| OLD | NEW |
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * | 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 * in which case the provisions of the GPL or the LGPL are applicable instead | 32 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 33 * of those above. If you wish to allow use of your version of this file only | 33 * of those above. If you wish to allow use of your version of this file only |
| 34 * under the terms of either the GPL or the LGPL, and not to allow others to | 34 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 35 * use your version of this file under the terms of the MPL, indicate your | 35 * use your version of this file under the terms of the MPL, indicate your |
| 36 * decision by deleting the provisions above and replace them with the notice | 36 * decision by deleting the provisions above and replace them with the notice |
| 37 * and other provisions required by the GPL or the LGPL. If you do not delete | 37 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 38 * the provisions above, a recipient may use your version of this file under | 38 * the provisions above, a recipient may use your version of this file under |
| 39 * the terms of any one of the MPL, the GPL or the LGPL. | 39 * the terms of any one of the MPL, the GPL or the LGPL. |
| 40 * | 40 * |
| 41 * ***** END LICENSE BLOCK ***** */ | 41 * ***** END LICENSE BLOCK ***** */ |
| 42 /* $Id: sslimpl.h,v 1.94 2012/02/15 21:52:08 kaie%kuix.de Exp $ */ | 42 /* $Id: sslimpl.h,v 1.100 2012/03/18 00:31:20 wtc%google.com Exp $ */ |
| 43 | 43 |
| 44 #ifndef __sslimpl_h_ | 44 #ifndef __sslimpl_h_ |
| 45 #define __sslimpl_h_ | 45 #define __sslimpl_h_ |
| 46 | 46 |
| 47 #ifdef DEBUG | 47 #ifdef DEBUG |
| 48 #undef NDEBUG | 48 #undef NDEBUG |
| 49 #else | 49 #else |
| 50 #undef NDEBUG | 50 #undef NDEBUG |
| 51 #define NDEBUG | 51 #define NDEBUG |
| 52 #endif | 52 #endif |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 * list of supported protocols. */ | 326 * list of supported protocols. */ |
| 327 SECItem nextProtoNego; | 327 SECItem nextProtoNego; |
| 328 | 328 |
| 329 unsigned int useSecurity : 1; /* 1 */ | 329 unsigned int useSecurity : 1; /* 1 */ |
| 330 unsigned int useSocks : 1; /* 2 */ | 330 unsigned int useSocks : 1; /* 2 */ |
| 331 unsigned int requestCertificate : 1; /* 3 */ | 331 unsigned int requestCertificate : 1; /* 3 */ |
| 332 unsigned int requireCertificate : 2; /* 4-5 */ | 332 unsigned int requireCertificate : 2; /* 4-5 */ |
| 333 unsigned int handshakeAsClient : 1; /* 6 */ | 333 unsigned int handshakeAsClient : 1; /* 6 */ |
| 334 unsigned int handshakeAsServer : 1; /* 7 */ | 334 unsigned int handshakeAsServer : 1; /* 7 */ |
| 335 unsigned int enableSSL2 : 1; /* 8 */ | 335 unsigned int enableSSL2 : 1; /* 8 */ |
| 336 unsigned int enableSSL3» » : 1; /* 9 */ | 336 unsigned int unusedBit9» » : 1; /* 9 */ |
| 337 unsigned int enableTLS» » : 1; /* 10 */ | 337 unsigned int unusedBit10» » : 1; /* 10 */ |
| 338 unsigned int noCache : 1; /* 11 */ | 338 unsigned int noCache : 1; /* 11 */ |
| 339 unsigned int fdx : 1; /* 12 */ | 339 unsigned int fdx : 1; /* 12 */ |
| 340 unsigned int v2CompatibleHello : 1; /* 13 */ | 340 unsigned int v2CompatibleHello : 1; /* 13 */ |
| 341 unsigned int detectRollBack : 1; /* 14 */ | 341 unsigned int detectRollBack : 1; /* 14 */ |
| 342 unsigned int noStepDown : 1; /* 15 */ | 342 unsigned int noStepDown : 1; /* 15 */ |
| 343 unsigned int bypassPKCS11 : 1; /* 16 */ | 343 unsigned int bypassPKCS11 : 1; /* 16 */ |
| 344 unsigned int noLocks : 1; /* 17 */ | 344 unsigned int noLocks : 1; /* 17 */ |
| 345 unsigned int enableSessionTickets : 1; /* 18 */ | 345 unsigned int enableSessionTickets : 1; /* 18 */ |
| 346 unsigned int enableDeflate : 1; /* 19 */ | 346 unsigned int enableDeflate : 1; /* 19 */ |
| 347 unsigned int enableRenegotiation : 2; /* 20-21 */ | 347 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 503 cipher_aes_256, | 503 cipher_aes_256, |
| 504 cipher_camellia_128, | 504 cipher_camellia_128, |
| 505 cipher_camellia_256, | 505 cipher_camellia_256, |
| 506 cipher_seed, | 506 cipher_seed, |
| 507 cipher_missing /* reserved for no such supported cipher */ | 507 cipher_missing /* reserved for no such supported cipher */ |
| 508 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ | 508 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
| 509 } SSL3BulkCipher; | 509 } SSL3BulkCipher; |
| 510 | 510 |
| 511 typedef enum { type_stream, type_block } CipherType; | 511 typedef enum { type_stream, type_block } CipherType; |
| 512 | 512 |
| 513 #define MAX_IV_LENGTH 64 | 513 /* This value matches the size of IVs in ssl3SidKeys. */ |
| 514 #define MAX_IV_LENGTH 24 |
| 514 | 515 |
| 515 /* | 516 /* |
| 516 * Do not depend upon 64 bit arithmetic in the underlying machine. | 517 * Do not depend upon 64 bit arithmetic in the underlying machine. |
| 517 */ | 518 */ |
| 518 typedef struct { | 519 typedef struct { |
| 519 PRUint32 high; | 520 PRUint32 high; |
| 520 PRUint32 low; | 521 PRUint32 low; |
| 521 } SSL3SequenceNumber; | 522 } SSL3SequenceNumber; |
| 522 | 523 |
| 523 #define MAX_MAC_CONTEXT_BYTES 400 | 524 #define MAX_MAC_CONTEXT_BYTES 400 |
| (...skipping 521 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1045 | 1046 |
| 1046 /* Blocking information for the session cypher */ | 1047 /* Blocking information for the session cypher */ |
| 1047 int blockShift; /* Spec Lock */ /* ssl2 only */ | 1048 int blockShift; /* Spec Lock */ /* ssl2 only */ |
| 1048 int blockSize; /* Spec Lock */ /* ssl2 only */ | 1049 int blockSize; /* Spec Lock */ /* ssl2 only */ |
| 1049 | 1050 |
| 1050 /* These are used during a connection handshake */ | 1051 /* These are used during a connection handshake */ |
| 1051 sslConnectInfo ci; /* ssl 2 & 3 */ | 1052 sslConnectInfo ci; /* ssl 2 & 3 */ |
| 1052 | 1053 |
| 1053 }; | 1054 }; |
| 1054 | 1055 |
| 1055 | |
| 1056 /* | 1056 /* |
| 1057 ** SSL Socket struct | 1057 ** SSL Socket struct |
| 1058 ** | 1058 ** |
| 1059 ** Protection: XXX | 1059 ** Protection: XXX |
| 1060 */ | 1060 */ |
| 1061 struct sslSocketStr { | 1061 struct sslSocketStr { |
| 1062 PRFileDesc * fd; | 1062 PRFileDesc * fd; |
| 1063 | 1063 |
| 1064 /* Pointer to operations vector for this socket */ | 1064 /* Pointer to operations vector for this socket */ |
| 1065 const sslSocketOps * ops; | 1065 const sslSocketOps * ops; |
| 1066 | 1066 |
| 1067 /* SSL socket options */ | 1067 /* SSL socket options */ |
| 1068 sslOptions opt; | 1068 sslOptions opt; |
| 1069 /* Enabled version range */ |
| 1070 SSLVersionRange vrange; |
| 1069 | 1071 |
| 1070 /* State flags */ | 1072 /* State flags */ |
| 1071 unsigned long clientAuthRequested; | 1073 unsigned long clientAuthRequested; |
| 1072 unsigned long delayDisabled; /* Nagle delay disabled */ | 1074 unsigned long delayDisabled; /* Nagle delay disabled */ |
| 1073 unsigned long firstHsDone; /* first handshake is complete. */ | 1075 unsigned long firstHsDone; /* first handshake is complete. */ |
| 1074 unsigned long handshakeBegun; | 1076 unsigned long handshakeBegun; |
| 1075 unsigned long lastWriteBlocked; | 1077 unsigned long lastWriteBlocked; |
| 1076 unsigned long recvdCloseNotify; /* received SSL EOF. */ | 1078 unsigned long recvdCloseNotify; /* received SSL EOF. */ |
| 1077 unsigned long TCPconnected; | 1079 unsigned long TCPconnected; |
| 1078 unsigned long appDataBuffered; | 1080 unsigned long appDataBuffered; |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1375 (PZ_InMonitor((ss)->recvBufLock)) | 1377 (PZ_InMonitor((ss)->recvBufLock)) |
| 1376 | 1378 |
| 1377 /* xmitBufLock -> specLock */ | 1379 /* xmitBufLock -> specLock */ |
| 1378 #define ssl_GetXmitBufLock(ss) \ | 1380 #define ssl_GetXmitBufLock(ss) \ |
| 1379 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } | 1381 { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } |
| 1380 #define ssl_ReleaseXmitBufLock(ss) \ | 1382 #define ssl_ReleaseXmitBufLock(ss) \ |
| 1381 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } | 1383 { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } |
| 1382 #define ssl_HaveXmitBufLock(ss) \ | 1384 #define ssl_HaveXmitBufLock(ss) \ |
| 1383 (PZ_InMonitor((ss)->xmitBufLock)) | 1385 (PZ_InMonitor((ss)->xmitBufLock)) |
| 1384 | 1386 |
| 1387 /* Placeholder value used in version ranges when SSL 3.0 and all |
| 1388 * versions of TLS are disabled. |
| 1389 */ |
| 1390 #define SSL_LIBRARY_VERSION_NONE 0 |
| 1391 |
| 1392 /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version |
| 1393 * of libssl supports. Applications should use SSL_VersionRangeGetSupported at |
| 1394 * runtime to determine which versions are supported by the version of libssl |
| 1395 * in use. |
| 1396 */ |
| 1397 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1 |
| 1398 |
| 1399 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ |
| 1400 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ |
| 1401 ((vrange)->min == SSL_LIBRARY_VERSION_NONE) |
| 1402 |
| 1403 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
| 1404 SSL3ProtocolVersion version); |
| 1385 | 1405 |
| 1386 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, | 1406 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, |
| 1387 const unsigned char * cr, const unsigned char * sr, | 1407 const unsigned char * cr, const unsigned char * sr, |
| 1388 PRBool isTLS, PRBool isExport); | 1408 PRBool isTLS, PRBool isExport); |
| 1389 extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, | 1409 extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, |
| 1390 const unsigned char * cr, const unsigned char * sr, | 1410 const unsigned char * cr, const unsigned char * sr, |
| 1391 const SECItem * pms, PRBool isTLS, PRBool isRSA); | 1411 const SECItem * pms, PRBool isTLS, PRBool isRSA); |
| 1392 | 1412 |
| 1393 /* These functions are called from secnav, even though they're "private". */ | 1413 /* These functions are called from secnav, even though they're "private". */ |
| 1394 | 1414 |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1508 extern void ssl3_InitSocketPolicy(sslSocket *ss); | 1528 extern void ssl3_InitSocketPolicy(sslSocket *ss); |
| 1509 | 1529 |
| 1510 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, | 1530 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
| 1511 unsigned char *cs, int *size); | 1531 unsigned char *cs, int *size); |
| 1512 | 1532 |
| 1513 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); | 1533 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
| 1514 | 1534 |
| 1515 extern void ssl3_DestroySSL3Info(sslSocket *ss); | 1535 extern void ssl3_DestroySSL3Info(sslSocket *ss); |
| 1516 | 1536 |
| 1517 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, | 1537 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
| 1518 SSL3ProtocolVersion peerVersion); | 1538 » » » » SSL3ProtocolVersion peerVersion, |
| 1539 » » » » PRBool allowLargerPeerVersion); |
| 1519 | 1540 |
| 1520 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); | 1541 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); |
| 1521 | 1542 |
| 1522 #ifdef NSS_ENABLE_ECC | 1543 #ifdef NSS_ENABLE_ECC |
| 1523 /* ECDH functions */ | 1544 /* ECDH functions */ |
| 1524 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, | 1545 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, |
| 1525 SECKEYPublicKey * svrPubKey); | 1546 SECKEYPublicKey * svrPubKey); |
| 1526 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, | 1547 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, |
| 1527 SSL3Opaque *b, PRUint32 length); | 1548 SSL3Opaque *b, PRUint32 length); |
| 1528 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, | 1549 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1736 #elif defined(_WIN32_WCE) | 1757 #elif defined(_WIN32_WCE) |
| 1737 #define SSL_GETPID GetCurrentProcessId | 1758 #define SSL_GETPID GetCurrentProcessId |
| 1738 #elif defined(WIN32) | 1759 #elif defined(WIN32) |
| 1739 extern int __cdecl _getpid(void); | 1760 extern int __cdecl _getpid(void); |
| 1740 #define SSL_GETPID _getpid | 1761 #define SSL_GETPID _getpid |
| 1741 #else | 1762 #else |
| 1742 #define SSL_GETPID() 0 | 1763 #define SSL_GETPID() 0 |
| 1743 #endif | 1764 #endif |
| 1744 | 1765 |
| 1745 #endif /* __sslimpl_h_ */ | 1766 #endif /* __sslimpl_h_ */ |
| OLD | NEW |