| Index: net/third_party/nss/ssl/ssl3prot.h
|
| diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
|
| index 848bdee7a205e3c87d31ad6126a6af8b95284e12..928d059651e60d798380cf4e292ab9f5dd1a2083 100644
|
| --- a/net/third_party/nss/ssl/ssl3prot.h
|
| +++ b/net/third_party/nss/ssl/ssl3prot.h
|
| @@ -17,57 +17,57 @@ typedef PRUint16 SSL3ProtocolVersion;
|
| /* The TLS 1.3 draft version. Used to avoid negotiating
|
| * between incompatible pre-standard TLS 1.3 drafts.
|
| * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
|
| -#define TLS_1_3_DRAFT_VERSION 3
|
| +#define TLS_1_3_DRAFT_VERSION 11
|
|
|
| typedef PRUint16 ssl3CipherSuite;
|
| /* The cipher suites are defined in sslproto.h */
|
|
|
| -#define MAX_CERT_TYPES 10
|
| -#define MAX_COMPRESSION_METHODS 10
|
| -#define MAX_MAC_LENGTH 64
|
| -#define MAX_PADDING_LENGTH 64
|
| -#define MAX_KEY_LENGTH 64
|
| -#define EXPORT_KEY_LENGTH 5
|
| -#define SSL3_RANDOM_LENGTH 32
|
| +#define MAX_CERT_TYPES 10
|
| +#define MAX_COMPRESSION_METHODS 10
|
| +#define MAX_MAC_LENGTH 64
|
| +#define MAX_PADDING_LENGTH 64
|
| +#define MAX_KEY_LENGTH 64
|
| +#define EXPORT_KEY_LENGTH 5
|
| +#define SSL3_RANDOM_LENGTH 32
|
|
|
| -#define SSL3_RECORD_HEADER_LENGTH 5
|
| +#define SSL3_RECORD_HEADER_LENGTH 5
|
|
|
| /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
|
| -#define DTLS_RECORD_HEADER_LENGTH 13
|
| +#define DTLS_RECORD_HEADER_LENGTH 13
|
|
|
| -#define MAX_FRAGMENT_LENGTH 16384
|
| +#define MAX_FRAGMENT_LENGTH 16384
|
|
|
| typedef enum {
|
| content_change_cipher_spec = 20,
|
| - content_alert = 21,
|
| - content_handshake = 22,
|
| - content_application_data = 23
|
| + content_alert = 21,
|
| + content_handshake = 22,
|
| + content_application_data = 23
|
| } SSL3ContentType;
|
|
|
| typedef struct {
|
| - SSL3ContentType type;
|
| + SSL3ContentType type;
|
| SSL3ProtocolVersion version;
|
| - PRUint16 length;
|
| - SECItem fragment;
|
| + PRUint16 length;
|
| + SECItem fragment;
|
| } SSL3Plaintext;
|
|
|
| typedef struct {
|
| - SSL3ContentType type;
|
| + SSL3ContentType type;
|
| SSL3ProtocolVersion version;
|
| - PRUint16 length;
|
| - SECItem fragment;
|
| + PRUint16 length;
|
| + SECItem fragment;
|
| } SSL3Compressed;
|
|
|
| typedef struct {
|
| - SECItem content;
|
| + SECItem content;
|
| SSL3Opaque MAC[MAX_MAC_LENGTH];
|
| } SSL3GenericStreamCipher;
|
|
|
| typedef struct {
|
| - SECItem content;
|
| + SECItem content;
|
| SSL3Opaque MAC[MAX_MAC_LENGTH];
|
| - PRUint8 padding[MAX_PADDING_LENGTH];
|
| - PRUint8 padding_length;
|
| + PRUint8 padding[MAX_PADDING_LENGTH];
|
| + PRUint8 padding_length;
|
| } SSL3GenericBlockCipher;
|
|
|
| typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
|
| @@ -76,68 +76,72 @@ typedef struct {
|
| SSL3ChangeCipherSpecChoice choice;
|
| } SSL3ChangeCipherSpec;
|
|
|
| -typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
|
| +typedef enum { alert_warning = 1,
|
| + alert_fatal = 2 } SSL3AlertLevel;
|
|
|
| typedef enum {
|
| - close_notify = 0,
|
| - unexpected_message = 10,
|
| - bad_record_mac = 20,
|
| - decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
|
| - record_overflow = 22, /* TLS only */
|
| - decompression_failure = 30,
|
| - handshake_failure = 40,
|
| - no_certificate = 41, /* SSL3 only, NOT TLS */
|
| - bad_certificate = 42,
|
| + close_notify = 0,
|
| + unexpected_message = 10,
|
| + bad_record_mac = 20,
|
| + decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
|
| + record_overflow = 22, /* TLS only */
|
| + decompression_failure = 30,
|
| + handshake_failure = 40,
|
| + no_certificate = 41, /* SSL3 only, NOT TLS */
|
| + bad_certificate = 42,
|
| unsupported_certificate = 43,
|
| - certificate_revoked = 44,
|
| - certificate_expired = 45,
|
| - certificate_unknown = 46,
|
| - illegal_parameter = 47,
|
| -
|
| -/* All alerts below are TLS only. */
|
| - unknown_ca = 48,
|
| - access_denied = 49,
|
| - decode_error = 50,
|
| - decrypt_error = 51,
|
| - export_restriction = 60,
|
| - protocol_version = 70,
|
| - insufficient_security = 71,
|
| - internal_error = 80,
|
| - inappropriate_fallback = 86, /* could also be sent for SSLv3 */
|
| - user_canceled = 90,
|
| - no_renegotiation = 100,
|
| -
|
| -/* Alerts for client hello extensions */
|
| - unsupported_extension = 110,
|
| - certificate_unobtainable = 111,
|
| - unrecognized_name = 112,
|
| + certificate_revoked = 44,
|
| + certificate_expired = 45,
|
| + certificate_unknown = 46,
|
| + illegal_parameter = 47,
|
| +
|
| + /* All alerts below are TLS only. */
|
| + unknown_ca = 48,
|
| + access_denied = 49,
|
| + decode_error = 50,
|
| + decrypt_error = 51,
|
| + export_restriction = 60,
|
| + protocol_version = 70,
|
| + insufficient_security = 71,
|
| + internal_error = 80,
|
| + inappropriate_fallback = 86, /* could also be sent for SSLv3 */
|
| + user_canceled = 90,
|
| + no_renegotiation = 100,
|
| +
|
| + /* Alerts for client hello extensions */
|
| + missing_extension = 109,
|
| + unsupported_extension = 110,
|
| + certificate_unobtainable = 111,
|
| + unrecognized_name = 112,
|
| bad_certificate_status_response = 113,
|
| - bad_certificate_hash_value = 114,
|
| - no_application_protocol = 120
|
| + bad_certificate_hash_value = 114,
|
| + no_application_protocol = 120
|
|
|
| } SSL3AlertDescription;
|
|
|
| typedef struct {
|
| - SSL3AlertLevel level;
|
| + SSL3AlertLevel level;
|
| SSL3AlertDescription description;
|
| } SSL3Alert;
|
|
|
| typedef enum {
|
| - hello_request = 0,
|
| - client_hello = 1,
|
| - server_hello = 2,
|
| + hello_request = 0,
|
| + client_hello = 1,
|
| + server_hello = 2,
|
| hello_verify_request = 3,
|
| - new_session_ticket = 4,
|
| - certificate = 11,
|
| + new_session_ticket = 4,
|
| + hello_retry_request = 6,
|
| + encrypted_extensions = 8,
|
| + certificate = 11,
|
| server_key_exchange = 12,
|
| certificate_request = 13,
|
| - server_hello_done = 14,
|
| - certificate_verify = 15,
|
| + server_hello_done = 14,
|
| + certificate_verify = 15,
|
| client_key_exchange = 16,
|
| - finished = 20,
|
| - certificate_status = 22,
|
| - next_proto = 67,
|
| - encrypted_extensions = 203,
|
| + finished = 20,
|
| + certificate_status = 22,
|
| + next_proto = 67,
|
| + channelid_encrypted_extensions = 203
|
| } SSL3HandshakeType;
|
|
|
| typedef struct {
|
| @@ -154,20 +158,20 @@ typedef struct {
|
| } SSL3SessionID;
|
|
|
| typedef struct {
|
| - SSL3ProtocolVersion client_version;
|
| - SSL3Random random;
|
| - SSL3SessionID session_id;
|
| - SECItem cipher_suites;
|
| - PRUint8 cm_count;
|
| - SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
|
| + SSL3ProtocolVersion client_version;
|
| + SSL3Random random;
|
| + SSL3SessionID session_id;
|
| + SECItem cipher_suites;
|
| + PRUint8 cm_count;
|
| + SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
|
| } SSL3ClientHello;
|
|
|
| -typedef struct {
|
| - SSL3ProtocolVersion server_version;
|
| - SSL3Random random;
|
| - SSL3SessionID session_id;
|
| - ssl3CipherSuite cipher_suite;
|
| - SSLCompressionMethod compression_method;
|
| +typedef struct {
|
| + SSL3ProtocolVersion server_version;
|
| + SSL3Random random;
|
| + SSL3SessionID session_id;
|
| + ssl3CipherSuite cipher_suite;
|
| + SSLCompressionMethod compression_method;
|
| } SSL3ServerHello;
|
|
|
| typedef struct {
|
| @@ -245,50 +249,25 @@ typedef struct {
|
| } SSL3ServerKeyExchange;
|
|
|
| typedef enum {
|
| - ct_RSA_sign = 1,
|
| - ct_DSS_sign = 2,
|
| - ct_RSA_fixed_DH = 3,
|
| - ct_DSS_fixed_DH = 4,
|
| - ct_RSA_ephemeral_DH = 5,
|
| - ct_DSS_ephemeral_DH = 6,
|
| - ct_ECDSA_sign = 64,
|
| - ct_RSA_fixed_ECDH = 65,
|
| - ct_ECDSA_fixed_ECDH = 66
|
| + ct_RSA_sign = 1,
|
| + ct_DSS_sign = 2,
|
| + ct_RSA_fixed_DH = 3,
|
| + ct_DSS_fixed_DH = 4,
|
| + ct_RSA_ephemeral_DH = 5,
|
| + ct_DSS_ephemeral_DH = 6,
|
| + ct_ECDSA_sign = 64,
|
| + ct_RSA_fixed_ECDH = 65,
|
| + ct_ECDSA_fixed_ECDH = 66
|
|
|
| } SSL3ClientCertificateType;
|
|
|
| -typedef SECItem *SSL3DistinquishedName;
|
| -
|
| typedef struct {
|
| SSL3Opaque client_version[2];
|
| SSL3Opaque random[46];
|
| } SSL3RSAPreMasterSecret;
|
|
|
| -typedef SECItem SSL3EncryptedPreMasterSecret;
|
| -
|
| -
|
| typedef SSL3Opaque SSL3MasterSecret[48];
|
|
|
| -typedef enum { implicit, explicit } SSL3PublicValueEncoding;
|
| -
|
| -typedef struct {
|
| - union {
|
| - SSL3Opaque implicit;
|
| - SECItem explicit;
|
| - } dh_public;
|
| -} SSL3ClientDiffieHellmanPublic;
|
| -
|
| -typedef struct {
|
| - union {
|
| - SSL3EncryptedPreMasterSecret rsa;
|
| - SSL3ClientDiffieHellmanPublic diffie_helman;
|
| - } exchange_keys;
|
| -} SSL3ClientKeyExchange;
|
| -
|
| -typedef SSL3Hashes SSL3PreSignedCertificateVerify;
|
| -
|
| -typedef SECItem SSL3CertificateVerify;
|
| -
|
| typedef enum {
|
| sender_client = 0x434c4e54,
|
| sender_server = 0x53525652
|
| @@ -310,11 +289,11 @@ typedef struct {
|
| typedef struct {
|
| PRUint32 received_timestamp;
|
| PRUint32 ticket_lifetime_hint;
|
| - SECItem ticket;
|
| + SECItem ticket;
|
| } NewSessionTicket;
|
|
|
| typedef enum {
|
| - CLIENT_AUTH_ANONYMOUS = 0,
|
| + CLIENT_AUTH_ANONYMOUS = 0,
|
| CLIENT_AUTH_CERTIFICATE = 1
|
| } ClientAuthenticationType;
|
|
|
| @@ -325,10 +304,10 @@ typedef struct {
|
| } identity;
|
| } ClientIdentity;
|
|
|
| -#define SESS_TICKET_KEY_NAME_LEN 16
|
| -#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
|
| +#define SESS_TICKET_KEY_NAME_LEN 16
|
| +#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
|
| #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
|
| -#define SESS_TICKET_KEY_VAR_NAME_LEN 12
|
| +#define SESS_TICKET_KEY_VAR_NAME_LEN 12
|
|
|
| typedef struct {
|
| unsigned char *key_name;
|
| @@ -339,6 +318,6 @@ typedef struct {
|
|
|
| #define TLS_EX_SESS_TICKET_MAC_LENGTH 32
|
|
|
| -#define TLS_STE_NO_SERVER_NAME -1
|
| +#define TLS_STE_NO_SERVER_NAME -1
|
|
|
| #endif /* __ssl3proto_h_ */
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master