本文整理汇总了C++中SSL_TRC函数的典型用法代码示例。如果您正苦于以下问题:C++ SSL_TRC函数的具体用法?C++ SSL_TRC怎么用?C++ SSL_TRC使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SSL_TRC函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_SecureConnect
int
ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
{
PRFileDesc *osfd = ss->fd->lower;
int rv;
if ( ss->opt.handshakeAsServer ) {
ss->securityHandshake = ssl2_BeginServerHandshake;
ss->handshaking = sslHandshakingAsServer;
} else {
ss->securityHandshake = ssl2_BeginClientHandshake;
ss->handshaking = sslHandshakingAsClient;
}
/* connect to server */
rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
if (rv == PR_SUCCESS) {
ss->TCPconnected = 1;
} else {
int err = PR_GetError();
SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
SSL_GETPID(), ss->fd, err));
if (err == PR_IS_CONNECTED_ERROR) {
ss->TCPconnected = 1;
}
}
SSL_TRC(5, ("%d: SSL[%d]: secure connect completed, rv == %d",
SSL_GETPID(), ss->fd, rv));
return rv;
}示例2: tls13_ClientSendKeyShareXtn
PRInt32
tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes)
{
PRUint32 extension_length;
if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
return 0;
}
/* Optimistically try to send an ECDHE key using the
* preexisting key (in future will be keys) */
SSL_TRC(3, ("%d: TLS13[%d]: send client key share xtn",
SSL_GETPID(), ss->fd));
extension_length = tls13_SizeOfClientKeyShareExtension(ss);
if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
if (append) {
SECStatus rv;
PRCList *cursor;
rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
if (rv != SECSuccess)
goto loser;
/* The extension length */
rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
if (rv != SECSuccess)
goto loser;
/* The length of KeyShares */
rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 6, 2);
if (rv != SECSuccess)
goto loser;
for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
cursor != &ss->ephemeralKeyPairs;
cursor = PR_NEXT_LINK(cursor)) {
sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
rv = tls13_EncodeKeyShareEntry(ss, keyPair);
if (rv != SECSuccess)
goto loser;
}
xtnData->advertised[xtnData->numAdvertised++] =
ssl_tls13_key_share_xtn;
}
return extension_length;
loser:
return -1;
}示例3: ssl_SaveWriteData
/*
** Save away write data that is trying to be written before the security
** handshake has been completed. When the handshake is completed, we will
** flush this data out.
** Caller must hold xmitBufLock
*/
SECStatus
ssl_SaveWriteData(sslSocket *ss, const void *data, unsigned int len)
{
SECStatus rv;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
rv = sslBuffer_Append(&ss->pendingBuf, data, len);
SSL_TRC(5, ("%d: SSL[%d]: saving %u bytes of data (%u total saved so far)",
SSL_GETPID(), ss->fd, len, ss->pendingBuf.len));
return rv;
}示例4: tls13_SendShortHeaderXtn
PRInt32
tls13_SendShortHeaderXtn(const sslSocket *ss,
TLSExtensionData *xtnData,
PRBool append, PRUint32 maxBytes)
{
PRUint32 extension_len = 2 + 2; /* Type + length (0). */
if (!ss->opt.enableShortHeaders) {
return 0;
}
/* Presently this is incompatible with 0-RTT. We will fix if
* it becomes more than an experiment. */
if (ss->opt.enable0RttData) {
return 0;
}
if (IS_DTLS(ss)) {
return 0;
}
/* Don't send this if TLS 1.3 isn't at least possible. */
if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
/* This should only happen on the client. */
PORT_Assert(!ss->sec.isServer);
return 0;
}
SSL_TRC(3, ("%d: TLS13[%d]: send short_header extension",
SSL_GETPID(), ss->fd));
if (maxBytes < extension_len) {
PORT_Assert(0);
return 0;
}
if (append) {
SECStatus rv;
rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_short_header_xtn, 2);
if (rv != SECSuccess)
return -1;
rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
if (rv != SECSuccess)
return -1;
xtnData->advertised[xtnData->numAdvertised++] =
ssl_tls13_short_header_xtn;
}
return extension_len;
}示例5: ssl_DestroySID
/* BEWARE: This function gets called for both client and server SIDs !!
* If the unreferenced sid is not in the cache, Free sid and its contents.
*/
static void
ssl_DestroySID(sslSessionID *sid)
{
int i;
SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
PORT_Assert(sid->references == 0);
PORT_Assert(sid->cached != in_client_cache);
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
} else {
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
}
if (sid->u.ssl3.srvName.data) {
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
}
if (sid->u.ssl3.originalHandshakeHash.data) {
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
}
if (sid->u.ssl3.signedCertTimestamps.data) {
SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
}
if (sid->u.ssl3.lock) {
NSSRWLock_Destroy(sid->u.ssl3.lock);
}
}
if (sid->peerID != NULL)
PORT_Free((void *)sid->peerID); /* CONST */
if (sid->urlSvrName != NULL)
PORT_Free((void *)sid->urlSvrName); /* CONST */
if ( sid->peerCert ) {
CERT_DestroyCertificate(sid->peerCert);
}
for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
CERT_DestroyCertificate(sid->peerCertChain[i]);
}
if (sid->peerCertStatus.items) {
SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
}
if ( sid->localCert ) {
CERT_DestroyCertificate(sid->localCert);
}
PORT_ZFree(sid, sizeof(sslSessionID));
}示例6: ssl_SecureRecv
int
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
{
int rv = 0;
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
return PR_FAILURE;
}
if (flags & ~PR_MSG_PEEK) {
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
return PR_FAILURE;
}
if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
ssl_GetXmitBufLock(ss);
if (ss->pendingBuf.len != 0) {
rv = ssl_SendSavedWriteData(ss);
if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
ssl_ReleaseXmitBufLock(ss);
return SECFailure;
}
}
ssl_ReleaseXmitBufLock(ss);
}
rv = 0;
if (!PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData)) {
PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
return tls13_Read0RttData(ss, buf, len);
}
/* If any of these is non-zero, the initial handshake is not done. */
if (!ss->firstHsDone) {
ssl_Get1stHandshakeLock(ss);
if (ss->handshake) {
rv = ssl_Do1stHandshake(ss);
}
ssl_Release1stHandshakeLock(ss);
}
if (rv < 0) {
return rv;
}
if (len == 0)
return 0;
rv = DoRecv(ss, (unsigned char *)buf, len, flags);
SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
SSL_GETPID(), ss->fd, rv, PORT_GetError()));
return rv;
}示例7: ssl3_ParseExtensions
/* Go through hello extensions in |b| and deserialize
* them into the list in |ss->ssl3.hs.remoteExtensions|.
* The only checking we do in this point is for duplicates.
*
* IMPORTANT: This list just contains pointers to the incoming
* buffer so they can only be used during ClientHello processing.
*/
SECStatus
ssl3_ParseExtensions(sslSocket *ss, PRUint8 **b, PRUint32 *length)
{
/* Clean out the extensions list. */
ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
while (*length) {
SECStatus rv;
PRUint32 extension_type;
SECItem extension_data = { siBuffer, NULL, 0 };
TLSExtension *extension;
PRCList *cursor;
/* Get the extension's type field */
rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length);
if (rv != SECSuccess) {
return SECFailure; /* alert already sent */
}
/* Check whether an extension has been sent multiple times. */
for (cursor = PR_NEXT_LINK(&ss->ssl3.hs.remoteExtensions);
cursor != &ss->ssl3.hs.remoteExtensions;
cursor = PR_NEXT_LINK(cursor)) {
if (((TLSExtension *)cursor)->type == extension_type) {
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
return SECFailure;
}
}
/* Get the data for this extension, so we can pass it or skip it. */
rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
if (rv != SECSuccess) {
return rv; /* alert already sent */
}
SSL_TRC(10, ("%d: SSL3[%d]: parsed extension %d len=%u",
SSL_GETPID(), ss->fd, extension_type, extension_data.len));
extension = PORT_ZNew(TLSExtension);
if (!extension) {
return SECFailure;
}
extension->type = (PRUint16)extension_type;
extension->data = extension_data;
PR_APPEND_LINK(&extension->link, &ss->ssl3.hs.remoteExtensions);
}
return SECSuccess;
}示例8: tls13_ClientSendSupportedVersionsXtn
/*
* struct {
* ProtocolVersion versions<2..254>;
* } SupportedVersions;
*/
PRInt32
tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes)
{
PRInt32 extensions_len;
PRUint16 version;
SECStatus rv;
if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
return 0;
}
SSL_TRC(3, ("%d: TLS13[%d]: send supported_versions extension",
SSL_GETPID(), ss->fd));
/* Extension type, extension len fiels, vector len field,
* length of the values. */
extensions_len = 2 + 2 + 1 +
2 * (ss->vrange.max - ss->vrange.min + 1);
if (maxBytes < (PRUint32)extensions_len) {
PORT_Assert(0);
return 0;
}
if (append) {
rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_supported_versions_xtn, 2);
if (rv != SECSuccess)
return -1;
rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 4, 2);
if (rv != SECSuccess)
return -1;
rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 5, 1);
if (rv != SECSuccess)
return -1;
for (version = ss->vrange.max; version >= ss->vrange.min; --version) {
rv = ssl3_ExtAppendHandshakeNumber(
ss, tls13_EncodeDraftVersion(version), 2);
if (rv != SECSuccess)
return -1;
}
xtnData->advertised[xtnData->numAdvertised++] =
ssl_tls13_supported_versions_xtn;
}
return extensions_len;
}示例9: ssl_CipherSpecReleaseByEpoch
void
ssl_CipherSpecReleaseByEpoch(sslSocket *ss, CipherSpecDirection dir,
DTLSEpoch epoch)
{
ssl3CipherSpec *spec;
SSL_TRC(10, ("%d: SSL[%d]: releasing %s cipher spec for epoch %d",
SSL_GETPID(), ss->fd,
(dir == CipherSpecRead) ? "read" : "write", epoch));
spec = ssl_FindCipherSpecByEpoch(ss, dir, epoch);
if (spec) {
ssl_CipherSpecRelease(spec);
}
}示例10: ssl_SecureRecv
int
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
{
sslSecurityInfo *sec;
int rv = 0;
sec = &ss->sec;
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
return PR_FAILURE;
}
if (flags & ~PR_MSG_PEEK) {
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
return PR_FAILURE;
}
if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
ssl_GetXmitBufLock(ss);
if (ss->pendingBuf.len != 0) {
rv = ssl_SendSavedWriteData(ss);
if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
ssl_ReleaseXmitBufLock(ss);
return SECFailure;
}
/* XXX short write? */
}
ssl_ReleaseXmitBufLock(ss);
}
rv = 0;
/* If any of these is non-zero, the initial handshake is not done. */
if (!ss->firstHsDone) {
ssl_Get1stHandshakeLock(ss);
if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {
rv = ssl_Do1stHandshake(ss);
}
ssl_Release1stHandshakeLock(ss);
}
if (rv < 0) {
return rv;
}
if (len == 0) return 0;
rv = DoRecv(ss, (unsigned char*) buf, len, flags);
SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
SSL_GETPID(), ss->fd, rv, PORT_GetError()));
return rv;
}示例11: tls13_HandleShortHeaderXtn
SECStatus
tls13_HandleShortHeaderXtn(
const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data)
{
SSL_TRC(3, ("%d: TLS13[%d]: handle short_header extension",
SSL_GETPID(), ss->fd));
/* The client might have asked for this, but we didn't negotiate TLS 1.3. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return SECSuccess;
}
/* Presently this is incompatible with 0-RTT. We will fix if
* it becomes more than an experiment. */
if (ss->opt.enable0RttData) {
return SECSuccess;
}
if (IS_DTLS(ss)) {
PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
return SECFailure;
}
if (data->len) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
if (!ss->opt.enableShortHeaders) {
/* Ignore. */
return SECSuccess;
}
/* Keep track of negotiated extensions. */
xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
if (ss->sec.isServer) {
SECStatus rv;
rv = ssl3_RegisterExtensionSender(ss, xtnData,
ssl_tls13_short_header_xtn,
tls13_SendShortHeaderXtn);
if (rv != SECSuccess) {
return SECFailure;
}
}
return SECSuccess;
}示例12: tls13_ServerHandleKeyShareXtn
/* Handle an incoming KeyShare extension at the server and copy to
* |xtnData->remoteKeyShares| for future use. The key
* share is processed in tls13_HandleClientKeyShare(). */
SECStatus
tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
PRUint32 length;
PORT_Assert(ss->sec.isServer);
PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return SECSuccess;
}
SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
SSL_GETPID(), ss->fd));
/* Redundant length because of TLS encoding (this vector consumes
* the entire extension.) */
rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data,
&data->len);
if (rv != SECSuccess)
goto loser;
if (length != data->len) {
/* Check for consistency */
PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
goto loser;
}
while (data->len) {
rv = tls13_HandleKeyShareEntry(ss, xtnData, data);
if (rv != SECSuccess)
goto loser;
}
/* Check that the client only offered one share if this is
* after HRR. */
if (ss->ssl3.hs.helloRetry) {
if (PR_PREV_LINK(&xtnData->remoteKeyShares) !=
PR_NEXT_LINK(&xtnData->remoteKeyShares)) {
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
goto loser;
}
}
return SECSuccess;
loser:
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
return SECFailure;
}示例13: ssl_CreateCipherSpec
ssl3CipherSpec *
ssl_CreateCipherSpec(sslSocket *ss, CipherSpecDirection direction)
{
ssl3CipherSpec *spec = PORT_ZNew(ssl3CipherSpec);
if (!spec) {
return NULL;
}
spec->refCt = 1;
spec->version = ss->version;
spec->direction = direction;
SSL_TRC(10, ("%d: SSL[%d]: new %s spec %d ct=%d",
SSL_GETPID(), ss->fd, SPEC_DIR(spec), spec,
spec->refCt));
return spec;
}示例14: ssl_CipherSpecRelease
/* This function is never called on a spec which is on the
* cipherSpecs list. */
void
ssl_CipherSpecRelease(ssl3CipherSpec *spec)
{
if (!spec) {
return;
}
PORT_Assert(spec->refCt > 0);
--spec->refCt;
SSL_TRC(10, ("%d: SSL[-]: decrement refct for %s spec %d. epoch=%d new ct = %d",
SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch, spec->refCt));
if (!spec->refCt) {
ssl_FreeCipherSpec(spec);
}
}示例15: ssl_FinishHandshake
void
ssl_FinishHandshake(sslSocket *ss)
{
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd));
ss->firstHsDone = PR_TRUE;
ss->enoughFirstHsDone = PR_TRUE;
ss->gs.writeOffset = 0;
ss->gs.readOffset = 0;
if (ss->handshakeCallback) {
(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
}
}