From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- security/nss/lib/ssl/sslimpl.h | 161 ++++++++++++++++++++++++----------------- 1 file changed, 95 insertions(+), 66 deletions(-) (limited to 'security/nss/lib/ssl/sslimpl.h') diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 09c37832a..64694b0df 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -34,7 +34,7 @@ #include "sslt.h" /* for some formerly private types, now public */ typedef struct sslSocketStr sslSocket; - +typedef struct ssl3CipherSpecStr ssl3CipherSpec; #include "ssl3ext.h" /* to make some of these old enums public without namespace pollution, @@ -125,7 +125,8 @@ typedef enum { SSLAppOpRead = 0, #define SSL3_MASTER_SECRET_LENGTH 48 /* number of wrap mechanisms potentially used to wrap master secrets. */ -#define SSL_NUM_WRAP_MECHS 16 +#define SSL_NUM_WRAP_MECHS 15 +#define SSL_NUM_WRAP_KEYS 6 /* This makes the cert cache entry exactly 4k. */ #define SSL_MAX_CACHED_CERT_LEN 4060 @@ -200,6 +201,9 @@ typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, unsigned char *sid, unsigned int sidLen, CERTCertDBHandle *dbHandle); +typedef void (*sslCipherSpecChangedFunc)(void *arg, + PRBool sending, + ssl3CipherSpec *newSpec); /* Socket ops */ struct sslSocketOpsStr { @@ -367,6 +371,10 @@ struct sslGatherStr { /* the start of the buffered DTLS record in dtlsPacket */ unsigned int dtlsPacketOffset; + + /* tracks whether we've seen a v3-type record before and must reject + * any further v2-type records. */ + PRBool rejectV2Records; }; /* sslGather.state */ @@ -408,7 +416,7 @@ typedef PRUint16 DTLSEpoch; typedef void (*DTLSTimerCb)(sslSocket *); typedef struct { - SSL3Opaque wrapped_master_secret[48]; + PRUint8 wrapped_master_secret[48]; PRUint16 wrapped_master_secret_len; PRUint8 msIsWrapped; PRUint8 resumable; @@ -422,7 +430,7 @@ typedef struct { SECItem write_key_item; SECItem write_iv_item; SECItem write_mac_key_item; - SSL3Opaque write_iv[MAX_IV_LENGTH]; + PRUint8 write_iv[MAX_IV_LENGTH]; } ssl3KeyMaterial; typedef SECStatus (*SSLCipher)(void *context, @@ -469,7 +477,7 @@ typedef struct DTLSRecvdRecordsStr { ** Access to the pointers to these specs, and all the specs' contents ** (direct and indirect) is protected by the reader/writer lock ss->specLock. */ -typedef struct { +struct ssl3CipherSpecStr { PRCList link; const ssl3BulkCipherDef *cipher_def; const ssl3MACDef *mac_def; @@ -496,10 +504,13 @@ typedef struct { SECItem msItem; DTLSEpoch epoch; DTLSRecvdRecords recvdRecords; + /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This + * will be zero for everything but 0-RTT. */ + PRUint32 earlyDataRemaining; PRUint8 refCt; const char *phase; -} ssl3CipherSpec; +}; typedef enum { never_cached, in_client_cache, @@ -523,10 +534,10 @@ struct sslSessionIDStr { */ CERTCertificate *peerCert; - SECItemArray peerCertStatus; /* client only */ - const char *peerID; /* client only */ - const char *urlSvrName; /* client only */ - sslServerCertType certType; + SECItemArray peerCertStatus; /* client only */ + const char *peerID; /* client only */ + const char *urlSvrName; /* client only */ + const sslNamedGroupDef *namedCurve; /* (server) for certificate lookup */ CERTCertificate *localCert; PRIPv6Addr addr; @@ -546,7 +557,7 @@ struct sslSessionIDStr { struct { /* values that are copied into the server's on-disk SID cache. */ PRUint8 sessionIDLength; - SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; + PRUint8 sessionID[SSL3_SESSIONID_BYTES]; ssl3CipherSuite cipherSuite; SSLCompressionMethod compression; @@ -804,7 +815,7 @@ typedef struct SSL3HandshakeStateStr { union { TLSFinished tFinished[2]; /* client, then server */ SSL3Finished sFinished[2]; - SSL3Opaque data[72]; + PRUint8 data[72]; } finishedMsgs; PRBool authCertificatePending; @@ -862,7 +873,6 @@ typedef struct SSL3HandshakeStateStr { TLS13CertificateRequest *certificateRequest; PRCList cipherSpecs; /* The cipher specs in the sequence they * will be applied. */ - ssl3CipherSpec *nullSpec; /* In case 0-RTT is rejected. */ sslZeroRttState zeroRttState; /* Are we doing a 0-RTT handshake? */ sslZeroRttIgnore zeroRttIgnore; /* Are we ignoring 0-RTT? */ ssl3CipherSuite zeroRttSuite; /* The cipher suite we used for 0-RTT. */ @@ -894,6 +904,11 @@ struct ssl3StateStr { ssl3CipherSpec *cwSpec; /* current write spec. */ ssl3CipherSpec *pwSpec; /* pending write spec. */ + /* Internal callback for when we do a cipher suite change. Used for + * debugging in TLS 1.3. This can only be set by non-public functions. */ + sslCipherSpecChangedFunc changedCipherSpecFunc; + void *changedCipherSpecArg; + CERTCertificate *clientCertificate; /* used by client */ SECKEYPrivateKey *clientPrivateKey; /* used by client */ CERTCertificateList *clientCertChain; /* used by client */ @@ -965,19 +980,19 @@ struct ssl3DHParamsStr { }; typedef struct SSLWrappedSymWrappingKeyStr { - SSL3Opaque wrappedSymmetricWrappingkey[512]; + PRUint8 wrappedSymmetricWrappingkey[512]; CK_MECHANISM_TYPE symWrapMechanism; /* unwrapped symmetric wrapping key uses this mechanism */ CK_MECHANISM_TYPE asymWrapMechanism; /* mechanism used to wrap the SymmetricWrappingKey using * server's public and/or private keys. */ - SSLAuthType authType; /* type of keys used to wrap SymWrapKey*/ - PRInt32 symWrapMechIndex; + PRInt16 wrapMechIndex; + PRUint16 wrapKeyIndex; PRUint16 wrappedSymKeyLen; } SSLWrappedSymWrappingKey; typedef struct SessionTicketStr { - PRUint16 ticket_version; + PRBool valid; SSL3ProtocolVersion ssl_version; ssl3CipherSuite cipher_suite; SSLCompressionMethod compression_method; @@ -985,21 +1000,23 @@ typedef struct SessionTicketStr { PRUint32 authKeyBits; SSLKEAType keaType; PRUint32 keaKeyBits; - sslServerCertType certType; + const sslNamedGroupDef *namedCurve; /* For certificate lookup. */ + /* * msWrapMech contains a meaningful value only if ms_is_wrapped is true. */ PRUint8 ms_is_wrapped; CK_MECHANISM_TYPE msWrapMech; PRUint16 ms_length; - SSL3Opaque master_secret[48]; + PRUint8 master_secret[48]; PRBool extendedMasterSecretUsed; - ClientIdentity client_identity; + ClientAuthenticationType client_auth_type; SECItem peer_cert; PRUint32 timestamp; PRUint32 flags; SECItem srvName; /* negotiated server name */ SECItem alpnSelection; + PRUint32 maxEarlyData; } SessionTicket; /* @@ -1121,6 +1138,10 @@ struct sslSocketStr { void *getClientAuthDataArg; SSLSNISocketConfig sniSocketConfig; void *sniSocketConfigArg; + SSLAlertCallback alertReceivedCallback; + void *alertReceivedCallbackArg; + SSLAlertCallback alertSentCallback; + void *alertSentCallbackArg; SSLBadCertHandler handleBadCert; void *badCertArg; SSLHandshakeCallback handshakeCallback; @@ -1208,17 +1229,21 @@ struct sslSocketStr { SSLProtocolVariant protocolVariant; }; -/* All the global data items declared here should be protected using the -** ssl_global_data_lock, which is a reader/writer lock. -*/ -extern NSSRWLock *ssl_global_data_lock; +struct sslSelfEncryptKeysStr { + PRCallOnceType setup; + PRUint8 keyName[SELF_ENCRYPT_KEY_NAME_LEN]; + PK11SymKey *encKey; + PK11SymKey *macKey; +}; +typedef struct sslSelfEncryptKeysStr sslSelfEncryptKeys; + extern char ssl_debug; extern char ssl_trace; extern FILE *ssl_trace_iob; extern FILE *ssl_keylog_iob; -extern CERTDistNames *ssl3_server_ca_list; -extern PRUint32 ssl_sid_timeout; extern PRUint32 ssl3_sid_timeout; +extern PRUint32 ssl_ticket_lifetime; +extern PRUint32 ssl_max_early_data_size; extern const char *const ssl3_cipherName[]; @@ -1338,8 +1363,8 @@ extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled); extern SECStatus ssl3_ConstrainRangeByPolicy(void); -extern SECStatus ssl3_InitState(sslSocket *ss); -extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss); +extern void ssl3_InitState(sslSocket *ss); +extern void ssl3_RestartHandshakeHashes(sslSocket *ss); extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l); @@ -1352,7 +1377,7 @@ extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss); extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type, - const SSL3Opaque *pIn, PRInt32 nIn, + const PRUint8 *pIn, PRInt32 nIn, PRInt32 flags); #ifdef NSS_SSL_ENABLE_ZLIB @@ -1479,6 +1504,14 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, */ #define SSL_LIBRARY_VERSION_NONE 0 +/* SSL_LIBRARY_VERSION_MIN_SUPPORTED is the minimum version that this version + * of libssl supports. Applications should use SSL_VersionRangeGetSupported at + * runtime to determine which versions are supported by the version of libssl + * in use. + */ +#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM SSL_LIBRARY_VERSION_TLS_1_1 +#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM SSL_LIBRARY_VERSION_3_0 + /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version * of libssl supports. Applications should use SSL_VersionRangeGetSupported at * runtime to determine which versions are supported by the version of libssl @@ -1600,13 +1633,13 @@ extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); extern void ssl3_InitSocketPolicy(sslSocket *ss); extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); -extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, +extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, PRBool endOfRecord); extern void ssl3_DestroySSL3Info(sslSocket *ss); -extern SECStatus ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b, +extern SECStatus ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b, PRUint32 *length, SSL3ProtocolVersion *version); extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, @@ -1619,15 +1652,14 @@ extern SECStatus ssl_GetPeerInfo(sslSocket *ss); extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey); extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, sslKeyPair *serverKeys); extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss); extern SECStatus ssl_ImportECDHKeyShare( sslSocket *ss, SECKEYPublicKey *peerKey, - SSL3Opaque *b, PRUint32 length, const sslNamedGroupDef *curve); -unsigned int tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey); + PRUint8 *b, PRUint32 length, const sslNamedGroupDef *curve); SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey); @@ -1644,15 +1676,16 @@ extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize); extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss, - const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); + const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize); extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); -extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, - SSL3Opaque **b, PRUint32 *length); -extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, - SSL3Opaque **b, PRUint32 *length); +extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, + PRUint8 **b, PRUint32 *length); +extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, + PRUint32 bytes, PRUint8 **b, + PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, - PRInt32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length); extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes, PRUint8 *to); @@ -1665,14 +1698,13 @@ extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *are unsigned char **b, unsigned int *len); extern SECStatus ssl_ConsumeSignatureScheme( - sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SSLSignatureScheme *out); + sslSocket *ss, PRUint8 **b, PRUint32 *length, SSLSignatureScheme *out); extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf); extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme, SSL3Hashes *hash, SECItem *buf); extern SECStatus ssl3_CacheWrappedMasterSecret( - sslSocket *ss, sslSessionID *sid, - ssl3CipherSpec *spec, SSLAuthType authType); + sslSocket *ss, sslSessionID *sid, ssl3CipherSpec *spec); extern void ssl3_FreeSniNameArray(TLSExtensionData *xtnData); /* Hello Extension related routines. */ @@ -1681,15 +1713,11 @@ extern void ssl3_SetSIDSessionTicket(sslSessionID *sid, SECStatus ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket_input, SECItem *ticket_data); -extern PRBool ssl_GetSessionTicketKeys(SECKEYPrivateKey *svrPrivKey, - SECKEYPublicKey *svrPubKey, void *pwArg, - unsigned char *keyName, PK11SymKey **aesKey, - PK11SymKey **macKey); -extern SECStatus ssl3_SessionTicketShutdown(void *appData, void *nssData); -/* Tell clients to consider tickets valid for this long. */ -#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ -#define TLS_EX_SESS_TICKET_VERSION (0x0103) +SECStatus ssl_MaybeSetSelfEncryptKeyPair(const sslKeyPair *keyPair); +SECStatus ssl_GetSelfEncryptKeys(sslSocket *ss, unsigned char *keyName, + PK11SymKey **encKey, PK11SymKey **macKey); +void ssl_ResetSelfEncryptKeys(); extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data, unsigned int length); @@ -1703,8 +1731,8 @@ extern void ssl_FreePRSocket(PRFileDesc *fd); extern int ssl3_config_match_init(sslSocket *); /* calls for accessing wrapping keys across processes. */ -extern PRBool -ssl_GetWrappingKey(PRInt32 symWrapMechIndex, SSLAuthType authType, +extern SECStatus +ssl_GetWrappingKey(unsigned int symWrapMechIndex, unsigned int wrapKeyIndex, SSLWrappedSymWrappingKey *wswk); /* The caller passes in the new value it wants @@ -1716,7 +1744,7 @@ ssl_GetWrappingKey(PRInt32 symWrapMechIndex, SSLAuthType authType, * This is all done while holding the locks/semaphores necessary to make * the operation atomic. */ -extern PRBool +extern SECStatus ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); /* get rid of the symmetric wrapping key references. */ @@ -1736,10 +1764,10 @@ extern void dtls_FreeHandshakeMessages(PRCList *lst); extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, - const SSL3Opaque *pIn, PRInt32 nIn); + const PRUint8 *pIn, PRInt32 nIn); extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss); extern SECStatus dtls_StartHolddownTimer(sslSocket *ss); @@ -1770,20 +1798,20 @@ SECStatus ssl3_ServerCallSNICallback(sslSocket *ss); SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss); SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags); SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); void ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode); SECStatus ssl3_HandleNoCertificate(sslSocket *ss); SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); void ssl3_CleanupPeerCerts(sslSocket *ss); SECStatus ssl3_SendCertificateStatus(sslSocket *ss); SECStatus ssl3_AuthCertificate(sslSocket *ss); -SECStatus ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b, +SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b, PRUint32 length); SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len); -void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp, - int *nnamesp); -SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, +SECStatus ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calenp, + SECItem **namesp, unsigned int *nnamesp); +SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length, PLArenaPool *arena, CERTDistNames *ca_list); SECStatus ssl3_CompleteHandleCertificateRequest( @@ -1802,7 +1830,6 @@ SECStatus ssl_CreateStaticECDHEKey(sslSocket *ss, SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags); PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss, PK11SlotInfo *masterSecretSlot, - const sslServerCert *serverCert, CK_MECHANISM_TYPE masterWrapMech, void *pwArg); SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid); @@ -1835,6 +1862,7 @@ extern void ssl3_CheckCipherSuiteOrderConsistency(); extern int ssl_MapLowLevelError(int hiLevelError); extern PRUint32 ssl_Time(void); +extern PRBool ssl_TicketTimeValid(const NewSessionTicket *ticket); extern void SSL_AtomicIncrementLong(long *x); @@ -1844,11 +1872,12 @@ extern HASH_HashType ssl3_GetTls12HashType(sslSocket *ss); extern SECStatus -ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, +ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec, const char *label, unsigned int labelLen, const unsigned char *val, unsigned int valLen, - unsigned char *out, unsigned int outLen, - HASH_HashType tls12HashType); + unsigned char *out, unsigned int outLen); + +PRBool ssl_AlpnTagAllowed(const sslSocket *ss, const SECItem *tag); #ifdef TRACE #define SSL_TRACE(msg) ssl_Trace msg -- cgit v1.2.3