Home | History | Annotate | Download | only in ssl
      1 /*
      2  * This file is PRIVATE to SSL and should be the first thing included by
      3  * any SSL implementation file.
      4  *
      5  * ***** BEGIN LICENSE BLOCK *****
      6  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
      7  *
      8  * The contents of this file are subject to the Mozilla Public License Version
      9  * 1.1 (the "License"); you may not use this file except in compliance with
     10  * the License. You may obtain a copy of the License at
     11  * http://www.mozilla.org/MPL/
     12  *
     13  * Software distributed under the License is distributed on an "AS IS" basis,
     14  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
     15  * for the specific language governing rights and limitations under the
     16  * License.
     17  *
     18  * The Original Code is the Netscape security libraries.
     19  *
     20  * The Initial Developer of the Original Code is
     21  * Netscape Communications Corporation.
     22  * Portions created by the Initial Developer are Copyright (C) 1994-2000
     23  * the Initial Developer. All Rights Reserved.
     24  *
     25  * Contributor(s):
     26  *   Dr Stephen Henson <stephen.henson (at) gemplus.com>
     27  *   Dr Vipul Gupta <vipul.gupta (at) sun.com>, Sun Microsystems Laboratories
     28  *
     29  * Alternatively, the contents of this file may be used under the terms of
     30  * either the GNU General Public License Version 2 or later (the "GPL"), or
     31  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
     32  * in which case the provisions of the GPL or the LGPL are applicable instead
     33  * of those above. If you wish to allow use of your version of this file only
     34  * under the terms of either the GPL or the LGPL, and not to allow others to
     35  * use your version of this file under the terms of the MPL, indicate your
     36  * decision by deleting the provisions above and replace them with the notice
     37  * and other provisions required by the GPL or the LGPL. If you do not delete
     38  * the provisions above, a recipient may use your version of this file under
     39  * the terms of any one of the MPL, the GPL or the LGPL.
     40  *
     41  * ***** END LICENSE BLOCK ***** */
     42 /* $Id: sslimpl.h,v 1.70 2009/11/21 03:40:49 wtc%google.com Exp $ */
     43 
     44 #ifndef __sslimpl_h_
     45 #define __sslimpl_h_
     46 
     47 #ifdef DEBUG
     48 #undef NDEBUG
     49 #else
     50 #undef NDEBUG
     51 #define NDEBUG
     52 #endif
     53 #include "secport.h"
     54 #include "secerr.h"
     55 #include "sslerr.h"
     56 #include "ssl3prot.h"
     57 #include "hasht.h"
     58 #include "nssilock.h"
     59 #include "pkcs11t.h"
     60 #if defined(XP_UNIX) || defined(XP_BEOS)
     61 #include "unistd.h"
     62 #endif
     63 #include "nssrwlk.h"
     64 #include "prthread.h"
     65 
     66 #include "sslt.h" /* for some formerly private types, now public */
     67 
     68 /* to make some of these old enums public without namespace pollution,
     69 ** it was necessary to prepend ssl_ to the names.
     70 ** These #defines preserve compatibility with the old code here in libssl.
     71 */
     72 typedef SSLKEAType      SSL3KEAType;
     73 typedef SSLMACAlgorithm SSL3MACAlgorithm;
     74 typedef SSLSignType     SSL3SignType;
     75 
     76 #define sign_null	ssl_sign_null
     77 #define sign_rsa	ssl_sign_rsa
     78 #define sign_dsa	ssl_sign_dsa
     79 #define sign_ecdsa	ssl_sign_ecdsa
     80 
     81 #define calg_null	ssl_calg_null
     82 #define calg_rc4	ssl_calg_rc4
     83 #define calg_rc2	ssl_calg_rc2
     84 #define calg_des	ssl_calg_des
     85 #define calg_3des	ssl_calg_3des
     86 #define calg_idea	ssl_calg_idea
     87 #define calg_fortezza	ssl_calg_fortezza /* deprecated, must preserve */
     88 #define calg_aes	ssl_calg_aes
     89 #define calg_camellia	ssl_calg_camellia
     90 #define calg_seed	ssl_calg_seed
     91 
     92 #define mac_null	ssl_mac_null
     93 #define mac_md5 	ssl_mac_md5
     94 #define mac_sha 	ssl_mac_sha
     95 #define hmac_md5	ssl_hmac_md5
     96 #define hmac_sha	ssl_hmac_sha
     97 
     98 #define SET_ERROR_CODE		/* reminder */
     99 #define SEND_ALERT		/* reminder */
    100 #define TEST_FOR_FAILURE	/* reminder */
    101 #define DEAL_WITH_FAILURE	/* reminder */
    102 
    103 #if defined(DEBUG) || defined(TRACE)
    104 #ifdef __cplusplus
    105 #define Debug 1
    106 #else
    107 extern int Debug;
    108 #endif
    109 #else
    110 #undef Debug
    111 #endif
    112 
    113 #if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
    114 #define TRACE
    115 #endif
    116 
    117 #ifdef TRACE
    118 #define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
    119 #define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
    120 #define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
    121 #else
    122 #define SSL_TRC(a,b)
    123 #define PRINT_BUF(a,b)
    124 #define DUMP_MSG(a,b)
    125 #endif
    126 
    127 #ifdef DEBUG
    128 #define SSL_DBG(b) if (ssl_debug) ssl_Trace b
    129 #else
    130 #define SSL_DBG(b)
    131 #endif
    132 
    133 #ifdef macintosh
    134 #include "pprthred.h"
    135 #else
    136 #include "private/pprthred.h"	/* for PR_InMonitor() */
    137 #endif
    138 #define ssl_InMonitor(m) PZ_InMonitor(m)
    139 
    140 #define LSB(x) ((unsigned char) (x & 0xff))
    141 #define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
    142 
    143 /************************************************************************/
    144 
    145 typedef enum { SSLAppOpRead = 0,
    146 	       SSLAppOpWrite,
    147 	       SSLAppOpRDWR,
    148 	       SSLAppOpPost,
    149 	       SSLAppOpHeader
    150 } SSLAppOperation;
    151 
    152 #define SSL_MIN_MASTER_KEY_BYTES	5
    153 #define SSL_MAX_MASTER_KEY_BYTES	64
    154 
    155 #define SSL2_SESSIONID_BYTES		16
    156 #define SSL3_SESSIONID_BYTES		32
    157 
    158 #define SSL_MIN_CHALLENGE_BYTES		16
    159 #define SSL_MAX_CHALLENGE_BYTES		32
    160 #define SSL_CHALLENGE_BYTES		16
    161 
    162 #define SSL_CONNECTIONID_BYTES		16
    163 
    164 #define SSL_MIN_CYPHER_ARG_BYTES	0
    165 #define SSL_MAX_CYPHER_ARG_BYTES	32
    166 
    167 #define SSL_MAX_MAC_BYTES		16
    168 
    169 #define SSL3_RSA_PMS_LENGTH 48
    170 #define SSL3_MASTER_SECRET_LENGTH 48
    171 
    172 /* number of wrap mechanisms potentially used to wrap master secrets. */
    173 #define SSL_NUM_WRAP_MECHS              16
    174 
    175 /* This makes the cert cache entry exactly 4k. */
    176 #define SSL_MAX_CACHED_CERT_LEN		4060
    177 
    178 #define NUM_MIXERS                      9
    179 
    180 /* Mask of the 25 named curves we support. */
    181 #ifndef NSS_ECC_MORE_THAN_SUITE_B
    182 #define SSL3_SUPPORTED_CURVES_MASK 0x3800000	/* only 3 curves, suite B*/
    183 #else
    184 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
    185 #endif
    186 
    187 #ifndef BPB
    188 #define BPB 8 /* Bits Per Byte */
    189 #endif
    190 
    191 #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
    192 
    193 typedef struct sslBufferStr             sslBuffer;
    194 typedef struct sslConnectInfoStr        sslConnectInfo;
    195 typedef struct sslGatherStr             sslGather;
    196 typedef struct sslSecurityInfoStr       sslSecurityInfo;
    197 typedef struct sslSessionIDStr          sslSessionID;
    198 typedef struct sslSocketStr             sslSocket;
    199 typedef struct sslSocketOpsStr          sslSocketOps;
    200 
    201 typedef struct ssl3StateStr             ssl3State;
    202 typedef struct ssl3CertNodeStr          ssl3CertNode;
    203 typedef struct ssl3BulkCipherDefStr     ssl3BulkCipherDef;
    204 typedef struct ssl3MACDefStr            ssl3MACDef;
    205 typedef struct ssl3KeyPairStr		ssl3KeyPair;
    206 
    207 struct ssl3CertNodeStr {
    208     struct ssl3CertNodeStr *next;
    209     CERTCertificate *       cert;
    210 };
    211 
    212 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
    213 
    214 /* This type points to the low layer send func,
    215 ** e.g. ssl2_SendStream or ssl3_SendPlainText.
    216 ** These functions return the same values as PR_Send,
    217 ** i.e.  >= 0 means number of bytes sent, < 0 means error.
    218 */
    219 typedef PRInt32       (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
    220 			             PRInt32 n, PRInt32 flags);
    221 
    222 typedef void          (*sslSessionIDCacheFunc)  (sslSessionID *sid);
    223 typedef void          (*sslSessionIDUncacheFunc)(sslSessionID *sid);
    224 typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr    *addr,
    225 						unsigned char* sid,
    226 						unsigned int   sidLen,
    227                                                 CERTCertDBHandle * dbHandle);
    228 
    229 /* registerable callback function that either appends extension to buffer
    230  * or returns length of data that it would have appended.
    231  */
    232 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append,
    233 						PRUint32 maxBytes);
    234 
    235 /* registerable callback function that handles a received extension,
    236  * of the given type.
    237  */
    238 typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss,
    239 						    PRUint16   ex_type,
    240                                                     SECItem *  data);
    241 
    242 /* row in a table of hello extension senders */
    243 typedef struct {
    244     PRInt32                      ex_type;
    245     ssl3HelloExtensionSenderFunc ex_sender;
    246 } ssl3HelloExtensionSender;
    247 
    248 /* row in a table of hello extension handlers */
    249 typedef struct {
    250     PRInt32                       ex_type;
    251     ssl3HelloExtensionHandlerFunc ex_handler;
    252 } ssl3HelloExtensionHandler;
    253 
    254 extern SECStatus
    255 ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
    256 				        ssl3HelloExtensionSenderFunc cb);
    257 
    258 extern PRInt32
    259 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
    260                                const ssl3HelloExtensionSender *sender);
    261 
    262 /* Socket ops */
    263 struct sslSocketOpsStr {
    264     int         (*connect) (sslSocket *, const PRNetAddr *);
    265     PRFileDesc *(*accept)  (sslSocket *, PRNetAddr *);
    266     int         (*bind)    (sslSocket *, const PRNetAddr *);
    267     int         (*listen)  (sslSocket *, int);
    268     int         (*shutdown)(sslSocket *, int);
    269     int         (*close)   (sslSocket *);
    270 
    271     int         (*recv)    (sslSocket *, unsigned char *, int, int);
    272 
    273     /* points to the higher-layer send func, e.g. ssl_SecureSend. */
    274     int         (*send)    (sslSocket *, const unsigned char *, int, int);
    275     int         (*read)    (sslSocket *, unsigned char *, int);
    276     int         (*write)   (sslSocket *, const unsigned char *, int);
    277 
    278     int         (*getpeername)(sslSocket *, PRNetAddr *);
    279     int         (*getsockname)(sslSocket *, PRNetAddr *);
    280 };
    281 
    282 /* Flags interpreted by ssl send functions. */
    283 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER	0x40000000
    284 #define ssl_SEND_FLAG_NO_BUFFER		0x20000000
    285 #define ssl_SEND_FLAG_MASK		0x7f000000
    286 
    287 /*
    288 ** A buffer object.
    289 */
    290 struct sslBufferStr {
    291     unsigned char *	buf;
    292     unsigned int 	len;
    293     unsigned int 	space;
    294 };
    295 
    296 /*
    297 ** SSL3 cipher suite policy and preference struct.
    298 */
    299 typedef struct {
    300 #if !defined(_WIN32)
    301     unsigned int    cipher_suite : 16;
    302     unsigned int    policy       :  8;
    303     unsigned int    enabled      :  1;
    304     unsigned int    isPresent    :  1;
    305 #else
    306     ssl3CipherSuite cipher_suite;
    307     PRUint8         policy;
    308     unsigned char   enabled   : 1;
    309     unsigned char   isPresent : 1;
    310 #endif
    311 } ssl3CipherSuiteCfg;
    312 
    313 #ifdef NSS_ENABLE_ECC
    314 #define ssl_V3_SUITES_IMPLEMENTED 50
    315 #else
    316 #define ssl_V3_SUITES_IMPLEMENTED 30
    317 #endif /* NSS_ENABLE_ECC */
    318 
    319 typedef struct sslOptionsStr {
    320     /* For clients, this is a validated list of protocols in preference order
    321      * and wire format. For servers, this is the list of support protocols,
    322      * also in wire format. */
    323     SECItem      nextProtoNego;
    324 
    325     unsigned int useSecurity		: 1;  /*  1 */
    326     unsigned int useSocks		: 1;  /*  2 */
    327     unsigned int requestCertificate	: 1;  /*  3 */
    328     unsigned int requireCertificate	: 2;  /*  4-5 */
    329     unsigned int handshakeAsClient	: 1;  /*  6 */
    330     unsigned int handshakeAsServer	: 1;  /*  7 */
    331     unsigned int enableSSL2		: 1;  /*  8 */
    332     unsigned int enableSSL3		: 1;  /*  9 */
    333     unsigned int enableTLS		: 1;  /* 10 */
    334     unsigned int noCache		: 1;  /* 11 */
    335     unsigned int fdx			: 1;  /* 12 */
    336     unsigned int v2CompatibleHello	: 1;  /* 13 */
    337     unsigned int detectRollBack  	: 1;  /* 14 */
    338     unsigned int noStepDown             : 1;  /* 15 */
    339     unsigned int bypassPKCS11           : 1;  /* 16 */
    340     unsigned int noLocks                : 1;  /* 17 */
    341     unsigned int enableSessionTickets   : 1;  /* 18 */
    342     unsigned int enableDeflate          : 1;  /* 19 */
    343     unsigned int enableRenegotiation    : 2;  /* 20-21 */
    344     unsigned int requireSafeNegotiation : 1;  /* 22 */
    345 } sslOptions;
    346 
    347 typedef enum { sslHandshakingUndetermined = 0,
    348 	       sslHandshakingAsClient,
    349 	       sslHandshakingAsServer
    350 } sslHandshakingType;
    351 
    352 typedef struct sslServerCertsStr {
    353     /* Configuration state for server sockets */
    354     CERTCertificate *     serverCert;
    355     CERTCertificateList * serverCertChain;
    356     ssl3KeyPair *         serverKeyPair;
    357     unsigned int          serverKeyBits;
    358 } sslServerCerts;
    359 
    360 #define SERVERKEY serverKeyPair->privKey
    361 
    362 #define SSL_LOCK_RANK_SPEC 	255
    363 #define SSL_LOCK_RANK_GLOBAL 	NSS_RWLOCK_RANK_NONE
    364 
    365 /* These are the valid values for shutdownHow.
    366 ** These values are each 1 greater than the NSPR values, and the code
    367 ** depends on that relation to efficiently convert PR_SHUTDOWN values
    368 ** into ssl_SHUTDOWN values.  These values use one bit for read, and
    369 ** another bit for write, and can be used as bitmasks.
    370 */
    371 #define ssl_SHUTDOWN_NONE	0	/* NOT shutdown at all */
    372 #define ssl_SHUTDOWN_RCV	1	/* PR_SHUTDOWN_RCV  +1 */
    373 #define ssl_SHUTDOWN_SEND	2	/* PR_SHUTDOWN_SEND +1 */
    374 #define ssl_SHUTDOWN_BOTH	3	/* PR_SHUTDOWN_BOTH +1 */
    375 
    376 /*
    377 ** A gather object. Used to read some data until a count has been
    378 ** satisfied. Primarily for support of async sockets.
    379 ** Everything in here is protected by the recvBufLock.
    380 */
    381 struct sslGatherStr {
    382     int           state;	/* see GS_ values below. */     /* ssl 2 & 3 */
    383 
    384     /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
    385      * SSL2: recv'd ciphertext records are put here, then decrypted in place.
    386      * SSL3: recv'd ciphertext records are put in inbuf (see below), then
    387      *       decrypted into buf.
    388      */
    389     sslBuffer     buf;				/*recvBufLock*/	/* ssl 2 & 3 */
    390 
    391     /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
    392     ** (offset - writeOffset) is the number of ciphertext bytes read in but
    393     **     not yet deciphered.
    394     */
    395     unsigned int  offset;                                       /* ssl 2 & 3 */
    396 
    397     /* number of bytes to read in next call to ssl_DefRecv (recv) */
    398     unsigned int  remainder;                                    /* ssl 2 & 3 */
    399 
    400     /* Number of ciphertext bytes to read in after 2-byte SSL record header. */
    401     unsigned int  count;					/* ssl2 only */
    402 
    403     /* size of the final plaintext record.
    404     ** == count - (recordPadding + MAC size)
    405     */
    406     unsigned int  recordLen;					/* ssl2 only */
    407 
    408     /* number of bytes of padding to be removed after decrypting. */
    409     /* This value is taken from the record's hdr[2], which means a too large
    410      * value could crash us.
    411      */
    412     unsigned int  recordPadding;				/* ssl2 only */
    413 
    414     /* plaintext DATA begins this many bytes into "buf".  */
    415     unsigned int  recordOffset;					/* ssl2 only */
    416 
    417     int           encrypted;    /* SSL2 session is now encrypted.  ssl2 only */
    418 
    419     /* These next two values are used by SSL2 and SSL3.
    420     ** DoRecv uses them to extract application data.
    421     ** The difference between writeOffset and readOffset is the amount of
    422     ** data available to the application.   Note that the actual offset of
    423     ** the data in "buf" is recordOffset (above), not readOffset.
    424     ** In the current implementation, this is made available before the
    425     ** MAC is checked!!
    426     */
    427     unsigned int  readOffset;  /* Spot where DATA reader (e.g. application
    428                                ** or handshake code) will read next.
    429                                ** Always zero for SSl3 application data.
    430 			       */
    431     /* offset in buf/inbuf/hdr into which new data will be read from socket. */
    432     unsigned int  writeOffset;
    433 
    434     /* Buffer for ssl3 to read (encrypted) data from the socket */
    435     sslBuffer     inbuf;			/*recvBufLock*/	/* ssl3 only */
    436 
    437     /* The ssl[23]_GatherData functions read data into this buffer, rather
    438     ** than into buf or inbuf, while in the GS_HEADER state.
    439     ** The portion of the SSL record header put here always comes off the wire
    440     ** as plaintext, never ciphertext.
    441     ** For SSL2, the plaintext portion is two bytes long.  For SSl3 it is 5.
    442     */
    443     unsigned char hdr[5];					/* ssl 2 & 3 */
    444 };
    445 
    446 /* sslGather.state */
    447 #define GS_INIT		0
    448 #define GS_HEADER	1
    449 #define GS_MAC		2
    450 #define GS_DATA		3
    451 #define GS_PAD		4
    452 
    453 typedef SECStatus (*SSLCipher)(void *               context,
    454                                unsigned char *      out,
    455 			       int *                outlen,
    456 			       int                  maxout,
    457 			       const unsigned char *in,
    458 			       int                  inlen);
    459 typedef SECStatus (*SSLCompressor)(void *               context,
    460                                    unsigned char *      out,
    461                                    int *                outlen,
    462                                    int                  maxout,
    463                                    const unsigned char *in,
    464                                    int                  inlen);
    465 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
    466 
    467 
    468 
    469 /*
    470 ** ssl3State and CipherSpec structs
    471 */
    472 
    473 /* The SSL bulk cipher definition */
    474 typedef enum {
    475     cipher_null,
    476     cipher_rc4,
    477     cipher_rc4_40,
    478     cipher_rc4_56,
    479     cipher_rc2,
    480     cipher_rc2_40,
    481     cipher_des,
    482     cipher_3des,
    483     cipher_des40,
    484     cipher_idea,
    485     cipher_aes_128,
    486     cipher_aes_256,
    487     cipher_camellia_128,
    488     cipher_camellia_256,
    489     cipher_seed,
    490     cipher_missing              /* reserved for no such supported cipher */
    491     /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
    492 } SSL3BulkCipher;
    493 
    494 typedef enum { type_stream, type_block } CipherType;
    495 
    496 #define MAX_IV_LENGTH 64
    497 
    498 /*
    499  * Do not depend upon 64 bit arithmetic in the underlying machine.
    500  */
    501 typedef struct {
    502     PRUint32         high;
    503     PRUint32         low;
    504 } SSL3SequenceNumber;
    505 
    506 #define MAX_MAC_CONTEXT_BYTES 400
    507 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
    508 
    509 #define MAX_CIPHER_CONTEXT_BYTES 2080
    510 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
    511 
    512 typedef struct {
    513     SSL3Opaque        client_write_iv         [24];
    514     SSL3Opaque        server_write_iv         [24];
    515     SSL3Opaque        wrapped_master_secret   [48];
    516     PRUint16          wrapped_master_secret_len;
    517     PRUint8           msIsWrapped;
    518     PRUint8           resumable;
    519 } ssl3SidKeys; /* 100 bytes */
    520 
    521 typedef struct {
    522     PK11SymKey  *write_key;
    523     PK11SymKey  *write_mac_key;
    524     PK11Context *write_mac_context;
    525     SECItem     write_key_item;
    526     SECItem     write_iv_item;
    527     SECItem     write_mac_key_item;
    528     SSL3Opaque  write_iv[MAX_IV_LENGTH];
    529     PRUint64    cipher_context[MAX_CIPHER_CONTEXT_LLONGS];
    530 } ssl3KeyMaterial;
    531 
    532 /*
    533 ** These are the "specs" in the "ssl3" struct.
    534 ** Access to the pointers to these specs, and all the specs' contents
    535 ** (direct and indirect) is protected by the reader/writer lock ss->specLock.
    536 */
    537 typedef struct {
    538     const ssl3BulkCipherDef *cipher_def;
    539     const ssl3MACDef * mac_def;
    540     SSLCompressionMethod compression_method;
    541     int                mac_size;
    542     SSLCipher          encode;
    543     SSLCipher          decode;
    544     SSLDestroy         destroy;
    545     void *             encodeContext;
    546     void *             decodeContext;
    547     SSLCompressor      compressor;    /* Don't name these fields compress */
    548     SSLCompressor      decompressor;  /* and uncompress because zconf.h   */
    549                                       /* may define them as macros.       */
    550     SSLDestroy         destroyCompressContext;
    551     void *             compressContext;
    552     SSLDestroy         destroyDecompressContext;
    553     void *             decompressContext;
    554     PRBool             bypassCiphers;	/* did double bypass (at least) */
    555     PK11SymKey *       master_secret;
    556     SSL3SequenceNumber write_seq_num;
    557     SSL3SequenceNumber read_seq_num;
    558     SSL3ProtocolVersion version;
    559     ssl3KeyMaterial    client;
    560     ssl3KeyMaterial    server;
    561     SECItem            msItem;
    562     unsigned char      key_block[NUM_MIXERS * MD5_LENGTH];
    563     unsigned char      raw_master_secret[56];
    564 } ssl3CipherSpec;
    565 
    566 typedef enum {	never_cached,
    567 		in_client_cache,
    568 		in_server_cache,
    569 		invalid_cache		/* no longer in any cache. */
    570 } Cached;
    571 
    572 struct sslSessionIDStr {
    573     sslSessionID *        next;   /* chain used for client sockets, only */
    574 
    575     CERTCertificate *     peerCert;
    576     const char *          peerID;     /* client only */
    577     const char *          urlSvrName; /* client only */
    578     CERTCertificate *     localCert;
    579 
    580     PRIPv6Addr            addr;
    581     PRUint16              port;
    582 
    583     SSL3ProtocolVersion   version;
    584 
    585     PRUint32              creationTime;		/* seconds since Jan 1, 1970 */
    586     PRUint32              lastAccessTime;	/* seconds since Jan 1, 1970 */
    587     PRUint32              expirationTime;	/* seconds since Jan 1, 1970 */
    588     Cached                cached;
    589     int                   references;
    590 
    591     SSLSignType           authAlgorithm;
    592     PRUint32              authKeyBits;
    593     SSLKEAType            keaType;
    594     PRUint32              keaKeyBits;
    595 
    596     union {
    597 	struct {
    598 	    /* the V2 code depends upon the size of sessionID.  */
    599 	    unsigned char         sessionID[SSL2_SESSIONID_BYTES];
    600 
    601 	    /* Stuff used to recreate key and read/write cipher objects */
    602 	    SECItem               masterKey;        /* never wrapped */
    603 	    int                   cipherType;
    604 	    SECItem               cipherArg;
    605 	    int                   keyBits;
    606 	    int                   secretKeyBits;
    607 	} ssl2;
    608 	struct {
    609 	    /* values that are copied into the server's on-disk SID cache. */
    610 	    uint8                 sessionIDLength;
    611 	    SSL3Opaque            sessionID[SSL3_SESSIONID_BYTES];
    612 
    613 	    ssl3CipherSuite       cipherSuite;
    614 	    SSLCompressionMethod  compression;
    615 	    int                   policy;
    616 	    ssl3SidKeys           keys;
    617 	    CK_MECHANISM_TYPE     masterWrapMech;
    618 				  /* mechanism used to wrap master secret */
    619             SSL3KEAType           exchKeyType;
    620 				  /* key type used in exchange algorithm,
    621 				   * and to wrap the sym wrapping key. */
    622 #ifdef NSS_ENABLE_ECC
    623 	    PRUint32              negotiatedECCurves;
    624 #endif /* NSS_ENABLE_ECC */
    625 
    626 	    /* The following values are NOT restored from the server's on-disk
    627 	     * session cache, but are restored from the client's cache.
    628 	     */
    629  	    PK11SymKey *      clientWriteKey;
    630 	    PK11SymKey *      serverWriteKey;
    631 
    632 	    /* The following values pertain to the slot that wrapped the
    633 	    ** master secret. (used only in client)
    634 	    */
    635 	    SECMODModuleID    masterModuleID;
    636 				    /* what module wrapped the master secret */
    637 	    CK_SLOT_ID        masterSlotID;
    638 	    PRUint16	      masterWrapIndex;
    639 				/* what's the key index for the wrapping key */
    640 	    PRUint16          masterWrapSeries;
    641 	                        /* keep track of the slot series, so we don't
    642 				 * accidently try to use new keys after the
    643 				 * card gets removed and replaced.*/
    644 
    645 	    /* The following values pertain to the slot that did the signature
    646 	    ** for client auth.   (used only in client)
    647 	    */
    648 	    SECMODModuleID    clAuthModuleID;
    649 	    CK_SLOT_ID        clAuthSlotID;
    650 	    PRUint16          clAuthSeries;
    651 
    652             char              masterValid;
    653 	    char              clAuthValid;
    654 
    655 	    /* Session ticket if we have one, is sent as an extension in the
    656 	     * ClientHello message.  This field is used by clients.
    657 	     */
    658 	    NewSessionTicket  sessionTicket;
    659 	} ssl3;
    660     } u;
    661 };
    662 
    663 
    664 typedef struct ssl3CipherSuiteDefStr {
    665     ssl3CipherSuite          cipher_suite;
    666     SSL3BulkCipher           bulk_cipher_alg;
    667     SSL3MACAlgorithm         mac_alg;
    668     SSL3KeyExchangeAlgorithm key_exchange_alg;
    669 } ssl3CipherSuiteDef;
    670 
    671 /*
    672 ** There are tables of these, all const.
    673 */
    674 typedef struct {
    675     SSL3KeyExchangeAlgorithm kea;
    676     SSL3KEAType              exchKeyType;
    677     SSL3SignType             signKeyType;
    678     PRBool                   is_limited;
    679     int                      key_size_limit;
    680     PRBool                   tls_keygen;
    681 } ssl3KEADef;
    682 
    683 typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
    684 
    685 /*
    686 ** There are tables of these, all const.
    687 */
    688 struct ssl3BulkCipherDefStr {
    689     SSL3BulkCipher  cipher;
    690     SSLCipherAlgorithm calg;
    691     int             key_size;
    692     int             secret_key_size;
    693     CipherType      type;
    694     int             iv_size;
    695     int             block_size;
    696     SSL3KeyGenMode  keygen_mode;
    697 };
    698 
    699 /*
    700 ** There are tables of these, all const.
    701 */
    702 struct ssl3MACDefStr {
    703     SSL3MACAlgorithm mac;
    704     CK_MECHANISM_TYPE mmech;
    705     int              pad_size;
    706     int              mac_size;
    707 };
    708 
    709 typedef enum {
    710     wait_client_hello,
    711     wait_client_cert,
    712     wait_client_key,
    713     wait_cert_verify,
    714     wait_change_cipher,
    715     wait_finished,
    716     wait_server_hello,
    717     wait_server_cert,
    718     wait_server_key,
    719     wait_cert_request,
    720     wait_hello_done,
    721     wait_new_session_ticket,
    722     idle_handshake
    723 } SSL3WaitState;
    724 
    725 /*
    726  * TLS extension related constants and data structures.
    727  */
    728 typedef struct TLSExtensionDataStr       TLSExtensionData;
    729 typedef struct SessionTicketDataStr      SessionTicketData;
    730 
    731 struct TLSExtensionDataStr {
    732     /* registered callbacks that send server hello extensions */
    733     ssl3HelloExtensionSender serverSenders[MAX_EXTENSIONS];
    734     /* Keep track of the extensions that are negotiated. */
    735     PRUint16 numAdvertised;
    736     PRUint16 numNegotiated;
    737     PRUint16 advertised[MAX_EXTENSIONS];
    738     PRUint16 negotiated[MAX_EXTENSIONS];
    739 
    740     /* SessionTicket Extension related data. */
    741     PRBool ticketTimestampVerified;
    742     PRBool emptySessionTicket;
    743 };
    744 
    745 /*
    746 ** This is the "hs" member of the "ssl3" struct.
    747 ** This entire struct is protected by ssl3HandshakeLock
    748 */
    749 typedef struct SSL3HandshakeStateStr {
    750     SSL3Random            server_random;
    751     SSL3Random            client_random;
    752     SSL3WaitState         ws;
    753     PRUint64              md5_cx[MAX_MAC_CONTEXT_LLONGS];
    754     PRUint64              sha_cx[MAX_MAC_CONTEXT_LLONGS];
    755     PK11Context *         md5;            /* handshake running hashes */
    756     PK11Context *         sha;
    757 const ssl3KEADef *        kea_def;
    758     ssl3CipherSuite       cipher_suite;
    759 const ssl3CipherSuiteDef *suite_def;
    760     SSLCompressionMethod  compression;
    761     sslBuffer             msg_body;    /* protected by recvBufLock */
    762                                /* partial handshake message from record layer */
    763     unsigned int          header_bytes;
    764                                /* number of bytes consumed from handshake */
    765                                /* message for message type and header length */
    766     SSL3HandshakeType     msg_type;
    767     unsigned long         msg_len;
    768     SECItem               ca_list;     /* used only by client */
    769     PRBool                isResuming;  /* are we resuming a session */
    770     PRBool                rehandshake; /* immediately start another handshake
    771                                         * when this one finishes */
    772     PRBool                usedStepDownKey;  /* we did a server key exchange. */
    773     sslBuffer             msgState;    /* current state for handshake messages*/
    774                                        /* protected by recvBufLock */
    775     sslBuffer             messages;    /* Accumulated handshake messages */
    776 #ifdef NSS_ENABLE_ECC
    777     PRUint32              negotiatedECCurves; /* bit mask */
    778 #endif /* NSS_ENABLE_ECC */
    779     PRBool                nextProtoNego;/* Our peer has sent this extension */
    780 } SSL3HandshakeState;
    781 
    782 
    783 
    784 /*
    785 ** This is the "ssl3" struct, as in "ss->ssl3".
    786 ** note:
    787 ** usually,   crSpec == cwSpec and prSpec == pwSpec.
    788 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
    789 ** But there are never more than 2 actual specs.
    790 ** No spec must ever be modified if either "current" pointer points to it.
    791 */
    792 struct ssl3StateStr {
    793 
    794     /*
    795     ** The following Specs and Spec pointers must be protected using the
    796     ** Spec Lock.
    797     */
    798     ssl3CipherSpec *     crSpec; 	/* current read spec. */
    799     ssl3CipherSpec *     prSpec; 	/* pending read spec. */
    800     ssl3CipherSpec *     cwSpec; 	/* current write spec. */
    801     ssl3CipherSpec *     pwSpec; 	/* pending write spec. */
    802 
    803     CERTCertificate *    clientCertificate;  /* used by client */
    804     SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
    805     CERTCertificateList *clientCertChain;    /* used by client */
    806     PRBool               sendEmptyCert;      /* used by client */
    807 
    808     int                  policy;
    809 			/* This says what cipher suites we can do, and should
    810 			 * be either SSL_ALLOWED or SSL_RESTRICTED
    811 			 */
    812     PRArenaPool *        peerCertArena;
    813 			    /* These are used to keep track of the peer CA */
    814     void *               peerCertChain;
    815 			    /* chain while we are trying to validate it.   */
    816     CERTDistNames *      ca_list;
    817 			    /* used by server.  trusted CAs for this socket. */
    818     PRBool               initialized;
    819     SSL3HandshakeState   hs;
    820     ssl3CipherSpec       specs[2];	/* one is current, one is pending. */
    821 
    822     /* In a client: if the server supports Next Protocol Negotiation, then
    823      * this is the protocol that was requested.
    824      * In a server: this is the protocol that the client requested via Next
    825      * Protocol Negotiation.
    826      *
    827      * In either case, if the data pointer is non-NULL, then it is malloced
    828      * data.  */
    829     SECItem		nextProto;
    830     int			nextProtoState;	/* See SSL_NEXT_PROTO_* defines */
    831 };
    832 
    833 typedef struct {
    834     SSL3ContentType      type;
    835     SSL3ProtocolVersion  version;
    836     sslBuffer *          buf;
    837 } SSL3Ciphertext;
    838 
    839 struct ssl3KeyPairStr {
    840     SECKEYPrivateKey *    privKey;
    841     SECKEYPublicKey *     pubKey;
    842     PRInt32               refCount;	/* use PR_Atomic calls for this. */
    843 };
    844 
    845 typedef struct SSLWrappedSymWrappingKeyStr {
    846     SSL3Opaque        wrappedSymmetricWrappingkey[512];
    847     SSL3Opaque        wrapIV[24];
    848     CK_MECHANISM_TYPE symWrapMechanism;
    849 		    /* unwrapped symmetric wrapping key uses this mechanism */
    850     CK_MECHANISM_TYPE asymWrapMechanism;
    851 		    /* mechanism used to wrap the SymmetricWrappingKey using
    852 		     * server's public and/or private keys. */
    853     SSL3KEAType       exchKeyType;   /* type of keys used to wrap SymWrapKey*/
    854     PRInt32           symWrapMechIndex;
    855     PRUint16          wrappedSymKeyLen;
    856     PRUint16          wrapIVLen;
    857 } SSLWrappedSymWrappingKey;
    858 
    859 typedef struct SessionTicketStr {
    860     uint16                ticket_version;
    861     SSL3ProtocolVersion   ssl_version;
    862     ssl3CipherSuite       cipher_suite;
    863     SSLCompressionMethod  compression_method;
    864     SSLSignType           authAlgorithm;
    865     uint32                authKeyBits;
    866     SSLKEAType            keaType;
    867     uint32                keaKeyBits;
    868     /*
    869      * exchKeyType and msWrapMech contain meaningful values only if
    870      * ms_is_wrapped is true.
    871      */
    872     uint8                 ms_is_wrapped;
    873     SSLKEAType            exchKeyType; /* XXX(wtc): same as keaType above? */
    874     CK_MECHANISM_TYPE     msWrapMech;
    875     uint16                ms_length;
    876     SSL3Opaque            master_secret[48];
    877     ClientIdentity        client_identity;
    878     SECItem               peer_cert;
    879     uint32                timestamp;
    880 }  SessionTicket;
    881 
    882 /*
    883  * SSL2 buffers used in SSL3.
    884  *     writeBuf in the SecurityInfo maintained by sslsecur.c is used
    885  *              to hold the data just about to be passed to the kernel
    886  *     sendBuf in the ConnectInfo maintained by sslcon.c is used
    887  *              to hold handshake messages as they are accumulated
    888  */
    889 
    890 /*
    891 ** This is "ci", as in "ss->sec.ci".
    892 **
    893 ** Protection:  All the variables in here are protected by
    894 ** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
    895 */
    896 struct sslConnectInfoStr {
    897     /* outgoing handshakes appended to this. */
    898     sslBuffer       sendBuf;	                /*xmitBufLock*/ /* ssl 2 & 3 */
    899 
    900     PRIPv6Addr      peer;                                       /* ssl 2 & 3 */
    901     unsigned short  port;                                       /* ssl 2 & 3 */
    902 
    903     sslSessionID   *sid;                                        /* ssl 2 & 3 */
    904 
    905     /* see CIS_HAVE defines below for the bit values in *elements. */
    906     char            elements;					/* ssl2 only */
    907     char            requiredElements;				/* ssl2 only */
    908     char            sentElements;                               /* ssl2 only */
    909 
    910     char            sentFinished;                               /* ssl2 only */
    911 
    912     /* Length of server challenge.  Used by client when saving challenge */
    913     int             serverChallengeLen;                         /* ssl2 only */
    914     /* type of authentication requested by server */
    915     unsigned char   authType;                                   /* ssl2 only */
    916 
    917     /* Challenge sent by client to server in client-hello message */
    918     /* SSL3 gets a copy of this.  See ssl3_StartHandshakeHash().  */
    919     unsigned char   clientChallenge[SSL_MAX_CHALLENGE_BYTES];   /* ssl 2 & 3 */
    920 
    921     /* Connection-id sent by server to client in server-hello message */
    922     unsigned char   connectionID[SSL_CONNECTIONID_BYTES];	/* ssl2 only */
    923 
    924     /* Challenge sent by server to client in request-certificate message */
    925     unsigned char   serverChallenge[SSL_MAX_CHALLENGE_BYTES];	/* ssl2 only */
    926 
    927     /* Information kept to handle a request-certificate message */
    928     unsigned char   readKey[SSL_MAX_MASTER_KEY_BYTES];		/* ssl2 only */
    929     unsigned char   writeKey[SSL_MAX_MASTER_KEY_BYTES];		/* ssl2 only */
    930     unsigned        keySize;					/* ssl2 only */
    931 };
    932 
    933 /* bit values for ci->elements, ci->requiredElements, sentElements. */
    934 #define CIS_HAVE_MASTER_KEY		0x01
    935 #define CIS_HAVE_CERTIFICATE		0x02
    936 #define CIS_HAVE_FINISHED		0x04
    937 #define CIS_HAVE_VERIFY			0x08
    938 
    939 /* Note: The entire content of this struct and whatever it points to gets
    940  * blown away by SSL_ResetHandshake().  This is "sec" as in "ss->sec".
    941  *
    942  * Unless otherwise specified below, the contents of this struct are
    943  * protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
    944  */
    945 struct sslSecurityInfoStr {
    946     sslSendFunc      send;			/*xmitBufLock*/	/* ssl 2 & 3 */
    947     int              isServer;			/* Spec Lock?*/	/* ssl 2 & 3 */
    948     sslBuffer        writeBuf;			/*xmitBufLock*/	/* ssl 2 & 3 */
    949 
    950     int              cipherType;				/* ssl 2 & 3 */
    951     int              keyBits;					/* ssl 2 & 3 */
    952     int              secretKeyBits;				/* ssl 2 & 3 */
    953     CERTCertificate *localCert;					/* ssl 2 & 3 */
    954     CERTCertificate *peerCert;					/* ssl 2 & 3 */
    955     SECKEYPublicKey *peerKey;					/* ssl3 only */
    956 
    957     SSLSignType      authAlgorithm;
    958     PRUint32         authKeyBits;
    959     SSLKEAType       keaType;
    960     PRUint32         keaKeyBits;
    961 
    962     /*
    963     ** Procs used for SID cache (nonce) management.
    964     ** Different implementations exist for clients/servers
    965     ** The lookup proc is only used for servers.  Baloney!
    966     */
    967     sslSessionIDCacheFunc     cache;				/* ssl 2 & 3 */
    968     sslSessionIDUncacheFunc   uncache;				/* ssl 2 & 3 */
    969 
    970     /*
    971     ** everything below here is for ssl2 only.
    972     ** This stuff is equivalent to SSL3's "spec", and is protected by the
    973     ** same "Spec Lock" as used for SSL3's specs.
    974     */
    975     PRUint32           sendSequence;		/*xmitBufLock*/	/* ssl2 only */
    976     PRUint32           rcvSequence;		/*recvBufLock*/	/* ssl2 only */
    977 
    978     /* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
    979     const SECHashObject   *hash;		/* Spec Lock */ /* ssl2 only */
    980     void            *hashcx;			/* Spec Lock */	/* ssl2 only */
    981 
    982     SECItem          sendSecret;		/* Spec Lock */	/* ssl2 only */
    983     SECItem          rcvSecret;			/* Spec Lock */	/* ssl2 only */
    984 
    985     /* Session cypher contexts; one for each direction */
    986     void            *readcx;			/* Spec Lock */	/* ssl2 only */
    987     void            *writecx;			/* Spec Lock */	/* ssl2 only */
    988     SSLCipher        enc;			/* Spec Lock */	/* ssl2 only */
    989     SSLCipher        dec;			/* Spec Lock */	/* ssl2 only */
    990     void           (*destroy)(void *, PRBool);	/* Spec Lock */	/* ssl2 only */
    991 
    992     /* Blocking information for the session cypher */
    993     int              blockShift;		/* Spec Lock */	/* ssl2 only */
    994     int              blockSize;			/* Spec Lock */	/* ssl2 only */
    995 
    996     /* These are used during a connection handshake */
    997     sslConnectInfo   ci;					/* ssl 2 & 3 */
    998 
    999 };
   1000 
   1001 
   1002 /*
   1003 ** SSL Socket struct
   1004 **
   1005 ** Protection:  XXX
   1006 */
   1007 struct sslSocketStr {
   1008     PRFileDesc *	fd;
   1009 
   1010     /* Pointer to operations vector for this socket */
   1011     const sslSocketOps * ops;
   1012 
   1013     /* SSL socket options */
   1014     sslOptions       opt;
   1015 
   1016     /* State flags */
   1017     unsigned long    clientAuthRequested;
   1018     unsigned long    delayDisabled;       /* Nagle delay disabled */
   1019     unsigned long    firstHsDone;         /* first handshake is complete. */
   1020     unsigned long    handshakeBegun;
   1021     unsigned long    lastWriteBlocked;
   1022     unsigned long    recvdCloseNotify;    /* received SSL EOF. */
   1023     unsigned long    TCPconnected;
   1024     unsigned long    appDataBuffered;
   1025 
   1026     /* version of the protocol to use */
   1027     SSL3ProtocolVersion version;
   1028     SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
   1029 
   1030     sslSecurityInfo  sec;		/* not a pointer any more */
   1031 
   1032     /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
   1033     const char      *url;				/* ssl 2 & 3 */
   1034 
   1035     sslHandshakeFunc handshake;				/*firstHandshakeLock*/
   1036     sslHandshakeFunc nextHandshake;			/*firstHandshakeLock*/
   1037     sslHandshakeFunc securityHandshake;			/*firstHandshakeLock*/
   1038 
   1039     /* the following variable is only used with socks or other proxies. */
   1040     char *           peerID;	/* String uniquely identifies target server. */
   1041 
   1042     unsigned char *  cipherSpecs;
   1043     unsigned int     sizeCipherSpecs;
   1044 const unsigned char *  preferredCipher;
   1045 
   1046     ssl3KeyPair *         stepDownKeyPair;	/* RSA step down keys */
   1047 
   1048     /* Callbacks */
   1049     SSLAuthCertificate        authCertificate;
   1050     void                     *authCertificateArg;
   1051     SSLGetClientAuthData      getClientAuthData;
   1052     void                     *getClientAuthDataArg;
   1053     SSLBadCertHandler         handleBadCert;
   1054     void                     *badCertArg;
   1055     SSLHandshakeCallback      handshakeCallback;
   1056     void                     *handshakeCallbackData;
   1057     void                     *pkcs11PinArg;
   1058 
   1059     PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
   1060     PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
   1061     PRIntervalTime            cTimeout; /* timeout for NSPR I/O */
   1062 
   1063     PZLock *      recvLock;	/* lock against multiple reader threads. */
   1064     PZLock *      sendLock;	/* lock against multiple sender threads. */
   1065 
   1066     PZMonitor *   recvBufLock;	/* locks low level recv buffers. */
   1067     PZMonitor *   xmitBufLock;	/* locks low level xmit buffers. */
   1068 
   1069     /* Only one thread may operate on the socket until the initial handshake
   1070     ** is complete.  This Monitor ensures that.  Since SSL2 handshake is
   1071     ** only done once, this is also effectively the SSL2 handshake lock.
   1072     */
   1073     PZMonitor *   firstHandshakeLock;
   1074 
   1075     /* This monitor protects the ssl3 handshake state machine data.
   1076     ** Only one thread (reader or writer) may be in the ssl3 handshake state
   1077     ** machine at any time.  */
   1078     PZMonitor *   ssl3HandshakeLock;
   1079 
   1080     /* reader/writer lock, protects the secret data needed to encrypt and MAC
   1081     ** outgoing records, and to decrypt and MAC check incoming ciphertext
   1082     ** records.  */
   1083     NSSRWLock *   specLock;
   1084 
   1085     /* handle to perm cert db (and implicitly to the temp cert db) used
   1086     ** with this socket.
   1087     */
   1088     CERTCertDBHandle * dbHandle;
   1089 
   1090     PRThread *  writerThread;   /* thread holds SSL_LOCK_WRITER lock */
   1091 
   1092     PRUint16	shutdownHow; 	/* See ssl_SHUTDOWN defines below. */
   1093 
   1094     PRUint16	allowedByPolicy;          /* copy of global policy bits. */
   1095     PRUint16	maybeAllowedByPolicy;     /* copy of global policy bits. */
   1096     PRUint16	chosenPreference;         /* SSL2 cipher preferences. */
   1097 
   1098     sslHandshakingType handshaking;
   1099 
   1100     /* Gather object used for gathering data */
   1101     sslGather        gs;				/*recvBufLock*/
   1102 
   1103     sslBuffer        saveBuf;				/*xmitBufLock*/
   1104     sslBuffer        pendingBuf;			/*xmitBufLock*/
   1105 
   1106     /* Configuration state for server sockets */
   1107     /* server cert and key for each KEA type */
   1108     sslServerCerts        serverCerts[kt_kea_size];
   1109 
   1110     ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
   1111     ssl3KeyPair *         ephemeralECDHKeyPair; /* for ECDHE-* handshake */
   1112 
   1113     /* SSL3 state info.  Formerly was a pointer */
   1114     ssl3State        ssl3;
   1115 
   1116     /*
   1117      * TLS extension related data.
   1118      */
   1119     /* True when the current session is a stateless resume. */
   1120     PRBool               statelessResume;
   1121     TLSExtensionData     xtnData;
   1122 };
   1123 
   1124 
   1125 
   1126 /* All the global data items declared here should be protected using the
   1127 ** ssl_global_data_lock, which is a reader/writer lock.
   1128 */
   1129 extern NSSRWLock *             ssl_global_data_lock;
   1130 extern char                    ssl_debug;
   1131 extern char                    ssl_trace;
   1132 extern FILE *                  ssl_trace_iob;
   1133 extern CERTDistNames *         ssl3_server_ca_list;
   1134 extern PRUint32                ssl_sid_timeout;
   1135 extern PRUint32                ssl3_sid_timeout;
   1136 extern PRBool                  ssl3_global_policy_some_restricted;
   1137 
   1138 extern const char * const      ssl_cipherName[];
   1139 extern const char * const      ssl3_cipherName[];
   1140 
   1141 extern sslSessionIDLookupFunc  ssl_sid_lookup;
   1142 extern sslSessionIDCacheFunc   ssl_sid_cache;
   1143 extern sslSessionIDUncacheFunc ssl_sid_uncache;
   1144 
   1145 /************************************************************************/
   1146 
   1147 SEC_BEGIN_PROTOS
   1148 
   1149 /* Implementation of ops for default (non socks, non secure) case */
   1150 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
   1151 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
   1152 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
   1153 extern int ssl_DefListen(sslSocket *ss, int backlog);
   1154 extern int ssl_DefShutdown(sslSocket *ss, int how);
   1155 extern int ssl_DefClose(sslSocket *ss);
   1156 extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
   1157 extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
   1158 		       int len, int flags);
   1159 extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
   1160 extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
   1161 extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
   1162 extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
   1163 extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
   1164 			     void *optval, PRInt32 *optlen);
   1165 extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
   1166 			     const void *optval, PRInt32 optlen);
   1167 
   1168 /* Implementation of ops for socks only case */
   1169 extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
   1170 extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
   1171 extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
   1172 extern int ssl_SocksListen(sslSocket *ss, int backlog);
   1173 extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
   1174 extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
   1175 extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
   1176 			 int len, int flags);
   1177 extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
   1178 extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
   1179 
   1180 /* Implementation of ops for secure only case */
   1181 extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
   1182 extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
   1183 extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
   1184 			  int len, int flags);
   1185 extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
   1186 			  int len, int flags);
   1187 extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
   1188 extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
   1189 extern int ssl_SecureShutdown(sslSocket *ss, int how);
   1190 extern int ssl_SecureClose(sslSocket *ss);
   1191 
   1192 /* Implementation of ops for secure socks case */
   1193 extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
   1194 extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
   1195 extern PRFileDesc *ssl_FindTop(sslSocket *ss);
   1196 
   1197 /* Gather funcs. */
   1198 extern sslGather * ssl_NewGather(void);
   1199 extern SECStatus   ssl_InitGather(sslGather *gs);
   1200 extern void        ssl_DestroyGather(sslGather *gs);
   1201 extern int         ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
   1202 extern int         ssl2_GatherRecord(sslSocket *ss, int flags);
   1203 extern SECStatus   ssl_GatherRecord1stHandshake(sslSocket *ss);
   1204 
   1205 extern SECStatus   ssl2_HandleClientHelloMessage(sslSocket *ss);
   1206 extern SECStatus   ssl2_HandleServerHelloMessage(sslSocket *ss);
   1207 extern int         ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
   1208                                          unsigned int count);
   1209 
   1210 extern SECStatus   ssl_CreateSecurityInfo(sslSocket *ss);
   1211 extern SECStatus   ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
   1212 extern void        ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset);
   1213 extern void        ssl_DestroySecurityInfo(sslSecurityInfo *sec);
   1214 
   1215 extern sslSocket * ssl_DupSocket(sslSocket *old);
   1216 
   1217 extern void        ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
   1218 extern void        ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
   1219 
   1220 extern int         ssl_SendSavedWriteData(sslSocket *ss);
   1221 extern SECStatus ssl_SaveWriteData(sslSocket *ss,
   1222                                    const void* p, unsigned int l);
   1223 extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
   1224 extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
   1225 extern int       ssl_Do1stHandshake(sslSocket *ss);
   1226 
   1227 extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
   1228 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data,
   1229 		                  unsigned int len);
   1230 
   1231 extern void      ssl2_UseClearSendFunc(sslSocket *ss);
   1232 extern void      ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
   1233 
   1234 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
   1235 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
   1236                                    const char *peerID, const char *urlSvrName);
   1237 extern void      ssl_FreeSID(sslSessionID *sid);
   1238 
   1239 extern int       ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
   1240 				          int len, int flags);
   1241 
   1242 extern PRBool    ssl_FdIsBlocking(PRFileDesc *fd);
   1243 
   1244 extern PRBool    ssl_SocketIsBlocking(sslSocket *ss);
   1245 
   1246 extern void      ssl_SetAlwaysBlock(sslSocket *ss);
   1247 
   1248 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
   1249 
   1250 #define SSL_LOCK_READER(ss)		if (ss->recvLock) PZ_Lock(ss->recvLock)
   1251 #define SSL_UNLOCK_READER(ss)		if (ss->recvLock) PZ_Unlock(ss->recvLock)
   1252 #define SSL_LOCK_WRITER(ss)		if (ss->sendLock) PZ_Lock(ss->sendLock)
   1253 #define SSL_UNLOCK_WRITER(ss)		if (ss->sendLock) PZ_Unlock(ss->sendLock)
   1254 
   1255 #define ssl_Get1stHandshakeLock(ss)     \
   1256     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
   1257 #define ssl_Release1stHandshakeLock(ss) \
   1258     { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
   1259 #define ssl_Have1stHandshakeLock(ss)    \
   1260     (PZ_InMonitor((ss)->firstHandshakeLock))
   1261 
   1262 #define ssl_GetSSL3HandshakeLock(ss)	\
   1263     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
   1264 #define ssl_ReleaseSSL3HandshakeLock(ss) \
   1265     { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
   1266 #define ssl_HaveSSL3HandshakeLock(ss)	\
   1267     (PZ_InMonitor((ss)->ssl3HandshakeLock))
   1268 
   1269 #define ssl_GetSpecReadLock(ss)		\
   1270     { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
   1271 #define ssl_ReleaseSpecReadLock(ss)	\
   1272     { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
   1273 
   1274 #define ssl_GetSpecWriteLock(ss)	\
   1275     { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
   1276 #define ssl_ReleaseSpecWriteLock(ss)	\
   1277     { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }
   1278 #define ssl_HaveSpecWriteLock(ss)	\
   1279     (NSSRWLock_HaveWriteLock((ss)->specLock))
   1280 
   1281 #define ssl_GetRecvBufLock(ss)		\
   1282     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
   1283 #define ssl_ReleaseRecvBufLock(ss)	\
   1284     { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
   1285 #define ssl_HaveRecvBufLock(ss)		\
   1286     (PZ_InMonitor((ss)->recvBufLock))
   1287 
   1288 #define ssl_GetXmitBufLock(ss)		\
   1289     { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
   1290 #define ssl_ReleaseXmitBufLock(ss)	\
   1291     { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }
   1292 #define ssl_HaveXmitBufLock(ss)		\
   1293     (PZ_InMonitor((ss)->xmitBufLock))
   1294 
   1295 
   1296 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
   1297 		    const unsigned char * cr, const unsigned char * sr,
   1298 		    PRBool isTLS, PRBool isExport);
   1299 extern  SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
   1300 		    const unsigned char * cr, const unsigned char * sr,
   1301 		    const SECItem * pms, PRBool isTLS, PRBool isRSA);
   1302 
   1303 /* These functions are called from secnav, even though they're "private". */
   1304 
   1305 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
   1306 extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
   1307 extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
   1308 					    CERTCertificate *cert,
   1309 					    SECKEYPrivateKey *key,
   1310 					    CERTCertificateList *certChain);
   1311 extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
   1312 extern void ssl_FreeSocket(struct sslSocketStr *ssl);
   1313 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
   1314 				SSL3AlertDescription desc);
   1315 
   1316 extern int ssl2_RestartHandshakeAfterCertReq(sslSocket *          ss,
   1317 					     CERTCertificate *    cert,
   1318 					     SECKEYPrivateKey *   key);
   1319 
   1320 extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket *    ss,
   1321 					     CERTCertificate *    cert,
   1322 					     SECKEYPrivateKey *   key,
   1323 					     CERTCertificateList *certChain);
   1324 
   1325 extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
   1326 extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
   1327 
   1328 /*
   1329  * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
   1330  */
   1331 extern SECStatus ssl3_HandleV2ClientHello(
   1332     sslSocket *ss, unsigned char *buffer, int length);
   1333 extern SECStatus ssl3_StartHandshakeHash(
   1334     sslSocket *ss, unsigned char *buf, int length);
   1335 
   1336 /*
   1337  * SSL3 specific routines
   1338  */
   1339 SECStatus ssl3_SendClientHello(sslSocket *ss);
   1340 
   1341 /*
   1342  * input into the SSL3 machinery from the actualy network reading code
   1343  */
   1344 SECStatus ssl3_HandleRecord(
   1345     sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
   1346 
   1347 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
   1348 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
   1349 /*
   1350  * When talking to export clients or using export cipher suites, servers
   1351  * with public RSA keys larger than 512 bits need to use a 512-bit public
   1352  * key, signed by the larger key.  The smaller key is a "step down" key.
   1353  * Generate that key pair and keep it around.
   1354  */
   1355 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
   1356 
   1357 #ifdef NSS_ENABLE_ECC
   1358 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
   1359 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
   1360 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
   1361                                        const ssl3CipherSuite * suite);
   1362 
   1363 /* Macro for finding a curve equivalent in strength to RSA key's */
   1364 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \
   1365         ((s <= 1024) ? 160 \
   1366 	  : ((s <= 2048) ? 224 \
   1367 	    : ((s <= 3072) ? 256 \
   1368 	      : ((s <= 7168) ? 384 : 521 ) ) ) )
   1369 
   1370 /* Types and names of elliptic curves used in TLS */
   1371 typedef enum { ec_type_explicitPrime      = 1,
   1372 	       ec_type_explicitChar2Curve = 2,
   1373 	       ec_type_named
   1374 } ECType;
   1375 
   1376 typedef enum { ec_noName     = 0,
   1377 	       ec_sect163k1  = 1,
   1378 	       ec_sect163r1  = 2,
   1379 	       ec_sect163r2  = 3,
   1380 	       ec_sect193r1  = 4,
   1381 	       ec_sect193r2  = 5,
   1382 	       ec_sect233k1  = 6,
   1383 	       ec_sect233r1  = 7,
   1384 	       ec_sect239k1  = 8,
   1385 	       ec_sect283k1  = 9,
   1386 	       ec_sect283r1  = 10,
   1387 	       ec_sect409k1  = 11,
   1388 	       ec_sect409r1  = 12,
   1389 	       ec_sect571k1  = 13,
   1390 	       ec_sect571r1  = 14,
   1391 	       ec_secp160k1  = 15,
   1392 	       ec_secp160r1  = 16,
   1393 	       ec_secp160r2  = 17,
   1394 	       ec_secp192k1  = 18,
   1395 	       ec_secp192r1  = 19,
   1396 	       ec_secp224k1  = 20,
   1397 	       ec_secp224r1  = 21,
   1398 	       ec_secp256k1  = 22,
   1399 	       ec_secp256r1  = 23,
   1400 	       ec_secp384r1  = 24,
   1401 	       ec_secp521r1  = 25,
   1402 	       ec_pastLastName
   1403 } ECName;
   1404 
   1405 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve,
   1406 				   SECKEYECParams *params);
   1407 ECName	ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
   1408 
   1409 
   1410 #endif /* NSS_ENABLE_ECC */
   1411 
   1412 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
   1413 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
   1414 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
   1415 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
   1416 
   1417 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
   1418 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
   1419 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
   1420 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
   1421 
   1422 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
   1423 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
   1424 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
   1425 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
   1426 
   1427 extern void      ssl2_InitSocketPolicy(sslSocket *ss);
   1428 extern void      ssl3_InitSocketPolicy(sslSocket *ss);
   1429 
   1430 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
   1431 						 unsigned char *cs, int *size);
   1432 
   1433 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
   1434 
   1435 extern void ssl3_DestroySSL3Info(sslSocket *ss);
   1436 
   1437 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
   1438                                        SSL3ProtocolVersion peerVersion);
   1439 
   1440 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
   1441 
   1442 #ifdef NSS_ENABLE_ECC
   1443 /* ECDH functions */
   1444 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
   1445 			     SECKEYPublicKey * svrPubKey);
   1446 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
   1447 					SSL3Opaque *b, PRUint32 length);
   1448 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
   1449 				     SSL3Opaque *b, PRUint32 length,
   1450                                      SECKEYPublicKey *srvrPubKey,
   1451                                      SECKEYPrivateKey *srvrPrivKey);
   1452 extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
   1453 #endif
   1454 
   1455 extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf,
   1456 				unsigned int bufLen, SSL3Hashes *hashes,
   1457 				PRBool bypassPKCS11);
   1458 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
   1459 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
   1460 			PRInt32 bytes);
   1461 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
   1462 			SSL3HandshakeType t, PRUint32 length);
   1463 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
   1464 			PRInt32 lenSize);
   1465 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
   1466 			const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
   1467 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
   1468 			SSL3Opaque **b, PRUint32 *length);
   1469 extern PRInt32   ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
   1470 			SSL3Opaque **b, PRUint32 *length);
   1471 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
   1472 			PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
   1473 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
   1474 			SECItem *buf, PRBool isTLS);
   1475 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
   1476 			CERTCertificate *cert, SECItem *buf, PRBool isTLS,
   1477 			void *pwArg);
   1478 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
   1479 			sslSessionID *sid, ssl3CipherSpec *spec,
   1480 			SSL3KEAType effectiveExchKeyType);
   1481 
   1482 /* Functions that handle ClientHello and ServerHello extensions. */
   1483 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
   1484 			PRUint16 ex_type, SECItem *data);
   1485 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
   1486 			PRUint16 ex_type, SECItem *data);
   1487 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
   1488 			PRUint16 ex_type, SECItem *data);
   1489 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
   1490 			PRUint16 ex_type, SECItem *data);
   1491 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
   1492 			PRUint16 ex_type, SECItem *data);
   1493 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
   1494 			PRUint16 ex_type, SECItem *data);
   1495 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
   1496 			PRUint16 ex_type, SECItem *data);
   1497 
   1498 /* ClientHello and ServerHello extension senders.
   1499  * Note that not all extension senders are exposed here; only those that
   1500  * that need exposure.
   1501  */
   1502 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
   1503 			PRUint32 maxBytes);
   1504 #ifdef NSS_ENABLE_ECC
   1505 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
   1506 			PRBool append, PRUint32 maxBytes);
   1507 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
   1508 			PRBool append, PRUint32 maxBytes);
   1509 #endif
   1510 extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
   1511 					       PRUint32 maxBytes);
   1512 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
   1513 					    unsigned short length);
   1514 
   1515 /* call the registered extension handlers. */
   1516 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
   1517 			SSL3Opaque **b, PRUint32 *length);
   1518 
   1519 /* Hello Extension related routines. */
   1520 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
   1521 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid,
   1522 			NewSessionTicket *session_ticket);
   1523 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
   1524 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
   1525 			unsigned char *encKey, unsigned char *macKey);
   1526 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
   1527 			SECKEYPublicKey *svrPubKey, void *pwArg,
   1528 			unsigned char *keyName, PK11SymKey **aesKey,
   1529 			PK11SymKey **macKey);
   1530 
   1531 /* Tell clients to consider tickets valid for this long. */
   1532 #define TLS_EX_SESS_TICKET_LIFETIME_HINT    (2 * 24 * 60 * 60) /* 2 days */
   1533 #define TLS_EX_SESS_TICKET_VERSION          (0x0100)
   1534 
   1535 /* Construct a new NSPR socket for the app to use */
   1536 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
   1537 extern void ssl_FreePRSocket(PRFileDesc *fd);
   1538 
   1539 /* Internal config function so SSL2 can initialize the present state of
   1540  * various ciphers */
   1541 extern int ssl3_config_match_init(sslSocket *);
   1542 
   1543 
   1544 /* Create a new ref counted key pair object from two keys. */
   1545 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
   1546                                       SECKEYPublicKey * pubKey);
   1547 
   1548 /* get a new reference (bump ref count) to an ssl3KeyPair. */
   1549 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
   1550 
   1551 /* Decrement keypair's ref count and free if zero. */
   1552 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
   1553 
   1554 /* calls for accessing wrapping keys across processes. */
   1555 extern PRBool
   1556 ssl_GetWrappingKey( PRInt32                   symWrapMechIndex,
   1557                     SSL3KEAType               exchKeyType,
   1558 		    SSLWrappedSymWrappingKey *wswk);
   1559 
   1560 /* The caller passes in the new value it wants
   1561  * to set.  This code tests the wrapped sym key entry in the file on disk.
   1562  * If it is uninitialized, this function writes the caller's value into
   1563  * the disk entry, and returns false.
   1564  * Otherwise, it overwrites the caller's wswk with the value obtained from
   1565  * the disk, and returns PR_TRUE.
   1566  * This is all done while holding the locks/semaphores necessary to make
   1567  * the operation atomic.
   1568  */
   1569 extern PRBool
   1570 ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
   1571 
   1572 /* get rid of the symmetric wrapping key references. */
   1573 extern SECStatus SSL3_ShutdownServerCache(void);
   1574 
   1575 extern SECStatus ssl_InitSymWrapKeysLock(void);
   1576 
   1577 extern SECStatus ssl_FreeSymWrapKeysLock(void);
   1578 
   1579 extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
   1580 
   1581 extern SECStatus ssl_FreeSessionCacheLocks(void);
   1582 
   1583 
   1584 /********************** misc calls *********************/
   1585 
   1586 extern int ssl_MapLowLevelError(int hiLevelError);
   1587 
   1588 extern PRUint32 ssl_Time(void);
   1589 
   1590 extern void SSL_AtomicIncrementLong(long * x);
   1591 
   1592 SECStatus SSL_DisableDefaultExportCipherSuites(void);
   1593 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
   1594 PRBool    SSL_IsExportCipherSuite(PRUint16 cipherSuite);
   1595 
   1596 
   1597 #ifdef TRACE
   1598 #define SSL_TRACE(msg) ssl_Trace msg
   1599 #else
   1600 #define SSL_TRACE(msg)
   1601 #endif
   1602 
   1603 void ssl_Trace(const char *format, ...);
   1604 
   1605 SEC_END_PROTOS
   1606 
   1607 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
   1608 #define SSL_GETPID getpid
   1609 #elif defined(_WIN32_WCE)
   1610 #define SSL_GETPID GetCurrentProcessId
   1611 #elif defined(WIN32)
   1612 extern int __cdecl _getpid(void);
   1613 #define SSL_GETPID _getpid
   1614 #else
   1615 #define SSL_GETPID() 0
   1616 #endif
   1617 
   1618 #endif /* __sslimpl_h_ */
   1619