OLD | NEW |
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 /* $Id$ */ | 8 /* $Id$ */ |
9 | 9 |
10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
(...skipping 488 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
499 */ | 499 */ |
500 typedef struct { | 500 typedef struct { |
501 PRUint32 high; | 501 PRUint32 high; |
502 PRUint32 low; | 502 PRUint32 low; |
503 } SSL3SequenceNumber; | 503 } SSL3SequenceNumber; |
504 | 504 |
505 typedef PRUint16 DTLSEpoch; | 505 typedef PRUint16 DTLSEpoch; |
506 | 506 |
507 typedef void (*DTLSTimerCb)(sslSocket *); | 507 typedef void (*DTLSTimerCb)(sslSocket *); |
508 | 508 |
509 #define MAX_MAC_CONTEXT_BYTES 400 | 509 #define MAX_MAC_CONTEXT_BYTES 400 /* 400 is large enough for MD5, SHA-1, and |
| 510 * SHA-256. For SHA-384 support, increase |
| 511 * it to 712. */ |
510 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) | 512 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) |
511 | 513 |
512 #define MAX_CIPHER_CONTEXT_BYTES 2080 | 514 #define MAX_CIPHER_CONTEXT_BYTES 2080 |
513 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) | 515 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) |
514 | 516 |
515 typedef struct { | 517 typedef struct { |
516 SSL3Opaque wrapped_master_secret[48]; | 518 SSL3Opaque wrapped_master_secret[48]; |
517 PRUint16 wrapped_master_secret_len; | 519 PRUint16 wrapped_master_secret_len; |
518 PRUint8 msIsWrapped; | 520 PRUint8 msIsWrapped; |
519 PRUint8 resumable; | 521 PRUint8 resumable; |
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
781 ** A DTLS queued message (potentially to be retransmitted) | 783 ** A DTLS queued message (potentially to be retransmitted) |
782 */ | 784 */ |
783 typedef struct DTLSQueuedMessageStr { | 785 typedef struct DTLSQueuedMessageStr { |
784 PRCList link; /* The linked list link */ | 786 PRCList link; /* The linked list link */ |
785 DTLSEpoch epoch; /* The epoch to use */ | 787 DTLSEpoch epoch; /* The epoch to use */ |
786 SSL3ContentType type; /* The message type */ | 788 SSL3ContentType type; /* The message type */ |
787 unsigned char *data; /* The data */ | 789 unsigned char *data; /* The data */ |
788 PRUint16 len; /* The data length */ | 790 PRUint16 len; /* The data length */ |
789 } DTLSQueuedMessage; | 791 } DTLSQueuedMessage; |
790 | 792 |
| 793 typedef enum { |
| 794 handshake_hash_unknown = 0, |
| 795 handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ |
| 796 handshake_hash_single = 2 /* A single hash */ |
| 797 } SSL3HandshakeHashType; |
| 798 |
791 /* | 799 /* |
792 ** This is the "hs" member of the "ssl3" struct. | 800 ** This is the "hs" member of the "ssl3" struct. |
793 ** This entire struct is protected by ssl3HandshakeLock | 801 ** This entire struct is protected by ssl3HandshakeLock |
794 */ | 802 */ |
795 typedef struct SSL3HandshakeStateStr { | 803 typedef struct SSL3HandshakeStateStr { |
796 SSL3Random server_random; | 804 SSL3Random server_random; |
797 SSL3Random client_random; | 805 SSL3Random client_random; |
798 SSL3WaitState ws; | 806 SSL3WaitState ws; |
| 807 |
| 808 /* This group of members is used for handshake running hashes. */ |
| 809 SSL3HandshakeHashType hashType; |
| 810 sslBuffer messages; /* Accumulated handshake messages */ |
| 811 #ifndef NO_PKCS11_BYPASS |
| 812 /* Bypass mode: |
| 813 * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for |
| 814 * MD5 and |sha_cx| for SHA-1. |
| 815 * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support |
| 816 * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */ |
799 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 817 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
800 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 818 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
801 PK11Context * md5; /* handshake running hashes */ | 819 const SECHashObject * sha_obj; |
| 820 /* The function prototype of sha_obj->clone() does not match the prototype |
| 821 * of the freebl <HASH>_Clone functions, so we need a dedicated function |
| 822 * pointer for the <HASH>_Clone function. */ |
| 823 void (*sha_clone)(void *dest, void *src); |
| 824 #endif |
| 825 /* PKCS #11 mode: |
| 826 * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and |
| 827 * |sha| for SHA-1. |
| 828 * TLS 1.2 and later use only |sha|, for SHA-256. */ |
| 829 PK11Context * md5; |
802 PK11Context * sha; | 830 PK11Context * sha; |
803 PK11Context * tls12_handshake_hash; | 831 |
804 const ssl3KEADef * kea_def; | 832 const ssl3KEADef * kea_def; |
805 ssl3CipherSuite cipher_suite; | 833 ssl3CipherSuite cipher_suite; |
806 const ssl3CipherSuiteDef *suite_def; | 834 const ssl3CipherSuiteDef *suite_def; |
807 SSLCompressionMethod compression; | 835 SSLCompressionMethod compression; |
808 sslBuffer msg_body; /* protected by recvBufLock */ | 836 sslBuffer msg_body; /* protected by recvBufLock */ |
809 /* partial handshake message from record layer */ | 837 /* partial handshake message from record layer */ |
810 unsigned int header_bytes; | 838 unsigned int header_bytes; |
811 /* number of bytes consumed from handshake */ | 839 /* number of bytes consumed from handshake */ |
812 /* message for message type and header length */ | 840 /* message for message type and header length */ |
813 SSL3HandshakeType msg_type; | 841 SSL3HandshakeType msg_type; |
814 unsigned long msg_len; | 842 unsigned long msg_len; |
815 SECItem ca_list; /* used only by client */ | 843 SECItem ca_list; /* used only by client */ |
816 PRBool isResuming; /* are we resuming a session */ | 844 PRBool isResuming; /* are we resuming a session */ |
817 PRBool usedStepDownKey; /* we did a server key exchange. */ | 845 PRBool usedStepDownKey; /* we did a server key exchange. */ |
818 PRBool sendingSCSV; /* instead of empty RI */ | 846 PRBool sendingSCSV; /* instead of empty RI */ |
819 sslBuffer msgState; /* current state for handshake messages*/ | 847 sslBuffer msgState; /* current state for handshake messages*/ |
820 /* protected by recvBufLock */ | 848 /* protected by recvBufLock */ |
821 sslBuffer messages; /* Accumulated handshake messages */ | |
822 PRUint16 finishedBytes; /* size of single finished below */ | 849 PRUint16 finishedBytes; /* size of single finished below */ |
823 union { | 850 union { |
824 TLSFinished tFinished[2]; /* client, then server */ | 851 TLSFinished tFinished[2]; /* client, then server */ |
825 SSL3Finished sFinished[2]; | 852 SSL3Finished sFinished[2]; |
826 SSL3Opaque data[72]; | 853 SSL3Opaque data[72]; |
827 } finishedMsgs; | 854 } finishedMsgs; |
828 #ifdef NSS_ENABLE_ECC | 855 #ifdef NSS_ENABLE_ECC |
829 PRUint32 negotiatedECCurves; /* bit mask */ | 856 PRUint32 negotiatedECCurves; /* bit mask */ |
830 #endif /* NSS_ENABLE_ECC */ | 857 #endif /* NSS_ENABLE_ECC */ |
831 | 858 |
(...skipping 1062 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1894 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1921 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1895 #define SSL_GETPID getpid | 1922 #define SSL_GETPID getpid |
1896 #elif defined(WIN32) | 1923 #elif defined(WIN32) |
1897 extern int __cdecl _getpid(void); | 1924 extern int __cdecl _getpid(void); |
1898 #define SSL_GETPID _getpid | 1925 #define SSL_GETPID _getpid |
1899 #else | 1926 #else |
1900 #define SSL_GETPID() 0 | 1927 #define SSL_GETPID() 0 |
1901 #endif | 1928 #endif |
1902 | 1929 |
1903 #endif /* __sslimpl_h_ */ | 1930 #endif /* __sslimpl_h_ */ |
OLD | NEW |