Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Side by Side Diff: net/third_party/nss/ssl/sslimpl.h

Issue 7003069: Remove the TLS Snap Start code from NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file is PRIVATE to SSL and should be the first thing included by 2 * This file is PRIVATE to SSL and should be the first thing included by
3 * any SSL implementation file. 3 * any SSL implementation file.
4 * 4 *
5 * ***** BEGIN LICENSE BLOCK ***** 5 * ***** BEGIN LICENSE BLOCK *****
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7 * 7 *
8 * The contents of this file are subject to the Mozilla Public License Version 8 * The contents of this file are subject to the Mozilla Public License Version
9 * 1.1 (the "License"); you may not use this file except in compliance with 9 * 1.1 (the "License"); you may not use this file except in compliance with
10 * the License. You may obtain a copy of the License at 10 * the License. You may obtain a copy of the License at
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 int (*read) (sslSocket *, unsigned char *, int); 280 int (*read) (sslSocket *, unsigned char *, int);
281 int (*write) (sslSocket *, const unsigned char *, int); 281 int (*write) (sslSocket *, const unsigned char *, int);
282 282
283 int (*getpeername)(sslSocket *, PRNetAddr *); 283 int (*getpeername)(sslSocket *, PRNetAddr *);
284 int (*getsockname)(sslSocket *, PRNetAddr *); 284 int (*getsockname)(sslSocket *, PRNetAddr *);
285 }; 285 };
286 286
287 /* Flags interpreted by ssl send functions. */ 287 /* Flags interpreted by ssl send functions. */
288 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 288 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
289 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 289 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000
290 #define ssl_SEND_FLAG_NO_FLUSH 0x10000000
291 #define ssl_SEND_FLAG_MASK 0x7f000000 290 #define ssl_SEND_FLAG_MASK 0x7f000000
292 291
293 /* 292 /*
294 ** A buffer object. 293 ** A buffer object.
295 */ 294 */
296 struct sslBufferStr { 295 struct sslBufferStr {
297 unsigned char * buf; 296 unsigned char * buf;
298 unsigned int len; 297 unsigned int len;
299 unsigned int space; 298 unsigned int space;
300 }; 299 };
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 unsigned int v2CompatibleHello : 1; /* 13 */ 341 unsigned int v2CompatibleHello : 1; /* 13 */
343 unsigned int detectRollBack : 1; /* 14 */ 342 unsigned int detectRollBack : 1; /* 14 */
344 unsigned int noStepDown : 1; /* 15 */ 343 unsigned int noStepDown : 1; /* 15 */
345 unsigned int bypassPKCS11 : 1; /* 16 */ 344 unsigned int bypassPKCS11 : 1; /* 16 */
346 unsigned int noLocks : 1; /* 17 */ 345 unsigned int noLocks : 1; /* 17 */
347 unsigned int enableSessionTickets : 1; /* 18 */ 346 unsigned int enableSessionTickets : 1; /* 18 */
348 unsigned int enableDeflate : 1; /* 19 */ 347 unsigned int enableDeflate : 1; /* 19 */
349 unsigned int enableRenegotiation : 2; /* 20-21 */ 348 unsigned int enableRenegotiation : 2; /* 20-21 */
350 unsigned int requireSafeNegotiation : 1; /* 22 */ 349 unsigned int requireSafeNegotiation : 1; /* 22 */
351 unsigned int enableFalseStart : 1; /* 23 */ 350 unsigned int enableFalseStart : 1; /* 23 */
352 unsigned int enableSnapStart : 1; /* 24 */ 351 unsigned int enableOCSPStapling : 1; /* 24 */
353 unsigned int enableOCSPStapling : 1; /* 25 */
354 } sslOptions; 352 } sslOptions;
355 353
356 typedef enum { sslHandshakingUndetermined = 0, 354 typedef enum { sslHandshakingUndetermined = 0,
357 sslHandshakingAsClient, 355 sslHandshakingAsClient,
358 sslHandshakingAsServer 356 sslHandshakingAsServer
359 } sslHandshakingType; 357 } sslHandshakingType;
360 358
361 typedef struct sslServerCertsStr { 359 typedef struct sslServerCertsStr {
362 /* Configuration state for server sockets */ 360 /* Configuration state for server sockets */
363 CERTCertificate * serverCert; 361 CERTCertificate * serverCert;
(...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after
758 /* registered callbacks that send server hello extensions */ 756 /* registered callbacks that send server hello extensions */
759 ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; 757 ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS];
760 /* Keep track of the extensions that are negotiated. */ 758 /* Keep track of the extensions that are negotiated. */
761 PRUint16 numAdvertised; 759 PRUint16 numAdvertised;
762 PRUint16 numNegotiated; 760 PRUint16 numNegotiated;
763 PRUint16 advertised[SSL_MAX_EXTENSIONS]; 761 PRUint16 advertised[SSL_MAX_EXTENSIONS];
764 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; 762 PRUint16 negotiated[SSL_MAX_EXTENSIONS];
765 763
766 /* SessionTicket Extension related data. */ 764 /* SessionTicket Extension related data. */
767 PRBool ticketTimestampVerified; 765 PRBool ticketTimestampVerified;
768 PRBool serverReceivedEmptySessionTicket; 766 PRBool emptySessionTicket;
769 PRBool clientSentNonEmptySessionTicket;
770 767
771 /* SNI Extension related data 768 /* SNI Extension related data
772 * Names data is not coppied from the input buffer. It can not be 769 * Names data is not coppied from the input buffer. It can not be
773 * used outside the scope where input buffer is defined and that 770 * used outside the scope where input buffer is defined and that
774 * is beyond ssl3_HandleClientHello function. */ 771 * is beyond ssl3_HandleClientHello function. */
775 SECItem *sniNameArr; 772 SECItem *sniNameArr;
776 PRUint32 sniNameArrSize; 773 PRUint32 sniNameArrSize;
777 }; 774 };
778 775
779 typedef enum {
780 snap_start_none = 0,
781 snap_start_full,
782 snap_start_recovery,
783 snap_start_resume,
784 snap_start_resume_recovery
785 } TLSSnapStartType;
786
787 /* 776 /*
788 ** This is the "hs" member of the "ssl3" struct. 777 ** This is the "hs" member of the "ssl3" struct.
789 ** This entire struct is protected by ssl3HandshakeLock 778 ** This entire struct is protected by ssl3HandshakeLock
790 */ 779 */
791 typedef struct SSL3HandshakeStateStr { 780 typedef struct SSL3HandshakeStateStr {
792 SSL3Random server_random; 781 SSL3Random server_random;
793 SSL3Random client_random; 782 SSL3Random client_random;
794 SSL3WaitState ws; 783 SSL3WaitState ws;
795 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; 784 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS];
796 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; 785 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
(...skipping 26 matching lines...) Expand all
823 SECItem cert_status; /* an OCSP response */ 812 SECItem cert_status; /* an OCSP response */
824 sslBuffer msgState; /* current state for handshake messages*/ 813 sslBuffer msgState; /* current state for handshake messages*/
825 /* protected by recvBufLock */ 814 /* protected by recvBufLock */
826 sslBuffer messages; /* Accumulated handshake messages */ 815 sslBuffer messages; /* Accumulated handshake messages */
827 PRUint16 finishedBytes; /* size of single finished below */ 816 PRUint16 finishedBytes; /* size of single finished below */
828 union { 817 union {
829 TLSFinished tFinished[2]; /* client, then server */ 818 TLSFinished tFinished[2]; /* client, then server */
830 SSL3Hashes sFinished[2]; 819 SSL3Hashes sFinished[2];
831 SSL3Opaque data[72]; 820 SSL3Opaque data[72];
832 } finishedMsgs; 821 } finishedMsgs;
833
834 TLSSnapStartType snapStartType;
835 /* When we perform a Snap Start handshake, we hash our ClientHello as if
836 * the Snap Start extension wasn't included. However, if the server rejects
837 * our Snap Start attempt, then it will hash the whole ClientHello. Thus we
838 * store the original ClientHello that we sent in case we need to reset our
839 * Finished hash to cover it. */
840 SECItem origClientHello;
841 #ifdef NSS_ENABLE_ECC 822 #ifdef NSS_ENABLE_ECC
842 PRUint32 negotiatedECCurves; /* bit mask */ 823 PRUint32 negotiatedECCurves; /* bit mask */
843 #endif /* NSS_ENABLE_ECC */ 824 #endif /* NSS_ENABLE_ECC */
844 PRBool nextProtoNego;/* Our peer has sent this extension */ 825 PRBool nextProtoNego;/* Our peer has sent this extension */
845 } SSL3HandshakeState; 826 } SSL3HandshakeState;
846 827
847 828
848 829
849 /* 830 /*
850 ** This is the "ssl3" struct, as in "ss->ssl3". 831 ** This is the "ssl3" struct, as in "ss->ssl3".
(...skipping 15 matching lines...) Expand all
866 ssl3CipherSpec * pwSpec; /* pending write spec. */ 847 ssl3CipherSpec * pwSpec; /* pending write spec. */
867 848
868 CERTCertificate * clientCertificate; /* used by client */ 849 CERTCertificate * clientCertificate; /* used by client */
869 SECKEYPrivateKey * clientPrivateKey; /* used by client */ 850 SECKEYPrivateKey * clientPrivateKey; /* used by client */
870 #ifdef NSS_PLATFORM_CLIENT_AUTH 851 #ifdef NSS_PLATFORM_CLIENT_AUTH
871 PlatformKey platformClientKey; /* used by client */ 852 PlatformKey platformClientKey; /* used by client */
872 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 853 #endif /* NSS_PLATFORM_CLIENT_AUTH */
873 CERTCertificateList *clientCertChain; /* used by client */ 854 CERTCertificateList *clientCertChain; /* used by client */
874 PRBool sendEmptyCert; /* used by client */ 855 PRBool sendEmptyCert; /* used by client */
875 856
876 /* TLS Snap Start: */
877 CERTCertificate ** predictedCertChain;
878 /* An array terminated with a NULL. */
879 SECItem serverHelloPredictionData;
880 PRBool serverHelloPredictionDataValid;
881 /* data needed to predict the ServerHello from
882 * this server. */
883 SECItem snapStartApplicationData;
884 /* the application data to include in the Snap
885 * Start extension. */
886
887 int policy; 857 int policy;
888 /* This says what cipher suites we can do, and should 858 /* This says what cipher suites we can do, and should
889 * be either SSL_ALLOWED or SSL_RESTRICTED 859 * be either SSL_ALLOWED or SSL_RESTRICTED
890 */ 860 */
891 PRArenaPool * peerCertArena; 861 PRArenaPool * peerCertArena;
892 /* These are used to keep track of the peer CA */ 862 /* These are used to keep track of the peer CA */
893 void * peerCertChain; 863 void * peerCertChain;
894 /* chain while we are trying to validate it. */ 864 /* chain while we are trying to validate it. */
895 CERTDistNames * ca_list; 865 CERTDistNames * ca_list;
896 /* used by server. trusted CAs for this socket. */ 866 /* used by server. trusted CAs for this socket. */
(...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after
1316 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, 1286 extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data,
1317 unsigned int len); 1287 unsigned int len);
1318 1288
1319 extern void ssl2_UseClearSendFunc(sslSocket *ss); 1289 extern void ssl2_UseClearSendFunc(sslSocket *ss);
1320 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); 1290 extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
1321 1291
1322 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); 1292 extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
1323 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, 1293 extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
1324 const char *peerID, const char *urlSvrName); 1294 const char *peerID, const char *urlSvrName);
1325 extern void ssl_FreeSID(sslSessionID *sid); 1295 extern void ssl_FreeSID(sslSessionID *sid);
1326 extern void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
1327 1296
1328 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, 1297 extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
1329 int len, int flags); 1298 int len, int flags);
1330 1299
1331 extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss);
1332
1333 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); 1300 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
1334 1301
1335 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); 1302 extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
1336 1303
1337 extern void ssl_SetAlwaysBlock(sslSocket *ss); 1304 extern void ssl_SetAlwaysBlock(sslSocket *ss);
1338 1305
1339 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); 1306 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
1340 1307
1341 extern PRBool ssl3_CanFalseStart(sslSocket *ss); 1308 extern PRBool ssl3_CanFalseStart(sslSocket *ss);
1342 1309
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
1495 ec_pastLastName 1462 ec_pastLastName
1496 } ECName; 1463 } ECName;
1497 1464
1498 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve, 1465 extern SECStatus ssl3_ECName2Params(PRArenaPool *arena, ECName curve,
1499 SECKEYECParams *params); 1466 SECKEYECParams *params);
1500 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); 1467 ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
1501 1468
1502 1469
1503 #endif /* NSS_ENABLE_ECC */ 1470 #endif /* NSS_ENABLE_ECC */
1504 1471
1505 extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
1506 unsigned int l);
1507
1508 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); 1472 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
1509 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); 1473 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
1510 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); 1474 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
1511 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); 1475 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
1512 1476
1513 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); 1477 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
1514 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); 1478 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
1515 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled ); 1479 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled );
1516 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable d); 1480 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable d);
1517 1481
1518 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); 1482 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
1519 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); 1483 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
1520 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); 1484 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
1521 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); 1485 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
1522 1486
1523 extern void ssl2_InitSocketPolicy(sslSocket *ss); 1487 extern void ssl2_InitSocketPolicy(sslSocket *ss);
1524 extern void ssl3_InitSocketPolicy(sslSocket *ss); 1488 extern void ssl3_InitSocketPolicy(sslSocket *ss);
1525 1489
1526 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, 1490 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
1527 unsigned char *cs, int *size); 1491 unsigned char *cs, int *size);
1528 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec* spec, PRBool freeSrvName);
1529 1492
1530 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); 1493 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
1531 1494
1532 extern void ssl3_DestroySSL3Info(sslSocket *ss); 1495 extern void ssl3_DestroySSL3Info(sslSocket *ss);
1533 1496
1534 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, 1497 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
1535 SSL3ProtocolVersion peerVersion); 1498 SSL3ProtocolVersion peerVersion);
1536 1499
1537 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); 1500 extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
1538 1501
(...skipping 29 matching lines...) Expand all
1568 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, 1531 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
1569 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); 1532 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
1570 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, 1533 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
1571 SECItem *buf, PRBool isTLS); 1534 SECItem *buf, PRBool isTLS);
1572 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, 1535 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
1573 CERTCertificate *cert, SECItem *buf, PRBool isTLS, 1536 CERTCertificate *cert, SECItem *buf, PRBool isTLS,
1574 void *pwArg); 1537 void *pwArg);
1575 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, 1538 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
1576 sslSessionID *sid, ssl3CipherSpec *spec, 1539 sslSessionID *sid, ssl3CipherSpec *spec,
1577 SSL3KEAType effectiveExchKeyType); 1540 SSL3KEAType effectiveExchKeyType);
1578 extern void ssl3_CleanupPredictedPeerCertificates(sslSocket *ss);
1579 extern const ssl3CipherSuiteDef* ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) ;
1580 extern SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
1581 extern SECStatus ssl3_SendClientKeyExchange(sslSocket *ss);
1582 extern SECStatus ssl3_SendNextProto(sslSocket *ss);
1583 extern SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
1584 extern SECStatus ssl3_CompressMACEncryptRecord
1585 (sslSocket * ss,
1586 SSL3ContentType type,
1587 const SSL3Opaque * pIn,
1588 PRUint32 contentLen);
1589 extern PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type);
1590 extern SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss);
1591 extern SECStatus ssl3_ComputeHandshakeHashes(
1592 sslSocket * ss,
1593 ssl3CipherSpec *spec, /* uses ->master_secret */
1594 SSL3Hashes * hashes, /* output goes here. */
1595 PRUint32 sender);
1596 extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
1597 unsigned int l);
1598 extern SECStatus ssl3_ComputeTLSFinished(
1599 ssl3CipherSpec *spec,
1600 PRBool isServer,
1601 const SSL3Finished * hashes,
1602 TLSFinished * tlsFinished);
1603 1541
1604 /* Functions that handle ClientHello and ServerHello extensions. */ 1542 /* Functions that handle ClientHello and ServerHello extensions. */
1605 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, 1543 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
1606 PRUint16 ex_type, SECItem *data); 1544 PRUint16 ex_type, SECItem *data);
1607 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, 1545 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
1608 PRUint16 ex_type, SECItem *data); 1546 PRUint16 ex_type, SECItem *data);
1609 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, 1547 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
1610 PRUint16 ex_type, SECItem *data); 1548 PRUint16 ex_type, SECItem *data);
1611 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, 1549 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
1612 PRUint16 ex_type, SECItem *data); 1550 PRUint16 ex_type, SECItem *data);
(...skipping 13 matching lines...) Expand all
1626 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, 1564 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
1627 PRUint32 maxBytes); 1565 PRUint32 maxBytes);
1628 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append, 1566 extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
1629 PRUint32 maxBytes); 1567 PRUint32 maxBytes);
1630 1568
1631 /* ClientHello and ServerHello extension senders. 1569 /* ClientHello and ServerHello extension senders.
1632 * The code is in ssl3ext.c. 1570 * The code is in ssl3ext.c.
1633 */ 1571 */
1634 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, 1572 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
1635 PRUint32 maxBytes); 1573 PRUint32 maxBytes);
1636 extern PRInt32 ssl3_SendSnapStartXtn(sslSocket *ss, PRBool append,
1637 PRUint32 maxBytes);
1638 extern SECStatus ssl3_ClientHandleSnapStartXtn(sslSocket *ss, PRUint16 ex_type,
1639 SECItem *data);
1640
1641 extern SECStatus ssl3_ResetForSnapStartRecovery(sslSocket *ss,
1642 SSL3Opaque *b, PRUint32 length);
1643 1574
1644 /* Assigns new cert, cert chain and keys to ss->serverCerts 1575 /* Assigns new cert, cert chain and keys to ss->serverCerts
1645 * struct. If certChain is NULL, tries to find one. Aborts if 1576 * struct. If certChain is NULL, tries to find one. Aborts if
1646 * fails to do so. If cert and keyPair are NULL - unconfigures 1577 * fails to do so. If cert and keyPair are NULL - unconfigures
1647 * sslSocket of kea type.*/ 1578 * sslSocket of kea type.*/
1648 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, 1579 extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
1649 CERTCertificateList *certChain, 1580 CERTCertificateList *certChain,
1650 ssl3KeyPair *keyPair, SSLKEAType kea); 1581 ssl3KeyPair *keyPair, SSLKEAType kea);
1651 /* Return key type for the cert */ 1582 /* Return key type for the cert */
1652 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert); 1583 extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert);
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
1756 extern int ssl_MapLowLevelError(int hiLevelError); 1687 extern int ssl_MapLowLevelError(int hiLevelError);
1757 1688
1758 extern PRUint32 ssl_Time(void); 1689 extern PRUint32 ssl_Time(void);
1759 1690
1760 extern void SSL_AtomicIncrementLong(long * x); 1691 extern void SSL_AtomicIncrementLong(long * x);
1761 1692
1762 SECStatus SSL_DisableDefaultExportCipherSuites(void); 1693 SECStatus SSL_DisableDefaultExportCipherSuites(void);
1763 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); 1694 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
1764 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); 1695 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
1765 1696
1766 /********************** FNV hash *********************/
1767
1768 void FNV1A64_Init(PRUint64 *digest);
1769 void FNV1A64_Update(PRUint64 *digest, const unsigned char *data,
1770 unsigned int length);
1771 void FNV1A64_Final(PRUint64 *digest);
1772 1697
1773 #ifdef TRACE 1698 #ifdef TRACE
1774 #define SSL_TRACE(msg) ssl_Trace msg 1699 #define SSL_TRACE(msg) ssl_Trace msg
1775 #else 1700 #else
1776 #define SSL_TRACE(msg) 1701 #define SSL_TRACE(msg)
1777 #endif 1702 #endif
1778 1703
1779 void ssl_Trace(const char *format, ...); 1704 void ssl_Trace(const char *format, ...);
1780 1705
1781 SEC_END_PROTOS 1706 SEC_END_PROTOS
1782 1707
1783 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) 1708 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
1784 #define SSL_GETPID getpid 1709 #define SSL_GETPID getpid
1785 #elif defined(_WIN32_WCE) 1710 #elif defined(_WIN32_WCE)
1786 #define SSL_GETPID GetCurrentProcessId 1711 #define SSL_GETPID GetCurrentProcessId
1787 #elif defined(WIN32) 1712 #elif defined(WIN32)
1788 extern int __cdecl _getpid(void); 1713 extern int __cdecl _getpid(void);
1789 #define SSL_GETPID _getpid 1714 #define SSL_GETPID _getpid
1790 #else 1715 #else
1791 #define SSL_GETPID() 0 1716 #define SSL_GETPID() 0
1792 #endif 1717 #endif
1793 1718
1794 #endif /* __sslimpl_h_ */ 1719 #endif /* __sslimpl_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698