Update net/third_party/nss to NSS 3.15.4.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ skipping 600 matching lines @@
 
 typedef enum {  never_cached, 
                 in_client_cache, 
                 in_server_cache, 
                 invalid_cache           /* no longer in any cache. */
 } Cached;
 
 #define MAX_PEER_CERT_CHAIN_SIZE 8
 
 struct sslSessionIDStr {
+    /* The global cache lock must be held when accessing these members when the
+     * sid is in any cache.
+     */
     sslSessionID *        next;   /* chain used for client sockets, only */
+    Cached                cached;
+    int                   references;
+    PRUint32              lastAccessTime;       /* seconds since Jan 1, 1970 */
+
+    /* The rest of the members, except for the members of u.ssl3.locked, may
+     * be modified only when the sid is not in any cache.
+     */
 
     CERTCertificate *     peerCert;
     CERTCertificate *     peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
     SECItemArray          peerCertStatus; /* client only */
     const char *          peerID;     /* client only */
     const char *          urlSvrName; /* client only */
     CERTCertificate *     localCert;
 
     PRIPv6Addr            addr;
     PRUint16              port;
 
     SSL3ProtocolVersion   version;
 
     PRUint32              creationTime;         /* seconds since Jan 1, 1970 */
-    PRUint32              lastAccessTime;       /* seconds since Jan 1, 1970 */
     PRUint32              expirationTime;       /* seconds since Jan 1, 1970 */
-    Cached                cached;
-    int                   references;
 
     SSLSignType           authAlgorithm;
     PRUint32              authKeyBits;
     SSLKEAType            keaType;
     PRUint32              keaKeyBits;
 
     union {
         struct {
             /* the V2 code depends upon the size of sessionID.  */
             unsigned char         sessionID[SSL2_SESSIONID_BYTES];
@@ skipping 45 matching lines @@
             /* The following values pertain to the slot that did the signature
             ** for client auth.   (used only in client)
             */
             SECMODModuleID    clAuthModuleID;
             CK_SLOT_ID        clAuthSlotID;
             PRUint16          clAuthSeries;
 
             char              masterValid;
             char              clAuthValid;
 
-            /* Session ticket if we have one, is sent as an extension in the
-             * ClientHello message.  This field is used by clients.
-             */
-            NewSessionTicket  sessionTicket;
-            SECItem           srvName;
+            SECItem           srvName;
 
             /* originalHandshakeHash contains the hash of the original, full
              * handshake prior to the server's final flow. This is either a
              * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
              * TLS 1.2). This is recorded and used only when ChannelID is
              * negotiated as it's used to bind the ChannelID signature on the
              * resumption handshake to the original handshake. */
             SECItem           originalHandshakeHash;
 
             /* Signed certificate timestamps received in a TLS extension.
             ** (used only in client).
             */
             SECItem           signedCertTimestamps;
+
+            /* This lock is lazily initialized by CacheSID when a sid is first
+             * cached. Before then, there is no need to lock anything because
+             * the sid isn't being shared by anything.
+             */
+            PRRWLock *lock;
+
+            /* The lock must be held while reading or writing these members
+             * because they change while the sid is cached.
+             */
+            struct {
+                /* The session ticket, if we have one, is sent as an extension
+                 * in the ClientHello message. This field is used only by
+                 * clients. It is protected by lock when lock is non-null
+                 * (after the sid has been added to the client session cache).
+                 */
+                NewSessionTicket sessionTicket;
+            } locked;
         } ssl3;
     } u;
 };
 
-
 typedef struct ssl3CipherSuiteDefStr {
     ssl3CipherSuite          cipher_suite;
     SSL3BulkCipher           bulk_cipher_alg;
     SSL3MACAlgorithm         mac_alg;
     SSL3KeyExchangeAlgorithm key_exchange_alg;
 } ssl3CipherSuiteDef;
 
 /*
 ** There are tables of these, all const.
 */
@@ skipping 59 matching lines @@
     ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS];
     /* Keep track of the extensions that are negotiated. */
     PRUint16 numAdvertised;
     PRUint16 numNegotiated;
     PRUint16 advertised[SSL_MAX_EXTENSIONS];
     PRUint16 negotiated[SSL_MAX_EXTENSIONS];
 
     /* SessionTicket Extension related data. */
     PRBool ticketTimestampVerified;
     PRBool emptySessionTicket;
+    PRBool sentSessionTicketInClientHello;
 
     /* SNI Extension related data
      * Names data is not coppied from the input buffer. It can not be
      * used outside the scope where input buffer is defined and that
      * is beyond ssl3_HandleClientHello function. */
     SECItem *sniNameArr;
     PRUint32 sniNameArrSize;
 
     /* Signed Certificate Timestamps extracted from the TLS extension.
      * (client only).
@@ skipping 53 matching lines @@
      * pointer for the <HASH>_Clone function. */
     void (*sha_clone)(void *dest, void *src);
 #endif
     /* PKCS #11 mode:
      * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
      * |sha| for SHA-1.
      * TLS 1.2 and later use only |sha|, for SHA-256. */
     /* NOTE: On the client side, TLS 1.2 and later use |md5| as a backup
      * handshake hash for generating client auth signatures. Confusingly, the
      * backup hash function is SHA-1. */
+#define backupHash md5
     PK11Context *         md5;
     PK11Context *         sha;
 
 const ssl3KEADef *        kea_def;
     ssl3CipherSuite       cipher_suite;
 const ssl3CipherSuiteDef *suite_def;
     SSLCompressionMethod  compression;
     sslBuffer             msg_body;    /* protected by recvBufLock */
                                /* partial handshake message from record layer */
     unsigned int          header_bytes; 
                                /* number of bytes consumed from handshake */
                                /* message for message type and header length */
     SSL3HandshakeType     msg_type;
     unsigned long         msg_len;
     SECItem               ca_list;     /* used only by client */
     PRBool                isResuming;  /* are we resuming a session */
     PRBool                usedStepDownKey;  /* we did a server key exchange. */
     PRBool                sendingSCSV; /* instead of empty RI */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
+
+    /* The session ticket received in a NewSessionTicket message is temporarily
+     * stored in newSessionTicket until the handshake is finished; then it is
+     * moved to the sid.
+     */
+    PRBool                receivedNewSessionTicket;
+    NewSessionTicket      newSessionTicket;
+
     PRUint16              finishedBytes; /* size of single finished below */
     union {
         TLSFinished       tFinished[2]; /* client, then server */
         SSL3Finished      sFinished[2];
         SSL3Opaque        data[72];
     }                     finishedMsgs;
 #ifdef NSS_ENABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
 #endif /* NSS_ENABLE_ECC */
 
@@ skipping 919 matching lines @@
 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
                         PRBool append, PRUint32 maxBytes);
 #endif
 
 /* call the registered extension handlers. */
 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, 
                         SSL3Opaque **b, PRUint32 *length);
 
 /* Hello Extension related routines. */
 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
-extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid,
-                        NewSessionTicket *session_ticket);
+extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
+                        /*in/out*/ NewSessionTicket *session_ticket);
 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
                         unsigned char *encKey, unsigned char *macKey);
 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
                         SECKEYPublicKey *svrPubKey, void *pwArg,
                         unsigned char *keyName, PK11SymKey **aesKey,
                         PK11SymKey **macKey);
 
 /* Tell clients to consider tickets valid for this long. */
 #define TLS_EX_SESS_TICKET_LIFETIME_HINT    (2 * 24 * 60 * 60) /* 2 days */
 #define TLS_EX_SESS_TICKET_VERSION          (0x0100)
 
 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
                                             unsigned int length);
 
 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
                                                  unsigned char *out,
                                                  unsigned int *outLen,
                                                  unsigned int outLenMax);
 
 /* Construct a new NSPR socket for the app to use */
 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
 extern void ssl_FreePRSocket(PRFileDesc *fd);
 
-/* Internal config function so SSL2 can initialize the present state of 
+/* Internal config function so SSL3 can initialize the present state of
  * various ciphers */
 extern int ssl3_config_match_init(sslSocket *);
 
+
 /* Create a new ref counted key pair object from two keys. */
 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, 
                                       SECKEYPublicKey * pubKey);
 
 /* get a new reference (bump ref count) to an ssl3KeyPair. */
 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
 
 /* Decrement keypair's ref count and free if zero. */
 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
 
@@ skipping 76 matching lines @@
 extern int dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq);
 extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq);
 extern void dtls_RehandshakeCleanup(sslSocket *ss);
 extern SSL3ProtocolVersion
 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv);
 extern SSL3ProtocolVersion
 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv);
 
 /********************** misc calls *********************/
 
+#ifdef DEBUG
+extern void ssl3_CheckCipherSuiteOrderConsistency();
+#endif
+
 extern int ssl_MapLowLevelError(int hiLevelError);
 
 extern PRUint32 ssl_Time(void);
 
 extern void SSL_AtomicIncrementLong(long * x);
 
 SECStatus SSL_DisableDefaultExportCipherSuites(void);
 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
 PRBool    SSL_IsExportCipherSuite(PRUint16 cipherSuite);
 
@@ skipping 16 matching lines @@
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */