OLD | NEW |
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
7 * | 7 * |
8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
310 #endif | 310 #endif |
311 } ssl3CipherSuiteCfg; | 311 } ssl3CipherSuiteCfg; |
312 | 312 |
313 #ifdef NSS_ENABLE_ECC | 313 #ifdef NSS_ENABLE_ECC |
314 #define ssl_V3_SUITES_IMPLEMENTED 50 | 314 #define ssl_V3_SUITES_IMPLEMENTED 50 |
315 #else | 315 #else |
316 #define ssl_V3_SUITES_IMPLEMENTED 30 | 316 #define ssl_V3_SUITES_IMPLEMENTED 30 |
317 #endif /* NSS_ENABLE_ECC */ | 317 #endif /* NSS_ENABLE_ECC */ |
318 | 318 |
319 typedef struct sslOptionsStr { | 319 typedef struct sslOptionsStr { |
| 320 /* For clients, this is a validated list of protocols in preference order |
| 321 * and wire format. For servers, this is the list of support protocols, |
| 322 * also in wire format. */ |
| 323 SECItem nextProtoNego; |
| 324 |
320 unsigned int useSecurity : 1; /* 1 */ | 325 unsigned int useSecurity : 1; /* 1 */ |
321 unsigned int useSocks : 1; /* 2 */ | 326 unsigned int useSocks : 1; /* 2 */ |
322 unsigned int requestCertificate : 1; /* 3 */ | 327 unsigned int requestCertificate : 1; /* 3 */ |
323 unsigned int requireCertificate : 2; /* 4-5 */ | 328 unsigned int requireCertificate : 2; /* 4-5 */ |
324 unsigned int handshakeAsClient : 1; /* 6 */ | 329 unsigned int handshakeAsClient : 1; /* 6 */ |
325 unsigned int handshakeAsServer : 1; /* 7 */ | 330 unsigned int handshakeAsServer : 1; /* 7 */ |
326 unsigned int enableSSL2 : 1; /* 8 */ | 331 unsigned int enableSSL2 : 1; /* 8 */ |
327 unsigned int enableSSL3 : 1; /* 9 */ | 332 unsigned int enableSSL3 : 1; /* 9 */ |
328 unsigned int enableTLS : 1; /* 10 */ | 333 unsigned int enableTLS : 1; /* 10 */ |
329 unsigned int noCache : 1; /* 11 */ | 334 unsigned int noCache : 1; /* 11 */ |
(...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
763 PRBool isResuming; /* are we resuming a session */ | 768 PRBool isResuming; /* are we resuming a session */ |
764 PRBool rehandshake; /* immediately start another handshake | 769 PRBool rehandshake; /* immediately start another handshake |
765 * when this one finishes */ | 770 * when this one finishes */ |
766 PRBool usedStepDownKey; /* we did a server key exchange. */ | 771 PRBool usedStepDownKey; /* we did a server key exchange. */ |
767 sslBuffer msgState; /* current state for handshake messages*/ | 772 sslBuffer msgState; /* current state for handshake messages*/ |
768 /* protected by recvBufLock */ | 773 /* protected by recvBufLock */ |
769 sslBuffer messages; /* Accumulated handshake messages */ | 774 sslBuffer messages; /* Accumulated handshake messages */ |
770 #ifdef NSS_ENABLE_ECC | 775 #ifdef NSS_ENABLE_ECC |
771 PRUint32 negotiatedECCurves; /* bit mask */ | 776 PRUint32 negotiatedECCurves; /* bit mask */ |
772 #endif /* NSS_ENABLE_ECC */ | 777 #endif /* NSS_ENABLE_ECC */ |
| 778 PRBool nextProtoNego;/* Our peer has sent this extension */ |
773 } SSL3HandshakeState; | 779 } SSL3HandshakeState; |
774 | 780 |
775 | 781 |
776 | 782 |
777 /* | 783 /* |
778 ** This is the "ssl3" struct, as in "ss->ssl3". | 784 ** This is the "ssl3" struct, as in "ss->ssl3". |
779 ** note: | 785 ** note: |
780 ** usually, crSpec == cwSpec and prSpec == pwSpec. | 786 ** usually, crSpec == cwSpec and prSpec == pwSpec. |
781 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. | 787 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. |
782 ** But there are never more than 2 actual specs. | 788 ** But there are never more than 2 actual specs. |
(...skipping 21 matching lines...) Expand all Loading... |
804 */ | 810 */ |
805 PRArenaPool * peerCertArena; | 811 PRArenaPool * peerCertArena; |
806 /* These are used to keep track of the peer CA */ | 812 /* These are used to keep track of the peer CA */ |
807 void * peerCertChain; | 813 void * peerCertChain; |
808 /* chain while we are trying to validate it. */ | 814 /* chain while we are trying to validate it. */ |
809 CERTDistNames * ca_list; | 815 CERTDistNames * ca_list; |
810 /* used by server. trusted CAs for this socket. */ | 816 /* used by server. trusted CAs for this socket. */ |
811 PRBool initialized; | 817 PRBool initialized; |
812 SSL3HandshakeState hs; | 818 SSL3HandshakeState hs; |
813 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ | 819 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
| 820 |
| 821 /* In a client: if the server supports Next Protocol Negotiation, then |
| 822 * this is the protocol that was requested. |
| 823 * In a server: this is the protocol that the client requested via Next |
| 824 * Protocol Negotiation. |
| 825 * |
| 826 * In either case, if the data pointer is non-NULL, then it is malloced |
| 827 * data. */ |
| 828 SECItem nextProto; |
| 829 int nextProtoState; /* See SSL_NEXT_PROTO_* defines */ |
814 }; | 830 }; |
815 | 831 |
816 typedef struct { | 832 typedef struct { |
817 SSL3ContentType type; | 833 SSL3ContentType type; |
818 SSL3ProtocolVersion version; | 834 SSL3ProtocolVersion version; |
819 sslBuffer * buf; | 835 sslBuffer * buf; |
820 } SSL3Ciphertext; | 836 } SSL3Ciphertext; |
821 | 837 |
822 struct ssl3KeyPairStr { | 838 struct ssl3KeyPairStr { |
823 SECKEYPrivateKey * privKey; | 839 SECKEYPrivateKey * privKey; |
(...skipping 640 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1464 | 1480 |
1465 /* Functions that handle ClientHello and ServerHello extensions. */ | 1481 /* Functions that handle ClientHello and ServerHello extensions. */ |
1466 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, | 1482 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, |
1467 PRUint16 ex_type, SECItem *data); | 1483 PRUint16 ex_type, SECItem *data); |
1468 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, | 1484 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, |
1469 PRUint16 ex_type, SECItem *data); | 1485 PRUint16 ex_type, SECItem *data); |
1470 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, | 1486 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, |
1471 PRUint16 ex_type, SECItem *data); | 1487 PRUint16 ex_type, SECItem *data); |
1472 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, | 1488 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
1473 PRUint16 ex_type, SECItem *data); | 1489 PRUint16 ex_type, SECItem *data); |
| 1490 extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 1491 PRUint16 ex_type, SECItem *data); |
1474 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, | 1492 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
1475 PRUint16 ex_type, SECItem *data); | 1493 PRUint16 ex_type, SECItem *data); |
| 1494 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 1495 PRUint16 ex_type, SECItem *data); |
1476 | 1496 |
1477 /* ClientHello and ServerHello extension senders. | 1497 /* ClientHello and ServerHello extension senders. |
1478 * Note that not all extension senders are exposed here; only those that | 1498 * Note that not all extension senders are exposed here; only those that |
1479 * that need exposure. | 1499 * that need exposure. |
1480 */ | 1500 */ |
1481 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, | 1501 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
1482 PRUint32 maxBytes); | 1502 PRUint32 maxBytes); |
1483 #ifdef NSS_ENABLE_ECC | 1503 #ifdef NSS_ENABLE_ECC |
1484 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, | 1504 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, |
1485 PRBool append, PRUint32 maxBytes); | 1505 PRBool append, PRUint32 maxBytes); |
1486 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, | 1506 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, |
1487 PRBool append, PRUint32 maxBytes); | 1507 PRBool append, PRUint32 maxBytes); |
1488 #endif | 1508 #endif |
| 1509 extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, |
| 1510 PRUint32 maxBytes); |
| 1511 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, |
| 1512 unsigned short length); |
1489 | 1513 |
1490 /* call the registered extension handlers. */ | 1514 /* call the registered extension handlers. */ |
1491 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, | 1515 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, |
1492 SSL3Opaque **b, PRUint32 *length); | 1516 SSL3Opaque **b, PRUint32 *length); |
1493 | 1517 |
1494 /* Hello Extension related routines. */ | 1518 /* Hello Extension related routines. */ |
1495 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); | 1519 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); |
1496 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid, | 1520 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid, |
1497 NewSessionTicket *session_ticket); | 1521 NewSessionTicket *session_ticket); |
1498 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); | 1522 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1584 #elif defined(_WIN32_WCE) | 1608 #elif defined(_WIN32_WCE) |
1585 #define SSL_GETPID GetCurrentProcessId | 1609 #define SSL_GETPID GetCurrentProcessId |
1586 #elif defined(WIN32) | 1610 #elif defined(WIN32) |
1587 extern int __cdecl _getpid(void); | 1611 extern int __cdecl _getpid(void); |
1588 #define SSL_GETPID _getpid | 1612 #define SSL_GETPID _getpid |
1589 #else | 1613 #else |
1590 #define SSL_GETPID() 0 | 1614 #define SSL_GETPID() 0 |
1591 #endif | 1615 #endif |
1592 | 1616 |
1593 #endif /* __sslimpl_h_ */ | 1617 #endif /* __sslimpl_h_ */ |
OLD | NEW |