Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(491)

Unified Diff: net/third_party/nss/ssl/sslimpl.h

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslerrstrs.c ('k') | net/third_party/nss/ssl/sslinfo.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslimpl.h
===================================================================
--- net/third_party/nss/ssl/sslimpl.h (revision 124804)
+++ net/third_party/nss/ssl/sslimpl.h (working copy)
@@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
-/* $Id: sslimpl.h,v 1.77.2.1 2010/07/31 04:33:52 wtc%google.com Exp $ */
+/* $Id: sslimpl.h,v 1.94 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@@ -324,7 +324,7 @@
typedef struct sslOptionsStr {
/* If SSL_SetNextProtoNego has been called, then this contains the
* list of supported protocols. */
- SECItem nextProtoNego;
+ SECItem nextProtoNego;
unsigned int useSecurity : 1; /* 1 */
unsigned int useSocks : 1; /* 2 */
@@ -347,8 +347,8 @@
unsigned int enableRenegotiation : 2; /* 20-21 */
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
- unsigned int enableOCSPStapling : 1; /* 24 */
- unsigned int enableCachedInfo : 1; /* 25 */
+ unsigned int cbcRandomIV : 1; /* 24 */
+ unsigned int enableOCSPStapling : 1; /* 25 */
unsigned int enableOBCerts : 1; /* 26 */
unsigned int encryptClientCerts : 1; /* 27 */
} sslOptions;
@@ -773,10 +773,7 @@
PRUint32 sniNameArrSize;
};
-typedef enum {
- cached_info_certificate_chain = 1,
- cached_info_trusted_cas = 2
-} TLSCachedInfoType;
+typedef SECStatus (*sslRestartTarget)(sslSocket *);
/*
** This is the "hs" member of the "ssl3" struct.
@@ -803,8 +800,6 @@
unsigned long msg_len;
SECItem ca_list; /* used only by client */
PRBool isResuming; /* are we resuming a session */
- PRBool rehandshake; /* immediately start another handshake
- * when this one finishes */
PRBool usedStepDownKey; /* we did a server key exchange. */
PRBool sendingSCSV; /* instead of empty RI */
PRBool may_get_cert_status; /* the server echoed a
@@ -827,6 +822,14 @@
#ifdef NSS_ENABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
#endif /* NSS_ENABLE_ECC */
+
+ PRBool authCertificatePending;
+ /* Which function should SSL_RestartHandshake* call if we're blocked?
+ * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake,
+ * or ssl3_AlwaysFail */
+ sslRestartTarget restartTarget;
+ /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
+ PRBool cacheSID;
} SSL3HandshakeState;
@@ -859,14 +862,6 @@
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
- /* TLS Cached Info Extension */
- CERTCertificate ** predictedCertChain;
- /* An array terminated with a NULL. */
- PRUint8 certChainDigest[8];
- /* Used in cached info extension. Stored in network
- * byte order. */
- PRBool cachedInfoCertChainDigestReceived;
-
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
@@ -874,10 +869,7 @@
PRArenaPool * peerCertArena;
/* These are used to keep track of the peer CA */
void * peerCertChain;
- /* Chain while we are trying to validate it. This
- * does not include the leaf cert. It is actually a
- * linked list of ssl3CertNode structs.
- */
+ /* chain while we are trying to validate it. */
CERTDistNames * ca_list;
/* used by server. trusted CAs for this socket. */
PRBool initialized;
@@ -886,10 +878,9 @@
/* In a client: if the server supports Next Protocol Negotiation, then
* this is the protocol that was negotiated.
- *
- * If the data pointer is non-NULL, then it is malloced data. */
- SECItem nextProto;
- int nextProtoState; /* See NEXT_PROTO_* defines */
+ */
+ SECItem nextProto;
+ SSLNextProtoState nextProtoState;
};
typedef struct {
@@ -1210,7 +1201,6 @@
extern CERTDistNames * ssl3_server_ca_list;
extern PRUint32 ssl_sid_timeout;
extern PRUint32 ssl3_sid_timeout;
-extern PRBool ssl3_global_policy_some_restricted;
extern const char * const ssl_cipherName[];
extern const char * const ssl3_cipherName[];
@@ -1223,6 +1213,10 @@
SEC_BEGIN_PROTOS
+/* Internal initialization and installation of the SSL error tables */
+extern SECStatus ssl_Init(void);
+extern SECStatus ssl_InitializePRErrorTable(void);
+
/* Implementation of ops for default (non socks, non secure) case */
extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
@@ -1320,7 +1314,7 @@
extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
-extern void ssl_SetAlwaysBlock(sslSocket *ss);
+extern void ssl3_SetAlwaysBlock(sslSocket *ss);
extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
@@ -1331,15 +1325,24 @@
#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock)
#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock)
+/* firstHandshakeLock -> recvBufLock */
#define ssl_Get1stHandshakeLock(ss) \
- { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->firstHandshakeLock); }
+ { if (!ss->opt.noLocks) { \
+ PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \
+ !ssl_HaveRecvBufLock(ss)); \
+ PZ_EnterMonitor((ss)->firstHandshakeLock); \
+ } }
#define ssl_Release1stHandshakeLock(ss) \
{ if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); }
#define ssl_Have1stHandshakeLock(ss) \
(PZ_InMonitor((ss)->firstHandshakeLock))
+/* ssl3HandshakeLock -> xmitBufLock */
#define ssl_GetSSL3HandshakeLock(ss) \
- { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->ssl3HandshakeLock); }
+ { if (!ss->opt.noLocks) { \
+ PORT_Assert(!ssl_HaveXmitBufLock(ss)); \
+ PZ_EnterMonitor((ss)->ssl3HandshakeLock); \
+ } }
#define ssl_ReleaseSSL3HandshakeLock(ss) \
{ if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); }
#define ssl_HaveSSL3HandshakeLock(ss) \
@@ -1349,6 +1352,8 @@
{ if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); }
#define ssl_ReleaseSpecReadLock(ss) \
{ if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); }
+/* NSSRWLock_HaveReadLock is not exported so there's no
+ * ssl_HaveSpecReadLock macro. */
#define ssl_GetSpecWriteLock(ss) \
{ if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); }
@@ -1357,13 +1362,19 @@
#define ssl_HaveSpecWriteLock(ss) \
(NSSRWLock_HaveWriteLock((ss)->specLock))
+/* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */
#define ssl_GetRecvBufLock(ss) \
- { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->recvBufLock); }
+ { if (!ss->opt.noLocks) { \
+ PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \
+ PORT_Assert(!ssl_HaveXmitBufLock(ss)); \
+ PZ_EnterMonitor((ss)->recvBufLock); \
+ } }
#define ssl_ReleaseRecvBufLock(ss) \
{ if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); }
#define ssl_HaveRecvBufLock(ss) \
(PZ_InMonitor((ss)->recvBufLock))
+/* xmitBufLock -> specLock */
#define ssl_GetXmitBufLock(ss) \
{ if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); }
#define ssl_ReleaseXmitBufLock(ss) \
@@ -1382,23 +1393,17 @@
/* These functions are called from secnav, even though they're "private". */
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
-extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
extern void ssl_FreeSocket(struct sslSocketStr *ssl);
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
SSL3AlertDescription desc);
-extern int ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
- CERTCertificate * cert,
- SECKEYPrivateKey * key);
-
extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
CERTCertificate * cert,
SECKEYPrivateKey * key,
CERTCertificateList *certChain);
-extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
-extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
+extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
* for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
@@ -1563,20 +1568,12 @@
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ServerHandleCachedInfoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleOBCertXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -1594,10 +1591,6 @@
*/
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
-extern PRInt32 ssl3_ServerSendCachedInfoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
extern PRInt32 ssl3_SendOBCertXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
@@ -1606,7 +1599,7 @@
* fails to do so. If cert and keyPair are NULL - unconfigures
* sslSocket of kea type.*/
extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
- CERTCertificateList *certChain,
+ const CERTCertificateList *certChain,
ssl3KeyPair *keyPair, SSLKEAType kea);
/* Return key type for the cert */
extern SSLKEAType ssl_FindCertKEAType(CERTCertificate * cert);
@@ -1617,10 +1610,6 @@
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
#endif
-extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
- PRUint32 maxBytes);
-extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
- unsigned short length);
/* call the registered extension handlers. */
extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
@@ -1642,6 +1631,9 @@
#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */
#define TLS_EX_SESS_TICKET_VERSION (0x0100)
+extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
+ unsigned int length);
+
/* Construct a new NSPR socket for the app to use */
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
extern void ssl_FreePRSocket(PRFileDesc *fd);
@@ -1729,13 +1721,6 @@
unsigned int valLen, unsigned char *out,
unsigned int outLen);
-/********************** FNV hash *********************/
-
-void FNV1A64_Init(PRUint64 *digest);
-void FNV1A64_Update(PRUint64 *digest, const unsigned char *data,
- unsigned int length);
-void FNV1A64_Final(PRUint64 *digest);
-
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
#else
« no previous file with comments | « net/third_party/nss/ssl/sslerrstrs.c ('k') | net/third_party/nss/ssl/sslinfo.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698