Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions | Variables
sslimpl.h File Reference
#include "secport.h"
#include "secerr.h"
#include "sslerr.h"
#include "ssl3prot.h"
#include "hasht.h"
#include "nssilock.h"
#include "pkcs11t.h"
#include "nssrwlk.h"
#include "prthread.h"
#include "sslt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  ssl3CertNodeStr
struct  ssl3HelloExtensionSender
struct  ssl3HelloExtensionHandler
struct  sslSocketOpsStr
struct  sslBufferStr
struct  ssl3CipherSuiteCfg
struct  sslOptionsStr
struct  sslServerCertsStr
struct  sslGatherStr
struct  SSL3SequenceNumber
struct  ssl3SidKeys
struct  ssl3KeyMaterial
struct  ssl3CipherSpec
struct  sslSessionIDStr
struct  ssl3CipherSuiteDefStr
struct  ssl3KEADef
struct  ssl3BulkCipherDefStr
struct  ssl3MACDefStr
struct  SSL3HandshakeStateStr
struct  ssl3StateStr
struct  SSL3Ciphertext
struct  ssl3KeyPairStr
struct  SSLWrappedSymWrappingKeyStr
struct  sslConnectInfoStr
struct  sslSecurityInfoStr
struct  sslSocketStr
union  sslSessionIDStr.u
struct  sslSessionIDStr.u.ssl2
struct  sslSessionIDStr.u.ssl3

Defines

#define NDEBUG
#define sign_null   ssl_sign_null
#define sign_rsa   ssl_sign_rsa
#define sign_dsa   ssl_sign_dsa
#define sign_ecdsa   ssl_sign_ecdsa
#define calg_null   ssl_calg_null
#define calg_rc4   ssl_calg_rc4
#define calg_rc2   ssl_calg_rc2
#define calg_des   ssl_calg_des
#define calg_3des   ssl_calg_3des
#define calg_idea   ssl_calg_idea
#define calg_fortezza   ssl_calg_fortezza /* deprecated, must preserve */
#define calg_aes   ssl_calg_aes
#define mac_null   ssl_mac_null
#define mac_md5   ssl_mac_md5
#define mac_sha   ssl_mac_sha
#define hmac_md5   ssl_hmac_md5
#define hmac_sha   ssl_hmac_sha
#define SET_ERROR_CODE   /* reminder */
#define SEND_ALERT   /* reminder */
#define TEST_FOR_FAILURE   /* reminder */
#define DEAL_WITH_FAILURE   /* reminder */
#define SSL_TRC(a, b)
#define PRINT_BUF(a, b)
#define DUMP_MSG(a, b)
#define SSL_DBG(b)
#define LSB(x)   ((unsigned char) (x & 0xff))
#define MSB(x)   ((unsigned char) (((unsigned)(x)) >> 8))
#define SSL_MIN_MASTER_KEY_BYTES   5
#define SSL_MAX_MASTER_KEY_BYTES   64
#define SSL2_SESSIONID_BYTES   16
#define SSL3_SESSIONID_BYTES   32
#define SSL_MIN_CHALLENGE_BYTES   16
#define SSL_MAX_CHALLENGE_BYTES   32
#define SSL_CHALLENGE_BYTES   16
#define SSL_CONNECTIONID_BYTES   16
#define SSL_MIN_CYPHER_ARG_BYTES   0
#define SSL_MAX_CYPHER_ARG_BYTES   32
#define SSL_MAX_MAC_BYTES   16
#define SSL3_RSA_PMS_LENGTH   48
#define SSL3_MASTER_SECRET_LENGTH   48
#define SSL_NUM_WRAP_MECHS   14
#define SSL_MAX_CACHED_CERT_LEN   4060
#define MAX_EXTENSION_SENDERS   3
#define NUM_MIXERS   9
#define SSL3_SUPPORTED_CURVES_MASK   0x3800000 /* only 3 curves, suite B*/
#define BPB   8 /* Bits Per Byte */
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER   0x40000000
#define ssl_SEND_FLAG_NO_BUFFER   0x20000000
#define ssl_SEND_FLAG_MASK   0x7f000000
#define ssl_V3_SUITES_IMPLEMENTED   23
#define SERVERKEY   serverKeyPair->privKey
#define SSL_LOCK_RANK_SPEC   255
#define SSL_LOCK_RANK_GLOBAL   NSS_RWLOCK_RANK_NONE
#define ssl_SHUTDOWN_NONE   0 /* NOT shutdown at all */
#define ssl_SHUTDOWN_RCV   1 /* PR_SHUTDOWN_RCV +1 */
#define ssl_SHUTDOWN_SEND   2 /* PR_SHUTDOWN_SEND +1 */
#define ssl_SHUTDOWN_BOTH   3 /* PR_SHUTDOWN_BOTH +1 */
#define GS_INIT   0
#define GS_HEADER   1
#define GS_MAC   2
#define GS_DATA   3
#define GS_PAD   4
#define MAX_IV_LENGTH   64
#define MAX_MAC_CONTEXT_BYTES   400
#define MAX_MAC_CONTEXT_LLONGS   (MAX_MAC_CONTEXT_BYTES / 8)
#define MAX_CIPHER_CONTEXT_BYTES   2080
#define MAX_CIPHER_CONTEXT_LLONGS   (MAX_CIPHER_CONTEXT_BYTES / 8)
#define CIS_HAVE_MASTER_KEY   0x01
#define CIS_HAVE_CERTIFICATE   0x02
#define CIS_HAVE_FINISHED   0x04
#define CIS_HAVE_VERIFY   0x08
#define SSL_LOCK_READER(ss)   if (ss->recvLock) PZ_Lock(ss->recvLock)
#define SSL_UNLOCK_READER(ss)   if (ss->recvLock) PZ_Unlock(ss->recvLock)
#define SSL_LOCK_WRITER(ss)   if (ss->sendLock) PZ_Lock(ss->sendLock)
#define SSL_UNLOCK_WRITER(ss)   if (ss->sendLock) PZ_Unlock(ss->sendLock)
#define ssl_Get1stHandshakeLock(ss)   { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
#define ssl_Release1stHandshakeLock(ss)   { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
#define ssl_Have1stHandshakeLock(ss)   (PZ_InMonitor((ss)->firstHandshakeLock))
#define ssl_GetSSL3HandshakeLock(ss)   { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
#define ssl_ReleaseSSL3HandshakeLock(ss)   { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
#define ssl_HaveSSL3HandshakeLock(ss)   (PZ_InMonitor((ss)->ssl3HandshakeLock))
#define ssl_GetSpecReadLock(ss)   { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
#define ssl_ReleaseSpecReadLock(ss)   { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
#define ssl_GetSpecWriteLock(ss)   { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
#define ssl_ReleaseSpecWriteLock(ss)   { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }
#define ssl_HaveSpecWriteLock(ss)   (NSSRWLock_HaveWriteLock((ss)->specLock))
#define ssl_GetRecvBufLock(ss)   { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
#define ssl_ReleaseRecvBufLock(ss)   { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
#define ssl_HaveRecvBufLock(ss)   (PZ_InMonitor((ss)->recvBufLock))
#define ssl_GetXmitBufLock(ss)   { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
#define ssl_ReleaseXmitBufLock(ss)   { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }
#define ssl_HaveXmitBufLock(ss)   (PZ_InMonitor((ss)->xmitBufLock))
#define SSL_TRACE(msg)
#define SSL_GETPID()   0

Typedefs

typedef SSLKEAType SSL3KEAType
typedef SSLMACAlgorithm SSL3MACAlgorithm
typedef SSLSignType SSL3SignType
typedef struct sslBufferStr
typedef struct sslConnectInfoStr
typedef struct sslGatherStr
typedef struct sslSecurityInfoStr
typedef struct sslSessionIDStr
typedef struct sslSocketStr
typedef struct sslSocketOpsStr
typedef struct ssl3StateStr
typedef struct ssl3CertNodeStr
typedef struct ssl3BulkCipherDefStr
typedef struct ssl3MACDefStr
typedef struct ssl3KeyPairStr
typedef SECStatus(* sslHandshakeFunc )(sslSocket *ss)
typedef PRInt32(* sslSendFunc )(sslSocket *ss, const unsigned char *buf, PRInt32 n, PRInt32 flags)
typedef void(* sslSessionIDCacheFunc )(sslSessionID *sid)
typedef void(* sslSessionIDUncacheFunc )(sslSessionID *sid)
typedef sslSessionID *(* sslSessionIDLookupFunc )(const PRIPv6Addr *addr, unsigned char *sid, unsigned int sidLen, CERTCertDBHandle *dbHandle)
typedef PRInt32(* ssl3HelloExtensionSenderFunc )(sslSocket *ss, PRBool append, PRUint32 maxBytes)
typedef SECStatus(* ssl3HelloExtensionHandlerFunc )(sslSocket *ss, PRUint16 ex_type, SECItem *data)
typedef struct sslOptionsStr sslOptions
typedef struct sslServerCertsStr sslServerCerts
typedef SECStatus(* SSLCipher )(void *context, unsigned char *out, int *outlen, int maxout, const unsigned char *in, int inlen)
typedef SECStatus(* SSLDestroy )(void *context, PRBool freeit)
typedef struct
ssl3CipherSuiteDefStr 
ssl3CipherSuiteDef
typedef struct
SSL3HandshakeStateStr 
SSL3HandshakeState
typedef struct
SSLWrappedSymWrappingKeyStr 
SSLWrappedSymWrappingKey

Enumerations

enum  SSLAppOperation {
  SSLAppOpRead = 0, SSLAppOpWrite, SSLAppOpRDWR, SSLAppOpPost,
  SSLAppOpHeader, SSLAppOpRead = 0, SSLAppOpWrite, SSLAppOpRDWR,
  SSLAppOpPost, SSLAppOpHeader
}
enum  sslHandshakingType {
  sslHandshakingUndetermined = 0, sslHandshakingAsClient, sslHandshakingAsServer, sslHandshakingUndetermined = 0,
  sslHandshakingAsClient, sslHandshakingAsServer
}
enum  SSL3BulkCipher {
  cipher_null, cipher_rc4, cipher_rc4_40, cipher_rc4_56,
  cipher_rc2, cipher_rc2_40, cipher_des, cipher_3des,
  cipher_des40, cipher_idea, cipher_aes_128, cipher_aes_256,
  cipher_missing, cipher_null, cipher_rc4, cipher_rc4_40,
  cipher_rc4_56, cipher_rc2, cipher_rc2_40, cipher_des,
  cipher_3des, cipher_des40, cipher_idea, cipher_aes_128,
  cipher_aes_256, cipher_missing
}
enum  CipherType { type_stream, type_block, type_stream, type_block }
enum  Cached {
  never_cached, in_client_cache, in_server_cache, invalid_cache,
  never_cached, in_client_cache, in_server_cache, invalid_cache
}
enum  SSL3KeyGenMode {
  kg_null, kg_strong, kg_export, kg_null,
  kg_strong, kg_export
}
enum  SSL3WaitState {
  wait_client_hello, wait_client_cert, wait_client_key, wait_cert_verify,
  wait_change_cipher, wait_finished, wait_server_hello, wait_server_cert,
  wait_server_key, wait_cert_request, wait_hello_done, idle_handshake,
  wait_client_hello, wait_client_cert, wait_client_key, wait_cert_verify,
  wait_change_cipher, wait_finished, wait_server_hello, wait_server_cert,
  wait_server_key, wait_cert_request, wait_hello_done, idle_handshake
}

Functions

SECStatus ssl3_RegisterServerHelloExtensionSender (sslSocket *ss, PRUint16 ex_type, ssl3HelloExtensionSenderFunc cb)
PRInt32 ssl3_CallHelloExtensionSenders (sslSocket *ss, PRBool append, PRUint32 maxBytes, const ssl3HelloExtensionSender *sender)
SEC_BEGIN_PROTOS int ssl_DefConnect (sslSocket *ss, const PRNetAddr *addr)
PRFileDescssl_DefAccept (sslSocket *ss, PRNetAddr *addr)
int ssl_DefBind (sslSocket *ss, const PRNetAddr *addr)
int ssl_DefListen (sslSocket *ss, int backlog)
int ssl_DefShutdown (sslSocket *ss, int how)
int ssl_DefClose (sslSocket *ss)
int ssl_DefRecv (sslSocket *ss, unsigned char *buf, int len, int flags)
int ssl_DefSend (sslSocket *ss, const unsigned char *buf, int len, int flags)
int ssl_DefRead (sslSocket *ss, unsigned char *buf, int len)
int ssl_DefWrite (sslSocket *ss, const unsigned char *buf, int len)
int ssl_DefGetpeername (sslSocket *ss, PRNetAddr *name)
int ssl_DefGetsockname (sslSocket *ss, PRNetAddr *name)
int ssl_DefGetsockopt (sslSocket *ss, PRSockOption optname, void *optval, PRInt32 *optlen)
int ssl_DefSetsockopt (sslSocket *ss, PRSockOption optname, const void *optval, PRInt32 optlen)
int ssl_SocksConnect (sslSocket *ss, const PRNetAddr *addr)
PRFileDescssl_SocksAccept (sslSocket *ss, PRNetAddr *addr)
int ssl_SocksBind (sslSocket *ss, const PRNetAddr *addr)
int ssl_SocksListen (sslSocket *ss, int backlog)
int ssl_SocksGetsockname (sslSocket *ss, PRNetAddr *name)
int ssl_SocksRecv (sslSocket *ss, unsigned char *buf, int len, int flags)
int ssl_SocksSend (sslSocket *ss, const unsigned char *buf, int len, int flags)
int ssl_SocksRead (sslSocket *ss, unsigned char *buf, int len)
int ssl_SocksWrite (sslSocket *ss, const unsigned char *buf, int len)
int ssl_SecureConnect (sslSocket *ss, const PRNetAddr *addr)
PRFileDescssl_SecureAccept (sslSocket *ss, PRNetAddr *addr)
int ssl_SecureRecv (sslSocket *ss, unsigned char *buf, int len, int flags)
int ssl_SecureSend (sslSocket *ss, const unsigned char *buf, int len, int flags)
int ssl_SecureRead (sslSocket *ss, unsigned char *buf, int len)
int ssl_SecureWrite (sslSocket *ss, const unsigned char *buf, int len)
int ssl_SecureShutdown (sslSocket *ss, int how)
int ssl_SecureClose (sslSocket *ss)
int ssl_SecureSocksConnect (sslSocket *ss, const PRNetAddr *addr)
PRFileDescssl_SecureSocksAccept (sslSocket *ss, PRNetAddr *addr)
PRFileDescssl_FindTop (sslSocket *ss)
sslGather * ssl_NewGather (void)
SECStatus ssl_InitGather (sslGather *gs)
void ssl_DestroyGather (sslGather *gs)
int ssl2_GatherData (sslSocket *ss, sslGather *gs, int flags)
int ssl2_GatherRecord (sslSocket *ss, int flags)
SECStatus ssl_GatherRecord1stHandshake (sslSocket *ss)
SECStatus ssl2_HandleClientHelloMessage (sslSocket *ss)
SECStatus ssl2_HandleServerHelloMessage (sslSocket *ss)
int ssl2_StartGatherBytes (sslSocket *ss, sslGather *gs, unsigned int count)
SECStatus ssl_CreateSecurityInfo (sslSocket *ss)
SECStatus ssl_CopySecurityInfo (sslSocket *ss, sslSocket *os)
void ssl_ResetSecurityInfo (sslSecurityInfo *sec, PRBool doMemset)
void ssl_DestroySecurityInfo (sslSecurityInfo *sec)
sslSocket * ssl_DupSocket (sslSocket *old)
void ssl_PrintBuf (sslSocket *ss, const char *msg, const void *cp, int len)
void ssl_DumpMsg (sslSocket *ss, unsigned char *bp, unsigned len)
int ssl_SendSavedWriteData (sslSocket *ss)
SECStatus ssl_SaveWriteData (sslSocket *ss, const void *p, unsigned int l)
SECStatus ssl2_BeginClientHandshake (sslSocket *ss)
SECStatus ssl2_BeginServerHandshake (sslSocket *ss)
int ssl_Do1stHandshake (sslSocket *ss)
SECStatus sslBuffer_Grow (sslBuffer *b, unsigned int newLen)
void ssl2_UseClearSendFunc (sslSocket *ss)
void ssl_ChooseSessionIDProcs (sslSecurityInfo *sec)
sslSessionID * ssl_LookupSID (const PRIPv6Addr *addr, PRUint16 port, const char *peerID, const char *urlSvrName)
void ssl_FreeSID (sslSessionID *sid)
int ssl3_SendApplicationData (sslSocket *ss, const PRUint8 *in, int len, int flags)
PRBool ssl_FdIsBlocking (PRFileDesc *fd)
SECStatus ssl_SetTimeout (PRFileDesc *fd, PRIntervalTime timeout)
PRBool ssl_SocketIsBlocking (sslSocket *ss)
void ssl_SetAlwaysBlock (sslSocket *ss)
SECStatus ssl_EnableNagleDelay (sslSocket *ss, PRBool enabled)
SECStatus ssl3_KeyAndMacDeriveBypass (ssl3CipherSpec *pwSpec, const unsigned char *cr, const unsigned char *sr, PRBool isTLS, PRBool isExport)
SECStatus ssl3_MasterKeyDeriveBypass (ssl3CipherSpec *pwSpec, const unsigned char *cr, const unsigned char *sr, const SECItem *pms, PRBool isTLS, PRBool isRSA)
int ssl2_SendErrorMessage (struct sslSocketStr *ss, int error)
int SSL_RestartHandshakeAfterServerCert (struct sslSocketStr *ss)
int SSL_RestartHandshakeAfterCertReq (struct sslSocketStr *ss, CERTCertificate *cert, SECKEYPrivateKey *key, CERTCertificateList *certChain)
sslSocket * ssl_FindSocket (PRFileDesc *fd)
void ssl_FreeSocket (struct sslSocketStr *ssl)
SECStatus SSL3_SendAlert (sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
int ssl2_RestartHandshakeAfterCertReq (sslSocket *ss, CERTCertificate *cert, SECKEYPrivateKey *key)
SECStatus ssl3_RestartHandshakeAfterCertReq (sslSocket *ss, CERTCertificate *cert, SECKEYPrivateKey *key, CERTCertificateList *certChain)
int ssl2_RestartHandshakeAfterServerCert (sslSocket *ss)
int ssl3_RestartHandshakeAfterServerCert (sslSocket *ss)
SECStatus ssl3_HandleV2ClientHello (sslSocket *ss, unsigned char *buffer, int length)
SECStatus ssl3_StartHandshakeHash (sslSocket *ss, unsigned char *buf, int length)
SECStatus ssl3_SendClientHello (sslSocket *ss)
SECStatus ssl3_HandleRecord (sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out)
int ssl3_GatherAppDataRecord (sslSocket *ss, int flags)
int ssl3_GatherCompleteHandshake (sslSocket *ss, int flags)
SECStatus ssl3_CreateRSAStepDownKeys (sslSocket *ss)
SECStatus ssl3_CipherPrefSetDefault (ssl3CipherSuite which, PRBool on)
SECStatus ssl3_CipherPrefGetDefault (ssl3CipherSuite which, PRBool *on)
SECStatus ssl2_CipherPrefSetDefault (PRInt32 which, PRBool enabled)
SECStatus ssl2_CipherPrefGetDefault (PRInt32 which, PRBool *enabled)
SECStatus ssl3_CipherPrefSet (sslSocket *ss, ssl3CipherSuite which, PRBool on)
SECStatus ssl3_CipherPrefGet (sslSocket *ss, ssl3CipherSuite which, PRBool *on)
SECStatus ssl2_CipherPrefSet (sslSocket *ss, PRInt32 which, PRBool enabled)
SECStatus ssl2_CipherPrefGet (sslSocket *ss, PRInt32 which, PRBool *enabled)
SECStatus ssl3_SetPolicy (ssl3CipherSuite which, PRInt32 policy)
SECStatus ssl3_GetPolicy (ssl3CipherSuite which, PRInt32 *policy)
SECStatus ssl2_SetPolicy (PRInt32 which, PRInt32 policy)
SECStatus ssl2_GetPolicy (PRInt32 which, PRInt32 *policy)
void ssl2_InitSocketPolicy (sslSocket *ss)
void ssl3_InitSocketPolicy (sslSocket *ss)
SECStatus ssl3_ConstructV2CipherSpecsHack (sslSocket *ss, unsigned char *cs, int *size)
SECStatus ssl3_RedoHandshake (sslSocket *ss, PRBool flushCache)
void ssl3_DestroySSL3Info (sslSocket *ss)
SECStatus ssl3_NegotiateVersion (sslSocket *ss, SSL3ProtocolVersion peerVersion)
SECStatus ssl_GetPeerInfo (sslSocket *ss)
SECStatus ssl3_ComputeCommonKeyHash (PRUint8 *hashBuf, unsigned int bufLen, SSL3Hashes *hashes, PRBool bypassPKCS11)
SECStatus ssl3_InitPendingCipherSpec (sslSocket *ss, PK11SymKey *pms)
SECStatus ssl3_AppendHandshake (sslSocket *ss, const void *void_src, PRInt32 bytes)
SECStatus ssl3_AppendHandshakeHeader (sslSocket *ss, SSL3HandshakeType t, PRUint32 length)
SECStatus ssl3_AppendHandshakeNumber (sslSocket *ss, PRInt32 num, PRInt32 lenSize)
SECStatus ssl3_AppendHandshakeVariable (sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize)
SECStatus ssl3_ConsumeHandshake (sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length)
PRInt32 ssl3_ConsumeHandshakeNumber (sslSocket *ss, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length)
SECStatus ssl3_ConsumeHandshakeVariable (sslSocket *ss, SECItem *i, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length)
SECStatus ssl3_SignHashes (SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, PRBool isTLS)
SECStatus ssl3_VerifySignedHashes (SSL3Hashes *hash, CERTCertificate *cert, SECItem *buf, PRBool isTLS, void *pwArg)
PRInt32 ssl3_SendServerNameIndicationExtension (sslSocket *ss, PRBool append, PRUint32 maxBytes)
SECStatus ssl3_HandleClientHelloExtensions (sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
PRFileDescssl_NewPRSocket (sslSocket *ss, PRFileDesc *fd)
void ssl_FreePRSocket (PRFileDesc *fd)
int ssl3_config_match_init (sslSocket *)
ssl3KeyPair * ssl3_NewKeyPair (SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey)
ssl3KeyPair * ssl3_GetKeyPairRef (ssl3KeyPair *keyPair)
void ssl3_FreeKeyPair (ssl3KeyPair *keyPair)
PRBool ssl_GetWrappingKey (PRInt32 symWrapMechIndex, SSL3KEAType exchKeyType, SSLWrappedSymWrappingKey *wswk)
PRBool ssl_SetWrappingKey (SSLWrappedSymWrappingKey *wswk)
SECStatus SSL3_ShutdownServerCache (void)
void ssl_InitClientSessionCacheLock (void)
void ssl_InitSymWrapKeysLock (void)
int ssl_MapLowLevelError (int hiLevelError)
PRUint32 ssl_Time (void)
SECStatus SSL_DisableDefaultExportCipherSuites (void)
SECStatus SSL_DisableExportCipherSuites (PRFileDesc *fd)
PRBool SSL_IsExportCipherSuite (PRUint16 cipherSuite)
void ssl_Trace (const char *format,...)

Variables

NSSRWLock * ssl_global_data_lock
char ssl_debug
char ssl_trace
CERTDistNames * ssl3_server_ca_list
PRUint32 ssl_sid_timeout
PRUint32 ssl3_sid_timeout
PRBool ssl3_global_policy_some_restricted
const char *const ssl_cipherName []
const char *const ssl3_cipherName []
sslSessionIDLookupFunc ssl_sid_lookup
sslSessionIDCacheFunc ssl_sid_cache
sslSessionIDUncacheFunc ssl_sid_uncache

Class Documentation

struct ssl3CertNodeStr

Definition at line 209 of file sslimpl.h.

Collaboration diagram for ssl3CertNodeStr:
Class Members
CERTCertificate * cert
struct ssl3CertNodeStr * next
struct ssl3HelloExtensionSender

Definition at line 245 of file sslimpl.h.

Class Members
ssl3HelloExtensionSenderFunc ex_sender
PRInt32 ex_type
struct ssl3HelloExtensionHandler

Definition at line 251 of file sslimpl.h.

Class Members
ssl3HelloExtensionHandlerFunc ex_handler
PRInt32 ex_type
struct sslBufferStr

Definition at line 292 of file sslimpl.h.

Class Members
unsigned char * buf
unsigned int len
unsigned int space
struct ssl3CipherSuiteCfg

Definition at line 301 of file sslimpl.h.

Class Members
unsigned int cipher_suite: 16
unsigned int enabled: 1
unsigned int isPresent: 1
unsigned int policy: 8
struct sslOptionsStr

Definition at line 321 of file sslimpl.h.

Class Members
unsigned int bypassPKCS11: 1
unsigned int detectRollBack: 1
unsigned int enableSSL2: 1
unsigned int enableSSL3: 1
unsigned int enableTLS: 1
unsigned int fdx: 1
unsigned int handshakeAsClient: 1
unsigned int handshakeAsServer: 1
unsigned int noCache: 1
unsigned int noLocks: 1
unsigned int noStepDown: 1
unsigned int requestCertificate: 1
unsigned int requireCertificate: 2
unsigned int useSecurity: 1
unsigned int useSocks: 1
unsigned int v2CompatibleHello: 1
struct sslServerCertsStr

Definition at line 345 of file sslimpl.h.

Class Members
CERTCertificate * serverCert
CERTCertificateList * serverCertChain
unsigned int serverKeyBits
ssl3KeyPair * serverKeyPair
struct sslGatherStr

Definition at line 374 of file sslimpl.h.

Collaboration diagram for sslGatherStr:
Class Members
sslBuffer buf
unsigned int count
int encrypted
unsigned char hdr
sslBuffer inbuf
unsigned int offset
unsigned int readOffset
unsigned int recordLen
unsigned int recordOffset
unsigned int recordPadding
unsigned int remainder
int state
unsigned int writeOffset
struct SSL3SequenceNumber

Definition at line 485 of file sslimpl.h.

Class Members
uint32 high
uint32 low
struct ssl3SidKeys

Definition at line 496 of file sslimpl.h.

Class Members
SSL3Opaque client_write_iv
PRUint8 msIsWrapped
PRUint8 resumable
SSL3Opaque server_write_iv
SSL3Opaque wrapped_master_secret
PRUint16 wrapped_master_secret_len
struct ssl3KeyMaterial

Definition at line 505 of file sslimpl.h.

Collaboration diagram for ssl3KeyMaterial:
Class Members
PRUint64 cipher_context
SSL3Opaque write_iv
SECItem write_iv_item
PK11SymKey * write_key
SECItem write_key_item
PK11Context * write_mac_context
PK11SymKey * write_mac_key
SECItem write_mac_key_item
struct ssl3CipherSpec

Definition at line 521 of file sslimpl.h.

Collaboration diagram for ssl3CipherSpec:
Class Members
PRBool bypassCiphers
const ssl3BulkCipherDef * cipher_def
ssl3KeyMaterial client
SSLCipher decode
void * decodeContext
SSLDestroy destroy
SSLCipher encode
void * encodeContext
unsigned char key_block
const ssl3MACDef * mac_def
int mac_size
PK11SymKey * master_secret
SECItem msItem
unsigned char raw_master_secret
SSL3SequenceNumber read_seq_num
ssl3KeyMaterial server
SSL3ProtocolVersion version
SSL3SequenceNumber write_seq_num
struct sslSessionIDStr

Definition at line 548 of file sslimpl.h.

Collaboration diagram for sslSessionIDStr:
Class Members
PRIPv6Addr addr
SSLSignType authAlgorithm
PRUint32 authKeyBits
Cached cached
PRUint32 creationTime
PRUint32 expirationTime
PRUint32 keaKeyBits
SSLKEAType keaType
PRUint32 lastAccessTime
CERTCertificate * localCert
sslSessionID * next
CERTCertificate * peerCert
const char * peerID
PRUint16 port
int references
union sslSessionIDStr u
union sslSessionIDStr u
const char * urlSvrName
SSL3ProtocolVersion version
struct ssl3CipherSuiteDefStr

Definition at line 636 of file sslimpl.h.

Class Members
SSL3BulkCipher bulk_cipher_alg
ssl3CipherSuite cipher_suite
SSL3KeyExchangeAlgorithm key_exchange_alg
SSL3MACAlgorithm mac_alg
struct ssl3KEADef

Definition at line 646 of file sslimpl.h.

Collaboration diagram for ssl3KEADef:
Class Members
SSL3KEAType exchKeyType
PRBool is_limited
SSL3KeyExchangeAlgorithm kea
int key_size_limit
SSL3SignType signKeyType
PRBool tls_keygen
struct ssl3BulkCipherDefStr

Definition at line 660 of file sslimpl.h.

Collaboration diagram for ssl3BulkCipherDefStr:
Class Members
int block_size
SSLCipherAlgorithm calg
SSL3BulkCipher cipher
int iv_size
int key_size
SSL3KeyGenMode keygen_mode
int secret_key_size
CipherType type
struct ssl3MACDefStr

Definition at line 674 of file sslimpl.h.

Collaboration diagram for ssl3MACDefStr:
Class Members
SSL3MACAlgorithm mac
int mac_size
CK_MECHANISM_TYPE mmech
int pad_size
struct SSL3HandshakeStateStr

Definition at line 700 of file sslimpl.h.

Collaboration diagram for SSL3HandshakeStateStr:
Class Members
SECItem ca_list
ssl3CipherSuite cipher_suite
SSL3Random client_random
SSL3CompressionMethod compression
unsigned int header_bytes
PRBool isResuming
const ssl3KEADef * kea_def
PK11Context * md5
PRUint64 md5_cx
sslBuffer messages
sslBuffer msg_body
unsigned long msg_len
SSL3HandshakeType msg_type
sslBuffer msgState
PRBool rehandshake
SSL3Random server_random
PK11Context * sha
PRUint64 sha_cx
const ssl3CipherSuiteDef * suite_def
PRBool usedStepDownKey
SSL3WaitState ws
struct ssl3StateStr

Definition at line 742 of file sslimpl.h.

Collaboration diagram for ssl3StateStr:
Class Members
CERTDistNames * ca_list
CERTCertificateList * clientCertChain
CERTCertificate * clientCertificate
SECKEYPrivateKey * clientPrivateKey
ssl3CipherSpec * crSpec
ssl3CipherSpec * cwSpec
SSL3HandshakeState hs
PRBool initialized
PRArenaPool * peerCertArena
void * peerCertChain
int policy
ssl3CipherSpec * prSpec
ssl3CipherSpec * pwSpec
PRBool sendEmptyCert
ssl3CipherSpec specs
struct SSL3Ciphertext

Definition at line 773 of file sslimpl.h.

Class Members
sslBuffer * buf
SSL3ContentType type
SSL3ProtocolVersion version
struct ssl3KeyPairStr

Definition at line 779 of file sslimpl.h.

Class Members
SECKEYPrivateKey * privKey
SECKEYPublicKey * pubKey
PRInt32 refCount
struct SSLWrappedSymWrappingKeyStr

Definition at line 785 of file sslimpl.h.

Class Members
CK_MECHANISM_TYPE asymWrapMechanism
SSL3KEAType exchKeyType
CK_MECHANISM_TYPE symWrapMechanism
PRInt32 symWrapMechIndex
SSL3Opaque wrapIV
PRUint16 wrapIVLen
PRUint16 wrappedSymKeyLen
SSL3Opaque wrappedSymmetricWrappingkey
struct sslConnectInfoStr

Definition at line 822 of file sslimpl.h.

Collaboration diagram for sslConnectInfoStr:
Class Members
unsigned char authType
unsigned char clientChallenge
unsigned char connectionID
char elements
unsigned keySize
PRIPv6Addr peer
unsigned short port
unsigned char readKey
char requiredElements
sslBuffer sendBuf
char sentElements
char sentFinished
unsigned char serverChallenge
int serverChallengeLen
sslSessionID * sid
unsigned char writeKey
struct sslSocketStr

Definition at line 933 of file sslimpl.h.

Collaboration diagram for sslSocketStr:
Class Members
PRUint16 allowedByPolicy
unsigned long appDataBuffered
SSLAuthCertificate authCertificate
void * authCertificateArg
void * badCertArg
PRUint16 chosenPreference
unsigned char * cipherSpecs
ssl3CipherSuiteCfg cipherSuites
unsigned long clientAuthRequested
SSL3ProtocolVersion clientHelloVersion
PRIntervalTime cTimeout
CERTCertDBHandle * dbHandle
unsigned long delayDisabled
ssl3KeyPair * ephemeralECDHKeyPair
PRFileDesc * fd
PZMonitor * firstHandshakeLock
unsigned long firstHsDone
SSLGetClientAuthData getClientAuthData
void * getClientAuthDataArg
sslGather gs
SSLBadCertHandler handleBadCert
sslHandshakeFunc handshake
unsigned long handshakeBegun
SSLHandshakeCallback handshakeCallback
void * handshakeCallbackData
sslHandshakingType handshaking
unsigned long lastWriteBlocked
PRUint16 maybeAllowedByPolicy
sslHandshakeFunc nextHandshake
const sslSocketOps * ops
sslOptions opt
char * peerID
sslBuffer pendingBuf
void * pkcs11PinArg
const unsigned char * preferredCipher
PZMonitor * recvBufLock
unsigned long recvdCloseNotify
PZLock * recvLock
PRIntervalTime rTimeout
sslBuffer saveBuf
sslSecurityInfo sec
sslHandshakeFunc securityHandshake
PZLock * sendLock
sslServerCerts serverCerts
ssl3HelloExtensionSender serverExtensionSenders
PRUint16 shutdownHow
unsigned int sizeCipherSpecs
NSSRWLock * specLock
ssl3State ssl3
PZMonitor * ssl3HandshakeLock
ssl3KeyPair * stepDownKeyPair
unsigned long TCPconnected
const char * url
SSL3ProtocolVersion version
PRThread * writerThread
PRIntervalTime wTimeout
PZMonitor * xmitBufLock
union sslSessionIDStr.u

Definition at line 570 of file sslimpl.h.

Class Members
u ssl2
u ssl3
struct sslSessionIDStr.u.ssl2

Definition at line 571 of file sslimpl.h.

Class Members
SECItem cipherArg
int cipherType
int keyBits
SECItem masterKey
int secretKeyBits
unsigned char sessionID
struct sslSessionIDStr.u.ssl3

Definition at line 582 of file sslimpl.h.

Class Members
ssl3CipherSuite cipherSuite
SECMODModuleID clAuthModuleID
PRUint16 clAuthSeries
CK_SLOT_ID clAuthSlotID
char clAuthValid
PK11SymKey * clientWriteKey
SSL3CompressionMethod compression
SSL3KEAType exchKeyType
ssl3SidKeys keys
SECMODModuleID masterModuleID
CK_SLOT_ID masterSlotID
char masterValid
PRUint16 masterWrapIndex
CK_MECHANISM_TYPE masterWrapMech
PRUint16 masterWrapSeries
int policy
PK11SymKey * serverWriteKey
SSL3Opaque sessionID
uint8 sessionIDLength

Define Documentation

#define BPB   8 /* Bits Per Byte */

Definition at line 190 of file sslimpl.h.

Definition at line 85 of file sslimpl.h.

Definition at line 88 of file sslimpl.h.

Definition at line 84 of file sslimpl.h.

#define calg_fortezza   ssl_calg_fortezza /* deprecated, must preserve */

Definition at line 87 of file sslimpl.h.

Definition at line 86 of file sslimpl.h.

Definition at line 81 of file sslimpl.h.

Definition at line 83 of file sslimpl.h.

Definition at line 82 of file sslimpl.h.

Definition at line 858 of file sslimpl.h.

Definition at line 859 of file sslimpl.h.

Definition at line 857 of file sslimpl.h.

#define CIS_HAVE_VERIFY   0x08

Definition at line 860 of file sslimpl.h.

#define DEAL_WITH_FAILURE   /* reminder */

Definition at line 99 of file sslimpl.h.

#define DUMP_MSG (   a,
  b 
)

Definition at line 122 of file sslimpl.h.

#define GS_DATA   3

Definition at line 441 of file sslimpl.h.

#define GS_HEADER   1

Definition at line 439 of file sslimpl.h.

#define GS_INIT   0

Definition at line 438 of file sslimpl.h.

#define GS_MAC   2

Definition at line 440 of file sslimpl.h.

#define GS_PAD   4

Definition at line 442 of file sslimpl.h.

Definition at line 93 of file sslimpl.h.

Definition at line 94 of file sslimpl.h.

#define LSB (   x)    ((unsigned char) (x & 0xff))

Definition at line 140 of file sslimpl.h.

Definition at line 91 of file sslimpl.h.

Definition at line 90 of file sslimpl.h.

Definition at line 92 of file sslimpl.h.

Definition at line 491 of file sslimpl.h.

Definition at line 492 of file sslimpl.h.

Definition at line 178 of file sslimpl.h.

Definition at line 478 of file sslimpl.h.

Definition at line 488 of file sslimpl.h.

Definition at line 489 of file sslimpl.h.

#define MSB (   x)    ((unsigned char) (((unsigned)(x)) >> 8))

Definition at line 141 of file sslimpl.h.

Definition at line 51 of file sslimpl.h.

#define NUM_MIXERS   9

Definition at line 180 of file sslimpl.h.

#define PRINT_BUF (   a,
  b 
)

Definition at line 121 of file sslimpl.h.

#define SEND_ALERT   /* reminder */

Definition at line 97 of file sslimpl.h.

#define SERVERKEY   serverKeyPair->privKey

Definition at line 351 of file sslimpl.h.

#define SET_ERROR_CODE   /* reminder */

Definition at line 96 of file sslimpl.h.

Definition at line 78 of file sslimpl.h.

Definition at line 79 of file sslimpl.h.

Definition at line 76 of file sslimpl.h.

Definition at line 77 of file sslimpl.h.

Definition at line 155 of file sslimpl.h.

Definition at line 170 of file sslimpl.h.

Definition at line 169 of file sslimpl.h.

Definition at line 156 of file sslimpl.h.

#define SSL3_SUPPORTED_CURVES_MASK   0x3800000 /* only 3 curves, suite B*/

Definition at line 184 of file sslimpl.h.

Definition at line 160 of file sslimpl.h.

Definition at line 162 of file sslimpl.h.

#define SSL_DBG (   b)

Definition at line 128 of file sslimpl.h.

#define ssl_Get1stHandshakeLock (   ss)    { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }

Definition at line 1172 of file sslimpl.h.

#define SSL_GETPID ( )    0

Definition at line 1434 of file sslimpl.h.

#define ssl_GetRecvBufLock (   ss)    { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }

Definition at line 1198 of file sslimpl.h.

#define ssl_GetSpecReadLock (   ss)    { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }

Definition at line 1186 of file sslimpl.h.

#define ssl_GetSpecWriteLock (   ss)    { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }

Definition at line 1191 of file sslimpl.h.

#define ssl_GetSSL3HandshakeLock (   ss)    { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }

Definition at line 1179 of file sslimpl.h.

#define ssl_GetXmitBufLock (   ss)    { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }

Definition at line 1205 of file sslimpl.h.

#define ssl_Have1stHandshakeLock (   ss)    (PZ_InMonitor((ss)->firstHandshakeLock))

Definition at line 1176 of file sslimpl.h.

#define ssl_HaveRecvBufLock (   ss)    (PZ_InMonitor((ss)->recvBufLock))

Definition at line 1202 of file sslimpl.h.

#define ssl_HaveSpecWriteLock (   ss)    (NSSRWLock_HaveWriteLock((ss)->specLock))

Definition at line 1195 of file sslimpl.h.

#define ssl_HaveSSL3HandshakeLock (   ss)    (PZ_InMonitor((ss)->ssl3HandshakeLock))

Definition at line 1183 of file sslimpl.h.

#define ssl_HaveXmitBufLock (   ss)    (PZ_InMonitor((ss)->xmitBufLock))

Definition at line 1209 of file sslimpl.h.

Definition at line 354 of file sslimpl.h.

Definition at line 353 of file sslimpl.h.

#define SSL_LOCK_READER (   ss)    if (ss->recvLock) PZ_Lock(ss->recvLock)

Definition at line 1167 of file sslimpl.h.

#define SSL_LOCK_WRITER (   ss)    if (ss->sendLock) PZ_Lock(ss->sendLock)

Definition at line 1169 of file sslimpl.h.

Definition at line 176 of file sslimpl.h.

Definition at line 159 of file sslimpl.h.

Definition at line 165 of file sslimpl.h.

Definition at line 167 of file sslimpl.h.

Definition at line 153 of file sslimpl.h.

Definition at line 158 of file sslimpl.h.

Definition at line 164 of file sslimpl.h.

Definition at line 152 of file sslimpl.h.

Definition at line 173 of file sslimpl.h.

#define ssl_Release1stHandshakeLock (   ss)    { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }

Definition at line 1174 of file sslimpl.h.

#define ssl_ReleaseRecvBufLock (   ss)    { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }

Definition at line 1200 of file sslimpl.h.

#define ssl_ReleaseSpecReadLock (   ss)    { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }

Definition at line 1188 of file sslimpl.h.

#define ssl_ReleaseSpecWriteLock (   ss)    { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); }

Definition at line 1193 of file sslimpl.h.

#define ssl_ReleaseSSL3HandshakeLock (   ss)    { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }

Definition at line 1181 of file sslimpl.h.

#define ssl_ReleaseXmitBufLock (   ss)    { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); }

Definition at line 1207 of file sslimpl.h.

Definition at line 283 of file sslimpl.h.

#define ssl_SEND_FLAG_MASK   0x7f000000

Definition at line 285 of file sslimpl.h.

#define ssl_SEND_FLAG_NO_BUFFER   0x20000000

Definition at line 284 of file sslimpl.h.

Definition at line 365 of file sslimpl.h.

Definition at line 362 of file sslimpl.h.

Definition at line 363 of file sslimpl.h.

Definition at line 364 of file sslimpl.h.

Definition at line 1415 of file sslimpl.h.

#define SSL_TRC (   a,
  b 
)

Definition at line 120 of file sslimpl.h.

#define SSL_UNLOCK_READER (   ss)    if (ss->recvLock) PZ_Unlock(ss->recvLock)

Definition at line 1168 of file sslimpl.h.

#define SSL_UNLOCK_WRITER (   ss)    if (ss->sendLock) PZ_Unlock(ss->sendLock)

Definition at line 1170 of file sslimpl.h.

Definition at line 316 of file sslimpl.h.

#define TEST_FOR_FAILURE   /* reminder */

Definition at line 98 of file sslimpl.h.


Typedef Documentation

typedef struct ssl3BulkCipherDefStr

Definition at line 203 of file sslimpl.h.

typedef struct ssl3CertNodeStr

Definition at line 202 of file sslimpl.h.

typedef SECStatus(* ssl3HelloExtensionHandlerFunc)(sslSocket *ss, PRUint16 ex_type, SECItem *data)

Definition at line 238 of file sslimpl.h.

typedef PRInt32(* ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, PRUint32 maxBytes)

Definition at line 232 of file sslimpl.h.

Definition at line 72 of file sslimpl.h.

typedef struct ssl3KeyPairStr

Definition at line 205 of file sslimpl.h.

Definition at line 73 of file sslimpl.h.

typedef struct ssl3MACDefStr

Definition at line 204 of file sslimpl.h.

Definition at line 74 of file sslimpl.h.

typedef struct ssl3StateStr

Definition at line 201 of file sslimpl.h.

typedef struct sslBufferStr

Definition at line 193 of file sslimpl.h.

typedef SECStatus(* SSLCipher)(void *context, unsigned char *out, int *outlen, int maxout, const unsigned char *in, int inlen)

Definition at line 444 of file sslimpl.h.

typedef struct sslConnectInfoStr

Definition at line 194 of file sslimpl.h.

Definition at line 450 of file sslimpl.h.

typedef struct sslGatherStr

Definition at line 195 of file sslimpl.h.

typedef SECStatus(* sslHandshakeFunc)(sslSocket *ss)

Definition at line 212 of file sslimpl.h.

typedef struct sslOptionsStr sslOptions
typedef struct sslSecurityInfoStr

Definition at line 196 of file sslimpl.h.

typedef PRInt32(* sslSendFunc)(sslSocket *ss, const unsigned char *buf, PRInt32 n, PRInt32 flags)

Definition at line 219 of file sslimpl.h.

typedef void(* sslSessionIDCacheFunc)(sslSessionID *sid)

Definition at line 222 of file sslimpl.h.

typedef sslSessionID*(* sslSessionIDLookupFunc)(const PRIPv6Addr *addr, unsigned char *sid, unsigned int sidLen, CERTCertDBHandle *dbHandle)

Definition at line 224 of file sslimpl.h.

typedef struct sslSessionIDStr

Definition at line 197 of file sslimpl.h.

typedef void(* sslSessionIDUncacheFunc)(sslSessionID *sid)

Definition at line 223 of file sslimpl.h.

typedef struct sslSocketOpsStr

Definition at line 199 of file sslimpl.h.

typedef struct sslSocketStr

Definition at line 198 of file sslimpl.h.


Enumeration Type Documentation

enum Cached
Enumerator:
never_cached 
in_client_cache 
in_server_cache 
invalid_cache 
never_cached 
in_client_cache 
in_server_cache 
invalid_cache 

Definition at line 540 of file sslimpl.h.

             {       never_cached, 
              in_client_cache, 
              in_server_cache, 
              invalid_cache        /* no longer in any cache. */
} Cached;
enum CipherType
Enumerator:
type_stream 
type_block 
type_stream 
type_block 

Definition at line 476 of file sslimpl.h.

Enumerator:
cipher_null 
cipher_rc4 
cipher_rc4_40 
cipher_rc4_56 
cipher_rc2 
cipher_rc2_40 
cipher_des 
cipher_3des 
cipher_des40 
cipher_idea 
cipher_aes_128 
cipher_aes_256 
cipher_missing 
cipher_null 
cipher_rc4 
cipher_rc4_40 
cipher_rc4_56 
cipher_rc2 
cipher_rc2_40 
cipher_des 
cipher_3des 
cipher_des40 
cipher_idea 
cipher_aes_128 
cipher_aes_256 
cipher_missing 

Definition at line 459 of file sslimpl.h.

             {
    cipher_null,
    cipher_rc4, 
    cipher_rc4_40,
    cipher_rc4_56,
    cipher_rc2, 
    cipher_rc2_40,
    cipher_des, 
    cipher_3des, 
    cipher_des40,
    cipher_idea, 
    cipher_aes_128,
    cipher_aes_256,
    cipher_missing              /* reserved for no such supported cipher */
    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
} SSL3BulkCipher;
Enumerator:
kg_null 
kg_strong 
kg_export 
kg_null 
kg_strong 
kg_export 

Definition at line 653 of file sslimpl.h.

Enumerator:
wait_client_hello 
wait_client_cert 
wait_client_key 
wait_cert_verify 
wait_change_cipher 
wait_finished 
wait_server_hello 
wait_server_cert 
wait_server_key 
wait_cert_request 
wait_hello_done 
idle_handshake 
wait_client_hello 
wait_client_cert 
wait_client_key 
wait_cert_verify 
wait_change_cipher 
wait_finished 
wait_server_hello 
wait_server_cert 
wait_server_key 
wait_cert_request 
wait_hello_done 
idle_handshake 

Definition at line 679 of file sslimpl.h.

Enumerator:
SSLAppOpRead 
SSLAppOpWrite 
SSLAppOpRDWR 
SSLAppOpPost 
SSLAppOpHeader 
SSLAppOpRead 
SSLAppOpWrite 
SSLAppOpRDWR 
SSLAppOpPost 
SSLAppOpHeader 

Definition at line 145 of file sslimpl.h.

Enumerator:
sslHandshakingUndetermined 
sslHandshakingAsClient 
sslHandshakingAsServer 
sslHandshakingUndetermined 
sslHandshakingAsClient 
sslHandshakingAsServer 

Definition at line 338 of file sslimpl.h.


Function Documentation

SECStatus ssl2_BeginClientHandshake ( sslSocket *  ss)

Definition at line 3000 of file sslcon.c.

{
    sslSessionID      *sid;
    PRUint8           *msg;
    PRUint8           *cp;
    PRUint8           *localCipherSpecs = NULL;
    unsigned int      localCipherSize;
    unsigned int      i;
    int               sendLen, sidLen = 0;
    SECStatus         rv;

    PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );

    ss->sec.isServer     = 0;
    ss->sec.sendSequence = 0;
    ss->sec.rcvSequence  = 0;
    ssl_ChooseSessionIDProcs(&ss->sec);

    if (!ss->cipherSpecs) {
       rv = ssl2_ConstructCipherSpecs(ss);
       if (rv != SECSuccess)
           goto loser;
    }

    /* count the SSL2 and SSL3 enabled ciphers.
     * if either is zero, clear the socket's enable for that protocol.
     */
    rv = ssl2_CheckConfigSanity(ss);
    if (rv != SECSuccess)
       goto loser;

    /* Get peer name of server */
    rv = ssl_GetPeerInfo(ss);
    if (rv < 0) {
#ifdef HPUX11
        /*
         * On some HP-UX B.11.00 systems, getpeername() occasionally
         * fails with ENOTCONN after a successful completion of
         * non-blocking connect.  I found that if we do a write()
         * and then retry getpeername(), it will work.
         */
        if (PR_GetError() == PR_NOT_CONNECTED_ERROR) {
            char dummy;
            (void) PR_Write(ss->fd->lower, &dummy, 0);
            rv = ssl_GetPeerInfo(ss);
            if (rv < 0) {
                goto loser;
            }
        }
#else
       goto loser;
#endif
    }

    SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));

    /* Try to find server in our session-id cache */
    if (ss->opt.noCache) {
       sid = NULL;
    } else {
       sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, 
                           ss->url);
    }
    while (sid) {  /* this isn't really a loop */
       /* if we're not doing this SID's protocol any more, drop it. */
       if (((sid->version  < SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL2) ||
           ((sid->version == SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL3) ||
           ((sid->version >  SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableTLS)) {
           ss->sec.uncache(sid);
           ssl_FreeSID(sid);
           sid = NULL;
           break;
       }
       if (ss->opt.enableSSL2 && sid->version < SSL_LIBRARY_VERSION_3_0) {
           /* If the cipher in this sid is not enabled, drop it. */
           for (i = 0; i < ss->sizeCipherSpecs; i += 3) {
              if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType)
                  break;
           }
           if (i >= ss->sizeCipherSpecs) {
              ss->sec.uncache(sid);
              ssl_FreeSID(sid);
              sid = NULL;
              break;
           }
       }
       sidLen = sizeof(sid->u.ssl2.sessionID);
       PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl2.sessionID,
                    sidLen));
       ss->version = sid->version;
       PORT_Assert(!ss->sec.localCert);
       if (ss->sec.localCert) {
           CERT_DestroyCertificate(ss->sec.localCert);
       }
       ss->sec.localCert     = CERT_DupCertificate(sid->localCert);
       break;  /* this isn't really a loop */
    } 
    if (!sid) {
       sidLen = 0;
       sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
       if (!sid) {
           goto loser;
       }
       sid->references = 1;
       sid->cached     = never_cached;
       sid->addr       = ss->sec.ci.peer;
       sid->port       = ss->sec.ci.port;
       if (ss->peerID != NULL) {
           sid->peerID = PORT_Strdup(ss->peerID);
       }
       if (ss->url != NULL) {
           sid->urlSvrName = PORT_Strdup(ss->url);
       }
    }
    ss->sec.ci.sid = sid;

    PORT_Assert(sid != NULL);

    if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) &&
        (ss->opt.enableSSL3 || ss->opt.enableTLS)) {

       ss->gs.state      = GS_INIT;
       ss->handshake     = ssl_GatherRecord1stHandshake;

       /* ssl3_SendClientHello will override this if it succeeds. */
       ss->version       = SSL_LIBRARY_VERSION_3_0;

       ssl_GetXmitBufLock(ss);    /***************************************/
       ssl_GetSSL3HandshakeLock(ss);
       rv =  ssl3_SendClientHello(ss);
       ssl_ReleaseSSL3HandshakeLock(ss);
       ssl_ReleaseXmitBufLock(ss); /***************************************/

       return rv;
    }
#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
    /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
    ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
    if (ss->cipherSpecs != NULL) {
       PORT_Free(ss->cipherSpecs);
       ss->cipherSpecs     = NULL;
       ss->sizeCipherSpecs = 0;
    }
#endif

    if (!ss->cipherSpecs) {
        rv = ssl2_ConstructCipherSpecs(ss);
       if (rv < 0) {
           return rv;
       }
    }
    localCipherSpecs = ss->cipherSpecs;
    localCipherSize  = ss->sizeCipherSpecs;

    sendLen = SSL_HL_CLIENT_HELLO_HBYTES + localCipherSize + sidLen +
       SSL_CHALLENGE_BYTES;

    /* Generate challenge bytes for server */
    PK11_GenerateRandom(ss->sec.ci.clientChallenge, SSL_CHALLENGE_BYTES);

    ssl_GetXmitBufLock(ss);    /***************************************/

    rv = ssl2_GetSendBuffer(ss, sendLen);
    if (rv) 
       goto unlock_loser;

    /* Construct client-hello message */
    cp = msg = ss->sec.ci.sendBuf.buf;
    msg[0] = SSL_MT_CLIENT_HELLO;
    if ( ss->opt.enableTLS ) {
       ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_1_TLS;
    } else if ( ss->opt.enableSSL3 ) {
       ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_0;
    } else {
       ss->clientHelloVersion = SSL_LIBRARY_VERSION_2;
    }
    
    msg[1] = MSB(ss->clientHelloVersion);
    msg[2] = LSB(ss->clientHelloVersion);
    msg[3] = MSB(localCipherSize);
    msg[4] = LSB(localCipherSize);
    msg[5] = MSB(sidLen);
    msg[6] = LSB(sidLen);
    msg[7] = MSB(SSL_CHALLENGE_BYTES);
    msg[8] = LSB(SSL_CHALLENGE_BYTES);
    cp += SSL_HL_CLIENT_HELLO_HBYTES;
    PORT_Memcpy(cp, localCipherSpecs, localCipherSize);
    cp += localCipherSize;
    if (sidLen) {
       PORT_Memcpy(cp, sid->u.ssl2.sessionID, sidLen);
       cp += sidLen;
    }
    PORT_Memcpy(cp, ss->sec.ci.clientChallenge, SSL_CHALLENGE_BYTES);

    /* Send it to the server */
    DUMP_MSG(29, (ss, msg, sendLen));
    ss->handshakeBegun = 1;
    rv = (*ss->sec.send)(ss, msg, sendLen, 0);

    ssl_ReleaseXmitBufLock(ss);    /***************************************/

    if (rv < 0) {
       goto loser;
    }

    rv = ssl3_StartHandshakeHash(ss, msg, sendLen);
    if (rv < 0) {
       goto loser;
    }

    /* Setup to receive servers hello message */
    ssl_GetRecvBufLock(ss);
    ss->gs.recordLen = 0;
    ssl_ReleaseRecvBufLock(ss);

    ss->handshake     = ssl_GatherRecord1stHandshake;
    ss->nextHandshake = ssl2_HandleServerHelloMessage;
    return SECSuccess;

unlock_loser:
    ssl_ReleaseXmitBufLock(ss);
loser:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl2_BeginServerHandshake ( sslSocket *  ss)

Definition at line 3762 of file sslcon.c.

{
    SECStatus        rv;
    sslServerCerts * rsaAuth = ss->serverCerts + kt_rsa;

    ss->sec.isServer = 1;
    ssl_ChooseSessionIDProcs(&ss->sec);
    ss->sec.sendSequence = 0;
    ss->sec.rcvSequence = 0;

    /* don't turn on SSL2 if we don't have an RSA key and cert */
    if (!rsaAuth->serverKeyPair || !rsaAuth->SERVERKEY || 
        !rsaAuth->serverCert) {
       ss->opt.enableSSL2 = PR_FALSE;
    }

    if (!ss->cipherSpecs) {
       rv = ssl2_ConstructCipherSpecs(ss);
       if (rv != SECSuccess)
           goto loser;
    }

    /* count the SSL2 and SSL3 enabled ciphers.
     * if either is zero, clear the socket's enable for that protocol.
     */
    rv = ssl2_CheckConfigSanity(ss);
    if (rv != SECSuccess)
       goto loser;

    /*
    ** Generate connection-id. Always do this, even if things fail
    ** immediately. This way the random number generator is always
    ** rolling around, every time we get a connection.
    */
    PK11_GenerateRandom(ss->sec.ci.connectionID, 
                        sizeof(ss->sec.ci.connectionID));

    ss->gs.recordLen = 0;
    ss->handshake     = ssl_GatherRecord1stHandshake;
    ss->nextHandshake = ssl2_HandleClientHelloMessage;
    return SECSuccess;

loser:
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl2_CipherPrefGet ( sslSocket *  ss,
PRInt32  which,
PRBool enabled 
)

Definition at line 426 of file sslcon.c.

{
    PRBool       rv       = PR_FALSE;
    PRUint32     bitMask;

    which &= 0x000f;
    bitMask = 1 << which;

    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       *enabled = PR_FALSE;
       return SECFailure;
    }

    rv = (PRBool)((ss->chosenPreference & bitMask) != 0);
    *enabled = rv;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl2_CipherPrefGetDefault ( PRInt32  which,
PRBool enabled 
)

Definition at line 384 of file sslcon.c.

{
    PRBool       rv       = PR_FALSE;
    PRUint32     bitMask;

    which &= 0x000f;
    bitMask = 1 << which;

    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       *enabled = PR_FALSE;
       return SECFailure;
    }

    rv = (PRBool)((chosenPreference & bitMask) != 0);
    *enabled = rv;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl2_CipherPrefSet ( sslSocket *  ss,
PRInt32  which,
PRBool  enabled 
)

Definition at line 404 of file sslcon.c.

{
    PRUint32     bitMask;
    
    which &= 0x000f;
    bitMask = 1 << which;

    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       return SECFailure;
    }

    if (enabled)
       ss->chosenPreference |= bitMask;
    else
       ss->chosenPreference &= ~bitMask;
    ss->chosenPreference &= SSL_CB_IMPLEMENTED;

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 362 of file sslcon.c.

{
    PRUint32     bitMask;
    
    which &= 0x000f;
    bitMask = 1 << which;

    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       return SECFailure;
    }

    if (enabled)
       chosenPreference |= bitMask;
    else
       chosenPreference &= ~bitMask;
    chosenPreference &= SSL_CB_IMPLEMENTED;

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl2_GatherData ( sslSocket *  ss,
sslGather *  gs,
int  flags 
)

Definition at line 87 of file sslgathr.c.

{
    unsigned char *  bp;
    unsigned char *  pBuf;
    int              nb, err, rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );

    if (gs->state == GS_INIT) {
       /* Initialize gathering engine */
       gs->state         = GS_HEADER;
       gs->remainder     = 3;
       gs->count         = 3;
       gs->offset        = 0;
       gs->recordLen     = 0;
       gs->recordPadding = 0;
       gs->hdr[2]        = 0;

       gs->writeOffset   = 0;
       gs->readOffset    = 0;
    }
    if (gs->encrypted) {
       PORT_Assert(ss->sec.hash != 0);
    }

    pBuf = gs->buf.buf;
    for (;;) {
       SSL_TRC(30, ("%d: SSL[%d]: gather state %d (need %d more)",
                   SSL_GETPID(), ss->fd, gs->state, gs->remainder));
       bp = ((gs->state != GS_HEADER) ? pBuf : gs->hdr) + gs->offset;
       nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
       if (nb > 0) {
           PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
       }
       if (nb == 0) {
           /* EOF */
           SSL_TRC(30, ("%d: SSL[%d]: EOF", SSL_GETPID(), ss->fd));
           rv = 0;
           break;
       }
       if (nb < 0) {
           SSL_DBG(("%d: SSL[%d]: recv error %d", SSL_GETPID(), ss->fd,
                   PR_GetError()));
           rv = SECFailure;
           break;
       }

       gs->offset    += nb;
       gs->remainder -= nb;

       if (gs->remainder > 0) {
           continue;
       }

       /* Probably finished this piece */
       switch (gs->state) {
       case GS_HEADER: 
           if ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) {

              PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );

              /* If this looks like an SSL3 handshake record, 
              ** and we're expecting an SSL2 Hello message from our peer, 
              ** handle it here.
              */
              if (gs->hdr[0] == content_handshake) {
                  if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) ||
                     (ss->nextHandshake == ssl2_HandleServerHelloMessage)) {
                     rv = ssl2_HandleV3HandshakeRecord(ss);
                     if (rv == SECFailure) {
                         return SECFailure;
                     }
                  }
                  /* XXX_1  The call stack to here is:
                   * ssl_Do1stHandshake -> ssl_GatherRecord1stHandshake -> 
                   *               ssl2_GatherRecord -> here.
                   * We want to return all the way out to ssl_Do1stHandshake,
                   * and have it call ssl_GatherRecord1stHandshake again. 
                   * ssl_GatherRecord1stHandshake will call 
                   * ssl3_GatherCompleteHandshake when it is called again.
                   *
                   * Returning SECWouldBlock here causes 
                   * ssl_GatherRecord1stHandshake to return without clearing 
                   * ss->handshake, ensuring that ssl_Do1stHandshake will 
                   * call it again immediately.
                   * 
                   * If we return 1 here, ssl_GatherRecord1stHandshake will 
                   * clear ss->handshake before returning, and thus will not 
                   * be called again by ssl_Do1stHandshake.  
                   */
                  return SECWouldBlock;
              } else if (gs->hdr[0] == content_alert) {
                  if (ss->nextHandshake == ssl2_HandleServerHelloMessage) {
                     /* XXX This is a hack.  We're assuming that any failure
                      * XXX on the client hello is a failure to match
                      * XXX ciphers.
                      */
                     PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
                     return SECFailure;
                  }
              }
           }  /* ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) */

           /* we've got the first 3 bytes.  The header may be two or three. */
           if (gs->hdr[0] & 0x80) {
              /* This record has a 2-byte header, and no padding */
              gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
              gs->recordPadding = 0;
           } else {
              /* This record has a 3-byte header that is all read in now. */
              gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1];
           /*  is_escape =  (gs->hdr[0] & 0x40) != 0; */
              gs->recordPadding = gs->hdr[2];
           }
           if (!gs->count) {
              PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
              goto cleanup;
           }

           if (gs->count > gs->buf.space) {
              err = sslBuffer_Grow(&gs->buf, gs->count);
              if (err) {
                  return err;
              }
              pBuf = gs->buf.buf;
           }


           if (gs->hdr[0] & 0x80) {
              /* we've already read in the first byte of the body.
              ** Put it into the buffer.
              */
              pBuf[0]        = gs->hdr[2];
              gs->offset    = 1;
              gs->remainder = gs->count - 1;
           } else {
              gs->offset    = 0;
              gs->remainder = gs->count;
           }

           if (gs->encrypted) {
              gs->state     = GS_MAC;
              gs->recordLen = gs->count - gs->recordPadding
                                        - ss->sec.hash->length;
           } else {
              gs->state     = GS_DATA;
              gs->recordLen = gs->count;
           }

           break;


       case GS_MAC:
           /* Have read in entire rest of the ciphertext.  
           ** Check for valid length.
           ** Decrypt it.
           ** Check the MAC.
           */
           PORT_Assert(gs->encrypted);

         {
           unsigned int     macLen;
           int              nout;
           unsigned char    mac[SSL_MAX_MAC_BYTES];

           ssl_GetSpecReadLock(ss); /**********************************/

           /* If this is a stream cipher, blockSize will be 1,
            * and this test will always be false.
            * If this is a block cipher, this will detect records
            * that are not a multiple of the blocksize in length.
            */
           if (gs->count & (ss->sec.blockSize - 1)) {
              /* This is an error. Sender is misbehaving */
              SSL_DBG(("%d: SSL[%d]: sender, count=%d blockSize=%d",
                      SSL_GETPID(), ss->fd, gs->count,
                      ss->sec.blockSize));
              PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
              rv = SECFailure;
              goto spec_locked_done;
           }
           PORT_Assert(gs->count == gs->offset);

           if (gs->offset == 0) {
              rv = 0;                     /* means EOF. */
              goto spec_locked_done;
           }

           /* Decrypt the portion of data that we just recieved.
           ** Decrypt it in place.
           */
           rv = (*ss->sec.dec)(ss->sec.readcx, pBuf, &nout, gs->offset,
                          pBuf, gs->offset);
           if (rv != SECSuccess) {
              goto spec_locked_done;
           }


           /* Have read in all the MAC portion of record 
           **
           ** Prepare MAC by resetting it and feeding it the shared secret
           */
           macLen = ss->sec.hash->length;
           if (gs->offset >= macLen) {
              uint32           sequenceNumber = ss->sec.rcvSequence++;
              unsigned char    seq[4];

              seq[0] = (unsigned char) (sequenceNumber >> 24);
              seq[1] = (unsigned char) (sequenceNumber >> 16);
              seq[2] = (unsigned char) (sequenceNumber >> 8);
              seq[3] = (unsigned char) (sequenceNumber);

              (*ss->sec.hash->begin)(ss->sec.hashcx);
              (*ss->sec.hash->update)(ss->sec.hashcx, ss->sec.rcvSecret.data,
                                    ss->sec.rcvSecret.len);
              (*ss->sec.hash->update)(ss->sec.hashcx, pBuf + macLen, 
                                    gs->offset - macLen);
              (*ss->sec.hash->update)(ss->sec.hashcx, seq, 4);
              (*ss->sec.hash->end)(ss->sec.hashcx, mac, &macLen, macLen);
           }

           PORT_Assert(macLen == ss->sec.hash->length);

           ssl_ReleaseSpecReadLock(ss);  /******************************/

           if (PORT_Memcmp(mac, pBuf, macLen) != 0) {
              /* MAC's didn't match... */
              SSL_DBG(("%d: SSL[%d]: mac check failed, seq=%d",
                      SSL_GETPID(), ss->fd, ss->sec.rcvSequence));
              PRINT_BUF(1, (ss, "computed mac:", mac, macLen));
              PRINT_BUF(1, (ss, "received mac:", pBuf, macLen));
              PORT_SetError(SSL_ERROR_BAD_MAC_READ);
              rv = SECFailure;
              goto cleanup;
           }


           PORT_Assert(gs->recordPadding + macLen <= gs->offset);
           if (gs->recordPadding + macLen <= gs->offset) {
              gs->recordOffset  = macLen;
              gs->readOffset    = macLen;
              gs->writeOffset   = gs->offset - gs->recordPadding;
              rv = 1;
           } else {
              PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
cleanup:
              /* nothing in the buffer any more. */
              gs->recordOffset  = 0;
              gs->readOffset    = 0;
              gs->writeOffset   = 0;
              rv = SECFailure;
           }

           gs->recordLen     = gs->writeOffset - gs->readOffset;
           gs->recordPadding = 0;  /* forget we did any padding. */
           gs->state = GS_INIT;


           if (rv > 0) {
              PRINT_BUF(50, (ss, "recv clear record:", 
                             pBuf + gs->recordOffset, gs->recordLen));
           }
           return rv;

spec_locked_done:
           ssl_ReleaseSpecReadLock(ss);
           return rv;
         }

       case GS_DATA:
           /* Have read in all the DATA portion of record */

           gs->recordOffset  = 0;
           gs->readOffset    = 0;
           gs->writeOffset   = gs->offset;
           PORT_Assert(gs->recordLen == gs->writeOffset - gs->readOffset);
           gs->recordLen     = gs->offset;
           gs->recordPadding = 0;
           gs->state         = GS_INIT;

           ++ss->sec.rcvSequence;

           PRINT_BUF(50, (ss, "recv clear record:", 
                          pBuf + gs->recordOffset, gs->recordLen));
           return 1;

       }      /* end switch gs->state */
    }         /* end gather loop. */
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl2_GatherRecord ( sslSocket *  ss,
int  flags 
)

Definition at line 395 of file sslgathr.c.

{
    return ssl2_GatherData(ss, &ss->gs, flags);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl2_GetPolicy ( PRInt32  which,
PRInt32 policy 
)

Definition at line 330 of file sslcon.c.

{
    PRUint32     bitMask;
    PRInt32      policy;

    which &= 0x000f;
    bitMask = 1 << which;

    /* Caller assures oPolicy is not null. */
    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       *oPolicy = SSL_NOT_ALLOWED;
       return SECFailure;
    }

    if (maybeAllowedByPolicy & bitMask) {
       policy = (allowedByPolicy & bitMask) ? SSL_ALLOWED : SSL_RESTRICTED;
    } else {
       policy = SSL_NOT_ALLOWED;
    }

    *oPolicy = policy;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 3445 of file sslcon.c.

{
    sslSessionID    *sid;
    sslServerCerts * sc;
    CERTCertificate *serverCert;
    PRUint8         *msg;
    PRUint8         *data;
    PRUint8         *cs;
    PRUint8         *sd;
    PRUint8         *cert = NULL;
    PRUint8         *challenge;
    unsigned int    challengeLen;
    SECStatus       rv; 
    int             csLen;
    int             sendLen;
    int             sdLen;
    int             certLen;
    int             pid;
    int             sent;
    int             gotXmitBufLock = 0;
#if defined(SOLARIS) && defined(i386)
    volatile PRUint8 hit;
#else
    int             hit;
#endif
    PRUint8         csImpl[sizeof implementedCipherSuites];

    PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );

    sc = ss->serverCerts + kt_rsa;
    serverCert = sc->serverCert;

    ssl_GetRecvBufLock(ss);


    data = ss->gs.buf.buf + ss->gs.recordOffset;
    DUMP_MSG(29, (ss, data, ss->gs.recordLen));

    /* Make sure first message has some data and is the client hello message */
    if ((ss->gs.recordLen < SSL_HL_CLIENT_HELLO_HBYTES)
       || (data[0] != SSL_MT_CLIENT_HELLO)) {
       goto bad_client;
    }

    /* Get peer name of client */
    rv = ssl_GetPeerInfo(ss);
    if (rv != SECSuccess) {
       goto loser;
    }

    /* Examine version information */
    /*
     * See if this might be a V2 client hello asking to use the V3 protocol
     */
    if ((data[0] == SSL_MT_CLIENT_HELLO) && 
        (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) && 
       (ss->opt.enableSSL3 || ss->opt.enableTLS)) {
       rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen);
       if (rv != SECFailure) { /* Success */
           ss->handshake             = NULL;
           ss->nextHandshake         = ssl_GatherRecord1stHandshake;
           ss->securityHandshake     = NULL;
           ss->gs.state              = GS_INIT;

           /* ssl3_HandleV3ClientHello has set ss->version,
           ** and has gotten us a brand new sid.  
           */
           ss->sec.ci.sid->version  = ss->version;
       }
       ssl_ReleaseRecvBufLock(ss);
       return rv;
    }
    /* Previously, there was a test here to see if SSL2 was enabled.
    ** If not, an error code was set, and SECFailure was returned,
    ** without sending any error code to the other end of the connection.
    ** That test has been removed.  If SSL2 has been disabled, there
    ** should be no SSL2 ciphers enabled, and consequently, the code
    ** below should send the ssl2 error message SSL_PE_NO_CYPHERS.
    ** We now believe this is the correct thing to do, even when SSL2
    ** has been explicitly disabled by the application.
    */

    /* Extract info from message */
    ss->version = (data[1] << 8) | data[2];

    /* If some client thinks ssl v2 is 2.0 instead of 0.2, we'll allow it.  */
    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
       ss->version = SSL_LIBRARY_VERSION_2;
    }
    
    csLen        = (data[3] << 8) | data[4];
    sdLen        = (data[5] << 8) | data[6];
    challengeLen = (data[7] << 8) | data[8];
    cs           = data + SSL_HL_CLIENT_HELLO_HBYTES;
    sd           = cs + csLen;
    challenge    = sd + sdLen;
    PRINT_BUF(7, (ss, "server, client session-id value:", sd, sdLen));

    if (!csLen || (csLen % 3) != 0 || 
        (sdLen != 0 && sdLen != SSL2_SESSIONID_BYTES) ||
       challengeLen < SSL_MIN_CHALLENGE_BYTES || 
       challengeLen > SSL_MAX_CHALLENGE_BYTES ||
        (unsigned)ss->gs.recordLen != 
            SSL_HL_CLIENT_HELLO_HBYTES + csLen + sdLen + challengeLen) {
       SSL_DBG(("%d: SSL[%d]: bad client hello message, len=%d should=%d",
               SSL_GETPID(), ss->fd, ss->gs.recordLen,
               SSL_HL_CLIENT_HELLO_HBYTES+csLen+sdLen+challengeLen));
       goto bad_client;
    }

    SSL_TRC(3, ("%d: SSL[%d]: client version is %x",
              SSL_GETPID(), ss->fd, ss->version));
    if (ss->version != SSL_LIBRARY_VERSION_2) {
       if (ss->version > SSL_LIBRARY_VERSION_2) {
           /*
           ** Newer client than us. Things are ok because new clients
           ** are required to be backwards compatible with old servers.
           ** Change version number to our version number so that client
           ** knows whats up.
           */
           ss->version = SSL_LIBRARY_VERSION_2;
       } else {
           SSL_TRC(1, ("%d: SSL[%d]: client version is %x (we are %x)",
              SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
           PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
           goto loser;
       }
    }

    /* Qualify cipher specs before returning them to client */
    csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
    if (csLen == 0) {
       /* no overlap, send client our list of supported SSL v2 ciphers. */
        cs    = csImpl;
       csLen = sizeof implementedCipherSuites;
       PORT_Memcpy(cs, implementedCipherSuites, csLen);
       csLen = ssl2_QualifyCypherSpecs(ss, cs, csLen);
       if (csLen == 0) {
         /* We don't support any SSL v2 ciphers! */
         ssl2_SendErrorMessage(ss, SSL_PE_NO_CYPHERS);
         PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
         goto loser;
       }
       /* Since this handhsake is going to fail, don't cache it. */
       ss->opt.noCache = 1; 
    }

    /* Squirrel away the challenge for later */
    PORT_Memcpy(ss->sec.ci.clientChallenge, challenge, challengeLen);

    /* Examine message and see if session-id is good */
    ss->sec.ci.elements = 0;
    if (sdLen > 0 && !ss->opt.noCache) {
       SSL_TRC(7, ("%d: SSL[%d]: server, lookup client session-id for 0x%08x%08x%08x%08x",
                  SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
                  ss->sec.ci.peer.pr_s6_addr32[1], 
                  ss->sec.ci.peer.pr_s6_addr32[2],
                  ss->sec.ci.peer.pr_s6_addr32[3]));
       sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sd, sdLen, ss->dbHandle);
    } else {
       sid = NULL;
    }
    if (sid) {
       /* Got a good session-id. Short cut! */
       SSL_TRC(1, ("%d: SSL[%d]: server, using session-id for 0x%08x (age=%d)",
                  SSL_GETPID(), ss->fd, ss->sec.ci.peer, 
                  ssl_Time() - sid->creationTime));
       PRINT_BUF(1, (ss, "session-id value:", sd, sdLen));
       ss->sec.ci.sid = sid;
       ss->sec.ci.elements = CIS_HAVE_MASTER_KEY;
       hit = 1;
       certLen = 0;
       csLen = 0;

        ss->sec.authAlgorithm = sid->authAlgorithm;
       ss->sec.authKeyBits   = sid->authKeyBits;
       ss->sec.keaType       = sid->keaType;
       ss->sec.keaKeyBits    = sid->keaKeyBits;

       rv = ssl2_CreateSessionCypher(ss, sid, PR_FALSE);
       if (rv != SECSuccess) {
           goto loser;
       }
    } else {
       SECItem * derCert   = &serverCert->derCert;

       SSL_TRC(7, ("%d: SSL[%d]: server, lookup nonce missed",
                  SSL_GETPID(), ss->fd));
       if (!serverCert) {
           SET_ERROR_CODE
           goto loser;
       }
       hit = 0;
       sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
       if (!sid) {
           goto loser;
       }
       sid->references = 1;
       sid->addr = ss->sec.ci.peer;
       sid->port = ss->sec.ci.port;

       /* Invent a session-id */
       ss->sec.ci.sid = sid;
       PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL2_SESSIONID_BYTES-2);

       pid = SSL_GETPID();
       sid->u.ssl2.sessionID[0] = MSB(pid);
       sid->u.ssl2.sessionID[1] = LSB(pid);
       cert    = derCert->data;
       certLen = derCert->len;

       /* pretend that server sids remember the local cert. */
       PORT_Assert(!sid->localCert);
       if (sid->localCert) {
           CERT_DestroyCertificate(sid->localCert);
       }
       sid->localCert     = CERT_DupCertificate(serverCert);

       ss->sec.authAlgorithm = ssl_sign_rsa;
       ss->sec.keaType       = ssl_kea_rsa;
       ss->sec.keaKeyBits    = \
       ss->sec.authKeyBits   = ss->serverCerts[kt_rsa].serverKeyBits;
    }

    /* server sids don't remember the local cert, so whether we found
    ** a sid or not, just "remember" we used the rsa server cert.
    */
    if (ss->sec.localCert) {
       CERT_DestroyCertificate(ss->sec.localCert);
    }
    ss->sec.localCert     = CERT_DupCertificate(serverCert);

    /* Build up final list of required elements */
    ss->sec.ci.requiredElements = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED;
    if (ss->opt.requestCertificate) {
       ss->sec.ci.requiredElements |= CIS_HAVE_CERTIFICATE;
    }
    ss->sec.ci.sentElements = 0;

    /* Send hello message back to client */
    sendLen = SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen
           + SSL_CONNECTIONID_BYTES;

    ssl_GetXmitBufLock(ss); gotXmitBufLock = 1;
    rv = ssl2_GetSendBuffer(ss, sendLen);
    if (rv != SECSuccess) {
       goto loser;
    }

    SSL_TRC(3, ("%d: SSL[%d]: sending server-hello (%d)",
              SSL_GETPID(), ss->fd, sendLen));

    msg = ss->sec.ci.sendBuf.buf;
    msg[0] = SSL_MT_SERVER_HELLO;
    msg[1] = hit;
    msg[2] = SSL_CT_X509_CERTIFICATE;
    msg[3] = MSB(ss->version);
    msg[4] = LSB(ss->version);
    msg[5] = MSB(certLen);
    msg[6] = LSB(certLen);
    msg[7] = MSB(csLen);
    msg[8] = LSB(csLen);
    msg[9] = MSB(SSL_CONNECTIONID_BYTES);
    msg[10] = LSB(SSL_CONNECTIONID_BYTES);
    if (certLen) {
       PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES, cert, certLen);
    }
    if (csLen) {
       PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES+certLen, cs, csLen);
    }
    PORT_Memcpy(msg+SSL_HL_SERVER_HELLO_HBYTES+certLen+csLen, 
                ss->sec.ci.connectionID, SSL_CONNECTIONID_BYTES);

    DUMP_MSG(29, (ss, msg, sendLen));

    ss->handshakeBegun = 1;
    sent = (*ss->sec.send)(ss, msg, sendLen, 0);
    if (sent < 0) {
       goto loser;
    }
    ssl_ReleaseXmitBufLock(ss); gotXmitBufLock = 0;

    ss->gs.recordLen = 0;
    ss->handshake = ssl_GatherRecord1stHandshake;
    if (hit) {
       /* Old SID Session key is good. Go encrypted */
       ssl2_UseEncryptedSendFunc(ss);

       /* Send server verify message now that keys are established */
       rv = ssl2_SendServerVerifyMessage(ss);
       if (rv != SECSuccess) 
           goto loser;

       ss->nextHandshake = ssl2_HandleMessage;
       ssl_ReleaseRecvBufLock(ss);
       rv = ssl2_TriggerNextMessage(ss);
       return rv;
    }
    ss->nextHandshake = ssl2_HandleClientSessionKeyMessage;
    ssl_ReleaseRecvBufLock(ss);
    return SECSuccess;

  bad_client:
    PORT_SetError(SSL_ERROR_BAD_CLIENT);
    /* FALLTHROUGH */

  loser:
    if (gotXmitBufLock) {
       ssl_ReleaseXmitBufLock(ss); gotXmitBufLock = 0;
    }
    SSL_TRC(10, ("%d: SSL[%d]: server, wait for client-hello lossage",
               SSL_GETPID(), ss->fd));
    ssl_ReleaseRecvBufLock(ss);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 2771 of file sslcon.c.

{
    sslSessionID *   sid;
    PRUint8 *        cert;
    PRUint8 *        cs;
    PRUint8 *        data;
    SECStatus        rv; 
    int              needed, sidHit, certLen, csLen, cidLen, certType, err;

    PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );

    if (!ss->opt.enableSSL2) {
       PORT_SetError(SSL_ERROR_SSL2_DISABLED);
       return SECFailure;
    }

    ssl_GetRecvBufLock(ss);

    PORT_Assert(ss->sec.ci.sid != 0);
    sid = ss->sec.ci.sid;

    data = ss->gs.buf.buf + ss->gs.recordOffset;
    DUMP_MSG(29, (ss, data, ss->gs.recordLen));

    /* Make sure first message has some data and is the server hello message */
    if ((ss->gs.recordLen < SSL_HL_SERVER_HELLO_HBYTES)
       || (data[0] != SSL_MT_SERVER_HELLO)) {
       if ((data[0] == SSL_MT_ERROR) && (ss->gs.recordLen == 3)) {
           err = (data[1] << 8) | data[2];
           if (err == SSL_PE_NO_CYPHERS) {
              PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
              goto loser;
           }
       }
       goto bad_server;
    }

    sidHit      = data[1];
    certType    = data[2];
    ss->version = (data[3] << 8) | data[4];
    certLen     = (data[5] << 8) | data[6];
    csLen       = (data[7] << 8) | data[8];
    cidLen      = (data[9] << 8) | data[10];
    cert        = data + SSL_HL_SERVER_HELLO_HBYTES;
    cs          = cert + certLen;

    SSL_TRC(5,
           ("%d: SSL[%d]: server-hello, hit=%d vers=%x certLen=%d csLen=%d cidLen=%d",
            SSL_GETPID(), ss->fd, sidHit, ss->version, certLen,
            csLen, cidLen));
    if (ss->version != SSL_LIBRARY_VERSION_2) {
        if (ss->version < SSL_LIBRARY_VERSION_2) {
         SSL_TRC(3, ("%d: SSL[%d]: demoting self (%x) to server version (%x)",
                    SSL_GETPID(), ss->fd, SSL_LIBRARY_VERSION_2,
                    ss->version));
       } else {
         SSL_TRC(1, ("%d: SSL[%d]: server version is %x (we are %x)",
                  SSL_GETPID(), ss->fd, ss->version, SSL_LIBRARY_VERSION_2));
         /* server claims to be newer but does not follow protocol */
         PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
         goto loser;
       }
    }

    if ((SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen + cidLen 
                                                  > ss->gs.recordLen)
       || (csLen % 3) != 0   
       /* || cidLen < SSL_CONNECTIONID_BYTES || cidLen > 32  */
       ) {
       goto bad_server;
    }

    /* Save connection-id.
    ** This code only saves the first 16 byte of the connectionID.
    ** If the connectionID is shorter than 16 bytes, it is zero-padded.
    */
    if (cidLen < sizeof ss->sec.ci.connectionID)
       memset(ss->sec.ci.connectionID, 0, sizeof ss->sec.ci.connectionID);
    cidLen = PR_MIN(cidLen, sizeof ss->sec.ci.connectionID);
    PORT_Memcpy(ss->sec.ci.connectionID, cs + csLen, cidLen);

    /* See if session-id hit */
    needed = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED | CIS_HAVE_VERIFY;
    if (sidHit) {
       if (certLen || csLen) {
           /* Uh oh - bogus server */
           SSL_DBG(("%d: SSL[%d]: client, huh? hit=%d certLen=%d csLen=%d",
                   SSL_GETPID(), ss->fd, sidHit, certLen, csLen));
           goto bad_server;
       }

       /* Total winner. */
       SSL_TRC(1, ("%d: SSL[%d]: client, using nonce for peer=0x%08x "
                  "port=0x%04x",
                  SSL_GETPID(), ss->fd, ss->sec.ci.peer, ss->sec.ci.port));
       ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
        ss->sec.authAlgorithm = sid->authAlgorithm;
       ss->sec.authKeyBits   = sid->authKeyBits;
       ss->sec.keaType       = sid->keaType;
       ss->sec.keaKeyBits    = sid->keaKeyBits;
       rv = ssl2_CreateSessionCypher(ss, sid, PR_TRUE);
       if (rv != SECSuccess) {
           goto loser;
       }
    } else {
       if (certType != SSL_CT_X509_CERTIFICATE) {
           PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
           goto loser;
       }
       if (csLen == 0) {
           PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
           SSL_DBG(("%d: SSL[%d]: no cipher overlap",
                   SSL_GETPID(), ss->fd));
           goto loser;
       }
       if (certLen == 0) {
           SSL_DBG(("%d: SSL[%d]: client, huh? certLen=%d csLen=%d",
                   SSL_GETPID(), ss->fd, certLen, csLen));
           goto bad_server;
       }

       if (sid->cached != never_cached) {
           /* Forget our session-id - server didn't like it */
           SSL_TRC(7, ("%d: SSL[%d]: server forgot me, uncaching session-id",
                     SSL_GETPID(), ss->fd));
           (*ss->sec.uncache)(sid);
           ssl_FreeSID(sid);
           ss->sec.ci.sid = sid = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
           if (!sid) {
              goto loser;
           }
           sid->references = 1;
           sid->addr = ss->sec.ci.peer;
           sid->port = ss->sec.ci.port;
       }

       /* decode the server's certificate */
       rv = ssl2_ClientHandleServerCert(ss, cert, certLen);
       if (rv != SECSuccess) {
           if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
              (void) ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
           }
           goto loser;
       }

       /* Setup new session cipher */
       rv = ssl2_ClientSetupSessionCypher(ss, cs, csLen);
       if (rv != SECSuccess) {
           if (PORT_GetError() == SSL_ERROR_BAD_CERTIFICATE) {
              (void) ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
           }
           goto loser;
       }
    }

    /* Build up final list of required elements */
    ss->sec.ci.elements         = CIS_HAVE_MASTER_KEY;
    ss->sec.ci.requiredElements = needed;

  if (!sidHit) {
    /* verify the server's certificate. if sidHit, don't check signatures */
    rv = (* ss->authCertificate)(ss->authCertificateArg, ss->fd, 
                             (PRBool)(!sidHit), PR_FALSE);
    if (rv) {
       if (ss->handleBadCert) {
           rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
           if ( rv ) {
              if ( rv == SECWouldBlock ) {
                  /* someone will handle this connection asynchronously*/

                  SSL_DBG(("%d: SSL[%d]: go to async cert handler",
                          SSL_GETPID(), ss->fd));
                  ssl_ReleaseRecvBufLock(ss);
                  ssl_SetAlwaysBlock(ss);
                  return SECWouldBlock;
              }
              /* cert is bad */
              SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
                      SSL_GETPID(), ss->fd, PORT_GetError()));
              goto loser;

           }
           /* cert is good */
       } else {
           SSL_DBG(("%d: SSL[%d]: server certificate is no good: error=%d",
                   SSL_GETPID(), ss->fd, PORT_GetError()));
           goto loser;
       }
    }
  }
    /*
    ** At this point we have a completed session key and our session
    ** cipher is setup and ready to go. Switch to encrypted write routine
    ** as all future message data is to be encrypted.
    */
    ssl2_UseEncryptedSendFunc(ss);

    rv = ssl2_TryToFinish(ss);
    if (rv != SECSuccess) 
       goto loser;

    ss->gs.recordLen = 0;

    ssl_ReleaseRecvBufLock(ss);

    if (ss->handshake == 0) {
       return SECSuccess;
    }

    SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
              SSL_GETPID(), ss->fd, ss->sec.ci.requiredElements, 
              ss->sec.ci.elements));
    ss->handshake     = ssl_GatherRecord1stHandshake;
    ss->nextHandshake = ssl2_HandleVerifyMessage;
    return SECSuccess;

  bad_server:
    PORT_SetError(SSL_ERROR_BAD_SERVER);
    /* FALL THROUGH */

  loser:
    ssl_ReleaseRecvBufLock(ss);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ssl2_InitSocketPolicy ( sslSocket *  ss)

Definition at line 448 of file sslcon.c.

{
    ss->allowedByPolicy            = allowedByPolicy;
    ss->maybeAllowedByPolicy       = maybeAllowedByPolicy;
    ss->chosenPreference    = chosenPreference;
}

Here is the caller graph for this function:

int ssl2_RestartHandshakeAfterCertReq ( sslSocket *  ss,
CERTCertificate *  cert,
SECKEYPrivateKey *  key 
)

Definition at line 3328 of file sslcon.c.

{
    int              ret;
    SECStatus        rv          = SECSuccess;
    SECItem          response;

    if (ss->version >= SSL_LIBRARY_VERSION_3_0) 
       return SECFailure;

    response.data = NULL;

    /* generate error if no cert or key */
    if ( ( cert == NULL ) || ( key == NULL ) ) {
       goto no_cert;
    }
    
    /* generate signed response to the challenge */
    rv = ssl2_SignResponse(ss, key, &response);
    if ( rv != SECSuccess ) {
       goto no_cert;
    }
    
    /* Send response message */
    ret = ssl2_SendCertificateResponseMessage(ss, &cert->derCert, &response);
    if (ret) {
       goto no_cert;
    }

    /* try to finish the handshake */
    ret = ssl2_TryToFinish(ss);
    if (ret) {
       goto loser;
    }
    
    /* done with handshake */
    if (ss->handshake == 0) {
       ret = SECSuccess;
       goto done;
    }

    /* continue handshake */
    ssl_GetRecvBufLock(ss);
    ss->gs.recordLen = 0;
    ssl_ReleaseRecvBufLock(ss);

    ss->handshake     = ssl_GatherRecord1stHandshake;
    ss->nextHandshake = ssl2_HandleMessage;
    ret = ssl2_TriggerNextMessage(ss);
    goto done;
    
no_cert:
    /* no cert - send error */
    ret = ssl2_SendErrorMessage(ss, SSL_PE_NO_CERTIFICATE);
    goto done;
    
loser:
    ret = SECFailure;
done:
    /* free allocated data */
    if ( response.data ) {
       PORT_Free(response.data);
    }
    
    return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 3406 of file sslcon.c.

{
    int rv    = SECSuccess;

    if (ss->version >= SSL_LIBRARY_VERSION_3_0) 
       return SECFailure;

    /* SSL 2
    ** At this point we have a completed session key and our session
    ** cipher is setup and ready to go. Switch to encrypted write routine
    ** as all future message data is to be encrypted.
    */
    ssl2_UseEncryptedSendFunc(ss);

    rv = ssl2_TryToFinish(ss);
    if (rv == SECSuccess && ss->handshake != NULL) {    
       /* handshake is not yet finished. */

       SSL_TRC(5, ("%d: SSL[%d]: got server-hello, required=0x%d got=0x%x",
              SSL_GETPID(), ss->fd, ss->sec.ci.requiredElements,
              ss->sec.ci.elements));

       ssl_GetRecvBufLock(ss);
       ss->gs.recordLen = 0;       /* mark it all used up. */
       ssl_ReleaseRecvBufLock(ss);

       ss->handshake     = ssl_GatherRecord1stHandshake;
       ss->nextHandshake = ssl2_HandleVerifyMessage;
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl2_SendErrorMessage ( struct sslSocketStr ss,
int  error 
)
SECStatus ssl2_SetPolicy ( PRInt32  which,
PRInt32  policy 
)

Definition at line 299 of file sslcon.c.

{
    PRUint32  bitMask;
    SECStatus rv       = SECSuccess;

    which &= 0x000f;
    bitMask = 1 << which;

    if (!(bitMask & SSL_CB_IMPLEMENTED)) {
       PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
       return SECFailure;
    }

    if (policy == SSL_ALLOWED) {
       allowedByPolicy      |= bitMask;
       maybeAllowedByPolicy        |= bitMask;
    } else if (policy == SSL_RESTRICTED) {
       allowedByPolicy      &= ~bitMask;
       maybeAllowedByPolicy        |= bitMask;
    } else {
       allowedByPolicy      &= ~bitMask;
       maybeAllowedByPolicy        &= ~bitMask;
    }
    allowedByPolicy         &= SSL_CB_IMPLEMENTED;
    maybeAllowedByPolicy    &= SSL_CB_IMPLEMENTED;

    policyWasSet = PR_TRUE;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl2_StartGatherBytes ( sslSocket *  ss,
sslGather *  gs,
unsigned int  count 
)

Definition at line 410 of file sslgathr.c.

{
    int rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
    gs->state     = GS_DATA;
    gs->remainder = count;
    gs->count     = count;
    gs->offset    = 0;
    if (count > gs->buf.space) {
       rv = sslBuffer_Grow(&gs->buf, count);
       if (rv) {
           return rv;
       }
    }
    return ssl2_GatherData(ss, gs, 0);
}

Here is the call graph for this function:

void ssl2_UseClearSendFunc ( sslSocket *  ss)

Definition at line 1199 of file sslcon.c.

{
    ss->sec.send = ssl2_SendClear;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_AppendHandshake ( sslSocket *  ss,
const void void_src,
PRInt32  bytes 
)

Definition at line 2941 of file ssl3con.c.

{
    unsigned char *  src  = (unsigned char *)void_src;
    int              room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
    SECStatus        rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); /* protects sendBuf. */

    if (ss->sec.ci.sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
       rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
               PR_MIN(MAX_SEND_BUF_LENGTH, ss->sec.ci.sendBuf.len + bytes)));
       if (rv != SECSuccess)
           return rv;       /* sslBuffer_Grow has set a memory error code. */
       room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
    }

    PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char*)void_src, bytes));
    rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
    if (rv != SECSuccess)
       return rv;    /* error code set by ssl3_UpdateHandshakeHashes */

    while (bytes > room) {
       if (room > 0)
           PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, 
                       room);
       ss->sec.ci.sendBuf.len += room;
       rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
       if (rv != SECSuccess) {
           return rv;       /* error code set by ssl3_FlushHandshake */
       }
       bytes -= room;
       src += room;
       room = ss->sec.ci.sendBuf.space;
       PORT_Assert(ss->sec.ci.sendBuf.len == 0);
    }
    PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, bytes);
    ss->sec.ci.sendBuf.len += bytes;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_AppendHandshakeHeader ( sslSocket *  ss,
SSL3HandshakeType  t,
PRUint32  length 
)

Definition at line 3024 of file ssl3con.c.

{
    SECStatus rv;

    SSL_TRC(30,("%d: SSL3[%d]: append handshake header: type %s",
       SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t)));
    PRINT_BUF(60, (ss, "MD5 handshake hash:",
                 (unsigned char*)ss->ssl3.hs.md5_cx, MD5_LENGTH));
    PRINT_BUF(95, (ss, "SHA handshake hash:",
                 (unsigned char*)ss->ssl3.hs.sha_cx, SHA1_LENGTH));

    rv = ssl3_AppendHandshakeNumber(ss, t, 1);
    if (rv != SECSuccess) {
       return rv;    /* error code set by AppendHandshake, if applicable. */
    }
    rv = ssl3_AppendHandshakeNumber(ss, length, 3);
    return rv;              /* error code set by AppendHandshake, if applicable. */
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_AppendHandshakeNumber ( sslSocket *  ss,
PRInt32  num,
PRInt32  lenSize 
)

Definition at line 2982 of file ssl3con.c.

{
    SECStatus rv;
    uint8     b[4];
    uint8 *   p = b;

    switch (lenSize) {
      case 4:
       *p++ = (num >> 24) & 0xff;
      case 3:
       *p++ = (num >> 16) & 0xff;
      case 2:
       *p++ = (num >> 8) & 0xff;
      case 1:
       *p = num & 0xff;
    }
    SSL_TRC(60, ("%d: number:", SSL_GETPID()));
    rv = ssl3_AppendHandshake(ss, &b[0], lenSize);
    return rv;       /* error code set by AppendHandshake, if applicable. */
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_AppendHandshakeVariable ( sslSocket *  ss,
const SSL3Opaque src,
PRInt32  bytes,
PRInt32  lenSize 
)

Definition at line 3004 of file ssl3con.c.

{
    SECStatus rv;

    PORT_Assert((bytes < (1<<8) && lenSize == 1) ||
             (bytes < (1L<<16) && lenSize == 2) ||
             (bytes < (1L<<24) && lenSize == 3));

    SSL_TRC(60,("%d: append variable:", SSL_GETPID()));
    rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
    if (rv != SECSuccess) {
       return rv;    /* error code set by AppendHandshake, if applicable. */
    }
    SSL_TRC(60, ("data:"));
    rv = ssl3_AppendHandshake(ss, src, bytes);
    return rv;       /* error code set by AppendHandshake, if applicable. */
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRInt32 ssl3_CallHelloExtensionSenders ( sslSocket *  ss,
PRBool  append,
PRUint32  maxBytes,
const ssl3HelloExtensionSender sender 
)

Definition at line 1336 of file ssl3ecc.c.

{
    PRInt32 total_exten_len = 0;
    int i;

    if (!sender)
       sender = &clientHelloSenders[0];

    for (i = 0; i < MAX_EXTENSION_SENDERS; ++i, ++sender) {
       if (sender->ex_sender) {
           PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
           if (extLen < 0)
              return -1;
           maxBytes        -= extLen;
           total_exten_len += extLen;
       }
    }
    return total_exten_len;
}

Here is the caller graph for this function:

SECStatus ssl3_CipherPrefGet ( sslSocket *  ss,
ssl3CipherSuite  which,
PRBool on 
)

Definition at line 8392 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;
    PRBool              pref;
    SECStatus           rv;

    suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
    if (suite) {
       pref   = suite->enabled;
       rv     = SECSuccess;
    } else {
       pref   = SSL_NOT_ALLOWED;
       rv     = SECFailure; /* err code was set by Lookup. */
    }
    *enabled = pref;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 8360 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;
    PRBool              pref;
    SECStatus           rv;

    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
    if (suite) {
       pref   = suite->enabled;
       rv     = SECSuccess;
    } else {
       pref   = SSL_NOT_ALLOWED;
       rv     = SECFailure; /* err code was set by Lookup. */
    }
    *enabled = pref;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_CipherPrefSet ( sslSocket *  ss,
ssl3CipherSuite  which,
PRBool  on 
)

Definition at line 8379 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;

    suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
    if (suite == NULL) {
       return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
    }
    suite->enabled = enabled;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 8346 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;

    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
    if (suite == NULL) {
       return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
    }
    suite->enabled = enabled;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_ComputeCommonKeyHash ( PRUint8 hashBuf,
unsigned int  bufLen,
SSL3Hashes hashes,
PRBool  bypassPKCS11 
)

Definition at line 944 of file ssl3con.c.

{
    SECStatus     rv               = SECSuccess;

    if (bypassPKCS11) {
       MD5_HashBuf (hashes->md5, hashBuf, bufLen);
       SHA1_HashBuf(hashes->sha, hashBuf, bufLen);
    } else {
       rv = PK11_HashBuf(SEC_OID_MD5, hashes->md5, hashBuf, bufLen);
       if (rv != SECSuccess) {
           ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
           rv = SECFailure;
           goto done;
       }

       rv = PK11_HashBuf(SEC_OID_SHA1, hashes->sha, hashBuf, bufLen);
       if (rv != SECSuccess) {
           ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
           rv = SECFailure;
       }
    }
done:
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl3_config_match_init ( sslSocket *  )

Definition at line 562 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *      suite;
    const ssl3CipherSuiteDef *cipher_def;
    SSLCipherAlgorithm        cipher_alg;
    CK_MECHANISM_TYPE         cipher_mech;
    SSL3KEAType               exchKeyType;
    int                       i;
    int                       numPresent         = 0;
    int                       numEnabled         = 0;
    PRBool                    isServer;
    sslServerCerts           *svrAuth;

    PORT_Assert(ss);
    if (!ss) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return 0;
    }
    if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
       return 0;
    }
    isServer = (PRBool)(ss->sec.isServer != 0);

    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
       suite = &ss->cipherSuites[i];
       if (suite->enabled) {
           ++numEnabled;
           /* We need the cipher defs to see if we have a token that can handle
            * this cipher.  It isn't part of the static definition.
            */
           cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
           if (!cipher_def) {
              suite->isPresent = PR_FALSE;
              continue;
           }
           cipher_alg=bulk_cipher_defs[cipher_def->bulk_cipher_alg ].calg;
           PORT_Assert(  alg2Mech[cipher_alg].calg == cipher_alg);
           cipher_mech = alg2Mech[cipher_alg].cmech;
           exchKeyType =
                  kea_defs[cipher_def->key_exchange_alg].exchKeyType;
#ifndef NSS_ENABLE_ECC
           svrAuth = ss->serverCerts + exchKeyType;
#else
           /* XXX SSLKEAType isn't really a good choice for 
            * indexing certificates. It doesn't work for
            * (EC)DHE-* ciphers. Here we use a hack to ensure
            * that the server uses an RSA cert for (EC)DHE-RSA.
            */
           switch (cipher_def->key_exchange_alg) {
           case kea_ecdhe_rsa:
#if NSS_SERVER_DHE_IMPLEMENTED
           /* XXX NSS does not yet implement the server side of _DHE_
            * cipher suites.  Correcting the computation for svrAuth,
            * as the case below does, causes NSS SSL servers to begin to
            * negotiate cipher suites they do not implement.  So, until
            * server side _DHE_ is implemented, keep this disabled.
            */
           case kea_dhe_rsa:
#endif
              svrAuth = ss->serverCerts + kt_rsa;
              break;
           case kea_ecdh_ecdsa:
           case kea_ecdh_rsa:
               /* 
               * XXX We ought to have different indices for 
               * ECDSA- and RSA-signed EC certificates so
               * we could support both key exchange mechanisms
               * simultaneously. For now, both of them use
               * whatever is in the certificate slot for kt_ecdh
               */
           default:
              svrAuth = ss->serverCerts + exchKeyType;
              break;
           }
#endif /* NSS_ENABLE_ECC */

           /* Mark the suites that are backed by real tokens, certs and keys */
           suite->isPresent = (PRBool)
              (((exchKeyType == kt_null) ||
                 ((!isServer || (svrAuth->serverKeyPair &&
                                 svrAuth->SERVERKEY &&
                               svrAuth->serverCertChain)) &&
                  PK11_TokenExists(kea_alg_defs[exchKeyType]))) &&
              ((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech)));
           if (suite->isPresent)
              ++numPresent;
       }
    }
    PORT_Assert(numPresent > 0 || numEnabled == 0);
    if (numPresent <= 0) {
       PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
    }
    return numPresent;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_ConstructV2CipherSpecsHack ( sslSocket *  ss,
unsigned char *  cs,
int size 
)

Definition at line 8421 of file ssl3con.c.

{
    int i, count = 0;

    PORT_Assert(ss != 0);
    if (!ss) {
       PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
       return SECFailure;
    }
    if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
       *size = 0;
       return SECSuccess;
    }
    if (cs == NULL) {
       *size = count_cipher_suites(ss, SSL_ALLOWED, PR_TRUE);
       return SECSuccess;
    }

    /* ssl3_config_match_init was called by the caller of this function. */
    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
       ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
       if (config_match(suite, SSL_ALLOWED, PR_TRUE)) {
           if (cs != NULL) {
              *cs++ = 0x00;
              *cs++ = (suite->cipher_suite >> 8) & 0xFF;
              *cs++ =  suite->cipher_suite       & 0xFF;
           }
           count++;
       }
    }
    *size = count;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_ConsumeHandshake ( sslSocket *  ss,
void v,
PRInt32  bytes,
SSL3Opaque **  b,
PRUint32 length 
)

Definition at line 3059 of file ssl3con.c.

{
    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );

    if ((PRUint32)bytes > *length) {
       return ssl3_DecodeError(ss);
    }
    PORT_Memcpy(v, *b, bytes);
    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
    *b      += bytes;
    *length -= bytes;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRInt32 ssl3_ConsumeHandshakeNumber ( sslSocket *  ss,
PRInt32  bytes,
SSL3Opaque **  b,
PRUint32 length 
)

Definition at line 3087 of file ssl3con.c.

{
    uint8     *buf = *b;
    int       i;
    PRInt32   num = 0;

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
    PORT_Assert( bytes <= sizeof num);

    if ((PRUint32)bytes > *length) {
       return ssl3_DecodeError(ss);
    }
    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));

    for (i = 0; i < bytes; i++)
       num = (num << 8) + buf[i];
    *b      += bytes;
    *length -= bytes;
    return num;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_ConsumeHandshakeVariable ( sslSocket *  ss,
SECItem *  i,
PRInt32  bytes,
SSL3Opaque **  b,
PRUint32 length 
)

Definition at line 3125 of file ssl3con.c.

{
    PRInt32   count;

    PORT_Assert(bytes <= 3);
    i->len  = 0;
    i->data = NULL;
    count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length);
    if (count < 0) {               /* Can't test for SECSuccess here. */
       return SECFailure;
    }
    if (count > 0) {
       if ((PRUint32)count > *length) {
           return ssl3_DecodeError(ss);
       }
       i->data = *b;
       i->len  = count;
       *b      += count;
       *length -= count;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 8279 of file ssl3con.c.

{
    SECStatus             rv        = SECSuccess;
    SECKEYPrivateKey *    privKey;        /* RSA step down key */
    SECKEYPublicKey *     pubKey;         /* RSA step down key */

    if (ss->stepDownKeyPair)
       ssl3_FreeKeyPair(ss->stepDownKeyPair);
    ss->stepDownKeyPair = NULL;
#ifndef HACKED_EXPORT_SERVER
    /* Sigh, should have a get key strength call for private keys */
    if (PK11_GetPrivateModulusLen(ss->serverCerts[kt_rsa].SERVERKEY) >
                                                     EXPORT_RSA_KEY_LENGTH) {
       /* need to ask for the key size in bits */
       privKey = SECKEY_CreateRSAPrivateKey(EXPORT_RSA_KEY_LENGTH * BPB,
                                        &pubKey, NULL);
       if (!privKey || !pubKey ||
           !(ss->stepDownKeyPair = ssl3_NewKeyPair(privKey, pubKey))) {
           ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
           rv = SECFailure;
       }
    }
#endif
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ssl3_DestroySSL3Info ( sslSocket *  ss)

Definition at line 8496 of file ssl3con.c.

{

    if (ss->ssl3.clientCertificate != NULL)
       CERT_DestroyCertificate(ss->ssl3.clientCertificate);

    if (ss->ssl3.clientPrivateKey != NULL)
       SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);

    if (ss->ssl3.peerCertArena != NULL)
       ssl3_CleanupPeerCerts(ss);

    if (ss->ssl3.clientCertChain != NULL) {
       CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
       ss->ssl3.clientCertChain = NULL;
    }

    /* clean up handshake */
    if (ss->opt.bypassPKCS11) {
       SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
       MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
    } 
    if (ss->ssl3.hs.md5) {
       PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE);
    }
    if (ss->ssl3.hs.sha) {
       PK11_DestroyContext(ss->ssl3.hs.sha,PR_TRUE);
    }
    if (ss->ssl3.hs.messages.buf) {
       PORT_Free(ss->ssl3.hs.messages.buf);
       ss->ssl3.hs.messages.buf = NULL;
       ss->ssl3.hs.messages.len = 0;
       ss->ssl3.hs.messages.space = 0;
    }

    /* free the SSL3Buffer (msg_body) */
    PORT_Free(ss->ssl3.hs.msg_body.buf);

    /* free up the CipherSpecs */
    ssl3_DestroyCipherSpec(&ss->ssl3.specs[0]);
    ssl3_DestroyCipherSpec(&ss->ssl3.specs[1]);

    ss->ssl3.initialized = PR_FALSE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ssl3_FreeKeyPair ( ssl3KeyPair *  keyPair)

Definition at line 8260 of file ssl3con.c.

{
    PRInt32 newCount =  PR_AtomicDecrement(&keyPair->refCount);
    if (!newCount) {
       if (keyPair->privKey)
           SECKEY_DestroyPrivateKey(keyPair->privKey);
       if (keyPair->pubKey)
           SECKEY_DestroyPublicKey( keyPair->pubKey);
       PORT_Free(keyPair);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl3_GatherAppDataRecord ( sslSocket *  ss,
int  flags 
)

Definition at line 229 of file ssl3gthr.c.

{
    int            rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
    do {
       rv = ssl3_GatherCompleteHandshake(ss, flags);
    } while (rv > 0 && ss->gs.buf.len == 0);

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl3_GatherCompleteHandshake ( sslSocket *  ss,
int  flags 
)

Definition at line 187 of file ssl3gthr.c.

{
    SSL3Ciphertext cText;
    int            rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
    do {
       /* bring in the next sslv3 record. */
       rv = ssl3_GatherData(ss, &ss->gs, flags);
       if (rv <= 0) {
           return rv;
       }
       
       /* decipher it, and handle it if it's a handshake. 
        * If it's application data, ss->gs.buf will not be empty upon return. 
        */
       cText.type    = (SSL3ContentType)ss->gs.hdr[0];
       cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
       cText.buf     = &ss->gs.inbuf;
       rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
       if (rv < 0) {
           return ss->recvdCloseNotify ? 0 : rv;
       }
    } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0);

    ss->gs.readOffset = 0;
    ss->gs.writeOffset = ss->gs.buf.len;
    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

ssl3KeyPair* ssl3_GetKeyPairRef ( ssl3KeyPair *  keyPair)

Definition at line 8253 of file ssl3con.c.

{
    PR_AtomicIncrement(&keyPair->refCount);
    return keyPair;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_GetPolicy ( ssl3CipherSuite  which,
PRInt32 policy 
)

Definition at line 8326 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;
    PRInt32             policy;
    SECStatus           rv;

    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
    if (suite) {
       policy = suite->policy;
       rv     = SECSuccess;
    } else {
       policy = SSL_NOT_ALLOWED;
       rv     = SECFailure; /* err code was set by Lookup. */
    }
    *oPolicy = policy;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_HandleClientHelloExtensions ( sslSocket *  ss,
SSL3Opaque **  b,
PRUint32 length 
)

Definition at line 1270 of file ssl3ecc.c.

{
    while (*length) {
       const ssl3HelloExtensionHandler * handler;
       SECStatus rv;
       PRInt32   extension_type;
       SECItem   extension_data;

       /* Get the extension's type field */
       extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
       if (extension_type < 0)  /* failure to decode extension_type */
           return SECFailure;   /* alert already sent */

       /* get the data for this extension, so we can pass it or skip it. */
       rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
       if (rv != SECSuccess)
           return rv;

       /* find extension_type in table of Client Hello Extension Handlers */
       for (handler = handlers; handler->ex_type >= 0; handler++) {
           if (handler->ex_type == extension_type)
               break;
       }

       /* if found,  Call this handler */
       if (handler->ex_type == extension_type) {
           rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, 
                                                    &extension_data);
           /* Ignore this result */
           /* Essentially, treat all bad extensions as unrecognized types. */
       }
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_HandleRecord ( sslSocket *  ss,
SSL3Ciphertext cipher,
sslBuffer *  out 
)

Definition at line 7951 of file ssl3con.c.

{
const ssl3BulkCipherDef *cipher_def;
    ssl3CipherSpec *     crSpec;
    SECStatus            rv;
    unsigned int         hashBytes        = MAX_MAC_LENGTH + 1;
    unsigned int         padding_length;
    PRBool               isTLS;
    PRBool               padIsBad               = PR_FALSE;
    SSL3ContentType      rType;
    SSL3Opaque           hash[MAX_MAC_LENGTH];

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );

    if (!ss->ssl3.initialized) {
       ssl_GetSSL3HandshakeLock(ss);
       rv = ssl3_InitState(ss);
       ssl_ReleaseSSL3HandshakeLock(ss);
       if (rv != SECSuccess) {
           return rv;              /* ssl3_InitState has set the error code. */
       }
    }

    /* check for Token Presence */
    if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
       PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
       return SECFailure;
    }

    /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX().
     * This implies that databuf holds a previously deciphered SSL Handshake
     * message.
     */
    if (cText == NULL) {
       SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
               SSL_GETPID(), ss->fd));
       rType = content_handshake;
       goto process_it;
    }

    databuf->len = 0; /* filled in by decode call below. */
    if (databuf->space < MAX_FRAGMENT_LENGTH) {
       rv = sslBuffer_Grow(databuf, MAX_FRAGMENT_LENGTH + 2048);
       if (rv != SECSuccess) {
           SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
                   SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048));
           /* sslBuffer_Grow has set a memory error code. */
           /* Perhaps we should send an alert. (but we have no memory!) */
           return SECFailure;
       }
    }

    PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf, cText->buf->len));

    ssl_GetSpecReadLock(ss); /******************************************/

    crSpec = ss->ssl3.crSpec;
    cipher_def = crSpec->cipher_def;
    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);

    if (isTLS && cText->buf->len > (MAX_FRAGMENT_LENGTH + 2048)) {
       ssl_ReleaseSpecReadLock(ss);
       SSL3_SendAlert(ss, alert_fatal, record_overflow);
       PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
       return SECFailure;
    }
    /* decrypt from cText buf to databuf. */
    rv = crSpec->decode(
       crSpec->decodeContext, databuf->buf, (int *)&databuf->len,
       databuf->space, cText->buf->buf, cText->buf->len);

    PRINT_BUF(80, (ss, "cleartext:", databuf->buf, databuf->len));
    if (rv != SECSuccess) {
       int err = ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE);
       ssl_ReleaseSpecReadLock(ss);
       SSL3_SendAlert(ss, alert_fatal,
                      isTLS ? decryption_failed : bad_record_mac);
       PORT_SetError(err);
       return SECFailure;
    }

    /* If it's a block cipher, check and strip the padding. */
    if (cipher_def->type == type_block) {
       padding_length = *(databuf->buf + databuf->len - 1);
       /* TLS permits padding to exceed the block size, up to 255 bytes. */
       if (padding_length + 1 + crSpec->mac_size > databuf->len)
           padIsBad = PR_TRUE;
       /* if TLS, check value of first padding byte. */
       else if (padding_length && isTLS && 
                padding_length != 
                        *(databuf->buf + databuf->len - (padding_length + 1)))
           padIsBad = PR_TRUE;
       else
           databuf->len -= padding_length + 1;
    }

    /* Remove the MAC. */
    if (databuf->len >= crSpec->mac_size)
       databuf->len -= crSpec->mac_size;
    else
       padIsBad = PR_TRUE;  /* really macIsBad */

    /* compute the MAC */
    rType = cText->type;
    rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer),
       rType, cText->version, crSpec->read_seq_num, 
       databuf->buf, databuf->len, hash, &hashBytes);
    if (rv != SECSuccess) {
       int err = ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
       ssl_ReleaseSpecReadLock(ss);
       SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
       PORT_SetError(err);
       return rv;
    }

    /* Check the MAC */
    if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || 
       PORT_Memcmp(databuf->buf + databuf->len, hash, crSpec->mac_size) != 0) {
       /* must not hold spec lock when calling SSL3_SendAlert. */
       ssl_ReleaseSpecReadLock(ss);
       SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
       /* always log mac error, in case attacker can read server logs. */
       PORT_SetError(SSL_ERROR_BAD_MAC_READ);

       SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd));

       return SECFailure;
    }

    ssl3_BumpSequenceNumber(&crSpec->read_seq_num);

    ssl_ReleaseSpecReadLock(ss); /*****************************************/

    /*
     * The decrypted data is now in databuf.
     *
     * the null decompression routine is right here
     */

    /*
    ** Having completed the decompression, check the length again. 
    */
    if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
       SSL3_SendAlert(ss, alert_fatal, record_overflow);
       PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
       return SECFailure;
    }

    /* Application data records are processed by the caller of this
    ** function, not by this function.
    */
    if (rType == content_application_data) {
       return SECSuccess;
    }

    /* It's a record that must be handled by ssl itself, not the application.
    */
process_it:
    /* XXX  Get the xmit lock here.  Odds are very high that we'll be xmiting
     * data ang getting the xmit lock here prevents deadlocks.
     */
    ssl_GetSSL3HandshakeLock(ss);

    /* All the functions called in this switch MUST set error code if
    ** they return SECFailure or SECWouldBlock.
    */
    switch (rType) {
    case content_change_cipher_spec:
       rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
       break;
    case content_alert:
       rv = ssl3_HandleAlert(ss, databuf);
       break;
    case content_handshake:
       rv = ssl3_HandleHandshake(ss, databuf);
       break;
    /*
    case content_application_data is handled before this switch
    */
    default:
       SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
               SSL_GETPID(), ss->fd, cText->type));
       /* XXX Send an alert ???  */
       PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
       rv = SECFailure;
       break;
    }

    ssl_ReleaseSSL3HandshakeLock(ss);
    return rv;

}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_HandleV2ClientHello ( sslSocket *  ss,
unsigned char *  buffer,
int  length 
)

Definition at line 5930 of file ssl3con.c.

{
    sslSessionID *      sid               = NULL;
    unsigned char *     suites;
    unsigned char *     random;
    SSL3ProtocolVersion version;
    SECStatus           rv;
    int                 i;
    int                 j;
    int                 sid_length;
    int                 suite_length;
    int                 rand_length;
    int                 errCode  = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
    SSL3AlertDescription desc    = handshake_failure;

    SSL_TRC(3, ("%d: SSL3[%d]: handle v2 client_hello", SSL_GETPID(), ss->fd));

    PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );

    ssl_GetSSL3HandshakeLock(ss);

    rv = ssl3_InitState(ss);
    if (rv != SECSuccess) {
       ssl_ReleaseSSL3HandshakeLock(ss);
       return rv;           /* ssl3_InitState has set the error code. */
    }

    if (ss->ssl3.hs.ws != wait_client_hello) {
       desc    = unexpected_message;
       errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
       goto loser;   /* alert_loser */
    }

    version      = (buffer[1] << 8) | buffer[2];
    suite_length = (buffer[3] << 8) | buffer[4];
    sid_length   = (buffer[5] << 8) | buffer[6];
    rand_length  = (buffer[7] << 8) | buffer[8];
    ss->clientHelloVersion = version;

    rv = ssl3_NegotiateVersion(ss, version);
    if (rv != SECSuccess) {
       /* send back which ever alert client will understand. */
       desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure;
       errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
       goto alert_loser;
    }

    /* if we get a non-zero SID, just ignore it. */
    if (length !=
        SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
       SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d",
               SSL_GETPID(), ss->fd, length,
               SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length +
               rand_length));
       goto loser;   /* malformed */      /* alert_loser */
    }

    suites = buffer + SSL_HL_CLIENT_HELLO_HBYTES;
    random = suites + suite_length + sid_length;

    if (rand_length < SSL_MIN_CHALLENGE_BYTES ||
       rand_length > SSL_MAX_CHALLENGE_BYTES) {
       goto loser;   /* malformed */      /* alert_loser */
    }

    PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH);

    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
    PORT_Memcpy(
       &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
       random, rand_length);

    PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
                 SSL3_RANDOM_LENGTH));
#ifdef NSS_ENABLE_ECC
    /* Disable any ECC cipher suites for which we have no cert. */
    ssl3_FilterECCipherSuitesByServerCerts(ss);
#endif
    i = ssl3_config_match_init(ss);
    if (i <= 0) {
       errCode = PORT_GetError();  /* error code is already set. */
       goto alert_loser;
    }

    /* Select a cipher suite.
    ** NOTE: This suite selection algorithm should be the same as the one in
    ** ssl3_HandleClientHello().  
    */
    for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
       ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
       if (!config_match(suite, ss->ssl3.policy, PR_TRUE))
           continue;
       for (i = 0; i < suite_length; i += 3) {
           if ((suites[i]   == 0) &&
              (suites[i+1] == MSB(suite->cipher_suite)) &&
              (suites[i+2] == LSB(suite->cipher_suite))) {

              ss->ssl3.hs.cipher_suite = suite->cipher_suite;
              ss->ssl3.hs.suite_def =
                  ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
              goto suite_found;
           }
       }
    }
    errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
    goto alert_loser;

suite_found:

    ss->ssl3.hs.compression = compression_null;
    ss->sec.send            = ssl3_SendApplicationData;

    /* we don't even search for a cache hit here.  It's just a miss. */
    SSL_AtomicIncrementLong(& ssl3stats.hch_sid_cache_misses );
    sid = ssl3_NewSessionID(ss, PR_TRUE);
    if (sid == NULL) {
       errCode = PORT_GetError();
       goto loser;   /* memory error is set. */
    }
    ss->sec.ci.sid = sid;
    /* do not worry about memory leak of sid since it now belongs to ci */

    /* We have to update the handshake hashes before we can send stuff */
    rv = ssl3_UpdateHandshakeHashes(ss, buffer, length);
    if (rv != SECSuccess) {
       errCode = PORT_GetError();
       goto loser;
    }

    ssl_GetXmitBufLock(ss);
    rv = ssl3_SendServerHelloSequence(ss);
    ssl_ReleaseXmitBufLock(ss);
    if (rv != SECSuccess) {
       errCode = PORT_GetError();
       goto loser;
    }

    /* XXX_1  The call stack to here is:
     * ssl_Do1stHandshake -> ssl2_HandleClientHelloMessage -> here.
     * ssl2_HandleClientHelloMessage returns whatever we return here.
     * ssl_Do1stHandshake will continue looping if it gets back either
     *        SECSuccess or SECWouldBlock.
     * SECSuccess is preferable here.  See XXX_1 in sslgathr.c.
     */
    ssl_ReleaseSSL3HandshakeLock(ss);
    return SECSuccess;

alert_loser:
    SSL3_SendAlert(ss, alert_fatal, desc);
loser:
    ssl_ReleaseSSL3HandshakeLock(ss);
    PORT_SetError(errCode);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_InitPendingCipherSpec ( sslSocket *  ss,
PK11SymKey *  pms 
)

Definition at line 1510 of file ssl3con.c.

{
    ssl3CipherSpec  *  pwSpec;
    SECStatus          rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));

    ssl_GetSpecWriteLock(ss);      /**************************************/

    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);

    pwSpec        = ss->ssl3.pwSpec;

    if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) {
       rv = ssl3_DeriveMasterSecret(ss, pms);
       if (rv != SECSuccess) {
           goto done;  /* err code set by ssl3_DeriveMasterSecret */
       }
    }
    if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) {
       /* Double Bypass succeeded in extracting the master_secret */
       const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
       PRBool             isTLS   = (PRBool)(kea_def->tls_keygen ||
                                (pwSpec->version > SSL_LIBRARY_VERSION_3_0));
       pwSpec->bypassCiphers = PR_TRUE;
       rv = ssl3_KeyAndMacDeriveBypass( pwSpec, 
                          (const unsigned char *)&ss->ssl3.hs.client_random,
                          (const unsigned char *)&ss->ssl3.hs.server_random,
                          isTLS, 
                          (PRBool)(kea_def->is_limited));
       if (rv == SECSuccess) {
           rv = ssl3_InitPendingContextsBypass(ss);
       }
    } else if (pwSpec->master_secret) {
       rv = ssl3_DeriveConnectionKeysPKCS11(ss);
       if (rv == SECSuccess) {
           rv = ssl3_InitPendingContextsPKCS11(ss);
       }
    } else {
       PORT_Assert(pwSpec->master_secret);
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       rv = SECFailure;
    }

done:
    ssl_ReleaseSpecWriteLock(ss);  /******************************/
    if (rv != SECSuccess)
       ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ssl3_InitSocketPolicy ( sslSocket *  ss)

Definition at line 8412 of file ssl3con.c.

{
    PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
}

Here is the caller graph for this function:

SECStatus ssl3_KeyAndMacDeriveBypass ( ssl3CipherSpec pwSpec,
const unsigned char *  cr,
const unsigned char *  sr,
PRBool  isTLS,
PRBool  isExport 
)

Definition at line 96 of file derive.c.

{
    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
    unsigned char * key_block    = pwSpec->key_block;
    unsigned char * key_block2   = NULL;
    unsigned int    block_bytes  = 0;
    unsigned int    block_needed = 0;
    unsigned int    i;
    unsigned int    keySize;            /* actual    size of cipher keys */
    unsigned int    effKeySize;           /* effective size of cipher keys */
    unsigned int    macSize;              /* size of MAC secret */
    unsigned int    IVSize;        /* size of IV */
    SECStatus       rv    = SECFailure;
    SECStatus       status = SECSuccess;
    PRBool          isFIPS = PR_FALSE;

    SECItem         srcr;
    SECItem         crsr;

    unsigned char     srcrdata[SSL3_RANDOM_LENGTH * 2];
    unsigned char     crsrdata[SSL3_RANDOM_LENGTH * 2];
    PRUint64          md5buf[22];
    PRUint64          shabuf[40];

#define md5Ctx ((MD5Context *)md5buf)
#define shaCtx ((SHA1Context *)shabuf)

    static const SECItem zed  = { siBuffer, NULL, 0 };

    if (pwSpec->msItem.data == NULL ||
        pwSpec->msItem.len  != SSL3_MASTER_SECRET_LENGTH) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return rv;
    }

    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data, 
                                           pwSpec->msItem.len));

    /* figure out how much is needed */
    macSize    = pwSpec->mac_size;
    keySize    = cipher_def->key_size;
    effKeySize = cipher_def->secret_key_size;
    IVSize     = cipher_def->iv_size;
    if (keySize == 0) {
       effKeySize = IVSize = 0; /* only MACing */
    }
    block_needed = 2 * (macSize + effKeySize + ((!isExport) * IVSize));

    /*
     * clear out our returned keys so we can recover on failure
     */
    pwSpec->client.write_key_item     = zed;
    pwSpec->client.write_mac_key_item = zed;
    pwSpec->server.write_key_item     = zed;
    pwSpec->server.write_mac_key_item = zed;

    /* initialize the server random, client random block */
    srcr.type   = siBuffer;
    srcr.data   = srcrdata;
    srcr.len    = sizeof srcrdata;
    PORT_Memcpy(srcrdata, sr, SSL3_RANDOM_LENGTH);
    PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH, cr, SSL3_RANDOM_LENGTH);

    /* initialize the client random, server random block */
    crsr.type   = siBuffer;
    crsr.data   = crsrdata;
    crsr.len    = sizeof crsrdata;
    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
    PRINT_BUF(100, (NULL, "Key & MAC CRSR", crsr.data, crsr.len));

    /*
     * generate the key material:
     */
    if (isTLS) {
       SECItem       keyblk;

       keyblk.type = siBuffer;
       keyblk.data = key_block;
       keyblk.len  = block_needed;

       status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
                       isFIPS);
       if (status != SECSuccess) {
           goto key_and_mac_derive_fail;
       }
       block_bytes = keyblk.len;
    } else {
       /* key_block = 
        *     MD5(master_secret + SHA('A' + master_secret + 
        *                      ServerHello.random + ClientHello.random)) +
        *     MD5(master_secret + SHA('BB' + master_secret + 
        *                      ServerHello.random + ClientHello.random)) +
        *     MD5(master_secret + SHA('CCC' + master_secret + 
        *                      ServerHello.random + ClientHello.random)) +
        *     [...];
        */
       int made = 0;
       for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
           unsigned int    outLen;
           unsigned char   sha_out[SHA1_LENGTH];

           SHA1_Begin(shaCtx);
           SHA1_Update(shaCtx, (unsigned char*)(mixers[i]), i+1);
           SHA1_Update(shaCtx, pwSpec->msItem.data, pwSpec->msItem.len);
           SHA1_Update(shaCtx, srcr.data, srcr.len);
           SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
           PORT_Assert(outLen == SHA1_LENGTH);

           MD5_Begin(md5Ctx);
           MD5_Update(md5Ctx, pwSpec->msItem.data, pwSpec->msItem.len);
           MD5_Update(md5Ctx, sha_out, outLen);
           MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
           PORT_Assert(outLen == MD5_LENGTH);
           made += MD5_LENGTH;
       }
       block_bytes = made;
    }
    PORT_Assert(block_bytes >= block_needed);
    PORT_Assert(block_bytes <= sizeof pwSpec->key_block);
    PRINT_BUF(100, (NULL, "key block", key_block, block_bytes));

    /*
     * Put the key material where it goes.
     */
    key_block2 = key_block + block_bytes;
    i = 0;                  /* now shows how much consumed */

    /* 
     * The key_block is partitioned as follows:
     * client_write_MAC_secret[CipherSpec.hash_size]
     */
    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item);
    i += macSize;

    /* 
     * server_write_MAC_secret[CipherSpec.hash_size]
     */
    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item);
    i += macSize;

    if (!keySize) {
       /* only MACing */
       buildSSLKey(NULL, 0, &pwSpec->client.write_key_item);
       buildSSLKey(NULL, 0, &pwSpec->server.write_key_item);
       buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item);
       buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item);
    } else if (!isExport) {
       /* 
       ** Generate Domestic write keys and IVs.
       ** client_write_key[CipherSpec.key_material]
       */
       buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item);
       i += keySize;

       /* 
       ** server_write_key[CipherSpec.key_material]
       */
       buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item);
       i += keySize;

       if (IVSize > 0) {
           /* 
           ** client_write_IV[CipherSpec.IV_size]
           */
           buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item);
           i += IVSize;

           /* 
           ** server_write_IV[CipherSpec.IV_size]
           */
           buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item);
           i += IVSize;
       }
       PORT_Assert(i <= block_bytes);

    } else if (!isTLS) { 
       /*
       ** Generate SSL3 Export write keys and IVs.
       */
       unsigned int    outLen;

       /*
       ** client_write_key[CipherSpec.key_material]
       ** final_client_write_key = MD5(client_write_key +
       **                   ClientHello.random + ServerHello.random);
       */
       MD5_Begin(md5Ctx);
       MD5_Update(md5Ctx, &key_block[i], effKeySize);
       MD5_Update(md5Ctx, crsr.data, crsr.len);
       MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
       i += effKeySize;
       buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
       key_block2 += keySize;

       /*
       ** server_write_key[CipherSpec.key_material]
       ** final_server_write_key = MD5(server_write_key +
       **                    ServerHello.random + ClientHello.random);
       */
       MD5_Begin(md5Ctx);
       MD5_Update(md5Ctx, &key_block[i], effKeySize);
       MD5_Update(md5Ctx, srcr.data, srcr.len);
       MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
       i += effKeySize;
       buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
       key_block2 += keySize;
       PORT_Assert(i <= block_bytes);

       if (IVSize) {
           /*
           ** client_write_IV = 
           ** MD5(ClientHello.random + ServerHello.random);
           */
           MD5_Begin(md5Ctx);
           MD5_Update(md5Ctx, crsr.data, crsr.len);
           MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
           buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item);
           key_block2 += IVSize;

           /*
           ** server_write_IV = 
           ** MD5(ServerHello.random + ClientHello.random);
           */
           MD5_Begin(md5Ctx);
           MD5_Update(md5Ctx, srcr.data, srcr.len);
           MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
           buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item);
           key_block2 += IVSize;
       }

       PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
    } else {
       /*
       ** Generate TLS Export write keys and IVs.
       */
       SECItem       secret ;
       SECItem       keyblk ;

       secret.type = siBuffer;
       keyblk.type = siBuffer;
       /*
       ** client_write_key[CipherSpec.key_material]
       ** final_client_write_key = PRF(client_write_key, 
       **                              "client write key",
       **                              client_random + server_random);
       */
       secret.data = &key_block[i];
       secret.len  = effKeySize;
       i          += effKeySize;
       keyblk.data = key_block2;
       keyblk.len  = keySize;
       status = TLS_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS);
       if (status != SECSuccess) {
           goto key_and_mac_derive_fail;
       }
       buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
       key_block2 += keySize;

       /*
       ** server_write_key[CipherSpec.key_material]
       ** final_server_write_key = PRF(server_write_key,
       **                              "server write key",
       **                              client_random + server_random);
       */
       secret.data = &key_block[i];
       secret.len  = effKeySize;
       i          += effKeySize;
       keyblk.data = key_block2;
       keyblk.len  = keySize;
       status = TLS_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS);
       if (status != SECSuccess) {
           goto key_and_mac_derive_fail;
       }
       buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
       key_block2 += keySize;

       /*
       ** iv_block = PRF("", "IV block", client_random + server_random);
       ** client_write_IV[SecurityParameters.IV_size]
       ** server_write_IV[SecurityParameters.IV_size]
       */
       if (IVSize) {
           secret.data = NULL;
           secret.len  = 0;
           keyblk.data = key_block2;
           keyblk.len  = 2 * IVSize;
           status = TLS_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS);
           if (status != SECSuccess) {
              goto key_and_mac_derive_fail;
           }
           buildSSLKey(key_block2,          IVSize, &pwSpec->client.write_iv_item);
           buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item);
           key_block2 += 2 * IVSize;
       }
       PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
    }
    rv = SECSuccess;

key_and_mac_derive_fail:

    MD5_DestroyContext(md5Ctx, PR_FALSE);
    SHA1_DestroyContext(shaCtx, PR_FALSE);

    if (rv != SECSuccess) {
       PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_MasterKeyDeriveBypass ( ssl3CipherSpec pwSpec,
const unsigned char *  cr,
const unsigned char *  sr,
const SECItem *  pms,
PRBool  isTLS,
PRBool  isRSA 
)

Definition at line 418 of file derive.c.

{
    unsigned char * key_block    = pwSpec->key_block;
    SECStatus       rv    = SECSuccess;
    PRBool          isFIPS = PR_FALSE;

    SECItem         crsr;

    unsigned char     crsrdata[SSL3_RANDOM_LENGTH * 2];
    PRUint64          md5buf[22];
    PRUint64          shabuf[40];

#define md5Ctx ((MD5Context *)md5buf)
#define shaCtx ((SHA1Context *)shabuf)

    /* first do the consistancy checks */
    if (isRSA) { 
       PORT_Assert(pms->len == SSL3_RSA_PMS_LENGTH);
       if (pms->len != SSL3_RSA_PMS_LENGTH) {
           PORT_SetError(SEC_ERROR_INVALID_ARGS);
           return SECFailure;
       }
       /* caller must test PMS version for rollback */
    }

    /* initialize the client random, server random block */
    crsr.type   = siBuffer;
    crsr.data   = crsrdata;
    crsr.len    = sizeof crsrdata;
    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
    PRINT_BUF(100, (NULL, "Master Secret CRSR", crsr.data, crsr.len));

    /* finally do the key gen */
    if (isTLS) {
       SECItem master = { siBuffer, NULL, 0 };

       master.data = key_block;
       master.len = SSL3_MASTER_SECRET_LENGTH;

       rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
       if (rv != SECSuccess) {
           PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
       }
    } else {
       int i;
       int made = 0;
       for (i = 0; i < 3; i++) {
           unsigned int    outLen;
           unsigned char   sha_out[SHA1_LENGTH];

           SHA1_Begin(shaCtx);
           SHA1_Update(shaCtx, (unsigned char*) mixers[i], i+1);
           SHA1_Update(shaCtx, pms->data, pms->len);
           SHA1_Update(shaCtx, crsr.data, crsr.len);
           SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
           PORT_Assert(outLen == SHA1_LENGTH);

           MD5_Begin(md5Ctx);
           MD5_Update(md5Ctx, pms->data, pms->len);
           MD5_Update(md5Ctx, sha_out, outLen);
           MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
           PORT_Assert(outLen == MD5_LENGTH);
           made += outLen;
       }
    }

    /* store the results */
    PORT_Memcpy(pwSpec->raw_master_secret, key_block, 
              SSL3_MASTER_SECRET_LENGTH);
    pwSpec->msItem.data = pwSpec->raw_master_secret;
    pwSpec->msItem.len  = SSL3_MASTER_SECRET_LENGTH;
    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data, 
                                           pwSpec->msItem.len));

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_NegotiateVersion ( sslSocket *  ss,
SSL3ProtocolVersion  peerVersion 
)

Definition at line 734 of file ssl3con.c.

{
    SSL3ProtocolVersion version;
    SSL3ProtocolVersion maxVersion;

    if (ss->opt.enableTLS) {
       maxVersion = SSL_LIBRARY_VERSION_3_1_TLS;
    } else if (ss->opt.enableSSL3) {
       maxVersion = SSL_LIBRARY_VERSION_3_0;
    } else {
       /* what are we doing here? */
       PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS);
       PORT_SetError(SSL_ERROR_SSL_DISABLED);
       return SECFailure;
    }

    ss->version = version = PR_MIN(maxVersion, peerVersion);

    if ((version == SSL_LIBRARY_VERSION_3_1_TLS && ss->opt.enableTLS) ||
       (version == SSL_LIBRARY_VERSION_3_0     && ss->opt.enableSSL3)) {
       return SECSuccess;
    }

    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
    return SECFailure;

}

Here is the call graph for this function:

Here is the caller graph for this function:

ssl3KeyPair* ssl3_NewKeyPair ( SECKEYPrivateKey *  privKey,
SECKEYPublicKey *  pubKey 
)

Definition at line 8235 of file ssl3con.c.

{
    ssl3KeyPair * pair;

    if (!privKey || !pubKey) {
       PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
       return NULL;
    }
    pair = PORT_ZNew(ssl3KeyPair);
    if (!pair)
       return NULL;                /* error code is set. */
    pair->refCount = 1;
    pair->privKey  = privKey;
    pair->pubKey   = pubKey;
    return pair;                   /* success */
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_RedoHandshake ( sslSocket *  ss,
PRBool  flushCache 
)

Definition at line 8464 of file ssl3con.c.

{
    sslSessionID *   sid = ss->sec.ci.sid;
    SECStatus        rv;

    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );

    if (!ss->firstHsDone ||
        ((ss->version >= SSL_LIBRARY_VERSION_3_0) &&
        ss->ssl3.initialized && 
        (ss->ssl3.hs.ws != idle_handshake))) {
       PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
       return SECFailure;
    }
    if (sid && flushCache) {
       ss->sec.uncache(sid);       /* remove it from whichever cache it's in. */
       ssl_FreeSID(sid);    /* dec ref count and free if zero. */
       ss->sec.ci.sid = NULL;
    }

    ssl_GetXmitBufLock(ss); /**************************************/

    /* start off a new handshake. */
    rv = (ss->sec.isServer) ? ssl3_SendHelloRequest(ss)
                            : ssl3_SendClientHello(ss);

    ssl_ReleaseXmitBufLock(ss);    /**************************************/
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1310 of file ssl3ecc.c.

{
    int i;
    ssl3HelloExtensionSender *sender = &ss->serverExtensionSenders[0];

    for (i = 0; i < MAX_EXTENSION_SENDERS; ++i, ++sender) {
        if (!sender->ex_sender) {
           sender->ex_type   = ex_type;
           sender->ex_sender = cb;
           return SECSuccess;
       }
       /* detect duplicate senders */
       PORT_Assert(sender->ex_type != ex_type);
       if (sender->ex_type == ex_type) {
           /* duplicate */
           break;
       }
    }
    PORT_Assert(i < MAX_EXTENSION_SENDERS); /* table needs to grow */
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
    return SECFailure;
}

Here is the call graph for this function:

SECStatus ssl3_RestartHandshakeAfterCertReq ( sslSocket *  ss,
CERTCertificate *  cert,
SECKEYPrivateKey *  key,
CERTCertificateList *  certChain 
)

Definition at line 5218 of file ssl3con.c.

{
    SECStatus        rv          = SECSuccess;

    if (MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0)) {
       /* XXX This code only works on the initial handshake on a connection,
       ** XXX It does not work on a subsequent handshake (redo).
       */
       if (ss->handshake != 0) {
           ss->handshake               = ssl_GatherRecord1stHandshake;
           ss->ssl3.clientCertificate = cert;
           ss->ssl3.clientCertChain   = certChain;
           if (key == NULL) {
              (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
              ss->ssl3.clientPrivateKey = NULL;
           } else {
              ss->ssl3.clientPrivateKey = SECKEY_CopyPrivateKey(key);
           }
           ssl_GetRecvBufLock(ss);
           if (ss->ssl3.hs.msgState.buf != NULL) {
              rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
           }
           ssl_ReleaseRecvBufLock(ss);
       }
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 7261 of file ssl3con.c.

{
    CERTCertificate * cert;
    int               rv    = SECSuccess;

    if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
       SET_ERROR_CODE
       return SECFailure;
    }
    if (!ss->ssl3.initialized) {
       SET_ERROR_CODE
       return SECFailure;
    }

    cert = ss->sec.peerCert;

    /* Permit step up if user decided to accept the cert */
    if (!ss->sec.isServer &&
       ssl3_global_policy_some_restricted &&
        ss->ssl3.policy == SSL_ALLOWED &&
       anyRestrictedEnabled(ss) &&
       (SECSuccess == CERT_VerifyCertNow(cert->dbhandle, cert,
                                         PR_FALSE, /* checksig */
                                      certUsageSSLServerWithStepUp,
/*XXX*/                                      ss->authCertificateArg) )) {
       ss->ssl3.policy         = SSL_RESTRICTED;
       ss->ssl3.hs.rehandshake = PR_TRUE;
    }

    if (ss->handshake != NULL) {
       ss->handshake = ssl_GatherRecord1stHandshake;
       ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);

       ssl_GetRecvBufLock(ss);
       if (ss->ssl3.hs.msgState.buf != NULL) {
           rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
       }
       ssl_ReleaseRecvBufLock(ss);
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SSL3_SendAlert ( sslSocket *  ss,
SSL3AlertLevel  level,
SSL3AlertDescription  desc 
)

Definition at line 2244 of file ssl3con.c.

{
    uint8     bytes[2];
    SECStatus rv;

    SSL_TRC(3, ("%d: SSL3[%d]: send alert record, level=%d desc=%d",
              SSL_GETPID(), ss->fd, level, desc));

    bytes[0] = level;
    bytes[1] = desc;

    ssl_GetSSL3HandshakeLock(ss);
    if (level == alert_fatal) {
       if (ss->sec.ci.sid) {
           ss->sec.uncache(ss->sec.ci.sid);
       }
    }
    ssl_GetXmitBufLock(ss);
    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
    if (rv == SECSuccess) {
       PRInt32 sent;
       sent = ssl3_SendRecord(ss, content_alert, bytes, 2, 
                            desc == no_certificate 
                            ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0);
       rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
    }
    ssl_ReleaseXmitBufLock(ss);
    ssl_ReleaseSSL3HandshakeLock(ss);
    return rv;       /* error set by ssl3_FlushHandshake or ssl3_SendRecord */
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ssl3_SendApplicationData ( sslSocket *  ss,
const PRUint8 in,
int  len,
int  flags 
)

Definition at line 2043 of file ssl3con.c.

{
    PRInt32   totalSent     = 0;
    PRInt32   discarded = 0;

    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
    if (len < 0 || !in) {
       PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
       return SECFailure;
    }

    if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER &&
        !ssl_SocketIsBlocking(ss)) {
       PORT_Assert(!ssl_SocketIsBlocking(ss));
       PORT_SetError(PR_WOULD_BLOCK_ERROR);
       return SECFailure;
    }

    if (ss->appDataBuffered && len) {
       PORT_Assert (in[0] == (unsigned char)(ss->appDataBuffered));
       if (in[0] != (unsigned char)(ss->appDataBuffered)) {
           PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
           return SECFailure;
       }
       in++;
       len--;
       discarded = 1;
    }
    while (len > totalSent) {
       PRInt32   sent, toSend;

       if (totalSent > 0) {
           /*
            * The thread yield is intended to give the reader thread a
            * chance to get some cycles while the writer thread is in
            * the middle of a large application data write.  (See
            * Bugzilla bug 127740, comment #1.)
            */
           ssl_ReleaseXmitBufLock(ss);
           PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */
           ssl_GetXmitBufLock(ss);
       }
       toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
       sent = ssl3_SendRecord(ss, content_application_data, 
                              in + totalSent, toSend, flags);
       if (sent < 0) {
           if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) {
              PORT_Assert(ss->lastWriteBlocked);
              break;
           }
           return SECFailure; /* error code set by ssl3_SendRecord */
       }
       totalSent += sent;
       if (ss->pendingBuf.len) {
           /* must be a non-blocking socket */
           PORT_Assert(!ssl_SocketIsBlocking(ss));
           PORT_Assert(ss->lastWriteBlocked);
           break;    
       }
    }
    if (ss->pendingBuf.len) {
       /* Must be non-blocking. */
       PORT_Assert(!ssl_SocketIsBlocking(ss));
       if (totalSent > 0) {
           ss->appDataBuffered = 0x100 | in[totalSent - 1];
       }

       totalSent = totalSent + discarded - 1;
       if (totalSent <= 0) {
           PORT_SetError(PR_WOULD_BLOCK_ERROR);
           totalSent = SECFailure;
       }
       return totalSent;
    } 
    ss->appDataBuffered = 0;
    return totalSent + discarded;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_SendClientHello ( sslSocket *  ss)

Definition at line 3449 of file ssl3con.c.

{
    sslSessionID *   sid;
    ssl3CipherSpec * cwSpec;
    SECStatus        rv;
    int              i;
    int              length;
    int              num_suites;
    int              actual_count = 0;
    PRInt32          total_exten_len = 0;

    SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(),
              ss->fd));

    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );

    rv = ssl3_InitState(ss);
    if (rv != SECSuccess) {
       return rv;           /* ssl3_InitState has set the error code. */
    }

    SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
           SSL_GETPID(), ss->fd ));
    rv = ssl3_RestartHandshakeHashes(ss);
    if (rv != SECSuccess) {
       return rv;
    }

    /* We ignore ss->sec.ci.sid here, and use ssl_Lookup because Lookup
     * handles expired entries and other details.
     * XXX If we've been called from ssl2_BeginClientHandshake, then
     * this lookup is duplicative and wasteful.
     */
    sid = (ss->opt.noCache) ? NULL
           : ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, ss->url);

    /* We can't resume based on a different token. If the sid exists,
     * make sure the token that holds the master secret still exists ...
     * If we previously did client-auth, make sure that the token that holds
     * the private key still exists, is logged in, hasn't been removed, etc.
     */
    if (sid) {
       PRBool sidOK = PR_TRUE;
       if (sid->u.ssl3.keys.msIsWrapped) {
           /* Session key was wrapped, which means it was using PKCS11, */
           PK11SlotInfo *slot = NULL;
           if (sid->u.ssl3.masterValid && !ss->opt.bypassPKCS11) {
              slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
                                    sid->u.ssl3.masterSlotID);
           }
           if (slot == NULL) {
              sidOK = PR_FALSE;
           } else {
              PK11SymKey *wrapKey = NULL;
              if (!PK11_IsPresent(slot) ||
                  ((wrapKey = PK11_GetWrapKey(slot, 
                                          sid->u.ssl3.masterWrapIndex,
                                          sid->u.ssl3.masterWrapMech,
                                          sid->u.ssl3.masterWrapSeries,
                                          ss->pkcs11PinArg)) == NULL) ) {
                  sidOK = PR_FALSE;
              }
              if (wrapKey) PK11_FreeSymKey(wrapKey);
              PK11_FreeSlot(slot);
              slot = NULL;
           }
       }
       /* If we previously did client-auth, make sure that the token that
       ** holds the private key still exists, is logged in, hasn't been
       ** removed, etc.
       */
       if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) {
           sidOK = PR_FALSE;
       }

       if (!sidOK) {
           SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_not_ok );
           (*ss->sec.uncache)(sid);
           ssl_FreeSID(sid);
           sid = NULL;
       }
    }

    if (sid) {
       SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );

       rv = ssl3_NegotiateVersion(ss, sid->version);
       if (rv != SECSuccess)
           return rv;       /* error code was set */

       PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
                    sid->u.ssl3.sessionIDLength));

       ss->ssl3.policy = sid->u.ssl3.policy;
    } else {
       SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_misses );

       rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_3_1_TLS);
       if (rv != SECSuccess)
           return rv;       /* error code was set */

       sid = ssl3_NewSessionID(ss, PR_FALSE);
       if (!sid) {
           return SECFailure;      /* memory error is set */
        }
    }

    ssl_GetSpecWriteLock(ss);
    cwSpec = ss->ssl3.cwSpec;
    if (cwSpec->mac_def->mac == mac_null) {
       /* SSL records are not being MACed. */
       cwSpec->version = ss->version;
    }
    ssl_ReleaseSpecWriteLock(ss);

    if (ss->sec.ci.sid != NULL) {
       ssl_FreeSID(ss->sec.ci.sid);       /* decrement ref count, free if zero */
    }
    ss->sec.ci.sid = sid;

    ss->sec.send = ssl3_SendApplicationData;

    /* shouldn't get here if SSL3 is disabled, but ... */
    PORT_Assert(ss->opt.enableSSL3 || ss->opt.enableTLS);
    if (!ss->opt.enableSSL3 && !ss->opt.enableTLS) {
       PORT_SetError(SSL_ERROR_SSL_DISABLED);
       return SECFailure;
    }

    /* how many suites does our PKCS11 support (regardless of policy)? */
    num_suites = ssl3_config_match_init(ss);
    if (!num_suites)
       return SECFailure;   /* ssl3_config_match_init has set error code. */

    if (ss->opt.enableTLS && ss->version > SSL_LIBRARY_VERSION_3_0) {
       PRUint32 maxBytes = 65535; /* 2^16 - 1 */
       PRInt32  extLen;

       extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
       if (extLen < 0) {
           return SECFailure;
       }
       maxBytes        -= extLen;
       total_exten_len += extLen;

       if (total_exten_len > 0)
           total_exten_len += 2;
    }
#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
    else { /* SSL3 only */
       ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
    }
#endif

    /* how many suites are permitted by policy and user preference? */
    num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
    if (!num_suites)
       return SECFailure;   /* count_cipher_suites has set error code. */

    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH +
       1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength) +
       2 + num_suites*sizeof(ssl3CipherSuite) +
       1 + compressionMethodsCount + total_exten_len;

    rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }

    ss->clientHelloVersion = ss->version;
    rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }
    rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
    if (rv != SECSuccess) {
       return rv;    /* err set by GetNewRandom. */
    }
    rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
                              SSL3_RANDOM_LENGTH);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }

    if (sid)
       rv = ssl3_AppendHandshakeVariable(
           ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
    else
       rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }

    rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }


    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
       ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
       if (config_match(suite, ss->ssl3.policy, PR_TRUE)) {
           actual_count++;
           if (actual_count > num_suites) {
              /* set error card removal/insertion error */
              PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
              return SECFailure;
           }
           rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
                                       sizeof(ssl3CipherSuite));
           if (rv != SECSuccess) {
              return rv;    /* err set by ssl3_AppendHandshake* */
           }
       }
    }

    /* if cards were removed or inserted between count_cipher_suites and
     * generating our list, detect the error here rather than send it off to
     * the server.. */
    if (actual_count != num_suites) {
       /* Card removal/insertion error */
       PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
       return SECFailure;
    }

    rv = ssl3_AppendHandshakeNumber(ss, compressionMethodsCount, 1);
    if (rv != SECSuccess) {
       return rv;    /* err set by ssl3_AppendHandshake* */
    }
    for (i = 0; i < compressionMethodsCount; i++) {
       rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
       if (rv != SECSuccess) {
           return rv;       /* err set by ssl3_AppendHandshake* */
       }
    }

    if (total_exten_len) {
       PRUint32 maxBytes = total_exten_len - 2;
       PRInt32  extLen;

       rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
       if (rv != SECSuccess) {
           return rv;       /* err set by AppendHandshake. */
       }

       extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
       if (extLen < 0) {
           return SECFailure;
       }
       maxBytes -= extLen;
       PORT_Assert(!maxBytes);
    }


    rv = ssl3_FlushHandshake(ss, 0);
    if (rv != SECSuccess) {
       return rv;    /* error code set by ssl3_FlushHandshake */
    }

    ss->ssl3.hs.ws = wait_server_hello;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRInt32 ssl3_SendServerNameIndicationExtension ( sslSocket *  ss,
PRBool  append,
PRUint32  maxBytes 
)

Definition at line 1189 of file ssl3ecc.c.

{
    PRUint32 len, span;
    /* must have a hostname */
    if (!ss || !ss->url || !ss->url[0])
       return 0;
    /* must have at lest one character other than [0-9\.] */
    len  = PORT_Strlen(ss->url);
    span = strspn(ss->url, "0123456789.");
    if (len == span) {
       /* is a dotted decimal IP address */
       return 0;
    }
    if (append && maxBytes >= len + 9) {
       SECStatus rv;
       /* extension_type */
       rv = ssl3_AppendHandshakeNumber(ss,       0, 2); 
       if (rv != SECSuccess) return 0;
       /* length of extension_data */
       rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); 
       if (rv != SECSuccess) return 0;
       /* length of server_name_list */
       rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2);
       if (rv != SECSuccess) return 0;
       /* Name Type (host_name) */
       rv = ssl3_AppendHandshake(ss,       "\0",    1);
       if (rv != SECSuccess) return 0;
       /* HostName (length and value) */
       rv = ssl3_AppendHandshakeVariable(ss, ss->url, len, 2);
       if (rv != SECSuccess) return 0;
    }
    return len + 9;
}

Here is the call graph for this function:

Definition at line 8308 of file ssl3con.c.

{
    ssl3CipherSuiteCfg *suite;

    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
    if (suite == NULL) {
       return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
    }
    suite->policy = policy;

    if (policy == SSL_RESTRICTED) {
       ssl3_global_policy_some_restricted = PR_TRUE;
    }

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 3893 of file ssl3con.c.

{
    int             i, j;

    if (!symWrapKeysLock)
       return SECSuccess;   /* was never initialized */
    PZ_Lock(symWrapKeysLock);
    /* get rid of all symWrapKeys */
    for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
       for (j = 0; j < kt_kea_size; ++j) {
           PK11SymKey **   pSymWrapKey;
           pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
           if (*pSymWrapKey) {
              PK11_FreeSymKey(*pSymWrapKey);
              *pSymWrapKey = NULL;
           }
       }
    }

    PZ_Unlock(symWrapKeysLock);
    return SECSuccess;
}

Here is the call graph for this function:

SECStatus ssl3_SignHashes ( SSL3Hashes hash,
SECKEYPrivateKey *  key,
SECItem *  buf,
PRBool  isTLS 
)

Definition at line 783 of file ssl3con.c.

{
    SECStatus rv            = SECFailure;
    PRBool    doDerEncode       = PR_FALSE;
    int       signatureLen;
    SECItem   hashItem;

    buf->data    = NULL;
    signatureLen = PK11_SignatureLen(key);
    if (signatureLen <= 0) {
       PORT_SetError(SEC_ERROR_INVALID_KEY);
        goto done;
    }

    buf->len  = (unsigned)signatureLen;
    buf->data = (unsigned char *)PORT_Alloc(signatureLen);
    if (!buf->data)
        goto done;   /* error code was set. */

    switch (key->keyType) {
    case rsaKey:
       hashItem.data = hash->md5;
       hashItem.len = sizeof(SSL3Hashes);
       break;
    case dsaKey:
       doDerEncode = isTLS;
       hashItem.data = hash->sha;
       hashItem.len = sizeof(hash->sha);
       break;
#ifdef NSS_ENABLE_ECC
    case ecKey:
       doDerEncode = PR_TRUE;
       hashItem.data = hash->sha;
       hashItem.len = sizeof(hash->sha);
       break;
#endif /* NSS_ENABLE_ECC */
    default:
       PORT_SetError(SEC_ERROR_INVALID_KEY);
       goto done;
    }
    PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));

    rv = PK11_Sign(key, buf, &hashItem);
    if (rv != SECSuccess) {
       ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
    } else if (doDerEncode) {
       SECItem   derSig     = {siBuffer, NULL, 0};

       /* This also works for an ECDSA signature */
       rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
       if (rv == SECSuccess) {
           PORT_Free(buf->data);   /* discard unencoded signature. */
           *buf = derSig;          /* give caller encoded signature. */
       } else if (derSig.data) {
           PORT_Free(derSig.data);
       }
    }

    PRINT_BUF(60, (NULL, "signed hashes", (unsigned char*)buf->data, buf->len));
done:
    if (rv != SECSuccess && buf->data) {
       PORT_Free(buf->data);
       buf->data = NULL;
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_StartHandshakeHash ( sslSocket *  ss,
unsigned char *  buf,
int  length 
)

Definition at line 3413 of file ssl3con.c.

{
    SECStatus rv;

    ssl_GetSSL3HandshakeLock(ss);  /**************************************/

    rv = ssl3_InitState(ss);
    if (rv != SECSuccess) {
       goto done;           /* ssl3_InitState has set the error code. */
    }

    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
    PORT_Memcpy(
       &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - SSL_CHALLENGE_BYTES],
       &ss->sec.ci.clientChallenge,
       SSL_CHALLENGE_BYTES);

    rv = ssl3_UpdateHandshakeHashes(ss, buf, length);
    /* if it failed, ssl3_UpdateHandshakeHashes has set the error code. */

done:
    ssl_ReleaseSSL3HandshakeLock(ss);  /**************************************/
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus ssl3_VerifySignedHashes ( SSL3Hashes hash,
CERTCertificate *  cert,
SECItem *  buf,
PRBool  isTLS,
void pwArg 
)

Definition at line 853 of file ssl3con.c.

{
    SECKEYPublicKey * key;
    SECItem *         signature    = NULL;
    SECStatus         rv;
    SECItem           hashItem;
#ifdef NSS_ENABLE_ECC
    unsigned int      len;
#endif /* NSS_ENABLE_ECC */


    PRINT_BUF(60, (NULL, "check signed hashes",
                  buf->data, buf->len));

    key = CERT_ExtractPublicKey(cert);
    if (key == NULL) {
       /* CERT_ExtractPublicKey doesn't set error code */
       PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
       return SECFailure;
    }

    switch (key->keyType) {
    case rsaKey:
       hashItem.data = hash->md5;
       hashItem.len = sizeof(SSL3Hashes);
       break;
    case dsaKey:
       hashItem.data = hash->sha;
       hashItem.len = sizeof(hash->sha);
       if (isTLS) {
           signature = DSAU_DecodeDerSig(buf);
           if (!signature) {
              PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
              return SECFailure;
           }
           buf = signature;
       }
       break;

#ifdef NSS_ENABLE_ECC
    case ecKey:
       hashItem.data = hash->sha;
       hashItem.len = sizeof(hash->sha);
       /*
        * ECDSA signatures always encode the integers r and s 
        * using ASN (unlike DSA where ASN encoding is used
        * with TLS but not with SSL3)
        */
       len = SECKEY_SignatureLen(key);
       if (len == 0) {
           SECKEY_DestroyPublicKey(key);
           PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
           return SECFailure;
       }
       signature = DSAU_DecodeDerSigToLen(buf, len);
       if (!signature) {
           PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
           return SECFailure;
       }
       buf = signature;
       break;
#endif /* NSS_ENABLE_ECC */

    default:
       SECKEY_DestroyPublicKey(key);
       PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
       return SECFailure;
    }

    PRINT_BUF(60, (NULL, "hash(es) to be verified",
                  hashItem.data, hashItem.len));

    rv = PK11_Verify(key, buf, &hashItem, pwArg);
    SECKEY_DestroyPublicKey(key);
    if (signature) {
       SECITEM_FreeItem(signature, PR_TRUE);
    }
    if (rv != SECSuccess) {
       ssl_MapLowLevelError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ssl_ChooseSessionIDProcs ( sslSecurityInfo *  sec)

Definition at line 335 of file sslnonce.c.

{
    if (sec->isServer) {
       sec->cache   = ssl_sid_cache;
       sec->uncache = ssl_sid_uncache;
    } else {
       sec->cache   = CacheSID;
       sec->uncache = LockAndUncacheSID;
    }
}

Here is the call graph for this function:

SECStatus ssl_CopySecurityInfo ( sslSocket *  ss,
sslSocket *  os 
)

Definition at line 841 of file sslsecur.c.

{
    ss->sec.send            = os->sec.send;
    ss->sec.isServer               = os->sec.isServer;
    ss->sec.keyBits                = os->sec.keyBits;
    ss->sec.secretKeyBits   = os->sec.secretKeyBits;

    ss->sec.peerCert               = CERT_DupCertificate(os->sec.peerCert);
    if (os->sec.peerCert && !ss->sec.peerCert)
       goto loser;

    ss->sec.cache                  = os->sec.cache;
    ss->sec.uncache                = os->sec.uncache;

    /* we don't dup the connection info. */

    ss->sec.sendSequence    = os->sec.sendSequence;
    ss->sec.rcvSequence     = os->sec.rcvSequence;

    if (os->sec.hash && os->sec.hashcx) {
       ss->sec.hash         = os->sec.hash;
       ss->sec.hashcx              = os->sec.hash->clone(os->sec.hashcx);
       if (os->sec.hashcx && !ss->sec.hashcx)
           goto loser;
    } else {
       ss->sec.hash         = NULL;
       ss->sec.hashcx              = NULL;
    }

    SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret);
    if (os->sec.sendSecret.data && !ss->sec.sendSecret.data)
       goto loser;
    SECITEM_CopyItem(0, &ss->sec.rcvSecret,  &os->sec.rcvSecret);
    if (os->sec.rcvSecret.data && !ss->sec.rcvSecret.data)
       goto loser;

    /* XXX following code is wrong if either cx != 0 */
    PORT_Assert(os->sec.readcx  == 0);
    PORT_Assert(os->sec.writecx == 0);
    ss->sec.readcx                 = os->sec.readcx;
    ss->sec.writecx                = os->sec.writecx;
    ss->sec.destroy                = 0;   

    ss->sec.enc                    = os->sec.enc;
    ss->sec.dec                    = os->sec.dec;

    ss->sec.blockShift             = os->sec.blockShift;
    ss->sec.blockSize              = os->sec.blockSize;

    return SECSuccess;

loser:
    return SECFailure;
}

Here is the call graph for this function:

SECStatus ssl_CreateSecurityInfo ( sslSocket *  ss)

Definition at line 823 of file sslsecur.c.

{
    SECStatus status;

    /* initialize sslv2 socket to send data in the clear. */
    ssl2_UseClearSendFunc(ss);

    ss->sec.blockSize  = 1;
    ss->sec.blockShift = 0;

    ssl_GetXmitBufLock(ss); 
    status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
    ssl_ReleaseXmitBufLock(ss); 

    return status;
}

Here is the call graph for this function:

PRFileDesc* ssl_DefAccept ( sslSocket *  ss,
PRNetAddr addr 
)
int ssl_DefBind ( sslSocket *  ss,
const PRNetAddr addr 
)

Definition at line 62 of file ssldef.c.

{
    PRFileDesc *lower = ss->fd->lower;
    int rv;

    rv = lower->methods->bind(lower, addr);
    return rv;
}
int ssl_DefClose ( sslSocket *  ss)

Definition at line 202 of file ssldef.c.

{
    PRFileDesc *fd;
    PRFileDesc *popped;
    int         rv;

    fd    = ss->fd;

    /* First, remove the SSL layer PRFileDesc from the socket's stack, 
    ** then invoke the SSL layer's PRFileDesc destructor.
    ** This must happen before the next layer down is closed.
    */
    PORT_Assert(fd->higher == NULL);
    if (fd->higher) {
       PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
       return SECFailure;
    }
    ss->fd = NULL;

    /* PR_PopIOLayer will swap the contents of the top two PRFileDescs on
    ** the stack, and then remove the second one.  This way, the address
    ** of the PRFileDesc on the top of the stack doesn't change.
    */
    popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER); 
    popped->dtor(popped);

    /* fd is now the PRFileDesc for the next layer down.
    ** Now close the underlying socket. 
    */
    rv = fd->methods->close(fd);

    ssl_FreeSocket(ss);

    SSL_TRC(5, ("%d: SSL[%d]: closing, rv=%d errno=%d",
              SSL_GETPID(), fd, rv, PORT_GetError()));
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function: