.v2CompatibleHello = on;
|
|
if (!on) {
|
|
ss->opt.enableSSL2 = on;
|
|
}
|
|
break;
|
|
|
|
case SSL_ROLLBACK_DETECTION:
|
|
ss->opt.detectRollBack = on;
|
|
break;
|
|
|
|
case SSL_NO_STEP_DOWN:
|
|
ss->opt.noStepDown = on;
|
|
if (on)
|
|
SSL_DisableExportCipherSuites(fd);
|
|
break;
|
|
|
|
case SSL_BYPASS_PKCS11:
|
|
if (ss->handshakeBegun) {
|
|
PORT_SetError(PR_INVALID_STATE_ERROR);
|
|
rv = SECFailure;
|
|
} else {
|
|
if (PR_FALSE != on) {
|
|
if (PR_SUCCESS == SSL_BypassSetup() ) {
|
|
#ifdef NO_PKCS11_BYPASS
|
|
ss->opt.bypassPKCS11 = PR_FALSE;
|
|
#else
|
|
ss->opt.bypassPKCS11 = on;
|
|
#endif
|
|
} else {
|
|
rv = SECFailure;
|
|
}
|
|
} else {
|
|
ss->opt.bypassPKCS11 = PR_FALSE;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case SSL_NO_LOCKS:
|
|
if (on && ss->opt.fdx) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
if (on && ssl_force_locks)
|
|
on = PR_FALSE; /* silent override */
|
|
ss->opt.noLocks = on;
|
|
if (on) {
|
|
locksEverDisabled = PR_TRUE;
|
|
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
|
|
} else if (!holdingLocks) {
|
|
rv = ssl_MakeLocks(ss);
|
|
if (rv != SECSuccess) {
|
|
ss->opt.noLocks = PR_TRUE;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case SSL_ENABLE_SESSION_TICKETS:
|
|
ss->opt.enableSessionTickets = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_DEFLATE:
|
|
ss->opt.enableDeflate = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_RENEGOTIATION:
|
|
ss->opt.enableRenegotiation = on;
|
|
break;
|
|
|
|
case SSL_REQUIRE_SAFE_NEGOTIATION:
|
|
ss->opt.requireSafeNegotiation = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FALSE_START:
|
|
ss->opt.enableFalseStart = on;
|
|
break;
|
|
|
|
case SSL_CBC_RANDOM_IV:
|
|
ss->opt.cbcRandomIV = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_OCSP_STAPLING:
|
|
ss->opt.enableOCSPStapling = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_NPN:
|
|
ss->opt.enableNPN = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_ALPN:
|
|
ss->opt.enableALPN = on;
|
|
break;
|
|
|
|
case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
ss->opt.reuseServerECDHEKey = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FALLBACK_SCSV:
|
|
ss->opt.enableFallbackSCSV = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_SERVER_DHE:
|
|
ss->opt.enableServerDhe = on;
|
|
break;
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
|
|
/* We can't use the macros for releasing the locks here,
|
|
* because ss->opt.noLocks might have changed just above.
|
|
* We must release these locks (monitors) here, if we aquired them above,
|
|
* regardless of the current value of ss->opt.noLocks.
|
|
*/
|
|
if (holdingLocks) {
|
|
PZ_ExitMonitor((ss)->ssl3HandshakeLock);
|
|
PZ_ExitMonitor((ss)->firstHandshakeLock);
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
SECStatus rv = SECSuccess;
|
|
PRBool on = PR_FALSE;
|
|
|
|
if (!pOn) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
|
|
*pOn = PR_FALSE;
|
|
return SECFailure;
|
|
}
|
|
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
switch (which) {
|
|
case SSL_SOCKS: on = PR_FALSE; break;
|
|
case SSL_SECURITY: on = ss->opt.useSecurity; break;
|
|
case SSL_REQUEST_CERTIFICATE: on = ss->opt.requestCertificate; break;
|
|
case SSL_REQUIRE_CERTIFICATE: on = ss->opt.requireCertificate; break;
|
|
case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break;
|
|
case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break;
|
|
case SSL_ENABLE_TLS:
|
|
on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
|
|
break;
|
|
case SSL_ENABLE_SSL3:
|
|
on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
|
|
break;
|
|
case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break;
|
|
case SSL_NO_CACHE: on = ss->opt.noCache; break;
|
|
case SSL_ENABLE_FDX: on = ss->opt.fdx; break;
|
|
case SSL_V2_COMPATIBLE_HELLO: on = ss->opt.v2CompatibleHello; break;
|
|
case SSL_ROLLBACK_DETECTION: on = ss->opt.detectRollBack; break;
|
|
case SSL_NO_STEP_DOWN: on = ss->opt.noStepDown; break;
|
|
case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break;
|
|
case SSL_NO_LOCKS: on = ss->opt.noLocks; break;
|
|
case SSL_ENABLE_SESSION_TICKETS:
|
|
on = ss->opt.enableSessionTickets;
|
|
break;
|
|
case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
|
|
case SSL_ENABLE_RENEGOTIATION:
|
|
on = ss->opt.enableRenegotiation; break;
|
|
case SSL_REQUIRE_SAFE_NEGOTIATION:
|
|
on = ss->opt.requireSafeNegotiation; break;
|
|
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
|
|
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
|
|
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
|
|
case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
|
|
case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
|
|
case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
on = ss->opt.reuseServerECDHEKey; break;
|
|
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
|
|
case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
ssl_Release1stHandshakeLock(ss);
|
|
|
|
*pOn = on;
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
PRBool on = PR_FALSE;
|
|
|
|
if (!pOn) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
ssl_SetDefaultsFromEnvironment();
|
|
|
|
switch (which) {
|
|
case SSL_SOCKS: on = PR_FALSE; break;
|
|
case SSL_SECURITY: on = ssl_defaults.useSecurity; break;
|
|
case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
|
|
case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
|
|
case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break;
|
|
case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break;
|
|
case SSL_ENABLE_TLS:
|
|
on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
|
|
break;
|
|
case SSL_ENABLE_SSL3:
|
|
on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
|
|
break;
|
|
case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break;
|
|
case SSL_NO_CACHE: on = ssl_defaults.noCache; break;
|
|
case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break;
|
|
case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break;
|
|
case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break;
|
|
case SSL_NO_STEP_DOWN: on = ssl_defaults.noStepDown; break;
|
|
case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break;
|
|
case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break;
|
|
case SSL_ENABLE_SESSION_TICKETS:
|
|
on = ssl_defaults.enableSessionTickets;
|
|
break;
|
|
case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break;
|
|
case SSL_ENABLE_RENEGOTIATION:
|
|
on = ssl_defaults.enableRenegotiation; break;
|
|
case SSL_REQUIRE_SAFE_NEGOTIATION:
|
|
on = ssl_defaults.requireSafeNegotiation;
|
|
break;
|
|
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
|
|
case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
|
|
case SSL_ENABLE_OCSP_STAPLING:
|
|
on = ssl_defaults.enableOCSPStapling;
|
|
break;
|
|
case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
|
|
case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
|
|
case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
on = ssl_defaults.reuseServerECDHEKey;
|
|
break;
|
|
case SSL_ENABLE_FALLBACK_SCSV:
|
|
on = ssl_defaults.enableFallbackSCSV;
|
|
break;
|
|
case SSL_ENABLE_SERVER_DHE:
|
|
on = ssl_defaults.enableServerDhe;
|
|
break;
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
rv = SECFailure;
|
|
}
|
|
|
|
*pOn = on;
|
|
return rv;
|
|
}
|
|
|
|
/* XXX Use Global Lock to protect this stuff. */
|
|
SECStatus
|
|
SSL_EnableDefault(int which, PRBool on)
|
|
{
|
|
return SSL_OptionSetDefault(which, on);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_OptionSetDefault(PRInt32 which, PRBool on)
|
|
{
|
|
SECStatus status = ssl_Init();
|
|
|
|
if (status != SECSuccess) {
|
|
return status;
|
|
}
|
|
|
|
ssl_SetDefaultsFromEnvironment();
|
|
|
|
switch (which) {
|
|
case SSL_SOCKS:
|
|
ssl_defaults.useSocks = PR_FALSE;
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
break;
|
|
|
|
case SSL_SECURITY:
|
|
ssl_defaults.useSecurity = on;
|
|
break;
|
|
|
|
case SSL_REQUEST_CERTIFICATE:
|
|
ssl_defaults.requestCertificate = on;
|
|
break;
|
|
|
|
case SSL_REQUIRE_CERTIFICATE:
|
|
ssl_defaults.requireCertificate = on;
|
|
break;
|
|
|
|
case SSL_HANDSHAKE_AS_CLIENT:
|
|
if ( ssl_defaults.handshakeAsServer && on ) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
ssl_defaults.handshakeAsClient = on;
|
|
break;
|
|
|
|
case SSL_HANDSHAKE_AS_SERVER:
|
|
if ( ssl_defaults.handshakeAsClient && on ) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
ssl_defaults.handshakeAsServer = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_TLS:
|
|
ssl_EnableTLS(&versions_defaults_stream, on);
|
|
break;
|
|
|
|
case SSL_ENABLE_SSL3:
|
|
ssl_EnableSSL3(&versions_defaults_stream, on);
|
|
break;
|
|
|
|
case SSL_ENABLE_SSL2:
|
|
ssl_defaults.enableSSL2 = on;
|
|
if (on) {
|
|
ssl_defaults.v2CompatibleHello = on;
|
|
}
|
|
break;
|
|
|
|
case SSL_NO_CACHE:
|
|
ssl_defaults.noCache = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FDX:
|
|
if (on && ssl_defaults.noLocks) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
ssl_defaults.fdx = on;
|
|
break;
|
|
|
|
case SSL_V2_COMPATIBLE_HELLO:
|
|
ssl_defaults.v2CompatibleHello = on;
|
|
if (!on) {
|
|
ssl_defaults.enableSSL2 = on;
|
|
}
|
|
break;
|
|
|
|
case SSL_ROLLBACK_DETECTION:
|
|
ssl_defaults.detectRollBack = on;
|
|
break;
|
|
|
|
case SSL_NO_STEP_DOWN:
|
|
ssl_defaults.noStepDown = on;
|
|
if (on)
|
|
SSL_DisableDefaultExportCipherSuites();
|
|
break;
|
|
|
|
case SSL_BYPASS_PKCS11:
|
|
if (PR_FALSE != on) {
|
|
if (PR_SUCCESS == SSL_BypassSetup()) {
|
|
#ifdef NO_PKCS11_BYPASS
|
|
ssl_defaults.bypassPKCS11 = PR_FALSE;
|
|
#else
|
|
ssl_defaults.bypassPKCS11 = on;
|
|
#endif
|
|
} else {
|
|
return SECFailure;
|
|
}
|
|
} else {
|
|
ssl_defaults.bypassPKCS11 = PR_FALSE;
|
|
}
|
|
break;
|
|
|
|
case SSL_NO_LOCKS:
|
|
if (on && ssl_defaults.fdx) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
if (on && ssl_force_locks)
|
|
on = PR_FALSE; /* silent override */
|
|
ssl_defaults.noLocks = on;
|
|
if (on) {
|
|
locksEverDisabled = PR_TRUE;
|
|
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
|
|
}
|
|
break;
|
|
|
|
case SSL_ENABLE_SESSION_TICKETS:
|
|
ssl_defaults.enableSessionTickets = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_DEFLATE:
|
|
ssl_defaults.enableDeflate = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_RENEGOTIATION:
|
|
ssl_defaults.enableRenegotiation = on;
|
|
break;
|
|
|
|
case SSL_REQUIRE_SAFE_NEGOTIATION:
|
|
ssl_defaults.requireSafeNegotiation = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FALSE_START:
|
|
ssl_defaults.enableFalseStart = on;
|
|
break;
|
|
|
|
case SSL_CBC_RANDOM_IV:
|
|
ssl_defaults.cbcRandomIV = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_OCSP_STAPLING:
|
|
ssl_defaults.enableOCSPStapling = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_NPN:
|
|
ssl_defaults.enableNPN = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_ALPN:
|
|
ssl_defaults.enableALPN = on;
|
|
break;
|
|
|
|
case SSL_REUSE_SERVER_ECDHE_KEY:
|
|
ssl_defaults.reuseServerECDHEKey = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_FALLBACK_SCSV:
|
|
ssl_defaults.enableFallbackSCSV = on;
|
|
break;
|
|
|
|
case SSL_ENABLE_SERVER_DHE:
|
|
ssl_defaults.enableServerDhe = on;
|
|
break;
|
|
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
/* function tells us if the cipher suite is one that we no longer support. */
|
|
static PRBool
|
|
ssl_IsRemovedCipherSuite(PRInt32 suite)
|
|
{
|
|
switch (suite) {
|
|
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
|
|
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
|
|
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
|
|
return PR_TRUE;
|
|
default:
|
|
return PR_FALSE;
|
|
}
|
|
}
|
|
|
|
/* Part of the public NSS API.
|
|
* Since this is a global (not per-socket) setting, we cannot use the
|
|
* HandshakeLock to protect this. Probably want a global lock.
|
|
*/
|
|
SECStatus
|
|
SSL_SetPolicy(long which, int policy)
|
|
{
|
|
if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
|
|
/* one of the two old FIPS ciphers */
|
|
if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
|
|
which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
|
|
else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
|
|
which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which))
|
|
return SECSuccess;
|
|
return SSL_CipherPolicySet(which, policy);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
|
|
{
|
|
SECStatus rv = ssl_Init();
|
|
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
|
|
if (ssl_IsRemovedCipherSuite(which)) {
|
|
rv = SECSuccess;
|
|
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_SetPolicy(which, policy);
|
|
} else {
|
|
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
|
|
{
|
|
SECStatus rv;
|
|
|
|
if (!oPolicy) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which)) {
|
|
*oPolicy = SSL_NOT_ALLOWED;
|
|
rv = SECSuccess;
|
|
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_GetPolicy(which, oPolicy);
|
|
} else {
|
|
rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
/* Part of the public NSS API.
|
|
* Since this is a global (not per-socket) setting, we cannot use the
|
|
* HandshakeLock to protect this. Probably want a global lock.
|
|
* These changes have no effect on any sslSockets already created.
|
|
*/
|
|
SECStatus
|
|
SSL_EnableCipher(long which, PRBool enabled)
|
|
{
|
|
if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) {
|
|
/* one of the two old FIPS ciphers */
|
|
if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA)
|
|
which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA;
|
|
else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA)
|
|
which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which))
|
|
return SECSuccess;
|
|
return SSL_CipherPrefSetDefault(which, enabled);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
|
|
{
|
|
SECStatus rv = ssl_Init();
|
|
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
|
|
if (ssl_IsRemovedCipherSuite(which))
|
|
return SECSuccess;
|
|
if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
|
return SECFailure;
|
|
}
|
|
if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_CipherPrefSetDefault(which, enabled);
|
|
} else {
|
|
rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
|
|
{
|
|
SECStatus rv;
|
|
|
|
if (!enabled) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which)) {
|
|
*enabled = PR_FALSE;
|
|
rv = SECSuccess;
|
|
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_CipherPrefGetDefault(which, enabled);
|
|
} else {
|
|
rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
|
|
{
|
|
SECStatus rv;
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which))
|
|
return SECSuccess;
|
|
if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
|
return SECFailure;
|
|
}
|
|
if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_CipherPrefSet(ss, which, enabled);
|
|
} else {
|
|
rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
|
|
{
|
|
SECStatus rv;
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!enabled) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
|
|
*enabled = PR_FALSE;
|
|
return SECFailure;
|
|
}
|
|
if (ssl_IsRemovedCipherSuite(which)) {
|
|
*enabled = PR_FALSE;
|
|
rv = SECSuccess;
|
|
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
|
rv = ssl2_CipherPrefGet(ss, which, enabled);
|
|
} else {
|
|
rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
NSS_SetDomesticPolicy(void)
|
|
{
|
|
SECStatus status = SECSuccess;
|
|
const PRUint16 *cipher;
|
|
|
|
for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
|
|
status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
|
|
if (status != SECSuccess)
|
|
break;
|
|
}
|
|
return status;
|
|
}
|
|
|
|
SECStatus
|
|
NSS_SetExportPolicy(void)
|
|
{
|
|
return NSS_SetDomesticPolicy();
|
|
}
|
|
|
|
SECStatus
|
|
NSS_SetFrancePolicy(void)
|
|
{
|
|
return NSS_SetDomesticPolicy();
|
|
}
|
|
|
|
SECStatus
|
|
SSL_DHEGroupPrefSet(PRFileDesc *fd,
|
|
SSLDHEGroupType *groups,
|
|
PRUint16 num_groups)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
if ((num_groups && !groups) || (!num_groups && groups)) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (ss->ssl3.dheGroups) {
|
|
PORT_Free(ss->ssl3.dheGroups);
|
|
ss->ssl3.dheGroups = NULL;
|
|
ss->ssl3.numDHEGroups = 0;
|
|
}
|
|
|
|
if (groups) {
|
|
ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
|
|
if (!ss->ssl3.dheGroups) {
|
|
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
|
return SECFailure;
|
|
}
|
|
PORT_Memcpy(ss->ssl3.dheGroups, groups,
|
|
sizeof(SSLDHEGroupType) * num_groups);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
|
|
PRCallOnceType gWeakDHParamsRegisterOnce;
|
|
int gWeakDHParamsRegisterError;
|
|
|
|
PRCallOnceType gWeakDHParamsOnce;
|
|
int gWeakDHParamsError;
|
|
/* As our code allocates type PQGParams, we'll keep it around,
|
|
* even though we only make use of it's parameters through gWeakDHParam. */
|
|
static PQGParams *gWeakParamsPQG;
|
|
static ssl3DHParams *gWeakDHParams;
|
|
|
|
static PRStatus
|
|
ssl3_CreateWeakDHParams()
|
|
{
|
|
PQGVerify *vfy;
|
|
SECStatus rv, passed;
|
|
|
|
PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
|
|
|
|
rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
|
|
&gWeakParamsPQG, &vfy);
|
|
if (rv != SECSuccess) {
|
|
gWeakDHParamsError = PORT_GetError();
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
|
|
if (rv != SECSuccess || passed != SECSuccess) {
|
|
SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
|
|
SSL_GETPID()));
|
|
gWeakDHParamsError = PORT_GetError();
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
|
|
if (!gWeakDHParams) {
|
|
gWeakDHParamsError = PORT_GetError();
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
|
|
gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
|
|
gWeakDHParams->base.data = gWeakParamsPQG->base.data;
|
|
gWeakDHParams->base.len = gWeakParamsPQG->base.len;
|
|
|
|
PK11_PQG_DestroyVerify(vfy);
|
|
return PR_SUCCESS;
|
|
}
|
|
|
|
static SECStatus
|
|
ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
|
|
{
|
|
if (gWeakParamsPQG) {
|
|
PK11_PQG_DestroyParams(gWeakParamsPQG);
|
|
gWeakParamsPQG = NULL;
|
|
gWeakDHParams = NULL;
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
static PRStatus
|
|
ssl3_WeakDHParamsRegisterShutdown(void)
|
|
{
|
|
SECStatus rv;
|
|
rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
|
|
if (rv != SECSuccess) {
|
|
gWeakDHParamsRegisterError = PORT_GetError();
|
|
}
|
|
return (PRStatus)rv;
|
|
}
|
|
|
|
/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
|
|
SECStatus
|
|
SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
|
|
{
|
|
sslSocket *ss;
|
|
PRStatus status;
|
|
|
|
if (enabled) {
|
|
status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
|
|
ssl3_WeakDHParamsRegisterShutdown);
|
|
if (status != PR_SUCCESS) {
|
|
PORT_SetError(gWeakDHParamsRegisterError);
|
|
return SECFailure;
|
|
}
|
|
|
|
status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
|
|
if (status != PR_SUCCESS) {
|
|
PORT_SetError(gWeakDHParamsError);
|
|
return SECFailure;
|
|
}
|
|
}
|
|
|
|
if (!fd)
|
|
return SECSuccess;
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
ss->ssl3.dheWeakGroupEnabled = enabled;
|
|
return SECSuccess;
|
|
}
|
|
|
|
#include "dhe-param.c"
|
|
|
|
static const SSLDHEGroupType ssl_default_dhe_groups[] = {
|
|
ssl_ff_dhe_2048_group
|
|
};
|
|
|
|
/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
|
|
static const ssl3DHParams *all_ssl3DHParams[] = {
|
|
NULL, /* ssl_dhe_group_none */
|
|
&ff_dhe_2048,
|
|
&ff_dhe_3072,
|
|
&ff_dhe_4096,
|
|
&ff_dhe_6144,
|
|
&ff_dhe_8192,
|
|
};
|
|
|
|
static SSLDHEGroupType
|
|
selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
|
|
{
|
|
if (!groups || !num_groups)
|
|
return ssl_dhe_group_none;
|
|
|
|
/* We don't have automatic group parameter selection yet
|
|
* (potentially) based on socket parameters, e.g. key sizes.
|
|
* For now, we return the first available group from the allowed list. */
|
|
return groups[0];
|
|
}
|
|
|
|
/* Ensure DH parameters have been selected */
|
|
SECStatus
|
|
ssl3_SelectDHParams(sslSocket *ss)
|
|
{
|
|
SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
|
|
|
|
if (ss->ssl3.dheWeakGroupEnabled) {
|
|
ss->dheParams = gWeakDHParams;
|
|
} else {
|
|
if (ss->ssl3.dheGroups) {
|
|
selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
|
|
ss->ssl3.numDHEGroups);
|
|
} else {
|
|
size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
|
|
selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
|
|
number_of_default_groups);
|
|
}
|
|
|
|
if (selectedGroup == ssl_dhe_group_none ||
|
|
selectedGroup >= ssl_dhe_group_max) {
|
|
return SECFailure;
|
|
}
|
|
|
|
ss->dheParams = all_ssl3DHParams[selectedGroup];
|
|
}
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
/* LOCKS ??? XXX */
|
|
static PRFileDesc *
|
|
ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
|
|
{
|
|
sslSocket * ns = NULL;
|
|
PRStatus rv;
|
|
PRNetAddr addr;
|
|
SECStatus status = ssl_Init();
|
|
|
|
if (status != SECSuccess) {
|
|
return NULL;
|
|
}
|
|
|
|
if (model == NULL) {
|
|
/* Just create a default socket if we're given NULL for the model */
|
|
ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
|
|
} else {
|
|
sslSocket * ss = ssl_FindSocket(model);
|
|
if (ss == NULL || ss->protocolVariant != variant) {
|
|
SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
|
|
SSL_GETPID(), model));
|
|
return NULL;
|
|
}
|
|
ns = ssl_DupSocket(ss);
|
|
}
|
|
if (ns == NULL)
|
|
return NULL;
|
|
|
|
rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
|
|
if (rv != PR_SUCCESS) {
|
|
ssl_FreeSocket(ns);
|
|
SET_ERROR_CODE
|
|
return NULL;
|
|
}
|
|
#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
|
|
{
|
|
sslSocket * ss = ssl_FindSocket(fd);
|
|
PORT_Assert(ss == ns);
|
|
}
|
|
#endif
|
|
ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
|
|
return fd;
|
|
}
|
|
|
|
PRFileDesc *
|
|
SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
|
|
{
|
|
return ssl_ImportFD(model, fd, ssl_variant_stream);
|
|
}
|
|
|
|
PRFileDesc *
|
|
DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
|
|
{
|
|
return ssl_ImportFD(model, fd, ssl_variant_datagram);
|
|
}
|
|
|
|
/* SSL_SetNextProtoCallback is used to select an application protocol
|
|
* for ALPN and NPN. For ALPN, this runs on the server; for NPN it
|
|
* runs on the client. */
|
|
/* Note: The ALPN version doesn't allow for the use of a default, setting a
|
|
* status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
|
|
SECStatus
|
|
SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
|
|
void *arg)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
|
|
fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
ss->nextProtoCallback = callback;
|
|
ss->nextProtoArg = arg;
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
|
|
* SSL_SetNextProtoNego is used.
|
|
*/
|
|
static SECStatus
|
|
ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
|
|
const unsigned char *protos, unsigned int protos_len,
|
|
unsigned char *protoOut, unsigned int *protoOutLen,
|
|
unsigned int protoMaxLen)
|
|
{
|
|
unsigned int i, j;
|
|
const unsigned char *result;
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
/* For each protocol in server preference, see if we support it. */
|
|
for (i = 0; i < protos_len; ) {
|
|
for (j = 0; j < ss->opt.nextProtoNego.len; ) {
|
|
if (protos[i] == ss->opt.nextProtoNego.data[j] &&
|
|
PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
|
|
protos[i]) == 0) {
|
|
/* We found a match. */
|
|
ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
|
|
result = &protos[i];
|
|
goto found;
|
|
}
|
|
j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
|
|
}
|
|
i += 1 + (unsigned int)protos[i];
|
|
}
|
|
|
|
/* The other side supports the extension, and either doesn't have any
|
|
* protocols configured, or none of its options match ours. In this case we
|
|
* request our favoured protocol. */
|
|
/* This will be treated as a failure for ALPN. */
|
|
ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
|
|
result = ss->opt.nextProtoNego.data;
|
|
|
|
found:
|
|
if (protoMaxLen < result[0]) {
|
|
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
|
return SECFailure;
|
|
}
|
|
memcpy(protoOut, result + 1, result[0]);
|
|
*protoOutLen = result[0];
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
|
|
unsigned int length)
|
|
{
|
|
sslSocket *ss;
|
|
SECStatus rv;
|
|
SECItem dataItem = { siBuffer, (unsigned char *) data, length };
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
|
|
return SECFailure;
|
|
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
|
|
rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
|
|
if (rv != SECSuccess)
|
|
return rv;
|
|
|
|
return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
|
|
unsigned int *bufLen, unsigned int bufLenMax)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
|
|
fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (!state || !buf || !bufLen) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
*state = ss->ssl3.nextProtoState;
|
|
|
|
if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
|
|
ss->ssl3.nextProto.data) {
|
|
if (ss->ssl3.nextProto.len > bufLenMax) {
|
|
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
|
return SECFailure;
|
|
}
|
|
PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
|
|
*bufLen = ss->ssl3.nextProto.len;
|
|
} else {
|
|
*bufLen = 0;
|
|
}
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
|
|
const PRUint16 *ciphers,
|
|
unsigned int numCiphers)
|
|
{
|
|
sslSocket *ss;
|
|
unsigned int i;
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss || !IS_DTLS(ss)) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
|
|
SSL_GETPID(), fd));
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
ss->ssl3.dtlsSRTPCipherCount = 0;
|
|
for (i = 0; i < numCiphers; i++) {
|
|
const PRUint16 *srtpCipher = srtpCiphers;
|
|
|
|
while (*srtpCipher) {
|
|
if (ciphers[i] == *srtpCipher)
|
|
break;
|
|
srtpCipher++;
|
|
}
|
|
if (*srtpCipher) {
|
|
ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
|
|
ciphers[i];
|
|
} else {
|
|
SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
|
|
"suite specified: 0x%04hx", SSL_GETPID(), fd,
|
|
ciphers[i]));
|
|
}
|
|
}
|
|
|
|
if (ss->ssl3.dtlsSRTPCipherCount == 0) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
|
|
{
|
|
sslSocket * ss;
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
|
|
SSL_GETPID(), fd));
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
if (!ss->ssl3.dtlsSRTPCipherSuite) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
*cipher = ss->ssl3.dtlsSRTPCipherSuite;
|
|
return SECSuccess;
|
|
}
|
|
|
|
PRFileDesc *
|
|
SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|
{
|
|
sslSocket * sm = NULL, *ss = NULL;
|
|
int i;
|
|
sslServerCerts * mc = NULL;
|
|
sslServerCerts * sc = NULL;
|
|
|
|
if (model == NULL) {
|
|
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
|
|
return NULL;
|
|
}
|
|
sm = ssl_FindSocket(model);
|
|
if (sm == NULL) {
|
|
SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
|
|
SSL_GETPID(), model));
|
|
return NULL;
|
|
}
|
|
ss = ssl_FindSocket(fd);
|
|
PORT_Assert(ss);
|
|
if (ss == NULL) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return NULL;
|
|
}
|
|
|
|
ss->opt = sm->opt;
|
|
ss->vrange = sm->vrange;
|
|
PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
|
|
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
|
|
sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
|
|
ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
|
|
|
|
if (!ss->opt.useSecurity) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return NULL;
|
|
}
|
|
/* This int should be SSLKEAType, but CC on Irix complains,
|
|
* during the for loop.
|
|
*/
|
|
for (i=kt_null; i < kt_kea_size; i++) {
|
|
mc = &(sm->serverCerts[i]);
|
|
sc = &(ss->serverCerts[i]);
|
|
if (mc->serverCert && mc->serverCertChain) {
|
|
if (sc->serverCert) {
|
|
CERT_DestroyCertificate(sc->serverCert);
|
|
}
|
|
sc->serverCert = CERT_DupCertificate(mc->serverCert);
|
|
if (sc->serverCertChain) {
|
|
CERT_DestroyCertificateList(sc->serverCertChain);
|
|
}
|
|
sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
|
|
if (!sc->serverCertChain)
|
|
goto loser;
|
|
if (sm->certStatusArray[i]) {
|
|
if (ss->certStatusArray[i]) {
|
|
SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE);
|
|
ss->certStatusArray[i] = NULL;
|
|
}
|
|
ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]);
|
|
if (!ss->certStatusArray[i])
|
|
goto loser;
|
|
}
|
|
}
|
|
if (mc->serverKeyPair) {
|
|
if (sc->serverKeyPair) {
|
|
ssl3_FreeKeyPair(sc->serverKeyPair);
|
|
}
|
|
sc->serverKeyPair = ssl3_GetKeyPairRef(mc->serverKeyPair);
|
|
sc->serverKeyBits = mc->serverKeyBits;
|
|
}
|
|
}
|
|
if (sm->stepDownKeyPair) {
|
|
if (ss->stepDownKeyPair) {
|
|
ssl3_FreeKeyPair(ss->stepDownKeyPair);
|
|
}
|
|
ss->stepDownKeyPair = ssl3_GetKeyPairRef(sm->stepDownKeyPair);
|
|
}
|
|
if (sm->ephemeralECDHKeyPair) {
|
|
if (ss->ephemeralECDHKeyPair) {
|
|
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
|
|
}
|
|
ss->ephemeralECDHKeyPair =
|
|
ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
|
|
}
|
|
/* copy trust anchor names */
|
|
if (sm->ssl3.ca_list) {
|
|
if (ss->ssl3.ca_list) {
|
|
CERT_FreeDistNames(ss->ssl3.ca_list);
|
|
}
|
|
ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
|
|
if (!ss->ssl3.ca_list) {
|
|
goto loser;
|
|
}
|
|
}
|
|
|
|
if (sm->authCertificate)
|
|
ss->authCertificate = sm->authCertificate;
|
|
if (sm->authCertificateArg)
|
|
ss->authCertificateArg = sm->authCertificateArg;
|
|
if (sm->getClientAuthData)
|
|
ss->getClientAuthData = sm->getClientAuthData;
|
|
if (sm->getClientAuthDataArg)
|
|
ss->getClientAuthDataArg = sm->getClientAuthDataArg;
|
|
if (sm->sniSocketConfig)
|
|
ss->sniSocketConfig = sm->sniSocketConfig;
|
|
if (sm->sniSocketConfigArg)
|
|
ss->sniSocketConfigArg = sm->sniSocketConfigArg;
|
|
if (sm->handleBadCert)
|
|
ss->handleBadCert = sm->handleBadCert;
|
|
if (sm->badCertArg)
|
|
ss->badCertArg = sm->badCertArg;
|
|
if (sm->handshakeCallback)
|
|
ss->handshakeCallback = sm->handshakeCallback;
|
|
if (sm->handshakeCallbackData)
|
|
ss->handshakeCallbackData = sm->handshakeCallbackData;
|
|
if (sm->pkcs11PinArg)
|
|
ss->pkcs11PinArg = sm->pkcs11PinArg;
|
|
return fd;
|
|
loser:
|
|
return NULL;
|
|
}
|
|
|
|
PRBool
|
|
ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
|
|
SSL3ProtocolVersion version)
|
|
{
|
|
switch (protocolVariant) {
|
|
case ssl_variant_stream:
|
|
return (version >= SSL_LIBRARY_VERSION_3_0 &&
|
|
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
|
case ssl_variant_datagram:
|
|
return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
|
|
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
|
default:
|
|
/* Can't get here */
|
|
PORT_Assert(PR_FALSE);
|
|
return PR_FALSE;
|
|
}
|
|
}
|
|
|
|
/* Returns PR_TRUE if the given version range is valid and
|
|
** fully supported; otherwise, returns PR_FALSE.
|
|
*/
|
|
static PRBool
|
|
ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
|
|
const SSLVersionRange *vrange)
|
|
{
|
|
return vrange &&
|
|
vrange->min <= vrange->max &&
|
|
ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
|
|
ssl3_VersionIsSupported(protocolVariant, vrange->max);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
|
|
SSLVersionRange *vrange)
|
|
{
|
|
if (!vrange) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
switch (protocolVariant) {
|
|
case ssl_variant_stream:
|
|
vrange->min = SSL_LIBRARY_VERSION_3_0;
|
|
vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
|
break;
|
|
case ssl_variant_datagram:
|
|
vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
|
|
vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
|
break;
|
|
default:
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
|
|
SSLVersionRange *vrange)
|
|
{
|
|
if ((protocolVariant != ssl_variant_stream &&
|
|
protocolVariant != ssl_variant_datagram) || !vrange) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
*vrange = *VERSIONS_DEFAULTS(protocolVariant);
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
|
|
const SSLVersionRange *vrange)
|
|
{
|
|
if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
|
|
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
|
return SECFailure;
|
|
}
|
|
|
|
*VERSIONS_DEFAULTS(protocolVariant) = *vrange;
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (!vrange) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
return SECFailure;
|
|
}
|
|
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
*vrange = ss->vrange;
|
|
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
ssl_Release1stHandshakeLock(ss);
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
|
|
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
|
return SECFailure;
|
|
}
|
|
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
ss->vrange = *vrange;
|
|
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
ssl_Release1stHandshakeLock(ss);
|
|
|
|
return SECSuccess;
|
|
}
|
|
|
|
const SECItemArray *
|
|
SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
|
|
{
|
|
sslSocket *ss = ssl_FindSocket(fd);
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
|
|
SSL_GETPID(), fd));
|
|
return NULL;
|
|
}
|
|
|
|
if (!ss->sec.ci.sid) {
|
|
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
|
|
return NULL;
|
|
}
|
|
|
|
return &ss->sec.ci.sid->peerCertStatus;
|
|
}
|
|
|
|
/************************************************************************/
|
|
/* The following functions are the TOP LEVEL SSL functions.
|
|
** They all get called through the NSPRIOMethods table below.
|
|
*/
|
|
|
|
static PRFileDesc * PR_CALLBACK
|
|
ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
|
|
{
|
|
sslSocket *ss;
|
|
sslSocket *ns = NULL;
|
|
PRFileDesc *newfd = NULL;
|
|
PRFileDesc *osfd;
|
|
PRStatus status;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
|
|
return NULL;
|
|
}
|
|
|
|
/* IF this is a listen socket, there shouldn't be any I/O going on */
|
|
SSL_LOCK_READER(ss);
|
|
SSL_LOCK_WRITER(ss);
|
|
ssl_Get1stHandshakeLock(ss);
|
|
ssl_GetSSL3HandshakeLock(ss);
|
|
|
|
ss->cTimeout = timeout;
|
|
|
|
osfd = ss->fd->lower;
|
|
|
|
/* First accept connection */
|
|
newfd = osfd->methods->accept(osfd, sockaddr, timeout);
|
|
if (newfd == NULL) {
|
|
SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
|
|
SSL_GETPID(), ss->fd, PORT_GetError()));
|
|
} else {
|
|
/* Create ssl module */
|
|
ns = ssl_DupSocket(ss);
|
|
}
|
|
|
|
ssl_ReleaseSSL3HandshakeLock(ss);
|
|
ssl_Release1stHandshakeLock(ss);
|
|
SSL_UNLOCK_WRITER(ss);
|
|
SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
|
|
|
|
if (ns == NULL)
|
|
goto loser;
|
|
|
|
/* push ssl module onto the new socket */
|
|
status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
|
|
if (status != PR_SUCCESS)
|
|
goto loser;
|
|
|
|
/* Now start server connection handshake with client.
|
|
** Don't need locks here because nobody else has a reference to ns yet.
|
|
*/
|
|
if ( ns->opt.useSecurity ) {
|
|
if ( ns->opt.handshakeAsClient ) {
|
|
ns->handshake = ssl2_BeginClientHandshake;
|
|
ss->handshaking = sslHandshakingAsClient;
|
|
} else {
|
|
ns->handshake = ssl2_BeginServerHandshake;
|
|
ss->handshaking = sslHandshakingAsServer;
|
|
}
|
|
}
|
|
ns->TCPconnected = 1;
|
|
return newfd;
|
|
|
|
loser:
|
|
if (ns != NULL)
|
|
ssl_FreeSocket(ns);
|
|
if (newfd != NULL)
|
|
PR_Close(newfd);
|
|
return NULL;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
|
|
{
|
|
sslSocket *ss;
|
|
PRStatus rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
/* IF this is a listen socket, there shouldn't be any I/O going on */
|
|
SSL_LOCK_READER(ss);
|
|
SSL_LOCK_WRITER(ss);
|
|
|
|
ss->cTimeout = timeout;
|
|
rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
|
|
|
|
SSL_UNLOCK_WRITER(ss);
|
|
SSL_UNLOCK_READER(ss);
|
|
|
|
return rv;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
|
|
{
|
|
sslSocket * ss = ssl_GetPrivate(fd);
|
|
PRStatus rv;
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
SSL_LOCK_READER(ss);
|
|
SSL_LOCK_WRITER(ss);
|
|
|
|
rv = (PRStatus)(*ss->ops->bind)(ss, addr);
|
|
|
|
SSL_UNLOCK_WRITER(ss);
|
|
SSL_UNLOCK_READER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_Listen(PRFileDesc *fd, PRIntn backlog)
|
|
{
|
|
sslSocket * ss = ssl_GetPrivate(fd);
|
|
PRStatus rv;
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
SSL_LOCK_READER(ss);
|
|
SSL_LOCK_WRITER(ss);
|
|
|
|
rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
|
|
|
|
SSL_UNLOCK_WRITER(ss);
|
|
SSL_UNLOCK_READER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_Shutdown(PRFileDesc *fd, PRIntn how)
|
|
{
|
|
sslSocket * ss = ssl_GetPrivate(fd);
|
|
PRStatus rv;
|
|
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
|
|
SSL_LOCK_READER(ss);
|
|
}
|
|
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
|
|
SSL_LOCK_WRITER(ss);
|
|
}
|
|
|
|
rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
|
|
|
|
if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
|
|
SSL_UNLOCK_WRITER(ss);
|
|
}
|
|
if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
|
|
SSL_UNLOCK_READER(ss);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_Close(PRFileDesc *fd)
|
|
{
|
|
sslSocket *ss;
|
|
PRStatus rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
/* There must not be any I/O going on */
|
|
SSL_LOCK_READER(ss);
|
|
SSL_LOCK_WRITER(ss);
|
|
|
|
/* By the time this function returns,
|
|
** ss is an invalid pointer, and the locks to which it points have
|
|
** been unlocked and freed. So, this is the ONE PLACE in all of SSL
|
|
** where the LOCK calls and the corresponding UNLOCK calls are not in
|
|
** the same function scope. The unlock calls are in ssl_FreeSocket().
|
|
*/
|
|
rv = (PRStatus)(*ss->ops->close)(ss);
|
|
|
|
return rv;
|
|
}
|
|
|
|
static int PR_CALLBACK
|
|
ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
|
|
PRIntervalTime timeout)
|
|
{
|
|
sslSocket *ss;
|
|
int rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
SSL_LOCK_READER(ss);
|
|
ss->rTimeout = timeout;
|
|
if (!ss->opt.fdx)
|
|
ss->wTimeout = timeout;
|
|
rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags);
|
|
SSL_UNLOCK_READER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static int PR_CALLBACK
|
|
ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
|
|
PRIntervalTime timeout)
|
|
{
|
|
sslSocket *ss;
|
|
int rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
SSL_LOCK_WRITER(ss);
|
|
ss->wTimeout = timeout;
|
|
if (!ss->opt.fdx)
|
|
ss->rTimeout = timeout;
|
|
rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags);
|
|
SSL_UNLOCK_WRITER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static int PR_CALLBACK
|
|
ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
|
|
{
|
|
sslSocket *ss;
|
|
int rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
SSL_LOCK_READER(ss);
|
|
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
if (!ss->opt.fdx)
|
|
ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
rv = (*ss->ops->read)(ss, (unsigned char*)buf, len);
|
|
SSL_UNLOCK_READER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static int PR_CALLBACK
|
|
ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
|
|
{
|
|
sslSocket *ss;
|
|
int rv;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
SSL_LOCK_WRITER(ss);
|
|
ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
if (!ss->opt.fdx)
|
|
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len);
|
|
SSL_UNLOCK_WRITER(ss);
|
|
return rv;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
return (PRStatus)(*ss->ops->getpeername)(ss, addr);
|
|
}
|
|
|
|
/*
|
|
*/
|
|
SECStatus
|
|
ssl_GetPeerInfo(sslSocket *ss)
|
|
{
|
|
PRFileDesc * osfd;
|
|
int rv;
|
|
PRNetAddr sin;
|
|
|
|
osfd = ss->fd->lower;
|
|
|
|
PORT_Memset(&sin, 0, sizeof(sin));
|
|
rv = osfd->methods->getpeername(osfd, &sin);
|
|
if (rv < 0) {
|
|
return SECFailure;
|
|
}
|
|
ss->TCPconnected = 1;
|
|
if (sin.inet.family == PR_AF_INET) {
|
|
PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
|
|
ss->sec.ci.port = sin.inet.port;
|
|
} else if (sin.ipv6.family == PR_AF_INET6) {
|
|
ss->sec.ci.peer = sin.ipv6.ip;
|
|
ss->sec.ci.port = sin.ipv6.port;
|
|
} else {
|
|
PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
|
|
return SECFailure;
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
|
|
return PR_FAILURE;
|
|
}
|
|
return (PRStatus)(*ss->ops->getsockname)(ss, name);
|
|
}
|
|
|
|
SECStatus
|
|
SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
|
|
SSLKEAType kea)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if ( kea <= 0 || kea >= kt_kea_size) {
|
|
SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (ss->certStatusArray[kea]) {
|
|
SECITEM_FreeArray(ss->certStatusArray[kea], PR_TRUE);
|
|
ss->certStatusArray[kea] = NULL;
|
|
}
|
|
if (responses) {
|
|
ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses);
|
|
}
|
|
return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure;
|
|
}
|
|
|
|
SECStatus
|
|
SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
ss = ssl_FindSocket(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
|
|
SSL_GETPID(), fd));
|
|
return SECFailure;
|
|
}
|
|
|
|
if (ss->peerID) {
|
|
PORT_Free(ss->peerID);
|
|
ss->peerID = NULL;
|
|
}
|
|
if (peerID)
|
|
ss->peerID = PORT_Strdup(peerID);
|
|
return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
|
|
}
|
|
|
|
#define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
|
|
|
|
static PRInt16 PR_CALLBACK
|
|
ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
|
|
{
|
|
sslSocket *ss;
|
|
PRInt16 new_flags = how_flags; /* should select on these flags. */
|
|
PRNetAddr addr;
|
|
|
|
*p_out_flags = 0;
|
|
ss = ssl_GetPrivate(fd);
|
|
if (!ss) {
|
|
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
|
|
SSL_GETPID(), fd));
|
|
return 0; /* don't poll on this socket */
|
|
}
|
|
|
|
if (ss->opt.useSecurity &&
|
|
ss->handshaking != sslHandshakingUndetermined &&
|
|
!ss->firstHsDone &&
|
|
(how_flags & PR_POLL_RW)) {
|
|
if (!ss->TCPconnected) {
|
|
ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
|
|
}
|
|
/* If it's not connected, then presumably the application is polling
|
|
** on read or write appropriately, so don't change it.
|
|
*/
|
|
if (ss->TCPconnected) {
|
|
if (!ss->handshakeBegun) {
|
|
/* If the handshake has not begun, poll on read or write
|
|
** based on the local application's role in the handshake,
|
|
** not based on what the application requested.
|
|
*/
|
|
new_flags &= ~PR_POLL_RW;
|
|
if (ss->handshaking == sslHandshakingAsClient) {
|
|
new_flags |= PR_POLL_WRITE;
|
|
} else { /* handshaking as server */
|
|
new_flags |= PR_POLL_READ;
|
|
}
|
|
} else
|
|
/* First handshake is in progress */
|
|
if (ss->lastWriteBlocked) {
|
|
if (new_flags & PR_POLL_READ) {
|
|
/* The caller is waiting for data to be received,
|
|
** but the initial handshake is blocked on write, or the
|
|
** client's first handshake record has not been written.
|
|
** The code should select on write, not read.
|
|
*/
|
|
new_flags ^= PR_POLL_READ; /* don't select on read. */
|
|
new_flags |= PR_POLL_WRITE; /* do select on write. */
|
|
}
|
|
} else if (new_flags & PR_POLL_WRITE) {
|
|
/* The caller is trying to write, but the handshake is
|
|
** blocked waiting for data to read, and the first
|
|
** handshake has been sent. So do NOT to poll on write
|
|
** unless we did false start.
|
|
*/
|
|
if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
|
ss->ssl3.hs.canFalseStart)) {
|
|
new_flags ^= PR_POLL_WRITE; /* don't select on write. */
|
|
}
|
|
new_flags |= PR_POLL_READ; /* do select on read. */
|
|
}
|
|
}
|
|
} else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
|
|
*p_out_flags = PR_POLL_READ; /* it's ready already. */
|
|
return new_flags;
|
|
} else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
|
|
(ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
|
|
new_flags |= PR_POLL_WRITE; /* also select on write. */
|
|
}
|
|
|
|
if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
|
ss->ssl3.hs.restartTarget != NULL) {
|
|
/* Read and write will block until the asynchronous callback completes
|
|
* (e.g. until SSL_AuthCertificateComplete is called), so don't tell
|
|
* the caller to poll the socket unless there is pending write data.
|
|
*/
|
|
if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
|
|
/* Ignore any newly-received data on the socket, but do wait for
|
|
* the socket to become writable again. Here, it is OK for an error
|
|
* to be detected, because our logic for sending pending write data
|
|
* will allow us to report the error to the caller without the risk
|
|
* of the application spinning.
|
|
*/
|
|
new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
|
|
} else {
|
|
/* Unfortunately, clearing new_flags will make it impossible for
|
|
* the application to detect errors that it would otherwise be
|
|
* able to detect with PR_POLL_EXCEPT, until the asynchronous
|
|
* callback completes. However, we must clear all the flags to
|
|
* prevent the application from spinning (alternating between
|
|
* calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
|
|
* which won't actually report the I/O error while we are waiting
|
|
* for the asynchronous callback to complete).
|
|
*/
|
|
new_flags = 0;
|
|
}
|
|
}
|
|
|
|
if (new_flags && (fd->lower->methods->poll != NULL)) {
|
|
PRInt16 lower_out_flags = 0;
|
|
PRInt16 lower_new_flags;
|
|
lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
|
|
&lower_out_flags);
|
|
if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
|
|
PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
|
|
if (lower_out_flags & PR_POLL_READ)
|
|
out_flags |= PR_POLL_WRITE;
|
|
if (lower_out_flags & PR_POLL_WRITE)
|
|
out_flags |= PR_POLL_READ;
|
|
*p_out_flags = out_flags;
|
|
new_flags = how_flags;
|
|
} else {
|
|
*p_out_flags = lower_out_flags;
|
|
new_flags = lower_new_flags;
|
|
}
|
|
}
|
|
|
|
return new_flags;
|
|
}
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
|
|
const void *headers, PRInt32 hlen,
|
|
PRTransmitFileFlags flags, PRIntervalTime timeout)
|
|
{
|
|
PRSendFileData sfd;
|
|
|
|
sfd.fd = fd;
|
|
sfd.file_offset = 0;
|
|
sfd.file_nbytes = 0;
|
|
sfd.header = headers;
|
|
sfd.hlen = hlen;
|
|
sfd.trailer = NULL;
|
|
sfd.tlen = 0;
|
|
|
|
return sd->methods->sendfile(sd, &sfd, flags, timeout);
|
|
}
|
|
|
|
|
|
PRBool
|
|
ssl_FdIsBlocking(PRFileDesc *fd)
|
|
{
|
|
PRSocketOptionData opt;
|
|
PRStatus status;
|
|
|
|
opt.option = PR_SockOpt_Nonblocking;
|
|
opt.value.non_blocking = PR_FALSE;
|
|
status = PR_GetSocketOption(fd, &opt);
|
|
if (status != PR_SUCCESS)
|
|
return PR_FALSE;
|
|
return (PRBool)!opt.value.non_blocking;
|
|
}
|
|
|
|
PRBool
|
|
ssl_SocketIsBlocking(sslSocket *ss)
|
|
{
|
|
return ssl_FdIsBlocking(ss->fd);
|
|
}
|
|
|
|
PRInt32 sslFirstBufSize = 8 * 1024;
|
|
PRInt32 sslCopyLimit = 1024;
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
|
|
PRIntervalTime timeout)
|
|
{
|
|
PRInt32 i;
|
|
PRInt32 bufLen;
|
|
PRInt32 left;
|
|
PRInt32 rv;
|
|
PRInt32 sent = 0;
|
|
const PRInt32 first_len = sslFirstBufSize;
|
|
const PRInt32 limit = sslCopyLimit;
|
|
PRBool blocking;
|
|
PRIOVec myIov = { 0, 0 };
|
|
char buf[MAX_FRAGMENT_LENGTH];
|
|
|
|
if (vectors < 0) {
|
|
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
|
|
return -1;
|
|
}
|
|
if (vectors > PR_MAX_IOVECTOR_SIZE) {
|
|
PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
|
|
return -1;
|
|
}
|
|
for (i = 0; i < vectors; i++) {
|
|
if (iov[i].iov_len < 0) {
|
|
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
|
|
return -1;
|
|
}
|
|
}
|
|
blocking = ssl_FdIsBlocking(fd);
|
|
|
|
#define K16 sizeof(buf)
|
|
#define KILL_VECTORS while (vectors && !iov->iov_len) { ++iov; --vectors; }
|
|
#define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0)
|
|
#define HANDLE_ERR(rv, len) \
|
|
if (rv != len) { \
|
|
if (rv < 0) { \
|
|
if (!blocking \
|
|
&& (PR_GetError() == PR_WOULD_BLOCK_ERROR) \
|
|
&& (sent > 0)) { \
|
|
return sent; \
|
|
} else { \
|
|
return -1; \
|
|
} \
|
|
} \
|
|
/* Only a nonblocking socket can have partial sends */ \
|
|
PR_ASSERT(!blocking); \
|
|
return sent + rv; \
|
|
}
|
|
#define SEND(bfr, len) \
|
|
do { \
|
|
rv = ssl_Send(fd, bfr, len, 0, timeout); \
|
|
HANDLE_ERR(rv, len) \
|
|
sent += len; \
|
|
} while (0)
|
|
|
|
/* Make sure the first write is at least 8 KB, if possible. */
|
|
KILL_VECTORS
|
|
if (!vectors)
|
|
return ssl_Send(fd, 0, 0, 0, timeout);
|
|
GET_VECTOR;
|
|
if (!vectors) {
|
|
return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
|
|
}
|
|
if (myIov.iov_len < first_len) {
|
|
PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
|
|
bufLen = myIov.iov_len;
|
|
left = first_len - bufLen;
|
|
while (vectors && left) {
|
|
int toCopy;
|
|
GET_VECTOR;
|
|
toCopy = PR_MIN(left, myIov.iov_len);
|
|
PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
|
|
bufLen += toCopy;
|
|
left -= toCopy;
|
|
myIov.iov_base += toCopy;
|
|
myIov.iov_len -= toCopy;
|
|
}
|
|
SEND( buf, bufLen );
|
|
}
|
|
|
|
while (vectors || myIov.iov_len) {
|
|
PRInt32 addLen;
|
|
if (!myIov.iov_len) {
|
|
GET_VECTOR;
|
|
}
|
|
while (myIov.iov_len >= K16) {
|
|
SEND(myIov.iov_base, K16);
|
|
myIov.iov_base += K16;
|
|
myIov.iov_len -= K16;
|
|
}
|
|
if (!myIov.iov_len)
|
|
continue;
|
|
|
|
if (!vectors || myIov.iov_len > limit) {
|
|
addLen = 0;
|
|
} else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
|
|
/* Addlen is already computed. */;
|
|
} else if (vectors > 1 &&
|
|
iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
|
|
addLen = limit - myIov.iov_len;
|
|
} else
|
|
addLen = 0;
|
|
|
|
if (!addLen) {
|
|
SEND( myIov.iov_base, myIov.iov_len );
|
|
myIov.iov_len = 0;
|
|
continue;
|
|
}
|
|
PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
|
|
bufLen = myIov.iov_len;
|
|
do {
|
|
GET_VECTOR;
|
|
PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
|
|
myIov.iov_base += addLen;
|
|
myIov.iov_len -= addLen;
|
|
bufLen += addLen;
|
|
|
|
left = PR_MIN( limit, K16 - bufLen);
|
|
if (!vectors /* no more left */
|
|
|| myIov.iov_len > 0 /* we didn't use that one all up */
|
|
|| bufLen >= K16 /* it's full. */
|
|
) {
|
|
addLen = 0;
|
|
} else if ((addLen = iov->iov_len % K16) <= left) {
|
|
/* Addlen is already computed. */;
|
|
} else if (vectors > 1 &&
|
|
iov[1].iov_len % K16 + addLen <= left + limit) {
|
|
addLen = left;
|
|
} else
|
|
addLen = 0;
|
|
|
|
} while (addLen);
|
|
SEND( buf, bufLen );
|
|
}
|
|
return sent;
|
|
}
|
|
|
|
/*
|
|
* These functions aren't implemented.
|
|
*/
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_Available(PRFileDesc *fd)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return SECFailure;
|
|
}
|
|
|
|
static PRInt64 PR_CALLBACK
|
|
ssl_Available64(PRFileDesc *fd)
|
|
{
|
|
PRInt64 res;
|
|
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
LL_I2L(res, -1L);
|
|
return res;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_FSync(PRFileDesc *fd)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how) {
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return SECFailure;
|
|
}
|
|
|
|
static PRInt64 PR_CALLBACK
|
|
ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how) {
|
|
PRInt64 res;
|
|
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
LL_I2L(res, -1L);
|
|
return res;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
static PRStatus PR_CALLBACK
|
|
ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
|
|
PRNetAddr *addr, PRIntervalTime timeout)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return SECFailure;
|
|
}
|
|
|
|
static PRInt32 PR_CALLBACK
|
|
ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
|
|
const PRNetAddr *addr, PRIntervalTime timeout)
|
|
{
|
|
PORT_Assert(0);
|
|
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
|
|
return SECFailure;
|
|
}
|
|
|
|
static const PRIOMethods ssl_methods = {
|
|
PR_DESC_LAYERED,
|
|
ssl_Close, /* close */
|
|
ssl_Read, /* read */
|
|
ssl_Write, /* write */
|
|
ssl_Available, /* available */
|
|
ssl_Available64, /* available64 */
|
|
ssl_FSync, /* fsync */
|
|
ssl_Seek, /* seek */
|
|
ssl_Seek64, /* seek64 */
|
|
ssl_FileInfo, /* fileInfo */
|
|
ssl_FileInfo64, /* fileInfo64 */
|
|
ssl_WriteV, /* writev */
|
|
ssl_Connect, /* connect */
|
|
ssl_Accept, /* accept */
|
|
ssl_Bind, /* bind */
|
|
ssl_Listen, /* listen */
|
|
ssl_Shutdown, /* shutdown */
|
|
ssl_Recv, /* recv */
|
|
ssl_Send, /* send */
|
|
ssl_RecvFrom, /* recvfrom */
|
|
ssl_SendTo, /* sendto */
|
|
ssl_Poll, /* poll */
|
|
PR_EmulateAcceptRead, /* acceptread */
|
|
ssl_TransmitFile, /* transmitfile */
|
|
ssl_GetSockName, /* getsockname */
|
|
ssl_GetPeerName, /* getpeername */
|
|
NULL, /* getsockopt OBSOLETE */
|
|
NULL, /* setsockopt OBSOLETE */
|
|
NULL, /* getsocketoption */
|
|
NULL, /* setsocketoption */
|
|
PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/
|
|
NULL, /* reserved for future use */
|
|
NULL, /* reserved for future use */
|
|
NULL, /* reserved for future use */
|
|
NULL, /* reserved for future use */
|
|
NULL /* reserved for future use */
|
|
};
|
|
|
|
|
|
static PRIOMethods combined_methods;
|
|
|
|
static void
|
|
ssl_SetupIOMethods(void)
|
|
{
|
|
PRIOMethods *new_methods = &combined_methods;
|
|
const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
|
|
const PRIOMethods *my_methods = &ssl_methods;
|
|
|
|
*new_methods = *nspr_methods;
|
|
|
|
new_methods->file_type = my_methods->file_type;
|
|
new_methods->close = my_methods->close;
|
|
new_methods->read = my_methods->read;
|
|
new_methods->write = my_methods->write;
|
|
new_methods->available = my_methods->available;
|
|
new_methods->available64 = my_methods->available64;
|
|
new_methods->fsync = my_methods->fsync;
|
|
new_methods->seek = my_methods->seek;
|
|
new_methods->seek64 = my_methods->seek64;
|
|
new_methods->fileInfo = my_methods->fileInfo;
|
|
new_methods->fileInfo64 = my_methods->fileInfo64;
|
|
new_methods->writev = my_methods->writev;
|
|
new_methods->connect = my_methods->connect;
|
|
new_methods->accept = my_methods->accept;
|
|
new_methods->bind = my_methods->bind;
|
|
new_methods->listen = my_methods->listen;
|
|
new_methods->shutdown = my_methods->shutdown;
|
|
new_methods->recv = my_methods->recv;
|
|
new_methods->send = my_methods->send;
|
|
new_methods->recvfrom = my_methods->recvfrom;
|
|
new_methods->sendto = my_methods->sendto;
|
|
new_methods->poll = my_methods->poll;
|
|
new_methods->acceptread = my_methods->acceptread;
|
|
new_methods->transmitfile = my_methods->transmitfile;
|
|
new_methods->getsockname = my_methods->getsockname;
|
|
new_methods->getpeername = my_methods->getpeername;
|
|
/* new_methods->getsocketoption = my_methods->getsocketoption; */
|
|
/* new_methods->setsocketoption = my_methods->setsocketoption; */
|
|
new_methods->sendfile = my_methods->sendfile;
|
|
|
|
}
|
|
|
|
static PRCallOnceType initIoLayerOnce;
|
|
|
|
static PRStatus
|
|
ssl_InitIOLayer(void)
|
|
{
|
|
ssl_layer_id = PR_GetUniqueIdentity("SSL");
|
|
ssl_SetupIOMethods();
|
|
ssl_inited = PR_TRUE;
|
|
return PR_SUCCESS;
|
|
}
|
|
|
|
static PRStatus
|
|
ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
|
|
{
|
|
PRFileDesc *layer = NULL;
|
|
PRStatus status;
|
|
|
|
if (!ssl_inited) {
|
|
status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
|
|
if (status != PR_SUCCESS)
|
|
goto loser;
|
|
}
|
|
|
|
if (ns == NULL)
|
|
goto loser;
|
|
|
|
layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
|
|
if (layer == NULL)
|
|
goto loser;
|
|
layer->secret = (PRFilePrivate *)ns;
|
|
|
|
/* Here, "stack" points to the PRFileDesc on the top of the stack.
|
|
** "layer" points to a new FD that is to be inserted into the stack.
|
|
** If layer is being pushed onto the top of the stack, then
|
|
** PR_PushIOLayer switches the contents of stack and layer, and then
|
|
** puts stack on top of layer, so that after it is done, the top of
|
|
** stack is the same "stack" as it was before, and layer is now the
|
|
** FD for the former top of stack.
|
|
** After this call, stack always points to the top PRFD on the stack.
|
|
** If this function fails, the contents of stack and layer are as
|
|
** they were before the call.
|
|
*/
|
|
status = PR_PushIOLayer(stack, id, layer);
|
|
if (status != PR_SUCCESS)
|
|
goto loser;
|
|
|
|
ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
|
|
return PR_SUCCESS;
|
|
|
|
loser:
|
|
if (layer) {
|
|
layer->dtor(layer); /* free layer */
|
|
}
|
|
return PR_FAILURE;
|
|
}
|
|
|
|
/* if this fails, caller must destroy socket. */
|
|
static SECStatus
|
|
ssl_MakeLocks(sslSocket *ss)
|
|
{
|
|
ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
|
|
if (!ss->firstHandshakeLock)
|
|
goto loser;
|
|
ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
|
|
if (!ss->ssl3HandshakeLock)
|
|
goto loser;
|
|
ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
|
|
if (!ss->specLock)
|
|
goto loser;
|
|
ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
|
|
if (!ss->recvBufLock)
|
|
goto loser;
|
|
ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
|
|
if (!ss->xmitBufLock)
|
|
goto loser;
|
|
ss->writerThread = NULL;
|
|
if (ssl_lock_readers) {
|
|
ss->recvLock = PZ_NewLock(nssILockSSL);
|
|
if (!ss->recvLock)
|
|
goto loser;
|
|
ss->sendLock = PZ_NewLock(nssILockSSL);
|
|
if (!ss->sendLock)
|
|
goto loser;
|
|
}
|
|
return SECSuccess;
|
|
loser:
|
|
ssl_DestroyLocks(ss);
|
|
return SECFailure;
|
|
}
|
|
|
|
#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
|
|
#define NSS_HAVE_GETENV 1
|
|
#endif
|
|
|
|
#define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
|
|
|
|
static void
|
|
ssl_SetDefaultsFromEnvironment(void)
|
|
{
|
|
#if defined( NSS_HAVE_GETENV )
|
|
static int firsttime = 1;
|
|
|
|
if (firsttime) {
|
|
char * ev;
|
|
firsttime = 0;
|
|
#ifdef DEBUG
|
|
ev = getenv("SSLDEBUGFILE");
|
|
if (ev && ev[0]) {
|
|
ssl_trace_iob = fopen(ev, "w");
|
|
}
|
|
if (!ssl_trace_iob) {
|
|
ssl_trace_iob = stderr;
|
|
}
|
|
#ifdef TRACE
|
|
ev = getenv("SSLTRACE");
|
|
if (ev && ev[0]) {
|
|
ssl_trace = atoi(ev);
|
|
SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
|
|
}
|
|
#endif /* TRACE */
|
|
ev = getenv("SSLDEBUG");
|
|
if (ev && ev[0]) {
|
|
ssl_debug = atoi(ev);
|
|
SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
|
|
}
|
|
#endif /* DEBUG */
|
|
ev = getenv("SSLKEYLOGFILE");
|
|
if (ev && ev[0]) {
|
|
ssl_keylog_iob = fopen(ev, "a");
|
|
if (!ssl_keylog_iob) {
|
|
SSL_TRACE(("SSL: failed to open key log file"));
|
|
} else {
|
|
if (ftell(ssl_keylog_iob) == 0) {
|
|
fputs("# SSL/TLS secrets log file, generated by NSS\n",
|
|
ssl_keylog_iob);
|
|
}
|
|
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
|
|
}
|
|
}
|
|
#ifndef NO_PKCS11_BYPASS
|
|
ev = getenv("SSLBYPASS");
|
|
if (ev && ev[0]) {
|
|
ssl_defaults.bypassPKCS11 = (ev[0] == '1');
|
|
SSL_TRACE(("SSL: bypass default set to %d", \
|
|
ssl_defaults.bypassPKCS11));
|
|
}
|
|
#endif /* NO_PKCS11_BYPASS */
|
|
ev = getenv("SSLFORCELOCKS");
|
|
if (ev && ev[0] == '1') {
|
|
ssl_force_locks = PR_TRUE;
|
|
ssl_defaults.noLocks = 0;
|
|
strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
|
|
SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
|
|
}
|
|
ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
|
|
if (ev) {
|
|
if (ev[0] == '1' || LOWER(ev[0]) == 'u')
|
|
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
|
|
else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
|
|
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
|
|
else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
|
|
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
|
|
else if (ev[0] == '3' || LOWER(ev[0]) == 't')
|
|
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
|
|
SSL_TRACE(("SSL: enableRenegotiation set to %d",
|
|
ssl_defaults.enableRenegotiation));
|
|
}
|
|
ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
|
|
if (ev && ev[0] == '1') {
|
|
ssl_defaults.requireSafeNegotiation = PR_TRUE;
|
|
SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
|
|
PR_TRUE));
|
|
}
|
|
ev = getenv("NSS_SSL_CBC_RANDOM_IV");
|
|
if (ev && ev[0] == '0') {
|
|
ssl_defaults.cbcRandomIV = PR_FALSE;
|
|
SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
|
}
|
|
}
|
|
#endif /* NSS_HAVE_GETENV */
|
|
}
|
|
|
|
/*
|
|
** Create a newsocket structure for a file descriptor.
|
|
*/
|
|
static sslSocket *
|
|
ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|
{
|
|
sslSocket *ss;
|
|
|
|
ssl_SetDefaultsFromEnvironment();
|
|
|
|
if (ssl_force_locks)
|
|
makeLocks = PR_TRUE;
|
|
|
|
/* Make a new socket and get it ready */
|
|
ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
|
|
if (ss) {
|
|
/* This should be of type SSLKEAType, but CC on IRIX
|
|
* complains during the for loop.
|
|
*/
|
|
int i;
|
|
SECStatus status;
|
|
|
|
ss->opt = ssl_defaults;
|
|
ss->opt.useSocks = PR_FALSE;
|
|
ss->opt.noLocks = !makeLocks;
|
|
ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
|
|
ss->protocolVariant = protocolVariant;
|
|
|
|
ss->peerID = NULL;
|
|
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
|
|
ss->cipherSpecs = NULL;
|
|
ss->sizeCipherSpecs = 0; /* produced lazily */
|
|
ss->preferredCipher = NULL;
|
|
ss->url = NULL;
|
|
|
|
for (i=kt_null; i < kt_kea_size; i++) {
|
|
sslServerCerts * sc = ss->serverCerts + i;
|
|
sc->serverCert = NULL;
|
|
sc->serverCertChain = NULL;
|
|
sc->serverKeyPair = NULL;
|
|
sc->serverKeyBits = 0;
|
|
ss->certStatusArray[i] = NULL;
|
|
}
|
|
ss->stepDownKeyPair = NULL;
|
|
|
|
ss->dheParams = NULL;
|
|
ss->dheKeyPair = NULL;
|
|
|
|
ss->dbHandle = CERT_GetDefaultCertDB();
|
|
|
|
/* Provide default implementation of hooks */
|
|
ss->authCertificate = SSL_AuthCertificate;
|
|
ss->authCertificateArg = (void *)ss->dbHandle;
|
|
ss->sniSocketConfig = NULL;
|
|
ss->sniSocketConfigArg = NULL;
|
|
ss->getClientAuthData = NULL;
|
|
ss->handleBadCert = NULL;
|
|
ss->badCertArg = NULL;
|
|
ss->pkcs11PinArg = NULL;
|
|
ss->ephemeralECDHKeyPair = NULL;
|
|
|
|
ssl_ChooseOps(ss);
|
|
ssl2_InitSocketPolicy(ss);
|
|
ssl3_InitSocketPolicy(ss);
|
|
PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
|
|
|
|
if (makeLocks) {
|
|
status = ssl_MakeLocks(ss);
|
|
if (status != SECSuccess)
|
|
goto loser;
|
|
}
|
|
status = ssl_CreateSecurityInfo(ss);
|
|
if (status != SECSuccess)
|
|
goto loser;
|
|
status = ssl_InitGather(&ss->gs);
|
|
if (status != SECSuccess) {
|
|
loser:
|
|
ssl_DestroySocketContents(ss);
|
|
ssl_DestroyLocks(ss);
|
|
PORT_Free(ss);
|
|
ss = NULL;
|
|
}
|
|
}
|
|
return ss;
|
|
}
|