自学教程：C++ ssl_Release1stHandshakeLock函数代码示例

/* For SSLv2, does nothing but return an error.** For SSLv3, flushes SID cache entry (if requested),** and then starts new client hello or hello request.** Acquires and releases HandshakeLock.*/SECStatusSSL_ReHandshake(PRFileDesc *fd, PRBool flushCache){    sslSocket *ss;    SECStatus  rv;        ss = ssl_FindSocket(fd);    if (!ss) {	SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));	return SECFailure;    }    if (!ss->opt.useSecurity)	return SECSuccess;        ssl_Get1stHandshakeLock(ss);    /* SSL v2 protocol does not support subsequent handshakes. */    if (ss->version < SSL_LIBRARY_VERSION_3_0) {	PORT_SetError(SEC_ERROR_INVALID_ARGS);	rv = SECFailure;    } else {	ssl_GetSSL3HandshakeLock(ss);	rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */	ssl_ReleaseSSL3HandshakeLock(ss);    }    ssl_Release1stHandshakeLock(ss);    return rv;}

/* Register an application callback to be called when false start may happen.** Acquires and releases HandshakeLock.*/SECStatusSSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb,                             void *arg){    sslSocket *ss;    ss = ssl_FindSocket(fd);    if (!ss) {        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback",                 SSL_GETPID(), fd));        return SECFailure;    }    if (!ss->opt.useSecurity) {        PORT_SetError(SEC_ERROR_INVALID_ARGS);        return SECFailure;    }    ssl_Get1stHandshakeLock(ss);    ssl_GetSSL3HandshakeLock(ss);    ss->canFalseStartCallback = cb;    ss->canFalseStartCallbackData = arg;    ssl_ReleaseSSL3HandshakeLock(ss);    ssl_Release1stHandshakeLock(ss);    return SECSuccess;}

/* See documentation in ssl.h */SECStatusSSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error){    SECStatus rv;    sslSocket *ss = ssl_FindSocket(fd);    if (!ss) {        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_AuthCertificateComplete",                 SSL_GETPID(), fd));        return SECFailure;    }    ssl_Get1stHandshakeLock(ss);    if (!ss->ssl3.initialized) {        PORT_SetError(SEC_ERROR_INVALID_ARGS);        rv = SECFailure;    } else {        rv = ssl3_AuthCertificateComplete(ss, error);    }    ssl_Release1stHandshakeLock(ss);    return rv;}

/* For SSLv2, does nothing but return an error.** For SSLv3, flushes SID cache entry (if requested),** and then starts new client hello or hello request.** Acquires and releases HandshakeLock.*/SECStatusSSL_ReHandshake(PRFileDesc *fd, PRBool flushCache){    sslSocket *ss;    SECStatus rv;    ss = ssl_FindSocket(fd);    if (!ss) {        SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));        return SECFailure;    }    if (!ss->opt.useSecurity)        return SECSuccess;    ssl_Get1stHandshakeLock(ss);    ssl_GetSSL3HandshakeLock(ss);    rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */    ssl_ReleaseSSL3HandshakeLock(ss);    ssl_Release1stHandshakeLock(ss);    return rv;}

/* * Allow the application to pass the set of trust anchors */SECStatusSSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList){    sslSocket *ss = ssl_FindSocket(fd);    CERTDistNames *names = NULL;    if (!certList) {        PORT_SetError(SEC_ERROR_INVALID_ARGS);        return SECFailure;    }    if (!ss) {        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors",                 SSL_GETPID(), fd));        return SECFailure;    }    names = CERT_DistNamesFromCertList(certList);    if (names == NULL) {        return SECFailure;    }    ssl_Get1stHandshakeLock(ss);    ssl_GetSSL3HandshakeLock(ss);    if (ss->ssl3.ca_list) {        CERT_FreeDistNames(ss->ssl3.ca_list);    }    ss->ssl3.ca_list = names;    ssl_ReleaseSSL3HandshakeLock(ss);    ssl_Release1stHandshakeLock(ss);    return SECSuccess;}

SECItem *SSL_GetSessionID(PRFileDesc *fd){    sslSocket *ss;    SECItem *item = NULL;    ss = ssl_FindSocket(fd);    if (ss) {        ssl_Get1stHandshakeLock(ss);        ssl_GetSSL3HandshakeLock(ss);        if (ss->opt.useSecurity && ss->firstHsDone && ss->sec.ci.sid) {            item = (SECItem *)PORT_Alloc(sizeof(SECItem));            if (item) {                sslSessionID *sid = ss->sec.ci.sid;                item->len = sid->u.ssl3.sessionIDLength;                item->data = (unsigned char *)PORT_Alloc(item->len);                PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);            }        }        ssl_ReleaseSSL3HandshakeLock(ss);        ssl_Release1stHandshakeLock(ss);    }    return item;}

/* * Allow the application to pass the url or hostname into the SSL library * so that we can do some checking on it. It will be used for the value in * SNI extension of client hello message. */SECStatusSSL_SetURL(PRFileDesc *fd, const char *url){    sslSocket *ss = ssl_FindSocket(fd);    SECStatus rv = SECSuccess;    if (!ss) {        SSL_DBG(("%d: SSL[%d]: bad socket in SSLSetURL",                 SSL_GETPID(), fd));        return SECFailure;    }    ssl_Get1stHandshakeLock(ss);    ssl_GetSSL3HandshakeLock(ss);    if (ss->url) {        PORT_Free((void *)ss->url); /* CONST */    }    ss->url = (const char *)PORT_Strdup(url);    if (ss->url == NULL) {        rv = SECFailure;    }    ssl_ReleaseSSL3HandshakeLock(ss);    ssl_Release1stHandshakeLock(ss);    return rv;}

/* Try to make progress on an SSL handshake by attempting to read the ** next handshake from the peer, and sending any responses.** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK  if it cannot ** read the next handshake from the underlying socket.** For SSLv2, returns when handshake is complete or fatal error occurs.** For SSLv3, returns when handshake is complete, or application data has** arrived that must be taken by application before handshake can continue, ** or a fatal error occurs.** Application should use handshake completion callback to tell which. */SECStatusSSL_ForceHandshake(PRFileDesc *fd){    sslSocket *ss;    SECStatus  rv = SECFailure;    ss = ssl_FindSocket(fd);    if (!ss) {	SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",		 SSL_GETPID(), fd));	return rv;    }    /* Don't waste my time */    if (!ss->opt.useSecurity)     	return SECSuccess;    if (!ssl_SocketIsBlocking(ss)) {	ssl_GetXmitBufLock(ss);	if (ss->pendingBuf.len != 0) {	    int sent = ssl_SendSavedWriteData(ss);	    if ((sent < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {		ssl_ReleaseXmitBufLock(ss);		return SECFailure;	    }	}	ssl_ReleaseXmitBufLock(ss);    }    ssl_Get1stHandshakeLock(ss);    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	int gatherResult;    	ssl_GetRecvBufLock(ss);	gatherResult = ssl3_GatherCompleteHandshake(ss, 0);	ssl_ReleaseRecvBufLock(ss);	if (gatherResult > 0) {	    rv = SECSuccess;	} else if (gatherResult == 0) {	    PORT_SetError(PR_END_OF_FILE_ERROR);	} else if (gatherResult == SECWouldBlock) {	    PORT_SetError(PR_WOULD_BLOCK_ERROR);	}    } else if (!ss->firstHsDone) {	rv = ssl_Do1stHandshake(ss);    } else {	/* tried to force handshake on an SSL 2 socket that has 	** already completed the handshake. */    	rv = SECSuccess;	/* just pretend we did it. */    }    ssl_Release1stHandshakeLock(ss);    return rv;}

intssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags){    int rv = 0;    if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);        return PR_FAILURE;    }    if (flags & ~PR_MSG_PEEK) {        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);        return PR_FAILURE;    }    if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {        ssl_GetXmitBufLock(ss);        if (ss->pendingBuf.len != 0) {            rv = ssl_SendSavedWriteData(ss);            if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {                ssl_ReleaseXmitBufLock(ss);                return SECFailure;            }        }        ssl_ReleaseXmitBufLock(ss);    }    rv = 0;    if (!PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData)) {        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);        return tls13_Read0RttData(ss, buf, len);    }    /* If any of these is non-zero, the initial handshake is not done. */    if (!ss->firstHsDone) {        ssl_Get1stHandshakeLock(ss);        if (ss->handshake) {            rv = ssl_Do1stHandshake(ss);        }        ssl_Release1stHandshakeLock(ss);    }    if (rv < 0) {        return rv;    }    if (len == 0)        return 0;    rv = DoRecv(ss, (unsigned char *)buf, len, flags);    SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",                SSL_GETPID(), ss->fd, rv, PORT_GetError()));    return rv;}

intssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags){    sslSecurityInfo *sec;    int              rv   = 0;    sec = &ss->sec;    if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {	PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);    	return PR_FAILURE;    }    if (flags & ~PR_MSG_PEEK) {	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);    	return PR_FAILURE;    }    if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {	ssl_GetXmitBufLock(ss);	if (ss->pendingBuf.len != 0) {	    rv = ssl_SendSavedWriteData(ss);	    if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {		ssl_ReleaseXmitBufLock(ss);		return SECFailure;	    }	    /* XXX short write? */	}	ssl_ReleaseXmitBufLock(ss);    }        rv = 0;    /* If any of these is non-zero, the initial handshake is not done. */    if (!ss->firstHsDone) {	ssl_Get1stHandshakeLock(ss);	if (ss->handshake || ss->nextHandshake || ss->securityHandshake) {	    rv = ssl_Do1stHandshake(ss);	}	ssl_Release1stHandshakeLock(ss);    }    if (rv < 0) {	return rv;    }    if (len == 0) return 0;    rv = DoRecv(ss, (unsigned char*) buf, len, flags);    SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",		SSL_GETPID(), ss->fd, rv, PORT_GetError()));    return rv;}

/* restart an SSL connection that we stopped to run certificate dialogs ** XXX	Need to document here how an application marks a cert to show that**	the application has accepted it (overridden CERT_VerifyCert). * * XXX This code only works on the initial handshake on a connection, XXX *     It does not work on a subsequent handshake (redo). * * Return value: XXX*/intSSL_RestartHandshakeAfterServerCert(sslSocket *ss){    int rv	= SECSuccess;    ssl_Get1stHandshakeLock(ss);     if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	rv = ssl3_RestartHandshakeAfterServerCert(ss);    } else {	rv = ssl2_RestartHandshakeAfterServerCert(ss);    }    ssl_Release1stHandshakeLock(ss);    return rv;}

SECStatusSSL_CacheSession(PRFileDesc *fd){    sslSocket *   ss = ssl_FindSocket(fd);    SECStatus     rv = SECFailure;    if (ss) {	ssl_Get1stHandshakeLock(ss);	ssl_GetSSL3HandshakeLock(ss);	ssl3_CacheSessionUnlocked(ss);	rv = SECSuccess;	ssl_ReleaseSSL3HandshakeLock(ss);	ssl_Release1stHandshakeLock(ss);    }    return rv;}

/* * attempt to restart the handshake after asynchronously handling * a request for the client's certificate. * * inputs:   *	cert	Client cert chosen by application. *		Note: ssl takes this reference, and does not bump the  *		reference count.  The caller should drop its reference *		without calling CERT_DestroyCert after calling this function. * *	key	Private key associated with cert.  This function makes a  *		copy of the private key, so the caller remains responsible  *		for destroying its copy after this function returns. * *	certChain  Chain of signers for cert.   *		Note: ssl takes this reference, and does not copy the chain. *		The caller should drop its reference without destroying the  *		chain.  SSL will free the chain when it is done with it. * * Return value: XXX * * XXX This code only works on the initial handshake on a connection, XXX *     It does not work on a subsequent handshake (redo). */intSSL_RestartHandshakeAfterCertReq(sslSocket *         ss,				CERTCertificate *    cert, 				SECKEYPrivateKey *   key,				CERTCertificateList *certChain){    int              ret;    ssl_Get1stHandshakeLock(ss);   /************************************/    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);    } else {    	ret = ssl2_RestartHandshakeAfterCertReq(ss, cert, key);    }    ssl_Release1stHandshakeLock(ss);  /************************************/    return ret;}

SECStatusSSL_InvalidateSession(PRFileDesc *fd){    sslSocket *   ss = ssl_FindSocket(fd);    SECStatus     rv = SECFailure;    if (ss) {	ssl_Get1stHandshakeLock(ss);	ssl_GetSSL3HandshakeLock(ss);	if (ss->sec.ci.sid && ss->sec.uncache) {	    ss->sec.uncache(ss->sec.ci.sid);	    rv = SECSuccess;	}	ssl_ReleaseSSL3HandshakeLock(ss);	ssl_Release1stHandshakeLock(ss);    }    return rv;}

/* * attempt to restart the handshake after asynchronously handling * a request for the client's certificate. * * inputs:   *	cert	Client cert chosen by application. *		Note: ssl takes this reference, and does not bump the  *		reference count.  The caller should drop its reference *		without calling CERT_DestroyCertificate after calling this *		function. * *	key	Private key associated with cert.  This function takes *		ownership of the private key, so the caller should drop its *		reference without destroying the private key after this *		function returns. * *	certChain  Chain of signers for cert.   *		Note: ssl takes this reference, and does not copy the chain. *		The caller should drop its reference without destroying the  *		chain.  SSL will free the chain when it is done with it. * * Return value: XXX * * XXX This code only works on the initial handshake on a connection, XXX *     It does not work on a subsequent handshake (redo). */SECStatusSSL_RestartHandshakeAfterCertReq(PRFileDesc *        fd,				CERTCertificate *    cert, 				SECKEYPrivateKey *   key,				CERTCertificateList *certChain){    sslSocket *   ss = ssl_FindSocket(fd);    SECStatus     ret;    if (!ss) {	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RestartHandshakeAfterCertReq",		 SSL_GETPID(), fd));	if (cert) {	    CERT_DestroyCertificate(cert);	}	if (key) {	    SECKEY_DestroyPrivateKey(key);	}	if (certChain) {	    CERT_DestroyCertificateList(certChain);	}	return SECFailure;    }    ssl_Get1stHandshakeLock(ss);   /************************************/    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);    } else {	if (certChain != NULL) {	    CERT_DestroyCertificateList(certChain);	}	PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);	ret = SECFailure;    }    ssl_Release1stHandshakeLock(ss);  /************************************/    return ret;}

/*** Returns Negative number on error, zero or greater on success.** Returns the amount of data immediately available to be read.*/intSSL_DataPending(PRFileDesc *fd){    sslSocket *ss;    int        rv  = 0;    ss = ssl_FindSocket(fd);    if (ss && ss->opt.useSecurity) {	ssl_Get1stHandshakeLock(ss);	ssl_GetSSL3HandshakeLock(ss);	ssl_GetRecvBufLock(ss);	rv = ss->gs.writeOffset - ss->gs.readOffset;	ssl_ReleaseRecvBufLock(ss);	ssl_ReleaseSSL3HandshakeLock(ss);	ssl_Release1stHandshakeLock(ss);    }    return rv;}

/*** Receive some application data on a socket.  Reads SSL records from the input** stream, decrypts them and then copies them to the output buffer.** Called from ssl_SecureRecv() below.**** Caller does NOT hold 1stHandshakeLock because that handshake is over.** Caller doesn't call this until initial handshake is complete.** For SSLv2, there is no subsequent handshake.** For SSLv3, the call to ssl3_GatherAppDataRecord may encounter handshake** messages from a subsequent handshake.**** This code is similar to, and easily confused with, **   ssl_GatherRecord1stHandshake() in sslcon.c*/static int DoRecv(sslSocket *ss, unsigned char *out, int len, int flags){    int              rv;    int              amount;    int              available;    /* ssl3_GatherAppDataRecord may call ssl_FinishHandshake, which needs the     * 1stHandshakeLock. */    ssl_Get1stHandshakeLock(ss);    ssl_GetRecvBufLock(ss);    available = ss->gs.writeOffset - ss->gs.readOffset;    if (available == 0) {	/* Get some more data */	if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	    /* Wait for application data to arrive.  */	    rv = ssl3_GatherAppDataRecord(ss, 0);	} else {	    /* See if we have a complete record */	    rv = ssl2_GatherRecord(ss, 0);	}	if (rv <= 0) {	    if (rv == 0) {		/* EOF */		SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",			     SSL_GETPID(), ss->fd));		goto done;	    }	    if ((rv != SECWouldBlock) && 	        (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {		/* Some random error */		goto done;	    }	    /*	    ** Gather record is blocked waiting for more record data to	    ** arrive. Try to process what we have already received	    */	} else {	    /* Gather record has finished getting a complete record */	}	/* See if any clear data is now available */	available = ss->gs.writeOffset - ss->gs.readOffset;	if (available == 0) {	    /*	    ** No partial data is available. Force error code to	    ** EWOULDBLOCK so that caller will try again later. Note	    ** that the error code is probably EWOULDBLOCK already,	    ** but if it isn't (for example, if we received a zero	    ** length record) then this will force it to be correct.	    */	    PORT_SetError(PR_WOULD_BLOCK_ERROR);	    rv = SECFailure;	    goto done;	}	SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",		     SSL_GETPID(), ss->fd, available));    }    /* Dole out clear data to reader */    amount = PR_MIN(len, available);    PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);    if (!(flags & PR_MSG_PEEK)) {	ss->gs.readOffset += amount;    }    PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset);    rv = amount;    SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",		 SSL_GETPID(), ss->fd, amount, available));    PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));done:    ssl_ReleaseRecvBufLock(ss);    ssl_Release1stHandshakeLock(ss);    return rv;}

/* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */intssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags){    int rv = 0;    SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",                SSL_GETPID(), ss->fd, len));    if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);        rv = PR_FAILURE;        goto done;    }    if (flags) {        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);        rv = PR_FAILURE;        goto done;    }    ssl_GetXmitBufLock(ss);    if (ss->pendingBuf.len != 0) {        PORT_Assert(ss->pendingBuf.len > 0);        rv = ssl_SendSavedWriteData(ss);        if (rv >= 0 && ss->pendingBuf.len != 0) {            PORT_Assert(ss->pendingBuf.len > 0);            PORT_SetError(PR_WOULD_BLOCK_ERROR);            rv = SECFailure;        }    }    ssl_ReleaseXmitBufLock(ss);    if (rv < 0) {        goto done;    }    if (len > 0)        ss->writerThread = PR_GetCurrentThread();    /* Check to see if we can write even though we're not finished.     *     * Case 1: False start     * Case 2: TLS 1.3 0-RTT     */    if (!ss->firstHsDone) {        PRBool falseStart = PR_FALSE;        ssl_Get1stHandshakeLock(ss);        if (ss->opt.enableFalseStart ||            (ss->opt.enable0RttData && !ss->sec.isServer)) {            ssl_GetSSL3HandshakeLock(ss);            /* The client can sometimes send before the handshake is fully             * complete. In TLS 1.2: false start; in TLS 1.3: 0-RTT. */            falseStart = ss->ssl3.hs.canFalseStart ||                         ss->ssl3.hs.zeroRttState == ssl_0rtt_sent ||                         ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted;            ssl_ReleaseSSL3HandshakeLock(ss);        }        if (!falseStart && ss->handshake) {            rv = ssl_Do1stHandshake(ss);        }        ssl_Release1stHandshakeLock(ss);    }    if (rv < 0) {        ss->writerThread = NULL;        goto done;    }    /* Check for zero length writes after we do housekeeping so we make forward     * progress.     */    if (len == 0) {        rv = 0;        goto done;    }    PORT_Assert(buf != NULL);    if (!buf) {        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);        rv = PR_FAILURE;        goto done;    }    if (!ss->firstHsDone) {#ifdef DEBUG        ssl_GetSSL3HandshakeLock(ss);        PORT_Assert(!ss->sec.isServer &&                    (ss->ssl3.hs.canFalseStart ||                     ss->ssl3.hs.zeroRttState == ssl_0rtt_sent ||                     ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted));        ssl_ReleaseSSL3HandshakeLock(ss);#endif        SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",                    SSL_GETPID(), ss->fd));    }    ssl_GetXmitBufLock(ss);    rv = ssl3_SendApplicationData(ss, buf, len, flags);    ssl_ReleaseXmitBufLock(ss);    ss->writerThread = NULL;done:    if (rv < 0) {        SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",//.........这里部分代码省略.........

static int DoRecv(sslSocket *ss, unsigned char *out, int len, int flags){    int              rv;    int              amount;    int              available;    ssl_Get1stHandshakeLock(ss);    ssl_GetRecvBufLock(ss);    available = ss->gs.writeOffset - ss->gs.readOffset;    if (available == 0) {		if (ss->version >= SSL_LIBRARY_VERSION_3_0) {	    	    rv = ssl3_GatherAppDataRecord(ss, 0);	} else {	    	    rv = ssl2_GatherRecord(ss, 0);	}	if (rv <= 0) {	    if (rv == 0) {				SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",			     SSL_GETPID(), ss->fd));		goto done;	    }	    if ((rv != SECWouldBlock) && 	        (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {				goto done;	    }	} else {	    	}		available = ss->gs.writeOffset - ss->gs.readOffset;	if (available == 0) {	    PORT_SetError(PR_WOULD_BLOCK_ERROR);	    rv = SECFailure;	    goto done;	}	SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",		     SSL_GETPID(), ss->fd, available));    }        amount = PR_MIN(len, available);    PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);    if (!(flags & PR_MSG_PEEK)) {	ss->gs.readOffset += amount;    }    PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset);    rv = amount;    SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",		 SSL_GETPID(), ss->fd, amount, available));    PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));done:    ssl_ReleaseRecvBufLock(ss);    ssl_Release1stHandshakeLock(ss);    return rv;}

intssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags){    int rv = 0;    PRBool falseStart = PR_FALSE;    SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",		SSL_GETPID(), ss->fd, len));    if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {	PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);    	rv = PR_FAILURE;	goto done;    }    if (flags) {	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);    	rv = PR_FAILURE;	goto done;    }    ssl_GetXmitBufLock(ss);    if (ss->pendingBuf.len != 0) {	PORT_Assert(ss->pendingBuf.len > 0);	rv = ssl_SendSavedWriteData(ss);	if (rv >= 0 && ss->pendingBuf.len != 0) {	    PORT_Assert(ss->pendingBuf.len > 0);	    PORT_SetError(PR_WOULD_BLOCK_ERROR);	    rv = SECFailure;	}    }    ssl_ReleaseXmitBufLock(ss);    if (rv < 0) {	goto done;    }    if (len > 0)     	ss->writerThread = PR_GetCurrentThread();        if (!ss->firstHsDone) {	ssl_Get1stHandshakeLock(ss);	if (ss->opt.enableFalseStart &&	    ss->version >= SSL_LIBRARY_VERSION_3_0) {	    ssl_GetSSL3HandshakeLock(ss);	    falseStart = ss->ssl3.hs.canFalseStart;	    ssl_ReleaseSSL3HandshakeLock(ss);	}	if (!falseStart &&	    (ss->handshake || ss->nextHandshake || ss->securityHandshake)) {	    rv = ssl_Do1stHandshake(ss);	}	ssl_Release1stHandshakeLock(ss);    }    if (rv < 0) {    	ss->writerThread = NULL;	goto done;    }    if (len == 0) {    	rv = 0;	goto done;    }    PORT_Assert(buf != NULL);    if (!buf) {	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);    	rv = PR_FAILURE;	goto done;    }    if (!ss->firstHsDone) {	PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_3_0);#ifdef DEBUG	ssl_GetSSL3HandshakeLock(ss);	PORT_Assert(ss->ssl3.hs.canFalseStart);	ssl_ReleaseSSL3HandshakeLock(ss);#endif	SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",		    SSL_GETPID(), ss->fd));    }    ssl_GetXmitBufLock(ss);    rv = (*ss->sec.send)(ss, buf, len, flags);    ssl_ReleaseXmitBufLock(ss);    ss->writerThread = NULL;done:    if (rv < 0) {	SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",		    SSL_GETPID(), ss->fd, rv, PORT_GetError()));    } else {	SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",		    SSL_GETPID(), ss->fd, rv));    }    return rv;}

/* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */intssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags){    int rv = 0;    PRBool falseStart = PR_FALSE;    SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",		SSL_GETPID(), ss->fd, len));    if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {	PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);    	rv = PR_FAILURE;	goto done;    }    if (flags) {	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);    	rv = PR_FAILURE;	goto done;    }    ssl_GetXmitBufLock(ss);    if (ss->pendingBuf.len != 0) {	PORT_Assert(ss->pendingBuf.len > 0);	rv = ssl_SendSavedWriteData(ss);	if (rv >= 0 && ss->pendingBuf.len != 0) {	    PORT_Assert(ss->pendingBuf.len > 0);	    PORT_SetError(PR_WOULD_BLOCK_ERROR);	    rv = SECFailure;	}    }    ssl_ReleaseXmitBufLock(ss);    if (rv < 0) {	goto done;    }    if (len > 0)     	ss->writerThread = PR_GetCurrentThread();    /* If any of these is non-zero, the initial handshake is not done. */    if (!ss->firstHsDone) {	ssl_Get1stHandshakeLock(ss);	if (ss->opt.enableFalseStart &&	    ss->version >= SSL_LIBRARY_VERSION_3_0) {	    ssl_GetSSL3HandshakeLock(ss);	    falseStart = ss->ssl3.hs.canFalseStart;	    ssl_ReleaseSSL3HandshakeLock(ss);	}	if (!falseStart &&	    (ss->handshake || ss->nextHandshake || ss->securityHandshake)) {	    rv = ssl_Do1stHandshake(ss);	}	ssl_Release1stHandshakeLock(ss);    }    if (rv < 0) {    	ss->writerThread = NULL;	goto done;    }    /* Check for zero length writes after we do housekeeping so we make forward     * progress.     */    if (len == 0) {    	rv = 0;	goto done;    }    PORT_Assert(buf != NULL);    if (!buf) {	PORT_SetError(PR_INVALID_ARGUMENT_ERROR);    	rv = PR_FAILURE;	goto done;    }    if (!ss->firstHsDone) {	PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_3_0);#ifdef DEBUG	ssl_GetSSL3HandshakeLock(ss);	PORT_Assert(ss->ssl3.hs.canFalseStart);	ssl_ReleaseSSL3HandshakeLock(ss);#endif	SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",		    SSL_GETPID(), ss->fd));    }    /* Send out the data using one of these functions:     *	ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock,      *  ssl3_SendApplicationData     */    ssl_GetXmitBufLock(ss);    rv = (*ss->sec.send)(ss, buf, len, flags);    ssl_ReleaseXmitBufLock(ss);    ss->writerThread = NULL;done:    if (rv < 0) {	SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",		    SSL_GETPID(), ss->fd, rv, PORT_GetError()));    } else {	SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",		    SSL_GETPID(), ss->fd, rv));    }    return rv;//.........这里部分代码省略.........