Implement TLS 1.2.

net/third_party/nss/ssl/ssl3prot.h

 /* Private header file of libSSL.
  * Various and sundry protocol constants. DON'T CHANGE THESE. These
  * values are defined by the SSL 3.0 protocol specification.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* $Id$ */
 
 #ifndef __ssl3proto_h_
@@ skipping 194 matching lines @@
     SECItem Ys;
 } SSL3ServerDHParams;
 
 typedef struct {
     union {
         SSL3ServerDHParams dh;
         SSL3ServerRSAParams rsa;
     } u;
 } SSL3ServerParams;
 
+/* This enum reflects HashAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+ *
+ * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
+enum {
+    tls_hash_md5 = 1,
+    tls_hash_sha1 = 2,
+    tls_hash_sha224 = 3,
+    tls_hash_sha256 = 4,
+    tls_hash_sha384 = 5,
+    tls_hash_sha512 = 6
+};
+
+/* This enum reflects SignatureAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+typedef enum {
+    tls_sig_rsa = 1,
+    tls_sig_dsa = 2,
+    tls_sig_ecdsa = 3
+} TLSSignatureAlgorithm;

[wtc, 2013/05/28 17:50:25]

This type was named TLS12SignatureAlgorithm. I changed the "TLS12" prefix
to "TLS".

+
+typedef struct {
+    SECOidTag hashAlg;
+    TLSSignatureAlgorithm sigAlg;

[wtc, 2013/05/28 17:50:25]

It was a little confusing at first why |hashAlg| is a SECOidTag
but |sigAlg| isn't.

+} SSL3SignatureAndHashAlgorithm;
+
+/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
+ * prior to 1.2. */
 typedef struct {
     uint8 md5[16];
     uint8 sha[20];
+} SSL3HashesIndividually;
+
+/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
+ * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
+ * struct. */
+typedef struct {
+    unsigned int len;
+    SECOidTag hashAlg;
+    union {
+        PRUint8 raw[64];

[wtc, 2013/05/28 17:50:25]

The size of |raw| was 32 bytes. I increased it to 64 to be large enough
for SHA-512. Since ssl3_ComputeHandshakeHashes and ssl3_SendCertificateVerify
are hardcoded to use SHA-256 in TLS 1.2, a 32-byte |raw| may be large enough.
But our client also advertises support of sha384 in the signature_algorithms
extension, so it seems that |raw| may need to be large enough for SHA-384 at
least, for example in the signatures in ServerKeyExchange.

+        SSL3HashesIndividually s;
+    } u;
 } SSL3Hashes;
-     
+
 typedef struct {
     union {
         SSL3Opaque anonymous;
         SSL3Hashes certified;
     } u;
 } SSL3ServerKeyExchange;
      
 typedef enum {
     ct_RSA_sign         =  1, 
     ct_DSS_sign         =  2, 
@@ skipping 37 matching lines @@
 
 typedef SSL3Hashes SSL3PreSignedCertificateVerify;
 
 typedef SECItem SSL3CertificateVerify;
 
 typedef enum {
     sender_client = 0x434c4e54,
     sender_server = 0x53525652
 } SSL3Sender;
 
-typedef SSL3Hashes SSL3Finished;   
+typedef SSL3HashesIndividually SSL3Finished;   

[wtc, 2013/05/28 17:50:25]

This change means SSL3Finished can only be used for the
Finished struct in SSL 3.0 (defined in
http://tools.ietf.org/html/rfc6101#section-5.6.9).  SSL3Finished
is no longer a synonym of SSL3Hashes.

 
 typedef struct {
     SSL3Opaque verify_data[12];
 } TLSFinished;
 
 /*
  * TLS extension related data structures and constants.
  */ 
 
 /* SessionTicket extension related data structures. */
@@ skipping 27 matching lines @@
     unsigned char *iv;
     SECItem encrypted_state;
     unsigned char *mac;
 } EncryptedSessionTicket;
 
 #define TLS_EX_SESS_TICKET_MAC_LENGTH       32
 
 #define TLS_STE_NO_SERVER_NAME        -1
 
 #endif /* __ssl3proto_h_ */