Uprev NSS to 3.23 on iOS

net/third_party/nss/ssl/ssl3prot.h

 /* Private header file of libSSL.
  * Various and sundry protocol constants. DON'T CHANGE THESE. These
  * values are defined by the SSL 3.0 protocol specification.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __ssl3proto_h_
 #define __ssl3proto_h_
 
 typedef PRUint8 SSL3Opaque;
 
 typedef PRUint16 SSL3ProtocolVersion;
 /* version numbers are defined in sslproto.h */
 
 /* The TLS 1.3 draft version. Used to avoid negotiating
  * between incompatible pre-standard TLS 1.3 drafts.
  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-#define TLS_1_3_DRAFT_VERSION  3
+#define TLS_1_3_DRAFT_VERSION 11
 
 typedef PRUint16 ssl3CipherSuite;
 /* The cipher suites are defined in sslproto.h */
 
-#define MAX_CERT_TYPES                  10
-#define MAX_COMPRESSION_METHODS         10
-#define MAX_MAC_LENGTH                  64
-#define MAX_PADDING_LENGTH              64
-#define MAX_KEY_LENGTH                  64
-#define EXPORT_KEY_LENGTH                5
-#define SSL3_RANDOM_LENGTH              32
+#define MAX_CERT_TYPES 10
+#define MAX_COMPRESSION_METHODS 10
+#define MAX_MAC_LENGTH 64
+#define MAX_PADDING_LENGTH 64
+#define MAX_KEY_LENGTH 64
+#define EXPORT_KEY_LENGTH 5
+#define SSL3_RANDOM_LENGTH 32
 
-#define SSL3_RECORD_HEADER_LENGTH        5
+#define SSL3_RECORD_HEADER_LENGTH 5
 
 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
-#define DTLS_RECORD_HEADER_LENGTH       13
+#define DTLS_RECORD_HEADER_LENGTH 13
 
-#define MAX_FRAGMENT_LENGTH          16384
+#define MAX_FRAGMENT_LENGTH 16384
 
 typedef enum {
     content_change_cipher_spec = 20,
-    content_alert              = 21,
-    content_handshake          = 22,
-    content_application_data   = 23
+    content_alert = 21,
+    content_handshake = 22,
+    content_application_data = 23
 } SSL3ContentType;
 
 typedef struct {
-    SSL3ContentType     type;
+    SSL3ContentType type;
     SSL3ProtocolVersion version;
-    PRUint16            length;
-    SECItem             fragment;
+    PRUint16 length;
+    SECItem fragment;
 } SSL3Plaintext;
 
 typedef struct {
-    SSL3ContentType     type;
+    SSL3ContentType type;
     SSL3ProtocolVersion version;
-    PRUint16            length;
-    SECItem             fragment;
+    PRUint16 length;
+    SECItem fragment;
 } SSL3Compressed;
 
 typedef struct {
-    SECItem    content;
+    SECItem content;
     SSL3Opaque MAC[MAX_MAC_LENGTH];
 } SSL3GenericStreamCipher;
 
 typedef struct {
-    SECItem    content;
+    SECItem content;
     SSL3Opaque MAC[MAX_MAC_LENGTH];
-    PRUint8    padding[MAX_PADDING_LENGTH];
-    PRUint8    padding_length;
+    PRUint8 padding[MAX_PADDING_LENGTH];
+    PRUint8 padding_length;
 } SSL3GenericBlockCipher;
 
 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
 
 typedef struct {
     SSL3ChangeCipherSpecChoice choice;
 } SSL3ChangeCipherSpec;
 
-typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
+typedef enum { alert_warning = 1,
+               alert_fatal = 2 } SSL3AlertLevel;
 
 typedef enum {
-    close_notify            = 0,
-    unexpected_message      = 10,
-    bad_record_mac          = 20,
-    decryption_failed_RESERVED = 21,    /* do not send; see RFC 5246 */
-    record_overflow         = 22,       /* TLS only */
-    decompression_failure   = 30,
-    handshake_failure       = 40,
-    no_certificate          = 41,       /* SSL3 only, NOT TLS */
-    bad_certificate         = 42,
+    close_notify = 0,
+    unexpected_message = 10,
+    bad_record_mac = 20,
+    decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
+    record_overflow = 22,            /* TLS only */
+    decompression_failure = 30,
+    handshake_failure = 40,
+    no_certificate = 41, /* SSL3 only, NOT TLS */
+    bad_certificate = 42,
     unsupported_certificate = 43,
-    certificate_revoked     = 44,
-    certificate_expired     = 45,
-    certificate_unknown     = 46,
-    illegal_parameter       = 47,
+    certificate_revoked = 44,
+    certificate_expired = 45,
+    certificate_unknown = 46,
+    illegal_parameter = 47,
 
-/* All alerts below are TLS only. */
-    unknown_ca              = 48,
-    access_denied           = 49,
-    decode_error            = 50,
-    decrypt_error           = 51,
-    export_restriction      = 60,
-    protocol_version        = 70,
-    insufficient_security   = 71,
-    internal_error          = 80,
-    inappropriate_fallback  = 86,       /* could also be sent for SSLv3 */
-    user_canceled           = 90,
-    no_renegotiation        = 100,
+    /* All alerts below are TLS only. */
+    unknown_ca = 48,
+    access_denied = 49,
+    decode_error = 50,
+    decrypt_error = 51,
+    export_restriction = 60,
+    protocol_version = 70,
+    insufficient_security = 71,
+    internal_error = 80,
+    inappropriate_fallback = 86, /* could also be sent for SSLv3 */
+    user_canceled = 90,
+    no_renegotiation = 100,
 
-/* Alerts for client hello extensions */
-    unsupported_extension           = 110,
-    certificate_unobtainable        = 111,
-    unrecognized_name               = 112,
+    /* Alerts for client hello extensions */
+    missing_extension = 109,
+    unsupported_extension = 110,
+    certificate_unobtainable = 111,
+    unrecognized_name = 112,
     bad_certificate_status_response = 113,
-    bad_certificate_hash_value      = 114,
-    no_application_protocol         = 120
+    bad_certificate_hash_value = 114,
+    no_application_protocol = 120
 
 } SSL3AlertDescription;
 
 typedef struct {
-    SSL3AlertLevel       level;
+    SSL3AlertLevel level;
     SSL3AlertDescription description;
 } SSL3Alert;
 
 typedef enum {
-    hello_request       = 0,
-    client_hello        = 1,
-    server_hello        = 2,
+    hello_request = 0,
+    client_hello = 1,
+    server_hello = 2,
     hello_verify_request = 3,
-    new_session_ticket  = 4,
-    certificate         = 11,
+    new_session_ticket = 4,
+    hello_retry_request = 6,
+    encrypted_extensions = 8,
+    certificate = 11,
     server_key_exchange = 12,
     certificate_request = 13,
-    server_hello_done   = 14,
-    certificate_verify  = 15,
+    server_hello_done = 14,
+    certificate_verify = 15,
     client_key_exchange = 16,
-    finished            = 20,
-    certificate_status  = 22,
-    next_proto          = 67,
-    encrypted_extensions = 203,
+    finished = 20,
+    certificate_status = 22,
+    next_proto = 67,
+    channelid_encrypted_extensions = 203
 } SSL3HandshakeType;
 
 typedef struct {
     PRUint8 empty;
 } SSL3HelloRequest;
 
 typedef struct {
     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
 } SSL3Random;
 
 typedef struct {
     SSL3Opaque id[32];
     PRUint8 length;
 } SSL3SessionID;
 
 typedef struct {
-    SSL3ProtocolVersion   client_version;
-    SSL3Random            random;
-    SSL3SessionID         session_id;
-    SECItem               cipher_suites;
-    PRUint8               cm_count;
-    SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
+    SSL3ProtocolVersion client_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    SECItem cipher_suites;
+    PRUint8 cm_count;
+    SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
 } SSL3ClientHello;
 
-typedef struct  {
-    SSL3ProtocolVersion   server_version;
-    SSL3Random            random;
-    SSL3SessionID         session_id;
-    ssl3CipherSuite       cipher_suite;
-    SSLCompressionMethod  compression_method;
+typedef struct {
+    SSL3ProtocolVersion server_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    ssl3CipherSuite cipher_suite;
+    SSLCompressionMethod compression_method;
 } SSL3ServerHello;
 
 typedef struct {
     SECItem list;
 } SSL3Certificate;
 
 /* SSL3SignType moved to ssl.h */
 
 /* The SSL key exchange method used */
 typedef enum {
@@ skipping 57 matching lines @@
 } SSL3Hashes;
 
 typedef struct {
     union {
         SSL3Opaque anonymous;
         SSL3Hashes certified;
     } u;
 } SSL3ServerKeyExchange;
 
 typedef enum {
-    ct_RSA_sign         =  1,
-    ct_DSS_sign         =  2,
-    ct_RSA_fixed_DH     =  3,
-    ct_DSS_fixed_DH     =  4,
-    ct_RSA_ephemeral_DH =  5,
-    ct_DSS_ephemeral_DH =  6,
-    ct_ECDSA_sign       =  64,
-    ct_RSA_fixed_ECDH   =  65,
-    ct_ECDSA_fixed_ECDH =  66
+    ct_RSA_sign = 1,
+    ct_DSS_sign = 2,
+    ct_RSA_fixed_DH = 3,
+    ct_DSS_fixed_DH = 4,
+    ct_RSA_ephemeral_DH = 5,
+    ct_DSS_ephemeral_DH = 6,
+    ct_ECDSA_sign = 64,
+    ct_RSA_fixed_ECDH = 65,
+    ct_ECDSA_fixed_ECDH = 66
 
 } SSL3ClientCertificateType;
 
-typedef SECItem *SSL3DistinquishedName;
-
 typedef struct {
     SSL3Opaque client_version[2];
     SSL3Opaque random[46];
 } SSL3RSAPreMasterSecret;
 
-typedef SECItem SSL3EncryptedPreMasterSecret;
-
-
 typedef SSL3Opaque SSL3MasterSecret[48];
 
-typedef enum { implicit, explicit } SSL3PublicValueEncoding;
-
-typedef struct {
-    union {
-        SSL3Opaque implicit;
-        SECItem    explicit;
-    } dh_public;
-} SSL3ClientDiffieHellmanPublic;
-
-typedef struct {
-    union {
-        SSL3EncryptedPreMasterSecret  rsa;
-        SSL3ClientDiffieHellmanPublic diffie_helman;
-    } exchange_keys;
-} SSL3ClientKeyExchange;
-
-typedef SSL3Hashes SSL3PreSignedCertificateVerify;
-
-typedef SECItem SSL3CertificateVerify;
-
 typedef enum {
     sender_client = 0x434c4e54,
     sender_server = 0x53525652
 } SSL3Sender;
 
 typedef SSL3HashesIndividually SSL3Finished;
 
 typedef struct {
     SSL3Opaque verify_data[12];
 } TLSFinished;
 
 /*
  * TLS extension related data structures and constants.
  */
 
 /* SessionTicket extension related data structures. */
 
 /* NewSessionTicket handshake message. */
 typedef struct {
     PRUint32 received_timestamp;
     PRUint32 ticket_lifetime_hint;
-    SECItem  ticket;
+    SECItem ticket;
 } NewSessionTicket;
 
 typedef enum {
-    CLIENT_AUTH_ANONYMOUS   = 0,
+    CLIENT_AUTH_ANONYMOUS = 0,
     CLIENT_AUTH_CERTIFICATE = 1
 } ClientAuthenticationType;
 
 typedef struct {
     ClientAuthenticationType client_auth_type;
     union {
         SSL3Opaque *certificate_list;
     } identity;
 } ClientIdentity;
 
-#define SESS_TICKET_KEY_NAME_LEN       16
-#define SESS_TICKET_KEY_NAME_PREFIX    "NSS!"
+#define SESS_TICKET_KEY_NAME_LEN 16
+#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
-#define SESS_TICKET_KEY_VAR_NAME_LEN   12
+#define SESS_TICKET_KEY_VAR_NAME_LEN 12
 
 typedef struct {
     unsigned char *key_name;
     unsigned char *iv;
     SECItem encrypted_state;
     unsigned char *mac;
 } EncryptedSessionTicket;
 
 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32
 
-#define TLS_STE_NO_SERVER_NAME        -1
+#define TLS_STE_NO_SERVER_NAME -1
 
 #endif /* __ssl3proto_h_ */