summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/sslimpl.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/sslimpl.h')
-rw-r--r--security/nss/lib/ssl/sslimpl.h161
1 files changed, 95 insertions, 66 deletions
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index 09c37832a..64694b0df 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -34,7 +34,7 @@
#include "sslt.h" /* for some formerly private types, now public */
typedef struct sslSocketStr sslSocket;
-
+typedef struct ssl3CipherSpecStr ssl3CipherSpec;
#include "ssl3ext.h"
/* to make some of these old enums public without namespace pollution,
@@ -125,7 +125,8 @@ typedef enum { SSLAppOpRead = 0,
#define SSL3_MASTER_SECRET_LENGTH 48
/* number of wrap mechanisms potentially used to wrap master secrets. */
-#define SSL_NUM_WRAP_MECHS 16
+#define SSL_NUM_WRAP_MECHS 15
+#define SSL_NUM_WRAP_KEYS 6
/* This makes the cert cache entry exactly 4k. */
#define SSL_MAX_CACHED_CERT_LEN 4060
@@ -200,6 +201,9 @@ typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
unsigned char *sid,
unsigned int sidLen,
CERTCertDBHandle *dbHandle);
+typedef void (*sslCipherSpecChangedFunc)(void *arg,
+ PRBool sending,
+ ssl3CipherSpec *newSpec);
/* Socket ops */
struct sslSocketOpsStr {
@@ -367,6 +371,10 @@ struct sslGatherStr {
/* the start of the buffered DTLS record in dtlsPacket */
unsigned int dtlsPacketOffset;
+
+ /* tracks whether we've seen a v3-type record before and must reject
+ * any further v2-type records. */
+ PRBool rejectV2Records;
};
/* sslGather.state */
@@ -408,7 +416,7 @@ typedef PRUint16 DTLSEpoch;
typedef void (*DTLSTimerCb)(sslSocket *);
typedef struct {
- SSL3Opaque wrapped_master_secret[48];
+ PRUint8 wrapped_master_secret[48];
PRUint16 wrapped_master_secret_len;
PRUint8 msIsWrapped;
PRUint8 resumable;
@@ -422,7 +430,7 @@ typedef struct {
SECItem write_key_item;
SECItem write_iv_item;
SECItem write_mac_key_item;
- SSL3Opaque write_iv[MAX_IV_LENGTH];
+ PRUint8 write_iv[MAX_IV_LENGTH];
} ssl3KeyMaterial;
typedef SECStatus (*SSLCipher)(void *context,
@@ -469,7 +477,7 @@ typedef struct DTLSRecvdRecordsStr {
** Access to the pointers to these specs, and all the specs' contents
** (direct and indirect) is protected by the reader/writer lock ss->specLock.
*/
-typedef struct {
+struct ssl3CipherSpecStr {
PRCList link;
const ssl3BulkCipherDef *cipher_def;
const ssl3MACDef *mac_def;
@@ -496,10 +504,13 @@ typedef struct {
SECItem msItem;
DTLSEpoch epoch;
DTLSRecvdRecords recvdRecords;
+ /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
+ * will be zero for everything but 0-RTT. */
+ PRUint32 earlyDataRemaining;
PRUint8 refCt;
const char *phase;
-} ssl3CipherSpec;
+};
typedef enum { never_cached,
in_client_cache,
@@ -523,10 +534,10 @@ struct sslSessionIDStr {
*/
CERTCertificate *peerCert;
- SECItemArray peerCertStatus; /* client only */
- const char *peerID; /* client only */
- const char *urlSvrName; /* client only */
- sslServerCertType certType;
+ SECItemArray peerCertStatus; /* client only */
+ const char *peerID; /* client only */
+ const char *urlSvrName; /* client only */
+ const sslNamedGroupDef *namedCurve; /* (server) for certificate lookup */
CERTCertificate *localCert;
PRIPv6Addr addr;
@@ -546,7 +557,7 @@ struct sslSessionIDStr {
struct {
/* values that are copied into the server's on-disk SID cache. */
PRUint8 sessionIDLength;
- SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
+ PRUint8 sessionID[SSL3_SESSIONID_BYTES];
ssl3CipherSuite cipherSuite;
SSLCompressionMethod compression;
@@ -804,7 +815,7 @@ typedef struct SSL3HandshakeStateStr {
union {
TLSFinished tFinished[2]; /* client, then server */
SSL3Finished sFinished[2];
- SSL3Opaque data[72];
+ PRUint8 data[72];
} finishedMsgs;
PRBool authCertificatePending;
@@ -862,7 +873,6 @@ typedef struct SSL3HandshakeStateStr {
TLS13CertificateRequest *certificateRequest;
PRCList cipherSpecs; /* The cipher specs in the sequence they
* will be applied. */
- ssl3CipherSpec *nullSpec; /* In case 0-RTT is rejected. */
sslZeroRttState zeroRttState; /* Are we doing a 0-RTT handshake? */
sslZeroRttIgnore zeroRttIgnore; /* Are we ignoring 0-RTT? */
ssl3CipherSuite zeroRttSuite; /* The cipher suite we used for 0-RTT. */
@@ -894,6 +904,11 @@ struct ssl3StateStr {
ssl3CipherSpec *cwSpec; /* current write spec. */
ssl3CipherSpec *pwSpec; /* pending write spec. */
+ /* Internal callback for when we do a cipher suite change. Used for
+ * debugging in TLS 1.3. This can only be set by non-public functions. */
+ sslCipherSpecChangedFunc changedCipherSpecFunc;
+ void *changedCipherSpecArg;
+
CERTCertificate *clientCertificate; /* used by client */
SECKEYPrivateKey *clientPrivateKey; /* used by client */
CERTCertificateList *clientCertChain; /* used by client */
@@ -965,19 +980,19 @@ struct ssl3DHParamsStr {
};
typedef struct SSLWrappedSymWrappingKeyStr {
- SSL3Opaque wrappedSymmetricWrappingkey[512];
+ PRUint8 wrappedSymmetricWrappingkey[512];
CK_MECHANISM_TYPE symWrapMechanism;
/* unwrapped symmetric wrapping key uses this mechanism */
CK_MECHANISM_TYPE asymWrapMechanism;
/* mechanism used to wrap the SymmetricWrappingKey using
* server's public and/or private keys. */
- SSLAuthType authType; /* type of keys used to wrap SymWrapKey*/
- PRInt32 symWrapMechIndex;
+ PRInt16 wrapMechIndex;
+ PRUint16 wrapKeyIndex;
PRUint16 wrappedSymKeyLen;
} SSLWrappedSymWrappingKey;
typedef struct SessionTicketStr {
- PRUint16 ticket_version;
+ PRBool valid;
SSL3ProtocolVersion ssl_version;
ssl3CipherSuite cipher_suite;
SSLCompressionMethod compression_method;
@@ -985,21 +1000,23 @@ typedef struct SessionTicketStr {
PRUint32 authKeyBits;
SSLKEAType keaType;
PRUint32 keaKeyBits;
- sslServerCertType certType;
+ const sslNamedGroupDef *namedCurve; /* For certificate lookup. */
+
/*
* msWrapMech contains a meaningful value only if ms_is_wrapped is true.
*/
PRUint8 ms_is_wrapped;
CK_MECHANISM_TYPE msWrapMech;
PRUint16 ms_length;
- SSL3Opaque master_secret[48];
+ PRUint8 master_secret[48];
PRBool extendedMasterSecretUsed;
- ClientIdentity client_identity;
+ ClientAuthenticationType client_auth_type;
SECItem peer_cert;
PRUint32 timestamp;
PRUint32 flags;
SECItem srvName; /* negotiated server name */
SECItem alpnSelection;
+ PRUint32 maxEarlyData;
} SessionTicket;
/*
@@ -1121,6 +1138,10 @@ struct sslSocketStr {
void *getClientAuthDataArg;
SSLSNISocketConfig sniSocketConfig;
void *sniSocketConfigArg;
+ SSLAlertCallback alertReceivedCallback;
+ void *alertReceivedCallbackArg;
+ SSLAlertCallback alertSentCallback;
+ void *alertSentCallbackArg;
SSLBadCertHandler handleBadCert;
void *badCertArg;
SSLHandshakeCallback handshakeCallback;
@@ -1208,17 +1229,21 @@ struct sslSocketStr {
SSLProtocolVariant protocolVariant;
};
-/* All the global data items declared here should be protected using the
-** ssl_global_data_lock, which is a reader/writer lock.
-*/
-extern NSSRWLock *ssl_global_data_lock;
+struct sslSelfEncryptKeysStr {
+ PRCallOnceType setup;
+ PRUint8 keyName[SELF_ENCRYPT_KEY_NAME_LEN];
+ PK11SymKey *encKey;
+ PK11SymKey *macKey;
+};
+typedef struct sslSelfEncryptKeysStr sslSelfEncryptKeys;
+
extern char ssl_debug;
extern char ssl_trace;
extern FILE *ssl_trace_iob;
extern FILE *ssl_keylog_iob;
-extern CERTDistNames *ssl3_server_ca_list;
-extern PRUint32 ssl_sid_timeout;
extern PRUint32 ssl3_sid_timeout;
+extern PRUint32 ssl_ticket_lifetime;
+extern PRUint32 ssl_max_early_data_size;
extern const char *const ssl3_cipherName[];
@@ -1338,8 +1363,8 @@ extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
extern SECStatus ssl3_ConstrainRangeByPolicy(void);
-extern SECStatus ssl3_InitState(sslSocket *ss);
-extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss);
+extern void ssl3_InitState(sslSocket *ss);
+extern void ssl3_RestartHandshakeHashes(sslSocket *ss);
extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss,
const unsigned char *b,
unsigned int l);
@@ -1352,7 +1377,7 @@ extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss);
extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
SSL3ContentType type,
- const SSL3Opaque *pIn, PRInt32 nIn,
+ const PRUint8 *pIn, PRInt32 nIn,
PRInt32 flags);
#ifdef NSS_SSL_ENABLE_ZLIB
@@ -1479,6 +1504,14 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
*/
#define SSL_LIBRARY_VERSION_NONE 0
+/* SSL_LIBRARY_VERSION_MIN_SUPPORTED is the minimum version that this version
+ * of libssl supports. Applications should use SSL_VersionRangeGetSupported at
+ * runtime to determine which versions are supported by the version of libssl
+ * in use.
+ */
+#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM SSL_LIBRARY_VERSION_TLS_1_1
+#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM SSL_LIBRARY_VERSION_3_0
+
/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version
* of libssl supports. Applications should use SSL_VersionRangeGetSupported at
* runtime to determine which versions are supported by the version of libssl
@@ -1600,13 +1633,13 @@ extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
extern void ssl3_InitSocketPolicy(sslSocket *ss);
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
-extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
+extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b,
PRUint32 length,
PRBool endOfRecord);
extern void ssl3_DestroySSL3Info(sslSocket *ss);
-extern SECStatus ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b,
+extern SECStatus ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b,
PRUint32 *length,
SSL3ProtocolVersion *version);
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
@@ -1619,15 +1652,14 @@ extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss,
SECKEYPublicKey *svrPubKey);
extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
- SSL3Opaque *b, PRUint32 length);
+ PRUint8 *b, PRUint32 length);
extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
- SSL3Opaque *b, PRUint32 length,
+ PRUint8 *b, PRUint32 length,
sslKeyPair *serverKeys);
extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
extern SECStatus ssl_ImportECDHKeyShare(
sslSocket *ss, SECKEYPublicKey *peerKey,
- SSL3Opaque *b, PRUint32 length, const sslNamedGroupDef *curve);
-unsigned int tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey);
+ PRUint8 *b, PRUint32 length, const sslNamedGroupDef *curve);
SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss,
const SECKEYPublicKey *pubKey);
@@ -1644,15 +1676,16 @@ extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
PRInt32 lenSize);
extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss,
- const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
+ const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize);
extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
-extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
- SSL3Opaque **b, PRUint32 *length);
-extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
- SSL3Opaque **b, PRUint32 *length);
+extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes,
+ PRUint8 **b, PRUint32 *length);
+extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num,
+ PRUint32 bytes, PRUint8 **b,
+ PRUint32 *length);
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
- PRInt32 bytes, SSL3Opaque **b,
+ PRUint32 bytes, PRUint8 **b,
PRUint32 *length);
extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes,
PRUint8 *to);
@@ -1665,14 +1698,13 @@ extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *are
unsigned char **b,
unsigned int *len);
extern SECStatus ssl_ConsumeSignatureScheme(
- sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SSLSignatureScheme *out);
+ sslSocket *ss, PRUint8 **b, PRUint32 *length, SSLSignatureScheme *out);
extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash,
SECKEYPrivateKey *key, SECItem *buf);
extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme,
SSL3Hashes *hash, SECItem *buf);
extern SECStatus ssl3_CacheWrappedMasterSecret(
- sslSocket *ss, sslSessionID *sid,
- ssl3CipherSpec *spec, SSLAuthType authType);
+ sslSocket *ss, sslSessionID *sid, ssl3CipherSpec *spec);
extern void ssl3_FreeSniNameArray(TLSExtensionData *xtnData);
/* Hello Extension related routines. */
@@ -1681,15 +1713,11 @@ extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
SECStatus ssl3_EncodeSessionTicket(sslSocket *ss,
const NewSessionTicket *ticket_input,
SECItem *ticket_data);
-extern PRBool ssl_GetSessionTicketKeys(SECKEYPrivateKey *svrPrivKey,
- SECKEYPublicKey *svrPubKey, void *pwArg,
- unsigned char *keyName, PK11SymKey **aesKey,
- PK11SymKey **macKey);
-extern SECStatus ssl3_SessionTicketShutdown(void *appData, void *nssData);
-/* Tell clients to consider tickets valid for this long. */
-#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */
-#define TLS_EX_SESS_TICKET_VERSION (0x0103)
+SECStatus ssl_MaybeSetSelfEncryptKeyPair(const sslKeyPair *keyPair);
+SECStatus ssl_GetSelfEncryptKeys(sslSocket *ss, unsigned char *keyName,
+ PK11SymKey **encKey, PK11SymKey **macKey);
+void ssl_ResetSelfEncryptKeys();
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data,
unsigned int length);
@@ -1703,8 +1731,8 @@ extern void ssl_FreePRSocket(PRFileDesc *fd);
extern int ssl3_config_match_init(sslSocket *);
/* calls for accessing wrapping keys across processes. */
-extern PRBool
-ssl_GetWrappingKey(PRInt32 symWrapMechIndex, SSLAuthType authType,
+extern SECStatus
+ssl_GetWrappingKey(unsigned int symWrapMechIndex, unsigned int wrapKeyIndex,
SSLWrappedSymWrappingKey *wswk);
/* The caller passes in the new value it wants
@@ -1716,7 +1744,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex, SSLAuthType authType,
* This is all done while holding the locks/semaphores necessary to make
* the operation atomic.
*/
-extern PRBool
+extern SECStatus
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
/* get rid of the symmetric wrapping key references. */
@@ -1736,10 +1764,10 @@ extern void dtls_FreeHandshakeMessages(PRCList *lst);
extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf);
extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss,
- SSL3Opaque *b, PRUint32 length);
+ PRUint8 *b, PRUint32 length);
extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss);
extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
- const SSL3Opaque *pIn, PRInt32 nIn);
+ const PRUint8 *pIn, PRInt32 nIn);
extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss);
extern SECStatus dtls_StartHolddownTimer(sslSocket *ss);
@@ -1770,20 +1798,20 @@ SECStatus ssl3_ServerCallSNICallback(sslSocket *ss);
SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss,
- SSL3Opaque *b, PRUint32 length);
+ PRUint8 *b, PRUint32 length);
void ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode);
SECStatus ssl3_HandleNoCertificate(sslSocket *ss);
SECStatus ssl3_SendEmptyCertificate(sslSocket *ss);
void ssl3_CleanupPeerCerts(sslSocket *ss);
SECStatus ssl3_SendCertificateStatus(sslSocket *ss);
SECStatus ssl3_AuthCertificate(sslSocket *ss);
-SECStatus ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b,
+SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b,
PRUint32 length);
SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf,
unsigned maxLen, PRUint32 *len);
-void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp,
- int *nnamesp);
-SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b,
+SECStatus ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calenp,
+ SECItem **namesp, unsigned int *nnamesp);
+SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b,
PRUint32 *length, PLArenaPool *arena,
CERTDistNames *ca_list);
SECStatus ssl3_CompleteHandleCertificateRequest(
@@ -1802,7 +1830,6 @@ SECStatus ssl_CreateStaticECDHEKey(sslSocket *ss,
SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss,
PK11SlotInfo *masterSecretSlot,
- const sslServerCert *serverCert,
CK_MECHANISM_TYPE masterWrapMech,
void *pwArg);
SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid);
@@ -1835,6 +1862,7 @@ extern void ssl3_CheckCipherSuiteOrderConsistency();
extern int ssl_MapLowLevelError(int hiLevelError);
extern PRUint32 ssl_Time(void);
+extern PRBool ssl_TicketTimeValid(const NewSessionTicket *ticket);
extern void SSL_AtomicIncrementLong(long *x);
@@ -1844,11 +1872,12 @@ extern HASH_HashType
ssl3_GetTls12HashType(sslSocket *ss);
extern SECStatus
-ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec,
+ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec,
const char *label, unsigned int labelLen,
const unsigned char *val, unsigned int valLen,
- unsigned char *out, unsigned int outLen,
- HASH_HashType tls12HashType);
+ unsigned char *out, unsigned int outLen);
+
+PRBool ssl_AlpnTagAllowed(const sslSocket *ss, const SECItem *tag);
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg