| OLD | NEW |
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 280 int (*read) (sslSocket *, unsigned char *, int); | 280 int (*read) (sslSocket *, unsigned char *, int); |
| 281 int (*write) (sslSocket *, const unsigned char *, int); | 281 int (*write) (sslSocket *, const unsigned char *, int); |
| 282 | 282 |
| 283 int (*getpeername)(sslSocket *, PRNetAddr *); | 283 int (*getpeername)(sslSocket *, PRNetAddr *); |
| 284 int (*getsockname)(sslSocket *, PRNetAddr *); | 284 int (*getsockname)(sslSocket *, PRNetAddr *); |
| 285 }; | 285 }; |
| 286 | 286 |
| 287 /* Flags interpreted by ssl send functions. */ | 287 /* Flags interpreted by ssl send functions. */ |
| 288 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 | 288 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 |
| 289 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 | 289 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 |
| 290 #define ssl_SEND_FLAG_NO_FLUSH 0x10000000 | |
| 291 #define ssl_SEND_FLAG_MASK 0x7f000000 | 290 #define ssl_SEND_FLAG_MASK 0x7f000000 |
| 292 | 291 |
| 293 /* | 292 /* |
| 294 ** A buffer object. | 293 ** A buffer object. |
| 295 */ | 294 */ |
| 296 struct sslBufferStr { | 295 struct sslBufferStr { |
| 297 unsigned char * buf; | 296 unsigned char * buf; |
| 298 unsigned int len; | 297 unsigned int len; |
| 299 unsigned int space; | 298 unsigned int space; |
| 300 }; | 299 }; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 unsigned int v2CompatibleHello : 1; /* 13 */ | 341 unsigned int v2CompatibleHello : 1; /* 13 */ |
| 343 unsigned int detectRollBack : 1; /* 14 */ | 342 unsigned int detectRollBack : 1; /* 14 */ |
| 344 unsigned int noStepDown : 1; /* 15 */ | 343 unsigned int noStepDown : 1; /* 15 */ |
| 345 unsigned int bypassPKCS11 : 1; /* 16 */ | 344 unsigned int bypassPKCS11 : 1; /* 16 */ |
| 346 unsigned int noLocks : 1; /* 17 */ | 345 unsigned int noLocks : 1; /* 17 */ |
| 347 unsigned int enableSessionTickets : 1; /* 18 */ | 346 unsigned int enableSessionTickets : 1; /* 18 */ |
| 348 unsigned int enableDeflate : 1; /* 19 */ | 347 unsigned int enableDeflate : 1; /* 19 */ |
| 349 unsigned int enableRenegotiation : 2; /* 20-21 */ | 348 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| 350 unsigned int requireSafeNegotiation : 1; /* 22 */ | 349 unsigned int requireSafeNegotiation : 1; /* 22 */ |
| 351 unsigned int enableFalseStart : 1; /* 23 */ | 350 unsigned int enableFalseStart : 1; /* 23 */ |
| 352 unsigned int enableSnapStart : 1; /* 24 */ | 351 unsigned int enableOCSPStapling : 1; /* 24 */ |
| 353 unsigned int enableOCSPStapling : 1; /* 25 */ | |
| 354 } sslOptions; | 352 } sslOptions; |
| 355 | 353 |
| 356 typedef enum { sslHandshakingUndetermined = 0, | 354 typedef enum { sslHandshakingUndetermined = 0, |
| 357 sslHandshakingAsClient, | 355 sslHandshakingAsClient, |
| 358 sslHandshakingAsServer | 356 sslHandshakingAsServer |
| 359 } sslHandshakingType; | 357 } sslHandshakingType; |
| 360 | 358 |
| 361 typedef struct sslServerCertsStr { | 359 typedef struct sslServerCertsStr { |
| 362 /* Configuration state for server sockets */ | 360 /* Configuration state for server sockets */ |
| 363 CERTCertificate * serverCert; | 361 CERTCertificate * serverCert; |
| (...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 758 /* registered callbacks that send server hello extensions */ | 756 /* registered callbacks that send server hello extensions */ |
| 759 ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; | 757 ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; |
| 760 /* Keep track of the extensions that are negotiated. */ | 758 /* Keep track of the extensions that are negotiated. */ |
| 761 PRUint16 numAdvertised; | 759 PRUint16 numAdvertised; |
| 762 PRUint16 numNegotiated; | 760 PRUint16 numNegotiated; |
| 763 PRUint16 advertised[SSL_MAX_EXTENSIONS]; | 761 PRUint16 advertised[SSL_MAX_EXTENSIONS]; |
| 764 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; | 762 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; |
| 765 | 763 |
| 766 /* SessionTicket Extension related data. */ | 764 /* SessionTicket Extension related data. */ |
| 767 PRBool ticketTimestampVerified; | 765 PRBool ticketTimestampVerified; |
| 768 PRBool serverReceivedEmptySessionTicket; | 766 PRBool emptySessionTicket; |
| 769 PRBool clientSentNonEmptySessionTicket; | |
| 770 | 767 |
| 771 /* SNI Extension related data | 768 /* SNI Extension related data |
| 772 * Names data is not coppied from the input buffer. It can not be | 769 * Names data is not coppied from the input buffer. It can not be |
| 773 * used outside the scope where input buffer is defined and that | 770 * used outside the scope where input buffer is defined and that |
| 774 * is beyond ssl3_HandleClientHello function. */ | 771 * is beyond ssl3_HandleClientHello function. */ |
| 775 SECItem *sniNameArr; | 772 SECItem *sniNameArr; |
| 776 PRUint32 sniNameArrSize; | 773 PRUint32 sniNameArrSize; |
| 777 }; | 774 }; |
| 778 | 775 |
| 779 typedef enum { | |
| 780 snap_start_none = 0, | |
| 781 snap_start_full, | |
| 782 snap_start_recovery, | |
| 783 snap_start_resume, | |
| 784 snap_start_resume_recovery | |
| 785 } TLSSnapStartType; | |
| 786 | |
| 787 /* | 776 /* |
| 788 ** This is the "hs" member of the "ssl3" struct. | 777 ** This is the "hs" member of the "ssl3" struct. |
| 789 ** This entire struct is protected by ssl3HandshakeLock | 778 ** This entire struct is protected by ssl3HandshakeLock |
| 790 */ | 779 */ |
| 791 typedef struct SSL3HandshakeStateStr { | 780 typedef struct SSL3HandshakeStateStr { |
| 792 SSL3Random server_random; | 781 SSL3Random server_random; |
| 793 SSL3Random client_random; | 782 SSL3Random client_random; |
| 794 SSL3WaitState ws; | 783 SSL3WaitState ws; |
| 795 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 784 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 796 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 785 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| (...skipping 26 matching lines...) Expand all Loading... |
| 823 SECItem cert_status; /* an OCSP response */ | 812 SECItem cert_status; /* an OCSP response */ |
| 824 sslBuffer msgState; /* current state for handshake messages*/ | 813 sslBuffer msgState; /* current state for handshake messages*/ |
| 825 /* protected by recvBufLock */ | 814 /* protected by recvBufLock */ |
| 826 sslBuffer messages; /* Accumulated handshake messages */ | 815 sslBuffer messages; /* Accumulated handshake messages */ |
| 827 PRUint16 finishedBytes; /* size of single finished below */ | 816 PRUint16 finishedBytes; /* size of single finished below */ |
| 828 union { | 817 union { |
| 829 TLSFinished tFinished[2]; /* client, then server */ | 818 TLSFinished tFinished[2]; /* client, then server */ |
| 830 SSL3Hashes sFinished[2]; | 819 SSL3Hashes sFinished[2]; |
| 831 SSL3Opaque data[72]; | 820 SSL3Opaque data[72]; |
| 832 } finishedMsgs; | 821 } finishedMsgs; |
| 833 | |
| 834 TLSSnapStartType snapStartType; | |
| 835 /* When we perform a Snap Start handshake, we hash our ClientHello as if | |
| 836 * the Snap Start extension wasn't included. However, if the server rejects | |
| 837 * our Snap Start attempt, then it will hash the whole ClientHello. Thus we | |
| 838 * store the original ClientHello that we sent in case we need to reset our | |
| 839 * Finished hash to cover it. */ | |
| 840 SECItem origClientHello; | |
| 841 #ifdef NSS_ENABLE_ECC | 822 #ifdef NSS_ENABLE_ECC |
| 842 PRUint32 negotiatedECCurves; /* bit mask */ | 823 PRUint32 negotiatedECCurves; /* bit mask */ |
| 843 #endif /* NSS_ENABLE_ECC */ | 824 #endif /* NSS_ENABLE_ECC */ |
| 844 PRBool nextProtoNego;/* Our peer has sent this extension */ | 825 PRBool nextProtoNego;/* Our peer has sent this extension */ |
| 845 } SSL3HandshakeState; | 826 } SSL3HandshakeState; |
| 846 | 827 |
| 847 | 828 |
| 848 | 829 |
| 849 /* | 830 /* |
| 850 ** This is the "ssl3" struct, as in "ss->ssl3". | 831 ** This is the "ssl3" struct, as in "ss->ssl3". |
| (...skipping 15 matching lines...) Expand all Loading... |
| 866 ssl3CipherSpec * pwSpec; /* pending write spec. */ | 847 ssl3CipherSpec * pwSpec; /* pending write spec. */ |
| 867 | 848 |
| 868 CERTCertificate * clientCertificate; /* used by client */ | 849 CERTCertificate * clientCertificate; /* used by client */ |
| 869 SECKEYPrivateKey * clientPrivateKey; /* used by client */ | 850 SECKEYPrivateKey * clientPrivateKey; /* used by client */ |
| 870 #ifdef NSS_PLATFORM_CLIENT_AUTH | 851 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 871 PlatformKey platformClientKey; /* used by client */ | 852 PlatformKey platformClientKey; /* used by client */ |
| 872 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 853 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 873 CERTCertificateList *clientCertChain; /* used by client */ | 854 CERTCertificateList *clientCertChain; /* used by client */ |
| 874 PRBool sendEmptyCert; /* used by client */ | 855 PRBool sendEmptyCert; /* used by client */ |
| 875 | 856 |
| 876 /* TLS Snap Start: */ | |
| 877 CERTCertificate ** predictedCertChain; | |
| 878 /* An array terminated with a NULL. */ | |
| 879 SECItem serverHelloPredictionData; | |
| 880 PRBool serverHelloPredictionDataValid; | |
| 881 /* data needed to predict the ServerHello from | |
| 882 * this server. */ | |
| 883 SECItem snapStartApplicationData; | |
| 884 /* the application data to include in the Snap | |
| 885 * Start extension. */ | |
| 886 | |
| 887 int policy; | 857 int policy; |
| 888 /* This says what cipher suites we can do, and should | 858 /* This says what cipher suites we can do, and should |
| 889 * be either SSL_ALLOWED or SSL_RESTRICTED | 859 * be either SSL_ALLOWED or SSL_RESTRICTED |
| 890 */ | 860 */ |
| 891 PRArenaPool * peerCertArena; | 861 PRArenaPool * peerCertArena; |
| 892 /* These are used to keep track of the peer CA */ | 862 /* These are used to keep track of the peer CA */ |
| 893 void * peerCertChain; | 863 void * peerCertChain; |
| 894 /* chain while we are trying to validate it. */ | 864 /* chain while we are trying to validate it. */ |
| 895 CERTDistNames * ca_list; | 865 CERTDistNames * ca_list; |
| 896 /* used by server. trusted CAs for this socket. */ | 866 /* used by server. trusted CAs for this socket. */ |
| (...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1316 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, | 1286 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, |
| 1317 unsigned int len); | 1287 unsigned int len); |
| 1318 | 1288 |
| 1319 extern void ssl2_UseClearSendFunc(sslSocket *ss); | 1289 extern void ssl2_UseClearSendFunc(sslSocket *ss); |
| 1320 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); | 1290 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); |
| 1321 | 1291 |
| 1322 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); | 1292 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); |
| 1323 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, | 1293 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, |
| 1324 const char *peerID, const char *urlSvrName); | 1294 const char *peerID, const char *urlSvrName); |
| 1325 extern void ssl_FreeSID(sslSessionID *sid); | 1295 extern void ssl_FreeSID(sslSessionID *sid); |
| 1326 extern void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid); | |
| 1327 | 1296 |
| 1328 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, | 1297 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, |
| 1329 int len, int flags); | 1298 int len, int flags); |
| 1330 | 1299 |
| 1331 extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss); | |
| 1332 | |
| 1333 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); | 1300 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
| 1334 | 1301 |
| 1335 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); | 1302 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
| 1336 | 1303 |
| 1337 extern void ssl_SetAlwaysBlock(sslSocket *ss); | 1304 extern void ssl_SetAlwaysBlock(sslSocket *ss); |
| 1338 | 1305 |
| 1339 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 1306 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
| 1340 | 1307 |
| 1341 extern PRBool ssl3_CanFalseStart(sslSocket *ss); | 1308 extern PRBool ssl3_CanFalseStart(sslSocket *ss); |
| 1342 | 1309 |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1495 ec_pastLastName | 1462 ec_pastLastName |
| 1496 } ECName; | 1463 } ECName; |
| 1497 | 1464 |
| 1498 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve, | 1465 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve, |
| 1499 SECKEYECParams *params); | 1466 SECKEYECParams *params); |
| 1500 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); | 1467 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); |
| 1501 | 1468 |
| 1502 | 1469 |
| 1503 #endif /* NSS_ENABLE_ECC */ | 1470 #endif /* NSS_ENABLE_ECC */ |
| 1504 | 1471 |
| 1505 extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b, | |
| 1506 unsigned int l); | |
| 1507 | |
| 1508 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); | 1472 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); |
| 1509 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); | 1473 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); |
| 1510 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); | 1474 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
| 1511 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); | 1475 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); |
| 1512 | 1476 |
| 1513 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
on); | 1477 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
on); |
| 1514 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool
*on); | 1478 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool
*on); |
| 1515 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled
); | 1479 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled
); |
| 1516 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable
d); | 1480 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable
d); |
| 1517 | 1481 |
| 1518 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); | 1482 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
| 1519 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); | 1483 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
| 1520 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); | 1484 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); |
| 1521 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); | 1485 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); |
| 1522 | 1486 |
| 1523 extern void ssl2_InitSocketPolicy(sslSocket *ss); | 1487 extern void ssl2_InitSocketPolicy(sslSocket *ss); |
| 1524 extern void ssl3_InitSocketPolicy(sslSocket *ss); | 1488 extern void ssl3_InitSocketPolicy(sslSocket *ss); |
| 1525 | 1489 |
| 1526 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, | 1490 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
| 1527 unsigned char *cs, int *size); | 1491 unsigned char *cs, int *size); |
| 1528 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec* spec, PRBool freeSrvName); | |
| 1529 | 1492 |
| 1530 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); | 1493 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
| 1531 | 1494 |
| 1532 extern void ssl3_DestroySSL3Info(sslSocket *ss); | 1495 extern void ssl3_DestroySSL3Info(sslSocket *ss); |
| 1533 | 1496 |
| 1534 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, | 1497 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
| 1535 SSL3ProtocolVersion peerVersion); | 1498 SSL3ProtocolVersion peerVersion); |
| 1536 | 1499 |
| 1537 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); | 1500 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); |
| 1538 | 1501 |
| (...skipping 29 matching lines...) Expand all Loading... |
| 1568 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, | 1531 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
| 1569 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); | 1532 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); |
| 1570 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, | 1533 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
| 1571 SECItem *buf, PRBool isTLS); | 1534 SECItem *buf, PRBool isTLS); |
| 1572 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, | 1535 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
| 1573 CERTCertificate *cert, SECItem *buf, PRBool isTLS, | 1536 CERTCertificate *cert, SECItem *buf, PRBool isTLS, |
| 1574 void *pwArg); | 1537 void *pwArg); |
| 1575 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, | 1538 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, |
| 1576 sslSessionID *sid, ssl3CipherSpec *spec, | 1539 sslSessionID *sid, ssl3CipherSpec *spec, |
| 1577 SSL3KEAType effectiveExchKeyType); | 1540 SSL3KEAType effectiveExchKeyType); |
| 1578 extern void ssl3_CleanupPredictedPeerCertificates(sslSocket *ss); | |
| 1579 extern const ssl3CipherSuiteDef* ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
; | |
| 1580 extern SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss); | |
| 1581 extern SECStatus ssl3_SendClientKeyExchange(sslSocket *ss); | |
| 1582 extern SECStatus ssl3_SendNextProto(sslSocket *ss); | |
| 1583 extern SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags); | |
| 1584 extern SECStatus ssl3_CompressMACEncryptRecord | |
| 1585 (sslSocket * ss, | |
| 1586 SSL3ContentType type, | |
| 1587 const SSL3Opaque * pIn, | |
| 1588 PRUint32 contentLen); | |
| 1589 extern PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type); | |
| 1590 extern SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss); | |
| 1591 extern SECStatus ssl3_ComputeHandshakeHashes( | |
| 1592 sslSocket * ss, | |
| 1593 ssl3CipherSpec *spec, /* uses ->master_secret */ | |
| 1594 SSL3Hashes * hashes, /* output goes here. */ | |
| 1595 PRUint32 sender); | |
| 1596 extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b, | |
| 1597 unsigned int l); | |
| 1598 extern SECStatus ssl3_ComputeTLSFinished( | |
| 1599 ssl3CipherSpec *spec, | |
| 1600 PRBool isServer, | |
| 1601 const SSL3Finished * hashes, | |
| 1602 TLSFinished * tlsFinished); | |
| 1603 | 1541 |
| 1604 /* Functions that handle ClientHello and ServerHello extensions. */ | 1542 /* Functions that handle ClientHello and ServerHello extensions. */ |
| 1605 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, | 1543 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, |
| 1606 PRUint16 ex_type, SECItem *data); | 1544 PRUint16 ex_type, SECItem *data); |
| 1607 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, | 1545 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, |
| 1608 PRUint16 ex_type, SECItem *data); | 1546 PRUint16 ex_type, SECItem *data); |
| 1609 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, | 1547 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, |
| 1610 PRUint16 ex_type, SECItem *data); | 1548 PRUint16 ex_type, SECItem *data); |
| 1611 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, | 1549 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
| 1612 PRUint16 ex_type, SECItem *data); | 1550 PRUint16 ex_type, SECItem *data); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1626 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, | 1564 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
| 1627 PRUint32 maxBytes); | 1565 PRUint32 maxBytes); |
| 1628 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, | 1566 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, |
| 1629 PRUint32 maxBytes); | 1567 PRUint32 maxBytes); |
| 1630 | 1568 |
| 1631 /* ClientHello and ServerHello extension senders. | 1569 /* ClientHello and ServerHello extension senders. |
| 1632 * The code is in ssl3ext.c. | 1570 * The code is in ssl3ext.c. |
| 1633 */ | 1571 */ |
| 1634 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, | 1572 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
| 1635 PRUint32 maxBytes); | 1573 PRUint32 maxBytes); |
| 1636 extern PRInt32 ssl3_SendSnapStartXtn(sslSocket *ss, PRBool append, | |
| 1637 PRUint32 maxBytes); | |
| 1638 extern SECStatus ssl3_ClientHandleSnapStartXtn(sslSocket *ss, PRUint16 ex_type, | |
| 1639 SECItem *data); | |
| 1640 | |
| 1641 extern SECStatus ssl3_ResetForSnapStartRecovery(sslSocket *ss, | |
| 1642 SSL3Opaque *b, PRUint32 length); | |
| 1643 | 1574 |
| 1644 /* Assigns new cert, cert chain and keys to ss->serverCerts | 1575 /* Assigns new cert, cert chain and keys to ss->serverCerts |
| 1645 * struct. If certChain is NULL, tries to find one. Aborts if | 1576 * struct. If certChain is NULL, tries to find one. Aborts if |
| 1646 * fails to do so. If cert and keyPair are NULL - unconfigures | 1577 * fails to do so. If cert and keyPair are NULL - unconfigures |
| 1647 * sslSocket of kea type.*/ | 1578 * sslSocket of kea type.*/ |
| 1648 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, | 1579 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
| 1649 CERTCertificateList *certChain, | 1580 CERTCertificateList *certChain, |
| 1650 ssl3KeyPair *keyPair, SSLKEAType kea); | 1581 ssl3KeyPair *keyPair, SSLKEAType kea); |
| 1651 /* Return key type for the cert */ | 1582 /* Return key type for the cert */ |
| 1652 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); | 1583 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1756 extern int ssl_MapLowLevelError(int hiLevelError); | 1687 extern int ssl_MapLowLevelError(int hiLevelError); |
| 1757 | 1688 |
| 1758 extern PRUint32 ssl_Time(void); | 1689 extern PRUint32 ssl_Time(void); |
| 1759 | 1690 |
| 1760 extern void SSL_AtomicIncrementLong(long * x); | 1691 extern void SSL_AtomicIncrementLong(long * x); |
| 1761 | 1692 |
| 1762 SECStatus SSL_DisableDefaultExportCipherSuites(void); | 1693 SECStatus SSL_DisableDefaultExportCipherSuites(void); |
| 1763 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | 1694 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); |
| 1764 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | 1695 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
| 1765 | 1696 |
| 1766 /********************** FNV hash *********************/ | |
| 1767 | |
| 1768 void FNV1A64_Init(PRUint64 *digest); | |
| 1769 void FNV1A64_Update(PRUint64 *digest, const unsigned char *data, | |
| 1770 unsigned int length); | |
| 1771 void FNV1A64_Final(PRUint64 *digest); | |
| 1772 | 1697 |
| 1773 #ifdef TRACE | 1698 #ifdef TRACE |
| 1774 #define SSL_TRACE(msg) ssl_Trace msg | 1699 #define SSL_TRACE(msg) ssl_Trace msg |
| 1775 #else | 1700 #else |
| 1776 #define SSL_TRACE(msg) | 1701 #define SSL_TRACE(msg) |
| 1777 #endif | 1702 #endif |
| 1778 | 1703 |
| 1779 void ssl_Trace(const char *format, ...); | 1704 void ssl_Trace(const char *format, ...); |
| 1780 | 1705 |
| 1781 SEC_END_PROTOS | 1706 SEC_END_PROTOS |
| 1782 | 1707 |
| 1783 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1708 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
| 1784 #define SSL_GETPID getpid | 1709 #define SSL_GETPID getpid |
| 1785 #elif defined(_WIN32_WCE) | 1710 #elif defined(_WIN32_WCE) |
| 1786 #define SSL_GETPID GetCurrentProcessId | 1711 #define SSL_GETPID GetCurrentProcessId |
| 1787 #elif defined(WIN32) | 1712 #elif defined(WIN32) |
| 1788 extern int __cdecl _getpid(void); | 1713 extern int __cdecl _getpid(void); |
| 1789 #define SSL_GETPID _getpid | 1714 #define SSL_GETPID _getpid |
| 1790 #else | 1715 #else |
| 1791 #define SSL_GETPID() 0 | 1716 #define SSL_GETPID() 0 |
| 1792 #endif | 1717 #endif |
| 1793 | 1718 |
| 1794 #endif /* __sslimpl_h_ */ | 1719 #endif /* __sslimpl_h_ */ |
| OLD | NEW |