Chromium Code Reviews Chromium Code Reviews| Index: net/third_party/nss/ssl/sslimpl.h |
| =================================================================== |
| --- net/third_party/nss/ssl/sslimpl.h (revision 199250) |
| +++ net/third_party/nss/ssl/sslimpl.h (working copy) |
| @@ -799,6 +799,7 @@ |
| PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
| PK11Context * md5; /* handshake running hashes */ |
| PK11Context * sha; |
| + PK11Context * tls12_handshake_hash; |
| const ssl3KEADef * kea_def; |
| ssl3CipherSuite cipher_suite; |
| const ssl3CipherSuiteDef *suite_def; |
| @@ -820,7 +821,7 @@ |
| PRUint16 finishedBytes; /* size of single finished below */ |
| union { |
| TLSFinished tFinished[2]; /* client, then server */ |
| - SSL3Hashes sFinished[2]; |
| + unsigned char sFinished[2][36]; |
| SSL3Opaque data[72]; |
| } finishedMsgs; |
| #ifdef NSS_ENABLE_ECC |
| @@ -835,6 +836,11 @@ |
| /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ |
| PRBool cacheSID; |
| + /* clientSigAndHash contains the contents of the signature_algorithms |
| + * extension (if any) from the client. This is only valid for TLS 1.2. */ |
| + SSL3SignatureAndHashAlgorithm *clientSigAndHash; |
| + unsigned int numClientSigAndHash; |
| + |
| /* This group of values is used for DTLS */ |
| PRUint16 sendMessageSeq; /* The sending message sequence |
| * number */ |
| @@ -1473,7 +1479,7 @@ |
| * runtime to determine which versions are supported by the version of libssl |
| * in use. |
| */ |
| -#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_1 |
| +#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 |
| /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ |
| #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ |
| @@ -1642,7 +1648,8 @@ |
| extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss); |
| #endif |
| -extern SECStatus ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf, |
| +extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, |
| + PRUint8 * hashBuf, |
| unsigned int bufLen, SSL3Hashes *hashes, |
| PRBool bypassPKCS11); |
| extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); |
| @@ -1655,12 +1662,24 @@ |
| PRInt32 lenSize); |
| extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, |
| const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); |
| +extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, |
| + const SSL3SignatureAndHashAlgorithm* sigAndHash); |
| extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, |
| SSL3Opaque **b, PRUint32 *length); |
| extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |
| SSL3Opaque **b, PRUint32 *length); |
| extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
| PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); |
| +extern SECOidTag ssl3_TLSHashFunctionToOID(int hashFunc); |
| +extern int ssl3_OIDToTLSHashFunction(SECOidTag oid); |
| +extern SECStatus ssl3_PickSignatureHashFunction( |
| + sslSocket *ss, SSL3SignatureAndHashAlgorithm *out); |
|
wtc
2013/05/28 17:50:25
These two functions are only used in ssl3con.c, so
|
| +extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( |
| + const SSL3SignatureAndHashAlgorithm *sigAndHash, |
| + CERTCertificate* cert); |
| +extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, |
| + SSL3Opaque **b, PRUint32 *length, |
| + SSL3SignatureAndHashAlgorithm *out); |
| extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
| SECItem *buf, PRBool isTLS); |
| extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
