/src/nss/lib/ssl/sslspec.c

Source
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * Handling of cipher specs.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "ssl.h"
#include "sslexp.h"
#include "sslimpl.h"
#include "sslproto.h"
#include "pk11func.h"
#include "secitem.h"

#include "sslimpl.h"

/* Record protection algorithms, indexed by SSL3BulkCipher.
 *
 * The |max_records| field (|mr| below) is set to a number that is higher than
 * recommended in some literature (esp. TLS 1.3) because we currently abort the
 * connection when this limit is reached and we want to ensure that we only
 * rarely hit this limit.  See bug 1268745 for details.
 */
#define MR_MAX RECORD_SEQ_MAX  /* 2^48-1 */
#define MR_128 (0x5aULL << 28) /* For AES and similar. */
#define MR_LOW (1ULL << 20)    /* For weak ciphers. */
/* clang-format off */
static const ssl3BulkCipherDef ssl_bulk_cipher_defs[] = {
    /*                                        |--------- Lengths ---------| */
    /* cipher             calg                :  s                        : */
    /*                                        :  e                  b     n */
    /* oid                short_name mr       :  c                  l     o */
    /*                                        k  r                  o  t  n */
    /*                                        e  e               i  c  a  c */
    /*                                        y  t  type         v  k  g  e */
    {cipher_null,         ssl_calg_null,      0, 0, type_stream, 0, 0, 0, 0,
     SEC_OID_NULL_CIPHER, "NULL", MR_MAX},
    {cipher_rc4,          ssl_calg_rc4,      16,16, type_stream, 0, 0, 0, 0,
     SEC_OID_RC4,         "RC4", MR_LOW},
    {cipher_des,          ssl_calg_des,       8, 8, type_block,  8, 8, 0, 0,
     SEC_OID_DES_CBC,     "DES-CBC", MR_LOW},
    {cipher_3des,         ssl_calg_3des,     24,24, type_block,  8, 8, 0, 0,
     SEC_OID_DES_EDE3_CBC, "3DES-EDE-CBC", MR_LOW},
    {cipher_aes_128,      ssl_calg_aes,      16,16, type_block, 16,16, 0, 0,
     SEC_OID_AES_128_CBC, "AES-128", MR_128},
    {cipher_aes_256,      ssl_calg_aes,      32,32, type_block, 16,16, 0, 0,
     SEC_OID_AES_256_CBC, "AES-256", MR_128},
    {cipher_camellia_128, ssl_calg_camellia, 16,16, type_block, 16,16, 0, 0,
     SEC_OID_CAMELLIA_128_CBC, "Camellia-128", MR_128},
    {cipher_camellia_256, ssl_calg_camellia, 32,32, type_block, 16,16, 0, 0,
     SEC_OID_CAMELLIA_256_CBC, "Camellia-256", MR_128},
    {cipher_seed,         ssl_calg_seed,     16,16, type_block, 16,16, 0, 0,
     SEC_OID_SEED_CBC,    "SEED-CBC", MR_128},
    {cipher_aes_128_gcm,  ssl_calg_aes_gcm,  16,16, type_aead,   4, 0,16, 8,
     SEC_OID_AES_128_GCM, "AES-128-GCM", MR_128},
    {cipher_aes_256_gcm,  ssl_calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
    {cipher_chacha20,     ssl_calg_chacha20, 32,32, type_aead,  12, 0,16, 0,
     SEC_OID_CHACHA20_POLY1305, "ChaCha20-Poly1305", MR_MAX},
    {cipher_missing,      ssl_calg_null,      0, 0, type_stream, 0, 0, 0, 0,
     SEC_OID_UNKNOWN,     "missing", 0U},
};
/* clang-format on */

const ssl3BulkCipherDef *
ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *suiteDef)
{
    SSL3BulkCipher bulkCipher = suiteDef->bulk_cipher_alg;
    PORT_Assert(bulkCipher < PR_ARRAY_SIZE(ssl_bulk_cipher_defs));
    PORT_Assert(ssl_bulk_cipher_defs[bulkCipher].cipher == bulkCipher);
    return &ssl_bulk_cipher_defs[bulkCipher];
}

/* indexed by SSL3MACAlgorithm */
static const ssl3MACDef ssl_mac_defs[] = {
    /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
    /* mac      mmech       pad_size  mac_size                       */
    { ssl_mac_null, CKM_INVALID_MECHANISM, 0, 0, 0 },
    { ssl_mac_md5, CKM_SSL3_MD5_MAC, 48, MD5_LENGTH, SEC_OID_HMAC_MD5 },
    { ssl_mac_sha, CKM_SSL3_SHA1_MAC, 40, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
    { ssl_hmac_md5, CKM_MD5_HMAC, 0, MD5_LENGTH, SEC_OID_HMAC_MD5 },
    { ssl_hmac_sha, CKM_SHA_1_HMAC, 0, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
    { ssl_hmac_sha256, CKM_SHA256_HMAC, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256 },
    { ssl_mac_aead, CKM_INVALID_MECHANISM, 0, 0, 0 },
    { ssl_hmac_sha384, CKM_SHA384_HMAC, 0, SHA384_LENGTH, SEC_OID_HMAC_SHA384 }
};

const ssl3MACDef *
ssl_GetMacDefByAlg(SSL3MACAlgorithm mac)
{
    /* Cast here for clang: https://bugs.llvm.org/show_bug.cgi?id=16154 */
    PORT_Assert((size_t)mac < PR_ARRAY_SIZE(ssl_mac_defs));
    PORT_Assert(ssl_mac_defs[mac].mac == mac);
    return &ssl_mac_defs[mac];
}

const ssl3MACDef *
ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef)
{
    SSL3MACAlgorithm mac = suiteDef->mac_alg;
    if (ss->version > SSL_LIBRARY_VERSION_3_0) {
        switch (mac) {
            case ssl_mac_md5:
                mac = ssl_hmac_md5;
                break;
            case ssl_mac_sha:
                mac = ssl_hmac_sha;
                break;
            default:
                break;
        }
    }
    return ssl_GetMacDefByAlg(mac);
}

ssl3CipherSpec *
ssl_FindCipherSpecByEpoch(sslSocket *ss, SSLSecretDirection direction,
                          DTLSEpoch epoch)
{
    PRCList *cur_p;
    for (cur_p = PR_LIST_HEAD(&ss->ssl3.hs.cipherSpecs);
         cur_p != &ss->ssl3.hs.cipherSpecs;
         cur_p = PR_NEXT_LINK(cur_p)) {
        ssl3CipherSpec *spec = (ssl3CipherSpec *)cur_p;
        if (spec->epoch != epoch) {
            continue;
        }
        if (direction != spec->direction) {
            continue;
        }
        return spec;
    }
    return NULL;
}

ssl3CipherSpec *
ssl_CreateCipherSpec(sslSocket *ss, SSLSecretDirection direction)
{
    ssl3CipherSpec *spec = PORT_ZNew(ssl3CipherSpec);
    if (!spec) {
        return NULL;
    }
    spec->refCt = 1;
    spec->version = ss->version;
    spec->direction = direction;
    spec->recordSizeLimit = MAX_FRAGMENT_LENGTH;
    SSL_TRC(10, ("%d: SSL[%d]: new %s spec %d ct=%d",
                 SSL_GETPID(), ss->fd, SPEC_DIR(spec), spec,
                 spec->refCt));
    return spec;
}

void
ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
{
    PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
}

/* Called from ssl3_InitState. */
/* Caller must hold the SpecWriteLock. */
SECStatus
ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir)
{
    ssl3CipherSpec *spec;

    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));

    spec = ssl_CreateCipherSpec(ss, dir);
    if (!spec) {
        return SECFailure;
    }

    /* Set default versions.  This value will be used to generate and send
     * alerts if a version is not negotiated.  These values are overridden when
     * sending a ClientHello and when a version is negotiated. */
    spec->version = SSL_LIBRARY_VERSION_TLS_1_0;
    spec->recordVersion = IS_DTLS(ss)
                              ? SSL_LIBRARY_VERSION_DTLS_1_0_WIRE
                              : SSL_LIBRARY_VERSION_TLS_1_0;
    spec->cipherDef = &ssl_bulk_cipher_defs[cipher_null];
    PORT_Assert(spec->cipherDef->cipher == cipher_null);
    spec->macDef = &ssl_mac_defs[ssl_mac_null];
    PORT_Assert(spec->macDef->mac == ssl_mac_null);
    spec->cipher = Null_Cipher;

    spec->phase = "cleartext";
    dtls_InitRecvdRecords(&spec->recvdRecords);

    ssl_SaveCipherSpec(ss, spec);
    if (dir == ssl_secret_read) {
        ss->ssl3.crSpec = spec;
    } else {
        ss->ssl3.cwSpec = spec;
    }
    return SECSuccess;
}

void
ssl_CipherSpecAddRef(ssl3CipherSpec *spec)
{
    ++spec->refCt;
    SSL_TRC(10, ("%d: SSL[-]: Increment ref ct for %s spec %d. new ct = %d",
                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->refCt));
}

void
ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial)
{
    PK11_FreeSymKey(keyMaterial->key);
    PK11_FreeSymKey(keyMaterial->macKey);
    if (keyMaterial->macContext != NULL) {
        PK11_DestroyContext(keyMaterial->macContext, PR_TRUE);
    }
}

static void
ssl_FreeCipherSpec(ssl3CipherSpec *spec)
{
    SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d",
                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch));

    PR_REMOVE_LINK(&spec->link);

    /*  PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
    if (spec->cipherContext) {
        PK11_DestroyContext(spec->cipherContext, PR_TRUE);
    }
    PK11_FreeSymKey(spec->masterSecret);
    ssl_DestroyKeyMaterial(&spec->keyMaterial);
    ssl_DestroyMaskingContextInner(spec->maskContext);

    PORT_ZFree(spec, sizeof(*spec));
}

/* This function is never called on a spec which is on the
 * cipherSpecs list. */
void
ssl_CipherSpecRelease(ssl3CipherSpec *spec)
{
    if (!spec) {
        return;
    }

    PORT_Assert(spec->refCt > 0);
    --spec->refCt;
    SSL_TRC(10, ("%d: SSL[-]: decrement refct for %s spec %d. epoch=%d new ct = %d",
                 SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch, spec->refCt));
    if (!spec->refCt) {
        ssl_FreeCipherSpec(spec);
    }
}

void
ssl_DestroyCipherSpecs(PRCList *list)
{
    while (!PR_CLIST_IS_EMPTY(list)) {
        ssl3CipherSpec *spec = (ssl3CipherSpec *)PR_LIST_TAIL(list);
        ssl_FreeCipherSpec(spec);
    }
}

void
ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection dir,
                             DTLSEpoch epoch)
{
    ssl3CipherSpec *spec;
    SSL_TRC(10, ("%d: SSL[%d]: releasing %s cipher spec for epoch %d",
                 SSL_GETPID(), ss->fd,
                 (dir == ssl_secret_read) ? "read" : "write", epoch));

    spec = ssl_FindCipherSpecByEpoch(ss, dir, epoch);
    if (spec) {
        ssl_CipherSpecRelease(spec);
    }
}

Coverage Report

Created: 2025-11-19 06:34

Line	Count	Source
1		/* -- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2		/*
3		* Handling of cipher specs.
4		*
5		* This Source Code Form is subject to the terms of the Mozilla Public
6		* License, v. 2.0. If a copy of the MPL was not distributed with this
7		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9		#include "ssl.h"
10		#include "sslexp.h"
11		#include "sslimpl.h"
12		#include "sslproto.h"
13		#include "pk11func.h"
14		#include "secitem.h"
15
16		#include "sslimpl.h"
17
18		/* Record protection algorithms, indexed by SSL3BulkCipher.
19		*
20		* The \|max_records\| field (\|mr\| below) is set to a number that is higher than
21		* recommended in some literature (esp. TLS 1.3) because we currently abort the
22		* connection when this limit is reached and we want to ensure that we only
23		* rarely hit this limit. See bug 1268745 for details.
24		*/
25		#define MR_MAX RECORD_SEQ_MAX /* 2^48-1 */
26		#define MR_128 (0x5aULL << 28) /* For AES and similar. */
27		#define MR_LOW (1ULL << 20) /* For weak ciphers. */
28		/* clang-format off */
29		static const ssl3BulkCipherDef ssl_bulk_cipher_defs[] = {
30		/* \|--------- Lengths ---------\| */
31		/* cipher calg : s : */
32		/* : e b n */
33		/* oid short_name mr : c l o */
34		/* k r o t n */
35		/* e e i c a c */
36		/* y t type v k g e */
37		{cipher_null, ssl_calg_null, 0, 0, type_stream, 0, 0, 0, 0,
38		SEC_OID_NULL_CIPHER, "NULL", MR_MAX},
39		{cipher_rc4, ssl_calg_rc4, 16,16, type_stream, 0, 0, 0, 0,
40		SEC_OID_RC4, "RC4", MR_LOW},
41		{cipher_des, ssl_calg_des, 8, 8, type_block, 8, 8, 0, 0,
42		SEC_OID_DES_CBC, "DES-CBC", MR_LOW},
43		{cipher_3des, ssl_calg_3des, 24,24, type_block, 8, 8, 0, 0,
44		SEC_OID_DES_EDE3_CBC, "3DES-EDE-CBC", MR_LOW},
45		{cipher_aes_128, ssl_calg_aes, 16,16, type_block, 16,16, 0, 0,
46		SEC_OID_AES_128_CBC, "AES-128", MR_128},
47		{cipher_aes_256, ssl_calg_aes, 32,32, type_block, 16,16, 0, 0,
48		SEC_OID_AES_256_CBC, "AES-256", MR_128},
49		{cipher_camellia_128, ssl_calg_camellia, 16,16, type_block, 16,16, 0, 0,
50		SEC_OID_CAMELLIA_128_CBC, "Camellia-128", MR_128},
51		{cipher_camellia_256, ssl_calg_camellia, 32,32, type_block, 16,16, 0, 0,
52		SEC_OID_CAMELLIA_256_CBC, "Camellia-256", MR_128},
53		{cipher_seed, ssl_calg_seed, 16,16, type_block, 16,16, 0, 0,
54		SEC_OID_SEED_CBC, "SEED-CBC", MR_128},
55		{cipher_aes_128_gcm, ssl_calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8,
56		SEC_OID_AES_128_GCM, "AES-128-GCM", MR_128},
57		{cipher_aes_256_gcm, ssl_calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8,
58		SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
59		{cipher_chacha20, ssl_calg_chacha20, 32,32, type_aead, 12, 0,16, 0,
60		SEC_OID_CHACHA20_POLY1305, "ChaCha20-Poly1305", MR_MAX},
61		{cipher_missing, ssl_calg_null, 0, 0, type_stream, 0, 0, 0, 0,
62		SEC_OID_UNKNOWN, "missing", 0U},
63		};
64		/* clang-format on */
65
66		const ssl3BulkCipherDef *
67		ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *suiteDef)
68	15.5M	{
69	15.5M	SSL3BulkCipher bulkCipher = suiteDef->bulk_cipher_alg;
70	15.5M	PORT_Assert(bulkCipher < PR_ARRAY_SIZE(ssl_bulk_cipher_defs));
71	15.5M	PORT_Assert(ssl_bulk_cipher_defs[bulkCipher].cipher == bulkCipher);
72	15.5M	return &ssl_bulk_cipher_defs[bulkCipher];
73	15.5M	}
74
75		/* indexed by SSL3MACAlgorithm */
76		static const ssl3MACDef ssl_mac_defs[] = {
77		/* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
78		/* mac mmech pad_size mac_size */
79		{ ssl_mac_null, CKM_INVALID_MECHANISM, 0, 0, 0 },
80		{ ssl_mac_md5, CKM_SSL3_MD5_MAC, 48, MD5_LENGTH, SEC_OID_HMAC_MD5 },
81		{ ssl_mac_sha, CKM_SSL3_SHA1_MAC, 40, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
82		{ ssl_hmac_md5, CKM_MD5_HMAC, 0, MD5_LENGTH, SEC_OID_HMAC_MD5 },
83		{ ssl_hmac_sha, CKM_SHA_1_HMAC, 0, SHA1_LENGTH, SEC_OID_HMAC_SHA1 },
84		{ ssl_hmac_sha256, CKM_SHA256_HMAC, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256 },
85		{ ssl_mac_aead, CKM_INVALID_MECHANISM, 0, 0, 0 },
86		{ ssl_hmac_sha384, CKM_SHA384_HMAC, 0, SHA384_LENGTH, SEC_OID_HMAC_SHA384 }
87		};
88
89		const ssl3MACDef *
90		ssl_GetMacDefByAlg(SSL3MACAlgorithm mac)
91	423k	{
92		/* Cast here for clang: https://bugs.llvm.org/show_bug.cgi?id=16154 */
93	423k	PORT_Assert((size_t)mac < PR_ARRAY_SIZE(ssl_mac_defs));
94	423k	PORT_Assert(ssl_mac_defs[mac].mac == mac);
95	423k	return &ssl_mac_defs[mac];
96	423k	}
97
98		const ssl3MACDef *
99		ssl_GetMacDef(const sslSocket ss, const ssl3CipherSuiteDef suiteDef)
100	268k	{
101	268k	SSL3MACAlgorithm mac = suiteDef->mac_alg;
102	268k	if (ss->version > SSL_LIBRARY_VERSION_3_0) {
103	268k	switch (mac) {
104	16.3k	case ssl_mac_md5:
105	16.3k	mac = ssl_hmac_md5;
106	16.3k	break;
107	182k	case ssl_mac_sha:
108	182k	mac = ssl_hmac_sha;
109	182k	break;
110	69.4k	default:
111	69.4k	break;
112	268k	}
113	268k	}
114	268k	return ssl_GetMacDefByAlg(mac);
115	268k	}
116
117		ssl3CipherSpec *
118		ssl_FindCipherSpecByEpoch(sslSocket *ss, SSLSecretDirection direction,
119		DTLSEpoch epoch)
120	22.9k	{
121	22.9k	PRCList *cur_p;
122	22.9k	for (cur_p = PR_LIST_HEAD(&ss->ssl3.hs.cipherSpecs);
123	63.7k	cur_p != &ss->ssl3.hs.cipherSpecs;
124	49.6k	cur_p = PR_NEXT_LINK(cur_p)) {
125	49.6k	ssl3CipherSpec spec = (ssl3CipherSpec )cur_p;
126	49.6k	if (spec->epoch != epoch) {
127	39.2k	continue;
128	39.2k	}
129	10.4k	if (direction != spec->direction) {
130	1.56k	continue;
131	1.56k	}
132	8.90k	return spec;
133	10.4k	}
134	14.0k	return NULL;
135	22.9k	}
136
137		ssl3CipherSpec *
138		ssl_CreateCipherSpec(sslSocket *ss, SSLSecretDirection direction)
139	504k	{
140	504k	ssl3CipherSpec *spec = PORT_ZNew(ssl3CipherSpec);
141	504k	if (!spec) {
142	0	return NULL;
143	0	}
144	504k	spec->refCt = 1;
145	504k	spec->version = ss->version;
146	504k	spec->direction = direction;
147	504k	spec->recordSizeLimit = MAX_FRAGMENT_LENGTH;
148	504k	SSL_TRC(10, ("%d: SSL[%d]: new %s spec %d ct=%d",
149	504k	SSL_GETPID(), ss->fd, SPEC_DIR(spec), spec,
150	504k	spec->refCt));
151	504k	return spec;
152	504k	}
153
154		void
155		ssl_SaveCipherSpec(sslSocket ss, ssl3CipherSpec spec)
156	504k	{
157	504k	PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
158	504k	}
159
160		/* Called from ssl3_InitState. */
161		/* Caller must hold the SpecWriteLock. */
162		SECStatus
163		ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir)
164	124k	{
165	124k	ssl3CipherSpec *spec;
166
167	124k	PORT_Assert(ss->opt.noLocks \|\| ssl_HaveSpecWriteLock(ss));
168
169	124k	spec = ssl_CreateCipherSpec(ss, dir);
170	124k	if (!spec) {
171	0	return SECFailure;
172	0	}
173
174		/* Set default versions. This value will be used to generate and send
175		* alerts if a version is not negotiated. These values are overridden when
176		* sending a ClientHello and when a version is negotiated. */
177	124k	spec->version = SSL_LIBRARY_VERSION_TLS_1_0;
178	124k	spec->recordVersion = IS_DTLS(ss)
179	124k	? SSL_LIBRARY_VERSION_DTLS_1_0_WIRE
180	124k	: SSL_LIBRARY_VERSION_TLS_1_0;
181	124k	spec->cipherDef = &ssl_bulk_cipher_defs[cipher_null];
182	124k	PORT_Assert(spec->cipherDef->cipher == cipher_null);
183	124k	spec->macDef = &ssl_mac_defs[ssl_mac_null];
184	124k	PORT_Assert(spec->macDef->mac == ssl_mac_null);
185	124k	spec->cipher = Null_Cipher;
186
187	124k	spec->phase = "cleartext";
188	124k	dtls_InitRecvdRecords(&spec->recvdRecords);
189
190	124k	ssl_SaveCipherSpec(ss, spec);
191	124k	if (dir == ssl_secret_read) {
192	62.4k	ss->ssl3.crSpec = spec;
193	62.4k	} else {
194	62.4k	ss->ssl3.cwSpec = spec;
195	62.4k	}
196	124k	return SECSuccess;
197	124k	}
198
199		void
200		ssl_CipherSpecAddRef(ssl3CipherSpec *spec)
201	73.5k	{
202	73.5k	++spec->refCt;
203	73.5k	SSL_TRC(10, ("%d: SSL[-]: Increment ref ct for %s spec %d. new ct = %d",
204	73.5k	SSL_GETPID(), SPEC_DIR(spec), spec, spec->refCt));
205	73.5k	}
206
207		void
208		ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial)
209	504k	{
210	504k	PK11_FreeSymKey(keyMaterial->key);
211	504k	PK11_FreeSymKey(keyMaterial->macKey);
212	504k	if (keyMaterial->macContext != NULL) {
213	192k	PK11_DestroyContext(keyMaterial->macContext, PR_TRUE);
214	192k	}
215	504k	}
216
217		static void
218		ssl_FreeCipherSpec(ssl3CipherSpec *spec)
219	504k	{
220	504k	SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d",
221	504k	SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch));
222
223	504k	PR_REMOVE_LINK(&spec->link);
224
225		/* PORT_Assert( ss->opt.noLocks \|\| ssl_HaveSpecWriteLock(ss)); Don't have ss! */
226	504k	if (spec->cipherContext) {
227	308k	PK11_DestroyContext(spec->cipherContext, PR_TRUE);
228	308k	}
229	504k	PK11_FreeSymKey(spec->masterSecret);
230	504k	ssl_DestroyKeyMaterial(&spec->keyMaterial);
231	504k	ssl_DestroyMaskingContextInner(spec->maskContext);
232
233	504k	PORT_ZFree(spec, sizeof(*spec));
234	504k	}
235
236		/* This function is never called on a spec which is on the
237		* cipherSpecs list. */
238		void
239		ssl_CipherSpecRelease(ssl3CipherSpec *spec)
240	376k	{
241	376k	if (!spec) {
242	0	return;
243	0	}
244
245	376k	PORT_Assert(spec->refCt > 0);
246	376k	--spec->refCt;
247	376k	SSL_TRC(10, ("%d: SSL[-]: decrement refct for %s spec %d. epoch=%d new ct = %d",
248	376k	SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch, spec->refCt));
249	376k	if (!spec->refCt) {
250	305k	ssl_FreeCipherSpec(spec);
251	305k	}
252	376k	}
253
254		void
255		ssl_DestroyCipherSpecs(PRCList *list)
256	62.4k	{
257	261k	while (!PR_CLIST_IS_EMPTY(list)) {
258	199k	ssl3CipherSpec spec = (ssl3CipherSpec )PR_LIST_TAIL(list);
259	199k	ssl_FreeCipherSpec(spec);
260	199k	}
261	62.4k	}
262
263		void
264		ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection dir,
265		DTLSEpoch epoch)
266	99	{
267	99	ssl3CipherSpec *spec;
268	99	SSL_TRC(10, ("%d: SSL[%d]: releasing %s cipher spec for epoch %d",
269	99	SSL_GETPID(), ss->fd,
270	99	(dir == ssl_secret_read) ? "read" : "write", epoch));
271
272	99	spec = ssl_FindCipherSpecByEpoch(ss, dir, epoch);
273	99	if (spec) {
274	99	ssl_CipherSpecRelease(spec);
275	99	}
276	99	}