Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(145)

Unified Diff: net/third_party/nss/ssl/sslimpl.h

Issue 7003069: Remove the TLS Snap Start code from NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslimpl.h
===================================================================
--- net/third_party/nss/ssl/sslimpl.h (revision 88407)
+++ net/third_party/nss/ssl/sslimpl.h (working copy)
@@ -287,7 +287,6 @@
/* Flags interpreted by ssl send functions. */
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
-#define ssl_SEND_FLAG_NO_FLUSH 0x10000000
#define ssl_SEND_FLAG_MASK 0x7f000000
/*
@@ -349,8 +348,7 @@
unsigned int enableRenegotiation : 2; /* 20-21 */
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
- unsigned int enableSnapStart : 1; /* 24 */
- unsigned int enableOCSPStapling : 1; /* 25 */
+ unsigned int enableOCSPStapling : 1; /* 24 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@@ -765,8 +763,7 @@
/* SessionTicket Extension related data. */
PRBool ticketTimestampVerified;
- PRBool serverReceivedEmptySessionTicket;
- PRBool clientSentNonEmptySessionTicket;
+ PRBool emptySessionTicket;
/* SNI Extension related data
* Names data is not coppied from the input buffer. It can not be
@@ -776,14 +773,6 @@
PRUint32 sniNameArrSize;
};
-typedef enum {
- snap_start_none = 0,
- snap_start_full,
- snap_start_recovery,
- snap_start_resume,
- snap_start_resume_recovery
-} TLSSnapStartType;
-
/*
** This is the "hs" member of the "ssl3" struct.
** This entire struct is protected by ssl3HandshakeLock
@@ -830,14 +819,6 @@
SSL3Hashes sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
-
- TLSSnapStartType snapStartType;
- /* When we perform a Snap Start handshake, we hash our ClientHello as if
- * the Snap Start extension wasn't included. However, if the server rejects
- * our Snap Start attempt, then it will hash the whole ClientHello. Thus we
- * store the original ClientHello that we sent in case we need to reset our
- * Finished hash to cover it. */
- SECItem origClientHello;
#ifdef NSS_ENABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
#endif /* NSS_ENABLE_ECC */
@@ -873,17 +854,6 @@
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
- /* TLS Snap Start: */
- CERTCertificate ** predictedCertChain;
- /* An array terminated with a NULL. */
- SECItem serverHelloPredictionData;
- PRBool serverHelloPredictionDataValid;
- /* data needed to predict the ServerHello from
- * this server. */
- SECItem snapStartApplicationData;
- /* the application data to include in the Snap
- * Start extension. */
-
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
@@ -1323,13 +1293,10 @@
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
const char *peerID, const char *urlSvrName);
extern void ssl_FreeSID(sslSessionID *sid);
-extern void ssl3_CopyPeerCertsFromSID(sslSocket *ss, sslSessionID *sid);
extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
int len, int flags);
-extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss);
-
extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
@@ -1502,9 +1469,6 @@
#endif /* NSS_ENABLE_ECC */
-extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
- unsigned int l);
-
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
@@ -1525,7 +1489,6 @@
extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
unsigned char *cs, int *size);
-extern void ssl3_DestroyCipherSpec(ssl3CipherSpec* spec, PRBool freeSrvName);
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
@@ -1575,31 +1538,6 @@
extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
sslSessionID *sid, ssl3CipherSpec *spec,
SSL3KEAType effectiveExchKeyType);
-extern void ssl3_CleanupPredictedPeerCertificates(sslSocket *ss);
-extern const ssl3CipherSuiteDef* ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
-extern SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
-extern SECStatus ssl3_SendClientKeyExchange(sslSocket *ss);
-extern SECStatus ssl3_SendNextProto(sslSocket *ss);
-extern SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
-extern SECStatus ssl3_CompressMACEncryptRecord
- (sslSocket * ss,
- SSL3ContentType type,
- const SSL3Opaque * pIn,
- PRUint32 contentLen);
-extern PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type);
-extern SECStatus ssl3_SetupMasterSecretFromSessionID(sslSocket* ss);
-extern SECStatus ssl3_ComputeHandshakeHashes(
- sslSocket * ss,
- ssl3CipherSpec *spec, /* uses ->master_secret */
- SSL3Hashes * hashes, /* output goes here. */
- PRUint32 sender);
-extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket* ss, unsigned char *b,
- unsigned int l);
-extern SECStatus ssl3_ComputeTLSFinished(
- ssl3CipherSpec *spec,
- PRBool isServer,
- const SSL3Finished * hashes,
- TLSFinished * tlsFinished);
/* Functions that handle ClientHello and ServerHello extensions. */
extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
@@ -1633,14 +1571,7 @@
*/
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-extern PRInt32 ssl3_SendSnapStartXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
-extern SECStatus ssl3_ClientHandleSnapStartXtn(sslSocket *ss, PRUint16 ex_type,
- SECItem *data);
-extern SECStatus ssl3_ResetForSnapStartRecovery(sslSocket *ss,
- SSL3Opaque *b, PRUint32 length);
-
/* Assigns new cert, cert chain and keys to ss->serverCerts
* struct. If certChain is NULL, tries to find one. Aborts if
* fails to do so. If cert and keyPair are NULL - unconfigures
@@ -1763,13 +1694,7 @@
SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-/********************** FNV hash *********************/
-void FNV1A64_Init(PRUint64 *digest);
-void FNV1A64_Update(PRUint64 *digest, const unsigned char *data,
- unsigned int length);
-void FNV1A64_Final(PRUint64 *digest);
-
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
#else
« no previous file with comments | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698