| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 /* $Id$ */ | 8 /* $Id$ */ |
| 9 | 9 |
| 10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
| (...skipping 781 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 792 ** This entire struct is protected by ssl3HandshakeLock | 792 ** This entire struct is protected by ssl3HandshakeLock |
| 793 */ | 793 */ |
| 794 typedef struct SSL3HandshakeStateStr { | 794 typedef struct SSL3HandshakeStateStr { |
| 795 SSL3Random server_random; | 795 SSL3Random server_random; |
| 796 SSL3Random client_random; | 796 SSL3Random client_random; |
| 797 SSL3WaitState ws; | 797 SSL3WaitState ws; |
| 798 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 798 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 799 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 799 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| 800 PK11Context * md5; /* handshake running hashes */ | 800 PK11Context * md5; /* handshake running hashes */ |
| 801 PK11Context * sha; | 801 PK11Context * sha; |
| 802 PK11Context * tls12_handshake_hash; |
| 802 const ssl3KEADef * kea_def; | 803 const ssl3KEADef * kea_def; |
| 803 ssl3CipherSuite cipher_suite; | 804 ssl3CipherSuite cipher_suite; |
| 804 const ssl3CipherSuiteDef *suite_def; | 805 const ssl3CipherSuiteDef *suite_def; |
| 805 SSLCompressionMethod compression; | 806 SSLCompressionMethod compression; |
| 806 sslBuffer msg_body; /* protected by recvBufLock */ | 807 sslBuffer msg_body; /* protected by recvBufLock */ |
| 807 /* partial handshake message from record layer */ | 808 /* partial handshake message from record layer */ |
| 808 unsigned int header_bytes; | 809 unsigned int header_bytes; |
| 809 /* number of bytes consumed from handshake */ | 810 /* number of bytes consumed from handshake */ |
| 810 /* message for message type and header length */ | 811 /* message for message type and header length */ |
| 811 SSL3HandshakeType msg_type; | 812 SSL3HandshakeType msg_type; |
| 812 unsigned long msg_len; | 813 unsigned long msg_len; |
| 813 SECItem ca_list; /* used only by client */ | 814 SECItem ca_list; /* used only by client */ |
| 814 PRBool isResuming; /* are we resuming a session */ | 815 PRBool isResuming; /* are we resuming a session */ |
| 815 PRBool usedStepDownKey; /* we did a server key exchange. */ | 816 PRBool usedStepDownKey; /* we did a server key exchange. */ |
| 816 PRBool sendingSCSV; /* instead of empty RI */ | 817 PRBool sendingSCSV; /* instead of empty RI */ |
| 817 sslBuffer msgState; /* current state for handshake messages*/ | 818 sslBuffer msgState; /* current state for handshake messages*/ |
| 818 /* protected by recvBufLock */ | 819 /* protected by recvBufLock */ |
| 819 sslBuffer messages; /* Accumulated handshake messages */ | 820 sslBuffer messages; /* Accumulated handshake messages */ |
| 820 PRUint16 finishedBytes; /* size of single finished below */ | 821 PRUint16 finishedBytes; /* size of single finished below */ |
| 821 union { | 822 union { |
| 822 TLSFinished tFinished[2]; /* client, then server */ | 823 TLSFinished tFinished[2]; /* client, then server */ |
| 823 » SSL3Hashes sFinished[2]; | 824 » SSL3Finished sFinished[2]; |
| 824 SSL3Opaque data[72]; | 825 SSL3Opaque data[72]; |
| 825 } finishedMsgs; | 826 } finishedMsgs; |
| 826 #ifdef NSS_ENABLE_ECC | 827 #ifdef NSS_ENABLE_ECC |
| 827 PRUint32 negotiatedECCurves; /* bit mask */ | 828 PRUint32 negotiatedECCurves; /* bit mask */ |
| 828 #endif /* NSS_ENABLE_ECC */ | 829 #endif /* NSS_ENABLE_ECC */ |
| 829 | 830 |
| 830 PRBool authCertificatePending; | 831 PRBool authCertificatePending; |
| 831 /* Which function should SSL_RestartHandshake* call if we're blocked? | 832 /* Which function should SSL_RestartHandshake* call if we're blocked? |
| 832 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, | 833 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, |
| 833 * or ssl3_AlwaysFail */ | 834 * or ssl3_AlwaysFail */ |
| 834 sslRestartTarget restartTarget; | 835 sslRestartTarget restartTarget; |
| 835 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ | 836 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ |
| 836 PRBool cacheSID; | 837 PRBool cacheSID; |
| 837 | 838 |
| 839 /* clientSigAndHash contains the contents of the signature_algorithms |
| 840 * extension (if any) from the client. This is only valid for TLS 1.2 |
| 841 * or later. */ |
| 842 SSL3SignatureAndHashAlgorithm *clientSigAndHash; |
| 843 unsigned int numClientSigAndHash; |
| 844 |
| 838 /* This group of values is used for DTLS */ | 845 /* This group of values is used for DTLS */ |
| 839 PRUint16 sendMessageSeq; /* The sending message sequence | 846 PRUint16 sendMessageSeq; /* The sending message sequence |
| 840 * number */ | 847 * number */ |
| 841 PRCList lastMessageFlight; /* The last message flight we | 848 PRCList lastMessageFlight; /* The last message flight we |
| 842 * sent */ | 849 * sent */ |
| 843 PRUint16 maxMessageSent; /* The largest message we sent */ | 850 PRUint16 maxMessageSent; /* The largest message we sent */ |
| 844 PRUint16 recvMessageSeq; /* The receiving message sequence | 851 PRUint16 recvMessageSeq; /* The receiving message sequence |
| 845 * number */ | 852 * number */ |
| 846 sslBuffer recvdFragments; /* The fragments we have received in | 853 sslBuffer recvdFragments; /* The fragments we have received in |
| 847 * a bitmask */ | 854 * a bitmask */ |
| (...skipping 618 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1466 /* Placeholder value used in version ranges when SSL 3.0 and all | 1473 /* Placeholder value used in version ranges when SSL 3.0 and all |
| 1467 * versions of TLS are disabled. | 1474 * versions of TLS are disabled. |
| 1468 */ | 1475 */ |
| 1469 #define SSL_LIBRARY_VERSION_NONE 0 | 1476 #define SSL_LIBRARY_VERSION_NONE 0 |
| 1470 | 1477 |
| 1471 /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version | 1478 /* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version |
| 1472 * of libssl supports. Applications should use SSL_VersionRangeGetSupported at | 1479 * of libssl supports. Applications should use SSL_VersionRangeGetSupported at |
| 1473 * runtime to determine which versions are supported by the version of libssl | 1480 * runtime to determine which versions are supported by the version of libssl |
| 1474 * in use. | 1481 * in use. |
| 1475 */ | 1482 */ |
| 1476 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1 | 1483 #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 |
| 1477 | 1484 |
| 1478 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ | 1485 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ |
| 1479 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ | 1486 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ |
| 1480 ((vrange)->min == SSL_LIBRARY_VERSION_NONE) | 1487 ((vrange)->min == SSL_LIBRARY_VERSION_NONE) |
| 1481 | 1488 |
| 1482 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, | 1489 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
| 1483 SSL3ProtocolVersion version); | 1490 SSL3ProtocolVersion version); |
| 1484 | 1491 |
| 1485 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, | 1492 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, |
| 1486 const unsigned char * cr, const unsigned char * sr, | 1493 const unsigned char * cr, const unsigned char * sr, |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1632 #ifdef NSS_ENABLE_ECC | 1639 #ifdef NSS_ENABLE_ECC |
| 1633 /* ECDH functions */ | 1640 /* ECDH functions */ |
| 1634 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, | 1641 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, |
| 1635 SECKEYPublicKey * svrPubKey); | 1642 SECKEYPublicKey * svrPubKey); |
| 1636 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, | 1643 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, |
| 1637 SSL3Opaque *b, PRUint32 length); | 1644 SSL3Opaque *b, PRUint32 length); |
| 1638 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, | 1645 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, |
| 1639 SSL3Opaque *b, PRUint32 length, | 1646 SSL3Opaque *b, PRUint32 length, |
| 1640 SECKEYPublicKey *srvrPubKey, | 1647 SECKEYPublicKey *srvrPubKey, |
| 1641 SECKEYPrivateKey *srvrPrivKey); | 1648 SECKEYPrivateKey *srvrPrivKey); |
| 1642 extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss); | 1649 extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss, |
| 1650 » » » const SSL3SignatureAndHashAlgorithm *sigAndHash); |
| 1643 #endif | 1651 #endif |
| 1644 | 1652 |
| 1645 extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf, | 1653 extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, |
| 1654 » » » » PRUint8 * hashBuf, |
| 1646 unsigned int bufLen, SSL3Hashes *hashes, | 1655 unsigned int bufLen, SSL3Hashes *hashes, |
| 1647 PRBool bypassPKCS11); | 1656 PRBool bypassPKCS11); |
| 1648 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); | 1657 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); |
| 1649 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); | 1658 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); |
| 1650 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, | 1659 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, |
| 1651 PRInt32 bytes); | 1660 PRInt32 bytes); |
| 1652 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, | 1661 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, |
| 1653 SSL3HandshakeType t, PRUint32 length); | 1662 SSL3HandshakeType t, PRUint32 length); |
| 1654 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, | 1663 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, |
| 1655 PRInt32 lenSize); | 1664 PRInt32 lenSize); |
| 1656 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, | 1665 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, |
| 1657 const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); | 1666 const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); |
| 1667 extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, |
| 1668 const SSL3SignatureAndHashAlgorithm* sigAndHash); |
| 1658 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, | 1669 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, |
| 1659 SSL3Opaque **b, PRUint32 *length); | 1670 SSL3Opaque **b, PRUint32 *length); |
| 1660 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, | 1671 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |
| 1661 SSL3Opaque **b, PRUint32 *length); | 1672 SSL3Opaque **b, PRUint32 *length); |
| 1662 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, | 1673 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
| 1663 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); | 1674 PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); |
| 1675 extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc); |
| 1676 extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( |
| 1677 const SSL3SignatureAndHashAlgorithm *sigAndHash, |
| 1678 CERTCertificate* cert); |
| 1679 extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, |
| 1680 SSL3Opaque **b, PRUint32 *length, |
| 1681 SSL3SignatureAndHashAlgorithm *out); |
| 1664 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, | 1682 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
| 1665 SECItem *buf, PRBool isTLS); | 1683 SECItem *buf, PRBool isTLS); |
| 1666 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, | 1684 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
| 1667 CERTCertificate *cert, SECItem *buf, PRBool isTLS, | 1685 CERTCertificate *cert, SECItem *buf, PRBool isTLS, |
| 1668 void *pwArg); | 1686 void *pwArg); |
| 1669 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, | 1687 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, |
| 1670 sslSessionID *sid, ssl3CipherSpec *spec, | 1688 sslSessionID *sid, ssl3CipherSpec *spec, |
| 1671 SSL3KEAType effectiveExchKeyType); | 1689 SSL3KEAType effectiveExchKeyType); |
| 1672 | 1690 |
| 1673 /* Functions that handle ClientHello and ServerHello extensions. */ | 1691 /* Functions that handle ClientHello and ServerHello extensions. */ |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1873 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1891 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
| 1874 #define SSL_GETPID getpid | 1892 #define SSL_GETPID getpid |
| 1875 #elif defined(WIN32) | 1893 #elif defined(WIN32) |
| 1876 extern int __cdecl _getpid(void); | 1894 extern int __cdecl _getpid(void); |
| 1877 #define SSL_GETPID _getpid | 1895 #define SSL_GETPID _getpid |
| 1878 #else | 1896 #else |
| 1879 #define SSL_GETPID() 0 | 1897 #define SSL_GETPID() 0 |
| 1880 #endif | 1898 #endif |
| 1881 | 1899 |
| 1882 #endif /* __sslimpl_h_ */ | 1900 #endif /* __sslimpl_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
