Index: net/third_party/nss/ssl/sslimpl.h |
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h |
index 874e59c62232cde1ce4231e35245d532c456d22c..f56ab53c32bd8435817ca943510b9659b74d607a 100644 |
--- a/net/third_party/nss/ssl/sslimpl.h |
+++ b/net/third_party/nss/ssl/sslimpl.h |
@@ -21,7 +21,6 @@ |
#include "sslerr.h" |
#include "ssl3prot.h" |
#include "hasht.h" |
-#include "keythi.h" |
#include "nssilock.h" |
#include "pkcs11t.h" |
#if defined(XP_UNIX) || defined(XP_BEOS) |
@@ -33,53 +32,38 @@ |
#include "sslt.h" /* for some formerly private types, now public */ |
-#ifdef NSS_PLATFORM_CLIENT_AUTH |
-#if defined(XP_WIN32) |
-#include <windows.h> |
-#include <wincrypt.h> |
-#elif defined(XP_MACOSX) |
-#include <Security/Security.h> |
-#endif |
-#endif |
- |
/* to make some of these old enums public without namespace pollution, |
** it was necessary to prepend ssl_ to the names. |
** These #defines preserve compatibility with the old code here in libssl. |
*/ |
-typedef SSLKEAType SSL3KEAType; |
+typedef SSLKEAType SSL3KEAType; |
typedef SSLMACAlgorithm SSL3MACAlgorithm; |
-typedef SSLSignType SSL3SignType; |
- |
-#define sign_null ssl_sign_null |
-#define sign_rsa ssl_sign_rsa |
-#define sign_dsa ssl_sign_dsa |
-#define sign_ecdsa ssl_sign_ecdsa |
- |
-#define calg_null ssl_calg_null |
-#define calg_rc4 ssl_calg_rc4 |
-#define calg_rc2 ssl_calg_rc2 |
-#define calg_des ssl_calg_des |
-#define calg_3des ssl_calg_3des |
-#define calg_idea ssl_calg_idea |
-#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
-#define calg_aes ssl_calg_aes |
-#define calg_camellia ssl_calg_camellia |
-#define calg_seed ssl_calg_seed |
-#define calg_aes_gcm ssl_calg_aes_gcm |
-#define calg_chacha20 ssl_calg_chacha20 |
- |
-#define mac_null ssl_mac_null |
-#define mac_md5 ssl_mac_md5 |
-#define mac_sha ssl_mac_sha |
-#define hmac_md5 ssl_hmac_md5 |
-#define hmac_sha ssl_hmac_sha |
-#define hmac_sha256 ssl_hmac_sha256 |
-#define mac_aead ssl_mac_aead |
- |
-#define SET_ERROR_CODE /* reminder */ |
-#define SEND_ALERT /* reminder */ |
-#define TEST_FOR_FAILURE /* reminder */ |
-#define DEAL_WITH_FAILURE /* reminder */ |
+ |
+#define calg_null ssl_calg_null |
+#define calg_rc4 ssl_calg_rc4 |
+#define calg_rc2 ssl_calg_rc2 |
+#define calg_des ssl_calg_des |
+#define calg_3des ssl_calg_3des |
+#define calg_idea ssl_calg_idea |
+#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
+#define calg_aes ssl_calg_aes |
+#define calg_camellia ssl_calg_camellia |
+#define calg_seed ssl_calg_seed |
+#define calg_aes_gcm ssl_calg_aes_gcm |
+#define calg_chacha20 ssl_calg_chacha20 |
+ |
+#define mac_null ssl_mac_null |
+#define mac_md5 ssl_mac_md5 |
+#define mac_sha ssl_mac_sha |
+#define hmac_md5 ssl_hmac_md5 |
+#define hmac_sha ssl_hmac_sha |
+#define hmac_sha256 ssl_hmac_sha256 |
+#define mac_aead ssl_mac_aead |
+ |
+#define SET_ERROR_CODE /* reminder */ |
+#define SEND_ALERT /* reminder */ |
+#define TEST_FOR_FAILURE /* reminder */ |
+#define DEAL_WITH_FAILURE /* reminder */ |
#if defined(DEBUG) || defined(TRACE) |
#ifdef __cplusplus |
@@ -96,63 +80,71 @@ extern int Debug; |
#endif |
#ifdef TRACE |
-#define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b |
-#define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b |
-#define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b |
+#define SSL_TRC(a, b) \ |
+ if (ssl_trace >= (a)) \ |
+ ssl_Trace b |
+#define PRINT_BUF(a, b) \ |
+ if (ssl_trace >= (a)) \ |
+ ssl_PrintBuf b |
+#define DUMP_MSG(a, b) \ |
+ if (ssl_trace >= (a)) \ |
+ ssl_DumpMsg b |
#else |
-#define SSL_TRC(a,b) |
-#define PRINT_BUF(a,b) |
-#define DUMP_MSG(a,b) |
+#define SSL_TRC(a, b) |
+#define PRINT_BUF(a, b) |
+#define DUMP_MSG(a, b) |
#endif |
#ifdef DEBUG |
-#define SSL_DBG(b) if (ssl_debug) ssl_Trace b |
+#define SSL_DBG(b) \ |
+ if (ssl_debug) \ |
+ ssl_Trace b |
#else |
#define SSL_DBG(b) |
#endif |
-#include "private/pprthred.h" /* for PR_InMonitor() */ |
+#include "private/pprthred.h" /* for PR_InMonitor() */ |
#define ssl_InMonitor(m) PZ_InMonitor(m) |
-#define LSB(x) ((unsigned char) ((x) & 0xff)) |
-#define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8)) |
+#define LSB(x) ((unsigned char)((x)&0xff)) |
+#define MSB(x) ((unsigned char)(((unsigned)(x)) >> 8)) |
/************************************************************************/ |
typedef enum { SSLAppOpRead = 0, |
- SSLAppOpWrite, |
- SSLAppOpRDWR, |
- SSLAppOpPost, |
- SSLAppOpHeader |
+ SSLAppOpWrite, |
+ SSLAppOpRDWR, |
+ SSLAppOpPost, |
+ SSLAppOpHeader |
} SSLAppOperation; |
-#define SSL_MIN_MASTER_KEY_BYTES 5 |
-#define SSL_MAX_MASTER_KEY_BYTES 64 |
+#define SSL_MIN_MASTER_KEY_BYTES 5 |
+#define SSL_MAX_MASTER_KEY_BYTES 64 |
-#define SSL2_SESSIONID_BYTES 16 |
-#define SSL3_SESSIONID_BYTES 32 |
+#define SSL2_SESSIONID_BYTES 16 |
+#define SSL3_SESSIONID_BYTES 32 |
-#define SSL_MIN_CHALLENGE_BYTES 16 |
-#define SSL_MAX_CHALLENGE_BYTES 32 |
-#define SSL_CHALLENGE_BYTES 16 |
+#define SSL_MIN_CHALLENGE_BYTES 16 |
+#define SSL_MAX_CHALLENGE_BYTES 32 |
+#define SSL_CHALLENGE_BYTES 16 |
-#define SSL_CONNECTIONID_BYTES 16 |
+#define SSL_CONNECTIONID_BYTES 16 |
-#define SSL_MIN_CYPHER_ARG_BYTES 0 |
-#define SSL_MAX_CYPHER_ARG_BYTES 32 |
+#define SSL_MIN_CYPHER_ARG_BYTES 0 |
+#define SSL_MAX_CYPHER_ARG_BYTES 32 |
-#define SSL_MAX_MAC_BYTES 16 |
+#define SSL_MAX_MAC_BYTES 16 |
#define SSL3_RSA_PMS_LENGTH 48 |
#define SSL3_MASTER_SECRET_LENGTH 48 |
/* number of wrap mechanisms potentially used to wrap master secrets. */ |
-#define SSL_NUM_WRAP_MECHS 16 |
+#define SSL_NUM_WRAP_MECHS 16 |
/* This makes the cert cache entry exactly 4k. */ |
-#define SSL_MAX_CACHED_CERT_LEN 4060 |
+#define SSL_MAX_CACHED_CERT_LEN 4060 |
-#define NUM_MIXERS 9 |
+#define NUM_MIXERS 9 |
/* Mask of the 25 named curves we support. */ |
#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe |
@@ -163,77 +155,77 @@ typedef enum { SSLAppOpRead = 0, |
#define BPB 8 /* Bits Per Byte */ |
#endif |
-#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
+#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
-#define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ |
-#define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ |
-#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ |
+#define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ |
+#define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ |
+#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ |
-typedef struct sslBufferStr sslBuffer; |
-typedef struct sslConnectInfoStr sslConnectInfo; |
-typedef struct sslGatherStr sslGather; |
-typedef struct sslSecurityInfoStr sslSecurityInfo; |
-typedef struct sslSessionIDStr sslSessionID; |
-typedef struct sslSocketStr sslSocket; |
-typedef struct sslSocketOpsStr sslSocketOps; |
+typedef struct sslBufferStr sslBuffer; |
+typedef struct sslConnectInfoStr sslConnectInfo; |
+typedef struct sslGatherStr sslGather; |
+typedef struct sslSecurityInfoStr sslSecurityInfo; |
+typedef struct sslSessionIDStr sslSessionID; |
+typedef struct sslSocketStr sslSocket; |
+typedef struct sslSocketOpsStr sslSocketOps; |
-typedef struct ssl3StateStr ssl3State; |
-typedef struct ssl3CertNodeStr ssl3CertNode; |
-typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; |
-typedef struct ssl3MACDefStr ssl3MACDef; |
-typedef struct ssl3KeyPairStr ssl3KeyPair; |
-typedef struct ssl3DHParamsStr ssl3DHParams; |
+typedef struct ssl3StateStr ssl3State; |
+typedef struct ssl3CertNodeStr ssl3CertNode; |
+typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; |
+typedef struct ssl3MACDefStr ssl3MACDef; |
+typedef struct ssl3KeyPairStr ssl3KeyPair; |
+typedef struct ssl3DHParamsStr ssl3DHParams; |
struct ssl3CertNodeStr { |
struct ssl3CertNodeStr *next; |
- CERTCertificate * cert; |
+ CERTCertificate *cert; |
}; |
typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); |
-/* This type points to the low layer send func, |
+/* This type points to the low layer send func, |
** e.g. ssl2_SendStream or ssl3_SendPlainText. |
-** These functions return the same values as PR_Send, |
+** These functions return the same values as PR_Send, |
** i.e. >= 0 means number of bytes sent, < 0 means error. |
*/ |
-typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, |
- PRInt32 n, PRInt32 flags); |
+typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf, |
+ PRInt32 n, PRInt32 flags); |
-typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid); |
-typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); |
-typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, |
- unsigned char* sid, |
- unsigned int sidLen, |
- CERTCertDBHandle * dbHandle); |
+typedef void (*sslSessionIDCacheFunc)(sslSessionID *sid); |
+typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid); |
+typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, |
+ unsigned char *sid, |
+ unsigned int sidLen, |
+ CERTCertDBHandle *dbHandle); |
/* registerable callback function that either appends extension to buffer |
* or returns length of data that it would have appended. |
*/ |
typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(sslSocket *ss, PRBool append, |
- PRUint32 maxBytes); |
+ PRUint32 maxBytes); |
-/* registerable callback function that handles a received extension, |
+/* registerable callback function that handles a received extension, |
* of the given type. |
*/ |
-typedef SECStatus (* ssl3HelloExtensionHandlerFunc)(sslSocket *ss, |
- PRUint16 ex_type, |
- SECItem * data); |
+typedef SECStatus (*ssl3HelloExtensionHandlerFunc)(sslSocket *ss, |
+ PRUint16 ex_type, |
+ SECItem *data); |
/* row in a table of hello extension senders */ |
typedef struct { |
- PRInt32 ex_type; |
+ PRInt32 ex_type; |
ssl3HelloExtensionSenderFunc ex_sender; |
} ssl3HelloExtensionSender; |
/* row in a table of hello extension handlers */ |
typedef struct { |
- PRInt32 ex_type; |
+ PRInt32 ex_type; |
ssl3HelloExtensionHandlerFunc ex_handler; |
} ssl3HelloExtensionHandler; |
-extern SECStatus |
+extern SECStatus |
ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, |
- ssl3HelloExtensionSenderFunc cb); |
+ ssl3HelloExtensionSenderFunc cb); |
extern PRInt32 |
ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, |
@@ -244,44 +236,44 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); |
extern PRInt32 |
ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, |
- PRUint32 maxBytes); |
+ PRUint32 maxBytes); |
/* Socket ops */ |
struct sslSocketOpsStr { |
- int (*connect) (sslSocket *, const PRNetAddr *); |
- PRFileDesc *(*accept) (sslSocket *, PRNetAddr *); |
- int (*bind) (sslSocket *, const PRNetAddr *); |
- int (*listen) (sslSocket *, int); |
- int (*shutdown)(sslSocket *, int); |
- int (*close) (sslSocket *); |
+ int (*connect)(sslSocket *, const PRNetAddr *); |
+ PRFileDesc *(*accept)(sslSocket *, PRNetAddr *); |
+ int (*bind)(sslSocket *, const PRNetAddr *); |
+ int (*listen)(sslSocket *, int); |
+ int (*shutdown)(sslSocket *, int); |
+ int (*close)(sslSocket *); |
- int (*recv) (sslSocket *, unsigned char *, int, int); |
+ int (*recv)(sslSocket *, unsigned char *, int, int); |
/* points to the higher-layer send func, e.g. ssl_SecureSend. */ |
- int (*send) (sslSocket *, const unsigned char *, int, int); |
- int (*read) (sslSocket *, unsigned char *, int); |
- int (*write) (sslSocket *, const unsigned char *, int); |
+ int (*send)(sslSocket *, const unsigned char *, int, int); |
+ int (*read)(sslSocket *, unsigned char *, int); |
+ int (*write)(sslSocket *, const unsigned char *, int); |
- int (*getpeername)(sslSocket *, PRNetAddr *); |
- int (*getsockname)(sslSocket *, PRNetAddr *); |
+ int (*getpeername)(sslSocket *, PRNetAddr *); |
+ int (*getsockname)(sslSocket *, PRNetAddr *); |
}; |
/* Flags interpreted by ssl send functions. */ |
-#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 |
-#define ssl_SEND_FLAG_NO_BUFFER 0x20000000 |
-#define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */ |
-#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */ |
+#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 |
+#define ssl_SEND_FLAG_NO_BUFFER 0x20000000 |
+#define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */ |
+#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */ |
#define ssl_SEND_FLAG_CAP_RECORD_VERSION \ |
- 0x04000000 /* TLS only */ |
-#define ssl_SEND_FLAG_MASK 0x7f000000 |
+ 0x04000000 /* TLS only */ |
+#define ssl_SEND_FLAG_MASK 0x7f000000 |
/* |
** A buffer object. |
*/ |
struct sslBufferStr { |
- unsigned char * buf; |
- unsigned int len; |
- unsigned int space; |
+ unsigned char *buf; |
+ unsigned int len; |
+ unsigned int space; |
}; |
/* |
@@ -289,22 +281,22 @@ struct sslBufferStr { |
*/ |
typedef struct { |
#if !defined(_WIN32) |
- unsigned int cipher_suite : 16; |
- unsigned int policy : 8; |
- unsigned int enabled : 1; |
- unsigned int isPresent : 1; |
+ unsigned int cipher_suite : 16; |
+ unsigned int policy : 8; |
+ unsigned int enabled : 1; |
+ unsigned int isPresent : 1; |
#else |
ssl3CipherSuite cipher_suite; |
- PRUint8 policy; |
- unsigned char enabled : 1; |
- unsigned char isPresent : 1; |
+ PRUint8 policy; |
+ unsigned char enabled : 1; |
+ unsigned char isPresent : 1; |
#endif |
} ssl3CipherSuiteCfg; |
#ifndef NSS_DISABLE_ECC |
-#define ssl_V3_SUITES_IMPLEMENTED 66 |
+#define ssl_V3_SUITES_IMPLEMENTED 67 |
#else |
-#define ssl_V3_SUITES_IMPLEMENTED 40 |
+#define ssl_V3_SUITES_IMPLEMENTED 41 |
#endif /* NSS_DISABLE_ECC */ |
#define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
@@ -314,72 +306,73 @@ typedef struct { |
* doesn't allow space for combinations with MD5). */ |
#define MAX_SIGNATURE_ALGORITHMS 15 |
- |
+/* clang-format off */ |
typedef struct sslOptionsStr { |
/* If SSL_SetNextProtoNego has been called, then this contains the |
* list of supported protocols. */ |
SECItem nextProtoNego; |
- unsigned int useSecurity : 1; /* 1 */ |
- unsigned int useSocks : 1; /* 2 */ |
- unsigned int requestCertificate : 1; /* 3 */ |
- unsigned int requireCertificate : 2; /* 4-5 */ |
- unsigned int handshakeAsClient : 1; /* 6 */ |
- unsigned int handshakeAsServer : 1; /* 7 */ |
- unsigned int enableSSL2 : 1; /* 8 */ |
- unsigned int unusedBit9 : 1; /* 9 */ |
- unsigned int unusedBit10 : 1; /* 10 */ |
- unsigned int noCache : 1; /* 11 */ |
- unsigned int fdx : 1; /* 12 */ |
- unsigned int v2CompatibleHello : 1; /* 13 */ |
- unsigned int detectRollBack : 1; /* 14 */ |
- unsigned int noStepDown : 1; /* 15 */ |
- unsigned int bypassPKCS11 : 1; /* 16 */ |
- unsigned int noLocks : 1; /* 17 */ |
- unsigned int enableSessionTickets : 1; /* 18 */ |
- unsigned int enableDeflate : 1; /* 19 */ |
- unsigned int enableRenegotiation : 2; /* 20-21 */ |
- unsigned int requireSafeNegotiation : 1; /* 22 */ |
- unsigned int enableFalseStart : 1; /* 23 */ |
- unsigned int cbcRandomIV : 1; /* 24 */ |
- unsigned int enableOCSPStapling : 1; /* 25 */ |
- unsigned int enableNPN : 1; /* 26 */ |
- unsigned int enableALPN : 1; /* 27 */ |
- unsigned int reuseServerECDHEKey : 1; /* 28 */ |
- unsigned int enableFallbackSCSV : 1; /* 29 */ |
- unsigned int enableServerDhe : 1; /* 30 */ |
- unsigned int enableExtendedMS : 1; /* 31 */ |
+ unsigned int useSecurity : 1; /* 1 */ |
+ unsigned int useSocks : 1; /* 2 */ |
+ unsigned int requestCertificate : 1; /* 3 */ |
+ unsigned int requireCertificate : 2; /* 4-5 */ |
+ unsigned int handshakeAsClient : 1; /* 6 */ |
+ unsigned int handshakeAsServer : 1; /* 7 */ |
+ unsigned int enableSSL2 : 1; /* 8 */ |
+ unsigned int unusedBit9 : 1; /* 9 */ |
+ unsigned int unusedBit10 : 1; /* 10 */ |
+ unsigned int noCache : 1; /* 11 */ |
+ unsigned int fdx : 1; /* 12 */ |
+ unsigned int v2CompatibleHello : 1; /* 13 */ |
+ unsigned int detectRollBack : 1; /* 14 */ |
+ unsigned int noStepDown : 1; /* 15 */ |
+ unsigned int bypassPKCS11 : 1; /* 16 */ |
+ unsigned int noLocks : 1; /* 17 */ |
+ unsigned int enableSessionTickets : 1; /* 18 */ |
+ unsigned int enableDeflate : 1; /* 19 */ |
+ unsigned int enableRenegotiation : 2; /* 20-21 */ |
+ unsigned int requireSafeNegotiation : 1; /* 22 */ |
+ unsigned int enableFalseStart : 1; /* 23 */ |
+ unsigned int cbcRandomIV : 1; /* 24 */ |
+ unsigned int enableOCSPStapling : 1; /* 25 */ |
+ unsigned int enableNPN : 1; /* 26 */ |
+ unsigned int enableALPN : 1; /* 27 */ |
+ unsigned int reuseServerECDHEKey : 1; /* 28 */ |
+ unsigned int enableFallbackSCSV : 1; /* 29 */ |
+ unsigned int enableServerDhe : 1; /* 30 */ |
+ unsigned int enableExtendedMS : 1; /* 31 */ |
unsigned int enableSignedCertTimestamps : 1; /* 32 */ |
} sslOptions; |
+/* clang-format on */ |
typedef enum { sslHandshakingUndetermined = 0, |
- sslHandshakingAsClient, |
- sslHandshakingAsServer |
+ sslHandshakingAsClient, |
+ sslHandshakingAsServer |
} sslHandshakingType; |
typedef struct sslServerCertsStr { |
/* Configuration state for server sockets */ |
- CERTCertificate * serverCert; |
- CERTCertificateList * serverCertChain; |
- ssl3KeyPair * serverKeyPair; |
- unsigned int serverKeyBits; |
+ CERTCertificate *serverCert; |
+ CERTCertificateList *serverCertChain; |
+ ssl3KeyPair *serverKeyPair; |
+ unsigned int serverKeyBits; |
} sslServerCerts; |
#define SERVERKEY serverKeyPair->privKey |
-#define SSL_LOCK_RANK_SPEC 255 |
-#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE |
+#define SSL_LOCK_RANK_SPEC 255 |
+#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE |
-/* These are the valid values for shutdownHow. |
+/* These are the valid values for shutdownHow. |
** These values are each 1 greater than the NSPR values, and the code |
-** depends on that relation to efficiently convert PR_SHUTDOWN values |
-** into ssl_SHUTDOWN values. These values use one bit for read, and |
+** depends on that relation to efficiently convert PR_SHUTDOWN values |
+** into ssl_SHUTDOWN values. These values use one bit for read, and |
** another bit for write, and can be used as bitmasks. |
*/ |
-#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ |
-#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ |
-#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ |
-#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ |
+#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ |
+#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ |
+#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ |
+#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ |
/* |
** A gather object. Used to read some data until a count has been |
@@ -387,93 +380,83 @@ typedef struct sslServerCertsStr { |
** Everything in here is protected by the recvBufLock. |
*/ |
struct sslGatherStr { |
- int state; /* see GS_ values below. */ /* ssl 2 & 3 */ |
+ int state; /* see GS_ values below. */ /* ssl 2 & 3 */ |
/* "buf" holds received plaintext SSL records, after decrypt and MAC check. |
* SSL2: recv'd ciphertext records are put here, then decrypted in place. |
- * SSL3: recv'd ciphertext records are put in inbuf (see below), then |
+ * SSL3: recv'd ciphertext records are put in inbuf (see below), then |
* decrypted into buf. |
*/ |
- sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */ |
+ sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */ |
- /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). |
- ** (offset - writeOffset) is the number of ciphertext bytes read in but |
+ /* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3). |
+ ** (offset - writeOffset) is the number of ciphertext bytes read in but |
** not yet deciphered. |
*/ |
- unsigned int offset; /* ssl 2 & 3 */ |
+ unsigned int offset; /* ssl 2 & 3 */ |
/* number of bytes to read in next call to ssl_DefRecv (recv) */ |
- unsigned int remainder; /* ssl 2 & 3 */ |
+ unsigned int remainder; /* ssl 2 & 3 */ |
/* Number of ciphertext bytes to read in after 2-byte SSL record header. */ |
- unsigned int count; /* ssl2 only */ |
+ unsigned int count; /* ssl2 only */ |
- /* size of the final plaintext record. |
+ /* size of the final plaintext record. |
** == count - (recordPadding + MAC size) |
*/ |
- unsigned int recordLen; /* ssl2 only */ |
+ unsigned int recordLen; /* ssl2 only */ |
/* number of bytes of padding to be removed after decrypting. */ |
/* This value is taken from the record's hdr[2], which means a too large |
* value could crash us. |
*/ |
- unsigned int recordPadding; /* ssl2 only */ |
+ unsigned int recordPadding; /* ssl2 only */ |
/* plaintext DATA begins this many bytes into "buf". */ |
- unsigned int recordOffset; /* ssl2 only */ |
+ unsigned int recordOffset; /* ssl2 only */ |
- int encrypted; /* SSL2 session is now encrypted. ssl2 only */ |
+ int encrypted; /* SSL2 session is now encrypted. ssl2 only */ |
- /* These next two values are used by SSL2 and SSL3. |
+ /* These next two values are used by SSL2 and SSL3. |
** DoRecv uses them to extract application data. |
- ** The difference between writeOffset and readOffset is the amount of |
- ** data available to the application. Note that the actual offset of |
+ ** The difference between writeOffset and readOffset is the amount of |
+ ** data available to the application. Note that the actual offset of |
** the data in "buf" is recordOffset (above), not readOffset. |
- ** In the current implementation, this is made available before the |
+ ** In the current implementation, this is made available before the |
** MAC is checked!! |
*/ |
- unsigned int readOffset; /* Spot where DATA reader (e.g. application |
+ unsigned int readOffset; /* Spot where DATA reader (e.g. application |
** or handshake code) will read next. |
** Always zero for SSl3 application data. |
- */ |
+ */ |
/* offset in buf/inbuf/hdr into which new data will be read from socket. */ |
- unsigned int writeOffset; |
+ unsigned int writeOffset; |
/* Buffer for ssl3 to read (encrypted) data from the socket */ |
- sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ |
+ sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ |
/* The ssl[23]_GatherData functions read data into this buffer, rather |
- ** than into buf or inbuf, while in the GS_HEADER state. |
- ** The portion of the SSL record header put here always comes off the wire |
+ ** than into buf or inbuf, while in the GS_HEADER state. |
+ ** The portion of the SSL record header put here always comes off the wire |
** as plaintext, never ciphertext. |
** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. |
** For DTLS it is 13. |
*/ |
- unsigned char hdr[13]; /* ssl 2 & 3 or dtls */ |
+ unsigned char hdr[13]; /* ssl 2 & 3 or dtls */ |
/* Buffer for DTLS data read off the wire as a single datagram */ |
- sslBuffer dtlsPacket; |
+ sslBuffer dtlsPacket; |
/* the start of the buffered DTLS record in dtlsPacket */ |
- unsigned int dtlsPacketOffset; |
+ unsigned int dtlsPacketOffset; |
}; |
/* sslGather.state */ |
-#define GS_INIT 0 |
-#define GS_HEADER 1 |
-#define GS_MAC 2 |
-#define GS_DATA 3 |
-#define GS_PAD 4 |
- |
-#if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) |
-typedef PCERT_KEY_CONTEXT PlatformKey; |
-#elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) |
-typedef SecKeyRef PlatformKey; |
-#else |
-typedef void *PlatformKey; |
-#endif |
- |
- |
+#define GS_INIT 0 |
+#define GS_HEADER 1 |
+#define GS_MAC 2 |
+#define GS_DATA 3 |
+#define GS_PAD 4 |
/* |
** ssl3State and CipherSpec structs |
@@ -482,15 +465,15 @@ typedef void *PlatformKey; |
/* The SSL bulk cipher definition */ |
typedef enum { |
cipher_null, |
- cipher_rc4, |
+ cipher_rc4, |
cipher_rc4_40, |
cipher_rc4_56, |
- cipher_rc2, |
+ cipher_rc2, |
cipher_rc2_40, |
- cipher_des, |
- cipher_3des, |
+ cipher_des, |
+ cipher_3des, |
cipher_des40, |
- cipher_idea, |
+ cipher_idea, |
cipher_aes_128, |
cipher_aes_256, |
cipher_camellia_128, |
@@ -498,75 +481,77 @@ typedef enum { |
cipher_seed, |
cipher_aes_128_gcm, |
cipher_chacha20, |
- cipher_missing /* reserved for no such supported cipher */ |
+ cipher_missing /* reserved for no such supported cipher */ |
/* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
} SSL3BulkCipher; |
-typedef enum { type_stream, type_block, type_aead } CipherType; |
+typedef enum { type_stream, |
+ type_block, |
+ type_aead } CipherType; |
#define MAX_IV_LENGTH 24 |
/* |
- * Do not depend upon 64 bit arithmetic in the underlying machine. |
+ * Do not depend upon 64 bit arithmetic in the underlying machine. |
*/ |
typedef struct { |
- PRUint32 high; |
- PRUint32 low; |
+ PRUint32 high; |
+ PRUint32 low; |
} SSL3SequenceNumber; |
typedef PRUint16 DTLSEpoch; |
typedef void (*DTLSTimerCb)(sslSocket *); |
-#define MAX_MAC_CONTEXT_BYTES 400 /* 400 is large enough for MD5, SHA-1, and |
- * SHA-256. For SHA-384 support, increase |
- * it to 712. */ |
+/* 400 is large enough for MD5, SHA-1, and SHA-256. |
+ * For SHA-384 support, increase it to 712. */ |
+#define MAX_MAC_CONTEXT_BYTES 400 |
#define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) |
#define MAX_CIPHER_CONTEXT_BYTES 2080 |
#define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) |
typedef struct { |
- SSL3Opaque wrapped_master_secret[48]; |
- PRUint16 wrapped_master_secret_len; |
- PRUint8 msIsWrapped; |
- PRUint8 resumable; |
- PRUint8 extendedMasterSecretUsed; |
+ SSL3Opaque wrapped_master_secret[48]; |
+ PRUint16 wrapped_master_secret_len; |
+ PRUint8 msIsWrapped; |
+ PRUint8 resumable; |
+ PRUint8 extendedMasterSecretUsed; |
} ssl3SidKeys; /* 52 bytes */ |
typedef struct { |
- PK11SymKey *write_key; |
- PK11SymKey *write_mac_key; |
+ PK11SymKey *write_key; |
+ PK11SymKey *write_mac_key; |
PK11Context *write_mac_context; |
- SECItem write_key_item; |
- SECItem write_iv_item; |
- SECItem write_mac_key_item; |
- SSL3Opaque write_iv[MAX_IV_LENGTH]; |
- PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
+ SECItem write_key_item; |
+ SECItem write_iv_item; |
+ SECItem write_mac_key_item; |
+ SSL3Opaque write_iv[MAX_IV_LENGTH]; |
+ PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
} ssl3KeyMaterial; |
-typedef SECStatus (*SSLCipher)(void * context, |
- unsigned char * out, |
- int * outlen, |
- int maxout, |
- const unsigned char *in, |
- int inlen); |
+typedef SECStatus (*SSLCipher)(void *context, |
+ unsigned char *out, |
+ int *outlen, |
+ int maxout, |
+ const unsigned char *in, |
+ int inlen); |
typedef SECStatus (*SSLAEADCipher)( |
- ssl3KeyMaterial * keys, |
- PRBool doDecrypt, |
- unsigned char * out, |
- int * outlen, |
- int maxout, |
- const unsigned char *in, |
- int inlen, |
- const unsigned char *additionalData, |
- int additionalDataLen); |
-typedef SECStatus (*SSLCompressor)(void * context, |
- unsigned char * out, |
- int * outlen, |
- int maxout, |
+ ssl3KeyMaterial *keys, |
+ PRBool doDecrypt, |
+ unsigned char *out, |
+ int *outlen, |
+ int maxout, |
+ const unsigned char *in, |
+ int inlen, |
+ const unsigned char *additionalData, |
+ int additionalDataLen); |
+typedef SECStatus (*SSLCompressor)(void *context, |
+ unsigned char *out, |
+ int *outlen, |
+ int maxout, |
const unsigned char *in, |
- int inlen); |
+ int inlen); |
typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); |
/* The DTLS anti-replay window. Defined here because we need it in |
@@ -574,11 +559,11 @@ typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); |
* right represent the true window, with modular arithmetic used to |
* map them onto the buffer. |
*/ |
-#define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate |
- * Must be divisible by 8 |
- */ |
+#define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate \ |
+ * Must be divisible by 8 \ |
+ */ |
typedef struct DTLSRecvdRecordsStr { |
- unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; |
+ unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8]; |
PRUint64 left; |
PRUint64 right; |
} DTLSRecvdRecords; |
@@ -590,43 +575,43 @@ typedef struct DTLSRecvdRecordsStr { |
*/ |
typedef struct { |
const ssl3BulkCipherDef *cipher_def; |
- const ssl3MACDef * mac_def; |
+ const ssl3MACDef *mac_def; |
SSLCompressionMethod compression_method; |
- int mac_size; |
- SSLCipher encode; |
- SSLCipher decode; |
- SSLAEADCipher aead; |
- SSLDestroy destroy; |
- void * encodeContext; |
- void * decodeContext; |
- SSLCompressor compressor; /* Don't name these fields compress */ |
- SSLCompressor decompressor; /* and uncompress because zconf.h */ |
- /* may define them as macros. */ |
- SSLDestroy destroyCompressContext; |
- void * compressContext; |
- SSLDestroy destroyDecompressContext; |
- void * decompressContext; |
- PRBool bypassCiphers; /* did double bypass (at least) */ |
- PK11SymKey * master_secret; |
+ int mac_size; |
+ SSLCipher encode; |
+ SSLCipher decode; |
+ SSLAEADCipher aead; |
+ SSLDestroy destroy; |
+ void *encodeContext; |
+ void *decodeContext; |
+ SSLCompressor compressor; /* Don't name these fields compress */ |
+ SSLCompressor decompressor; /* and uncompress because zconf.h */ |
+ /* may define them as macros. */ |
+ SSLDestroy destroyCompressContext; |
+ void *compressContext; |
+ SSLDestroy destroyDecompressContext; |
+ void *decompressContext; |
+ PRBool bypassCiphers; /* did double bypass (at least) */ |
+ PK11SymKey *master_secret; |
SSL3SequenceNumber write_seq_num; |
SSL3SequenceNumber read_seq_num; |
SSL3ProtocolVersion version; |
- ssl3KeyMaterial client; |
- ssl3KeyMaterial server; |
- SECItem msItem; |
- unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
- unsigned char raw_master_secret[56]; |
- SECItem srvVirtName; /* for server: name that was negotiated |
- * with a client. For client - is |
- * always set to NULL.*/ |
- DTLSEpoch epoch; |
- DTLSRecvdRecords recvdRecords; |
+ ssl3KeyMaterial client; |
+ ssl3KeyMaterial server; |
+ SECItem msItem; |
+ unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
+ unsigned char raw_master_secret[56]; |
+ SECItem srvVirtName; /* for server: name that was negotiated |
+ * with a client. For client - is |
+ * always set to NULL.*/ |
+ DTLSEpoch epoch; |
+ DTLSRecvdRecords recvdRecords; |
} ssl3CipherSpec; |
-typedef enum { never_cached, |
- in_client_cache, |
- in_server_cache, |
- invalid_cache /* no longer in any cache. */ |
+typedef enum { never_cached, |
+ in_client_cache, |
+ in_server_cache, |
+ invalid_cache /* no longer in any cache. */ |
} Cached; |
#define MAX_PEER_CERT_CHAIN_SIZE 8 |
@@ -635,95 +620,95 @@ struct sslSessionIDStr { |
/* The global cache lock must be held when accessing these members when the |
* sid is in any cache. |
*/ |
- sslSessionID * next; /* chain used for client sockets, only */ |
- Cached cached; |
- int references; |
- PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ |
+ sslSessionID *next; /* chain used for client sockets, only */ |
+ Cached cached; |
+ int references; |
+ PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ |
/* The rest of the members, except for the members of u.ssl3.locked, may |
* be modified only when the sid is not in any cache. |
*/ |
- CERTCertificate * peerCert; |
- CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; |
- SECItemArray peerCertStatus; /* client only */ |
- const char * peerID; /* client only */ |
- const char * urlSvrName; /* client only */ |
- CERTCertificate * localCert; |
+ CERTCertificate *peerCert; |
+ CERTCertificate *peerCertChain[MAX_PEER_CERT_CHAIN_SIZE]; |
+ SECItemArray peerCertStatus; /* client only */ |
+ const char *peerID; /* client only */ |
+ const char *urlSvrName; /* client only */ |
+ CERTCertificate *localCert; |
- PRIPv6Addr addr; |
- PRUint16 port; |
+ PRIPv6Addr addr; |
+ PRUint16 port; |
- SSL3ProtocolVersion version; |
+ SSL3ProtocolVersion version; |
- PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
- PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
+ PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
+ PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
- SSLSignType authAlgorithm; |
- PRUint32 authKeyBits; |
- SSLKEAType keaType; |
- PRUint32 keaKeyBits; |
+ SSLSignType authAlgorithm; |
+ PRUint32 authKeyBits; |
+ SSLKEAType keaType; |
+ PRUint32 keaKeyBits; |
union { |
- struct { |
- /* the V2 code depends upon the size of sessionID. */ |
- unsigned char sessionID[SSL2_SESSIONID_BYTES]; |
- |
- /* Stuff used to recreate key and read/write cipher objects */ |
- SECItem masterKey; /* never wrapped */ |
- int cipherType; |
- SECItem cipherArg; |
- int keyBits; |
- int secretKeyBits; |
- } ssl2; |
- struct { |
- /* values that are copied into the server's on-disk SID cache. */ |
- PRUint8 sessionIDLength; |
- SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
- |
- ssl3CipherSuite cipherSuite; |
- SSLCompressionMethod compression; |
- int policy; |
- ssl3SidKeys keys; |
- CK_MECHANISM_TYPE masterWrapMech; |
- /* mechanism used to wrap master secret */ |
- SSL3KEAType exchKeyType; |
- /* key type used in exchange algorithm, |
- * and to wrap the sym wrapping key. */ |
+ struct { |
+ /* the V2 code depends upon the size of sessionID. */ |
+ unsigned char sessionID[SSL2_SESSIONID_BYTES]; |
+ |
+ /* Stuff used to recreate key and read/write cipher objects */ |
+ SECItem masterKey; /* never wrapped */ |
+ int cipherType; |
+ SECItem cipherArg; |
+ int keyBits; |
+ int secretKeyBits; |
+ } ssl2; |
+ struct { |
+ /* values that are copied into the server's on-disk SID cache. */ |
+ PRUint8 sessionIDLength; |
+ SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
+ |
+ ssl3CipherSuite cipherSuite; |
+ SSLCompressionMethod compression; |
+ int policy; |
+ ssl3SidKeys keys; |
+ CK_MECHANISM_TYPE masterWrapMech; |
+ /* mechanism used to wrap master secret */ |
+ SSL3KEAType exchKeyType; |
+ /* key type used in exchange algorithm, |
+ * and to wrap the sym wrapping key. */ |
#ifndef NSS_DISABLE_ECC |
- PRUint32 negotiatedECCurves; |
+ PRUint32 negotiatedECCurves; |
#endif /* NSS_DISABLE_ECC */ |
- /* The following values are NOT restored from the server's on-disk |
- * session cache, but are restored from the client's cache. |
- */ |
- PK11SymKey * clientWriteKey; |
- PK11SymKey * serverWriteKey; |
- |
- /* The following values pertain to the slot that wrapped the |
- ** master secret. (used only in client) |
- */ |
- SECMODModuleID masterModuleID; |
- /* what module wrapped the master secret */ |
- CK_SLOT_ID masterSlotID; |
- PRUint16 masterWrapIndex; |
- /* what's the key index for the wrapping key */ |
- PRUint16 masterWrapSeries; |
- /* keep track of the slot series, so we don't |
- * accidently try to use new keys after the |
- * card gets removed and replaced.*/ |
- |
- /* The following values pertain to the slot that did the signature |
- ** for client auth. (used only in client) |
- */ |
- SECMODModuleID clAuthModuleID; |
- CK_SLOT_ID clAuthSlotID; |
- PRUint16 clAuthSeries; |
- |
- char masterValid; |
- char clAuthValid; |
- |
- SECItem srvName; |
+ /* The following values are NOT restored from the server's on-disk |
+ * session cache, but are restored from the client's cache. |
+ */ |
+ PK11SymKey *clientWriteKey; |
+ PK11SymKey *serverWriteKey; |
+ |
+ /* The following values pertain to the slot that wrapped the |
+ ** master secret. (used only in client) |
+ */ |
+ SECMODModuleID masterModuleID; |
+ /* what module wrapped the master secret */ |
+ CK_SLOT_ID masterSlotID; |
+ PRUint16 masterWrapIndex; |
+ /* what's the key index for the wrapping key */ |
+ PRUint16 masterWrapSeries; |
+ /* keep track of the slot series, so we don't |
+ * accidently try to use new keys after the |
+ * card gets removed and replaced.*/ |
+ |
+ /* The following values pertain to the slot that did the signature |
+ ** for client auth. (used only in client) |
+ */ |
+ SECMODModuleID clAuthModuleID; |
+ CK_SLOT_ID clAuthSlotID; |
+ PRUint16 clAuthSeries; |
+ |
+ char masterValid; |
+ char clAuthValid; |
+ |
+ SECItem srvName; |
/* originalHandshakeHash contains the hash of the original, full |
* handshake prior to the server's final flow. This is either a |
@@ -731,38 +716,38 @@ struct sslSessionIDStr { |
* TLS 1.2). This is recorded and used only when ChannelID is |
* negotiated as it's used to bind the ChannelID signature on the |
* resumption handshake to the original handshake. */ |
- SECItem originalHandshakeHash; |
- |
- /* Signed certificate timestamps received in a TLS extension. |
- ** (used only in client). |
- */ |
- SECItem signedCertTimestamps; |
- |
- /* This lock is lazily initialized by CacheSID when a sid is first |
- * cached. Before then, there is no need to lock anything because |
- * the sid isn't being shared by anything. |
- */ |
- NSSRWLock *lock; |
- |
- /* The lock must be held while reading or writing these members |
- * because they change while the sid is cached. |
- */ |
- struct { |
- /* The session ticket, if we have one, is sent as an extension |
- * in the ClientHello message. This field is used only by |
- * clients. It is protected by lock when lock is non-null |
- * (after the sid has been added to the client session cache). |
- */ |
- NewSessionTicket sessionTicket; |
- } locked; |
- } ssl3; |
+ SECItem originalHandshakeHash; |
+ |
+ /* Signed certificate timestamps received in a TLS extension. |
+ ** (used only in client). |
+ */ |
+ SECItem signedCertTimestamps; |
+ |
+ /* This lock is lazily initialized by CacheSID when a sid is first |
+ * cached. Before then, there is no need to lock anything because |
+ * the sid isn't being shared by anything. |
+ */ |
+ PRRWLock *lock; |
+ |
+ /* The lock must be held while reading or writing these members |
+ * because they change while the sid is cached. |
+ */ |
+ struct { |
+ /* The session ticket, if we have one, is sent as an extension |
+ * in the ClientHello message. This field is used only by |
+ * clients. It is protected by lock when lock is non-null |
+ * (after the sid has been added to the client session cache). |
+ */ |
+ NewSessionTicket sessionTicket; |
+ } locked; |
+ } ssl3; |
} u; |
}; |
typedef struct ssl3CipherSuiteDefStr { |
- ssl3CipherSuite cipher_suite; |
- SSL3BulkCipher bulk_cipher_alg; |
- SSL3MACAlgorithm mac_alg; |
+ ssl3CipherSuite cipher_suite; |
+ SSL3BulkCipher bulk_cipher_alg; |
+ SSL3MACAlgorithm mac_alg; |
SSL3KeyExchangeAlgorithm key_exchange_alg; |
} ssl3CipherSuiteDef; |
@@ -771,32 +756,35 @@ typedef struct ssl3CipherSuiteDefStr { |
*/ |
typedef struct { |
SSL3KeyExchangeAlgorithm kea; |
- SSL3KEAType exchKeyType; |
- SSL3SignType signKeyType; |
+ SSL3KEAType exchKeyType; |
+ SSLSignType signKeyType; |
/* For export cipher suites: |
* is_limited identifies a suite as having a limit on the key size. |
* key_size_limit provides the corresponding limit. */ |
- PRBool is_limited; |
+ PRBool is_limited; |
unsigned int key_size_limit; |
- PRBool tls_keygen; |
+ PRBool tls_keygen; |
/* True if the key exchange for the suite is ephemeral. Or to be more |
* precise: true if the ServerKeyExchange message is always required. */ |
- PRBool ephemeral; |
+ PRBool ephemeral; |
+ /* An OID describing the key exchange */ |
+ SECOidTag oid; |
} ssl3KEADef; |
/* |
** There are tables of these, all const. |
*/ |
struct ssl3BulkCipherDefStr { |
- SSL3BulkCipher cipher; |
+ SSL3BulkCipher cipher; |
SSLCipherAlgorithm calg; |
- int key_size; |
- int secret_key_size; |
- CipherType type; |
- int iv_size; |
- int block_size; |
- int tag_size; /* authentication tag size for AEAD ciphers. */ |
- int explicit_nonce_size; /* for AEAD ciphers. */ |
+ int key_size; |
+ int secret_key_size; |
+ CipherType type; |
+ int iv_size; |
+ int block_size; |
+ int tag_size; /* authentication tag size for AEAD ciphers. */ |
+ int explicit_nonce_size; /* for AEAD ciphers. */ |
+ SECOidTag oid; |
}; |
/* |
@@ -805,36 +793,41 @@ struct ssl3BulkCipherDefStr { |
struct ssl3MACDefStr { |
SSL3MACAlgorithm mac; |
CK_MECHANISM_TYPE mmech; |
- int pad_size; |
- int mac_size; |
+ int pad_size; |
+ int mac_size; |
+ SECOidTag oid; |
}; |
typedef enum { |
- wait_client_hello, |
- wait_client_cert, |
+ wait_client_hello, |
+ wait_client_cert, |
wait_client_key, |
- wait_cert_verify, |
- wait_change_cipher, |
+ wait_cert_verify, |
+ wait_change_cipher, |
wait_finished, |
- wait_server_hello, |
+ wait_server_hello, |
wait_certificate_status, |
- wait_server_cert, |
+ wait_server_cert, |
wait_server_key, |
- wait_cert_request, |
+ wait_cert_request, |
wait_hello_done, |
wait_new_session_ticket, |
- idle_handshake |
+ wait_encrypted_extensions, |
+ idle_handshake, |
+ wait_invalid /* Invalid value. There is no handshake message "invalid". */ |
} SSL3WaitState; |
/* |
* TLS extension related constants and data structures. |
*/ |
-typedef struct TLSExtensionDataStr TLSExtensionData; |
-typedef struct SessionTicketDataStr SessionTicketData; |
+typedef struct TLSExtensionDataStr TLSExtensionData; |
+typedef struct SessionTicketDataStr SessionTicketData; |
struct TLSExtensionDataStr { |
/* registered callbacks that send server hello extensions */ |
- ssl3HelloExtensionSender serverSenders[SSL_MAX_EXTENSIONS]; |
+ ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS]; |
+ ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS]; |
+ |
/* Keep track of the extensions that are negotiated. */ |
PRUint16 numAdvertised; |
PRUint16 numNegotiated; |
@@ -879,10 +872,16 @@ typedef struct DTLSQueuedMessageStr { |
PRUint16 len; /* The data length */ |
} DTLSQueuedMessage; |
+typedef struct TLS13KeyShareEntryStr { |
+ PRCList link; /* The linked list link */ |
+ PRUint16 group; /* The group for the entry */ |
+ SECItem key_exchange; /* The share itself */ |
+} TLS13KeyShareEntry; |
+ |
typedef enum { |
handshake_hash_unknown = 0, |
- handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ |
- handshake_hash_single = 2 /* A single hash */ |
+ handshake_hash_combo = 1, /* The MD5/SHA-1 combination */ |
+ handshake_hash_single = 2 /* A single hash */ |
} SSL3HandshakeHashType; |
/* |
@@ -890,22 +889,22 @@ typedef enum { |
** This entire struct is protected by ssl3HandshakeLock |
*/ |
typedef struct SSL3HandshakeStateStr { |
- SSL3Random server_random; |
- SSL3Random client_random; |
- SSL3WaitState ws; |
+ SSL3Random server_random; |
+ SSL3Random client_random; |
+ SSL3WaitState ws; /* May also contain SSL3WaitState | 0x80 for TLS 1.3 */ |
/* This group of members is used for handshake running hashes. */ |
SSL3HandshakeHashType hashType; |
- sslBuffer messages; /* Accumulated handshake messages */ |
+ sslBuffer messages; /* Accumulated handshake messages */ |
#ifndef NO_PKCS11_BYPASS |
/* Bypass mode: |
* SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for |
* MD5 and |sha_cx| for SHA-1. |
* TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support |
* SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */ |
- PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
- PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
- const SECHashObject * sha_obj; |
+ PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
+ PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
+ const SECHashObject *sha_obj; |
/* The function prototype of sha_obj->clone() does not match the prototype |
* of the freebl <HASH>_Clone functions, so we need a dedicated function |
* pointer for the <HASH>_Clone function. */ |
@@ -919,55 +918,55 @@ typedef struct SSL3HandshakeStateStr { |
* handshake hash for generating client auth signatures. Confusingly, the |
* backup hash function is SHA-1. */ |
#define backupHash md5 |
- PK11Context * md5; |
- PK11Context * sha; |
- |
-const ssl3KEADef * kea_def; |
- ssl3CipherSuite cipher_suite; |
-const ssl3CipherSuiteDef *suite_def; |
- SSLCompressionMethod compression; |
- sslBuffer msg_body; /* protected by recvBufLock */ |
- /* partial handshake message from record layer */ |
- unsigned int header_bytes; |
- /* number of bytes consumed from handshake */ |
- /* message for message type and header length */ |
- SSL3HandshakeType msg_type; |
- unsigned long msg_len; |
- SECItem ca_list; /* used only by client */ |
- PRBool isResuming; /* are we resuming a session */ |
- PRBool usedStepDownKey; /* we did a server key exchange. */ |
- PRBool sendingSCSV; /* instead of empty RI */ |
- sslBuffer msgState; /* current state for handshake messages*/ |
- /* protected by recvBufLock */ |
+ PK11Context *md5; |
+ PK11Context *sha; |
+ |
+ const ssl3KEADef *kea_def; |
+ ssl3CipherSuite cipher_suite; |
+ const ssl3CipherSuiteDef *suite_def; |
+ SSLCompressionMethod compression; |
+ sslBuffer msg_body; /* protected by recvBufLock */ |
+ /* partial handshake message from record layer */ |
+ unsigned int header_bytes; |
+ /* number of bytes consumed from handshake */ |
+ /* message for message type and header length */ |
+ SSL3HandshakeType msg_type; |
+ unsigned long msg_len; |
+ SECItem ca_list; /* used only by client */ |
+ PRBool isResuming; /* are we resuming a session */ |
+ PRBool usedStepDownKey; /* we did a server key exchange. */ |
+ PRBool sendingSCSV; /* instead of empty RI */ |
+ sslBuffer msgState; /* current state for handshake messages*/ |
+ /* protected by recvBufLock */ |
/* The session ticket received in a NewSessionTicket message is temporarily |
* stored in newSessionTicket until the handshake is finished; then it is |
* moved to the sid. |
*/ |
- PRBool receivedNewSessionTicket; |
- NewSessionTicket newSessionTicket; |
+ PRBool receivedNewSessionTicket; |
+ NewSessionTicket newSessionTicket; |
- PRUint16 finishedBytes; /* size of single finished below */ |
+ PRUint16 finishedBytes; /* size of single finished below */ |
union { |
- TLSFinished tFinished[2]; /* client, then server */ |
- SSL3Finished sFinished[2]; |
- SSL3Opaque data[72]; |
- } finishedMsgs; |
+ TLSFinished tFinished[2]; /* client, then server */ |
+ SSL3Finished sFinished[2]; |
+ SSL3Opaque data[72]; |
+ } finishedMsgs; |
#ifndef NSS_DISABLE_ECC |
- PRUint32 negotiatedECCurves; /* bit mask */ |
-#endif /* NSS_DISABLE_ECC */ |
+ PRUint32 negotiatedECCurves; /* bit mask */ |
+#endif /* NSS_DISABLE_ECC */ |
- PRBool authCertificatePending; |
+ PRBool authCertificatePending; |
/* Which function should SSL_RestartHandshake* call if we're blocked? |
* One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, |
* or ssl3_AlwaysFail */ |
- sslRestartTarget restartTarget; |
+ sslRestartTarget restartTarget; |
/* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ |
- PRBool cacheSID; |
+ PRBool cacheSID; |
- PRBool canFalseStart; /* Can/did we False Start */ |
+ PRBool canFalseStart; /* Can/did we False Start */ |
/* Which preliminaryinfo values have been set. */ |
- PRUint32 preliminaryInfo; |
+ PRUint32 preliminaryInfo; |
/* clientSigAndHash contains the contents of the signature_algorithms |
* extension (if any) from the client. This is only valid for TLS 1.2 |
@@ -976,155 +975,168 @@ const ssl3CipherSuiteDef *suite_def; |
unsigned int numClientSigAndHash; |
/* This group of values is used for DTLS */ |
- PRUint16 sendMessageSeq; /* The sending message sequence |
- * number */ |
- PRCList lastMessageFlight; /* The last message flight we |
- * sent */ |
- PRUint16 maxMessageSent; /* The largest message we sent */ |
- PRUint16 recvMessageSeq; /* The receiving message sequence |
- * number */ |
- sslBuffer recvdFragments; /* The fragments we have received in |
- * a bitmask */ |
- PRInt32 recvdHighWater; /* The high water mark for fragments |
- * received. -1 means no reassembly |
- * in progress. */ |
- unsigned char cookie[32]; /* The cookie */ |
- unsigned char cookieLen; /* The length of the cookie */ |
- PRIntervalTime rtTimerStarted; /* When the timer was started */ |
- DTLSTimerCb rtTimerCb; /* The function to call on expiry */ |
- PRUint32 rtTimeoutMs; /* The length of the current timeout |
- * used for backoff (in ms) */ |
- PRUint32 rtRetries; /* The retry counter */ |
+ PRUint16 sendMessageSeq; /* The sending message sequence |
+ * number */ |
+ PRCList lastMessageFlight; /* The last message flight we |
+ * sent */ |
+ PRUint16 maxMessageSent; /* The largest message we sent */ |
+ PRUint16 recvMessageSeq; /* The receiving message sequence |
+ * number */ |
+ sslBuffer recvdFragments; /* The fragments we have received in |
+ * a bitmask */ |
+ PRInt32 recvdHighWater; /* The high water mark for fragments |
+ * received. -1 means no reassembly |
+ * in progress. */ |
+ unsigned char cookie[32]; /* The cookie */ |
+ unsigned char cookieLen; /* The length of the cookie */ |
+ PRIntervalTime rtTimerStarted; /* When the timer was started */ |
+ DTLSTimerCb rtTimerCb; /* The function to call on expiry */ |
+ PRUint32 rtTimeoutMs; /* The length of the current timeout |
+ * used for backoff (in ms) */ |
+ PRUint32 rtRetries; /* The retry counter */ |
+ |
+ /* This group of values is used for TLS 1.3 and above */ |
+ PRCList remoteKeyShares; /* The other side's public keys */ |
+ PK11SymKey *xSS; /* Extracted static secret */ |
+ PK11SymKey *xES; /* Extracted ephemeral secret */ |
+ PK11SymKey *trafficSecret; /* The source key to use to generate |
+ * traffic keys */ |
+ PK11SymKey *clientFinishedSecret; /* Used for client Finished */ |
+ PK11SymKey *serverFinishedSecret; /* Used for server Finished */ |
+ unsigned char certReqContext[255]; /* Ties CertificateRequest |
+ * to Certificate */ |
+ PRUint8 certReqContextLen; /* Length of the context |
+ * cannot be greater than 255. */ |
} SSL3HandshakeState; |
- |
- |
/* |
** This is the "ssl3" struct, as in "ss->ssl3". |
** note: |
-** usually, crSpec == cwSpec and prSpec == pwSpec. |
+** usually, crSpec == cwSpec and prSpec == pwSpec. |
** Sometimes, crSpec == pwSpec and prSpec == cwSpec. |
-** But there are never more than 2 actual specs. |
+** But there are never more than 2 actual specs. |
** No spec must ever be modified if either "current" pointer points to it. |
*/ |
struct ssl3StateStr { |
/* |
- ** The following Specs and Spec pointers must be protected using the |
+ ** The following Specs and Spec pointers must be protected using the |
** Spec Lock. |
*/ |
- ssl3CipherSpec * crSpec; /* current read spec. */ |
- ssl3CipherSpec * prSpec; /* pending read spec. */ |
- ssl3CipherSpec * cwSpec; /* current write spec. */ |
- ssl3CipherSpec * pwSpec; /* pending write spec. */ |
- |
- CERTCertificate * clientCertificate; /* used by client */ |
- SECKEYPrivateKey * clientPrivateKey; /* used by client */ |
- /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not |
- * defined in order to allow cleaner conditional code. |
- * At most one of clientPrivateKey and platformClientKey may be set. */ |
- PlatformKey platformClientKey; /* used by client */ |
- CERTCertificateList *clientCertChain; /* used by client */ |
- PRBool sendEmptyCert; /* used by client */ |
- |
- SECKEYPrivateKey *channelID; /* used by client */ |
- SECKEYPublicKey *channelIDPub; /* used by client */ |
- |
- int policy; |
- /* This says what cipher suites we can do, and should |
- * be either SSL_ALLOWED or SSL_RESTRICTED |
- */ |
- PLArenaPool * peerCertArena; |
- /* These are used to keep track of the peer CA */ |
- void * peerCertChain; |
- /* chain while we are trying to validate it. */ |
- CERTDistNames * ca_list; |
- /* used by server. trusted CAs for this socket. */ |
- PRBool initialized; |
- SSL3HandshakeState hs; |
- ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
+ ssl3CipherSpec *crSpec; /* current read spec. */ |
+ ssl3CipherSpec *prSpec; /* pending read spec. */ |
+ ssl3CipherSpec *cwSpec; /* current write spec. */ |
+ ssl3CipherSpec *pwSpec; /* pending write spec. */ |
+ |
+ CERTCertificate *clientCertificate; /* used by client */ |
+ SECKEYPrivateKey *clientPrivateKey; /* used by client */ |
+ CERTCertificateList *clientCertChain; /* used by client */ |
+ PRBool sendEmptyCert; /* used by client */ |
+ |
+ SECKEYPrivateKey *channelID; /* used by client */ |
+ SECKEYPublicKey *channelIDPub; /* used by client */ |
+ |
+ int policy; |
+ /* This says what cipher suites we can do, and should |
+ * be either SSL_ALLOWED or SSL_RESTRICTED |
+ */ |
+ PLArenaPool *peerCertArena; |
+ /* These are used to keep track of the peer CA */ |
+ void *peerCertChain; |
+ /* chain while we are trying to validate it. */ |
+ CERTDistNames *ca_list; |
+ /* used by server. trusted CAs for this socket. */ |
+ PRBool initialized; |
+ SSL3HandshakeState hs; |
+ ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
/* In a client: if the server supports Next Protocol Negotiation, then |
* this is the protocol that was negotiated. |
*/ |
- SECItem nextProto; |
- SSLNextProtoState nextProtoState; |
+ SECItem nextProto; |
+ SSLNextProtoState nextProtoState; |
- PRUint16 mtu; /* Our estimate of the MTU */ |
+ PRUint16 mtu; /* Our estimate of the MTU */ |
/* DTLS-SRTP cipher suite preferences (if any) */ |
- PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; |
- PRUint16 dtlsSRTPCipherCount; |
- PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ |
- PRBool fatalAlertSent; |
- PRUint16 numDHEGroups; /* used by server */ |
- SSLDHEGroupType * dheGroups; /* used by server */ |
- PRBool dheWeakGroupEnabled; /* used by server */ |
+ PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; |
+ PRUint16 dtlsSRTPCipherCount; |
+ PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ |
+ PRBool fatalAlertSent; |
+ PRUint16 numDHEGroups; /* used by server */ |
+ SSLDHEGroupType *dheGroups; /* used by server */ |
+ PRBool dheWeakGroupEnabled; /* used by server */ |
/* TLS 1.2 introduces separate signature algorithm negotiation. |
* This is our preference order. */ |
SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; |
unsigned int signatureAlgorithmCount; |
+ |
+ /* The version to check if we fell back from our highest version |
+ * of TLS. Default is 0 in which case we check against the maximum |
+ * configured version for this socket. Used only on the client. */ |
+ SSL3ProtocolVersion downgradeCheckVersion; |
}; |
-#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the |
- * headers, so slightly larger than expected */ |
+/* Ethernet MTU but without subtracting the headers, |
+ * so slightly larger than expected */ |
+#define DTLS_MAX_MTU 1500U |
#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) |
typedef struct { |
- SSL3ContentType type; |
- SSL3ProtocolVersion version; |
- SSL3SequenceNumber seq_num; /* DTLS only */ |
- sslBuffer * buf; |
+ SSL3ContentType type; |
+ SSL3ProtocolVersion version; |
+ SSL3SequenceNumber seq_num; /* DTLS only */ |
+ sslBuffer *buf; |
} SSL3Ciphertext; |
struct ssl3KeyPairStr { |
- SECKEYPrivateKey * privKey; |
- SECKEYPublicKey * pubKey; |
- PRInt32 refCount; /* use PR_Atomic calls for this. */ |
+ SECKEYPrivateKey *privKey; |
+ SECKEYPublicKey *pubKey; |
+ PRInt32 refCount; /* use PR_Atomic calls for this. */ |
}; |
struct ssl3DHParamsStr { |
SECItem prime; /* p */ |
- SECItem base; /* g */ |
+ SECItem base; /* g */ |
}; |
typedef struct SSLWrappedSymWrappingKeyStr { |
- SSL3Opaque wrappedSymmetricWrappingkey[512]; |
- CK_MECHANISM_TYPE symWrapMechanism; |
- /* unwrapped symmetric wrapping key uses this mechanism */ |
- CK_MECHANISM_TYPE asymWrapMechanism; |
- /* mechanism used to wrap the SymmetricWrappingKey using |
- * server's public and/or private keys. */ |
- SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ |
- PRInt32 symWrapMechIndex; |
- PRUint16 wrappedSymKeyLen; |
+ SSL3Opaque wrappedSymmetricWrappingkey[512]; |
+ CK_MECHANISM_TYPE symWrapMechanism; |
+ /* unwrapped symmetric wrapping key uses this mechanism */ |
+ CK_MECHANISM_TYPE asymWrapMechanism; |
+ /* mechanism used to wrap the SymmetricWrappingKey using |
+ * server's public and/or private keys. */ |
+ SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/ |
+ PRInt32 symWrapMechIndex; |
+ PRUint16 wrappedSymKeyLen; |
} SSLWrappedSymWrappingKey; |
typedef struct SessionTicketStr { |
- PRUint16 ticket_version; |
- SSL3ProtocolVersion ssl_version; |
- ssl3CipherSuite cipher_suite; |
- SSLCompressionMethod compression_method; |
- SSLSignType authAlgorithm; |
- PRUint32 authKeyBits; |
- SSLKEAType keaType; |
- PRUint32 keaKeyBits; |
+ PRUint16 ticket_version; |
+ SSL3ProtocolVersion ssl_version; |
+ ssl3CipherSuite cipher_suite; |
+ SSLCompressionMethod compression_method; |
+ SSLSignType authAlgorithm; |
+ PRUint32 authKeyBits; |
+ SSLKEAType keaType; |
+ PRUint32 keaKeyBits; |
/* |
* exchKeyType and msWrapMech contain meaningful values only if |
* ms_is_wrapped is true. |
*/ |
- PRUint8 ms_is_wrapped; |
- SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ |
- CK_MECHANISM_TYPE msWrapMech; |
- PRUint16 ms_length; |
- SSL3Opaque master_secret[48]; |
- PRBool extendedMasterSecretUsed; |
- ClientIdentity client_identity; |
- SECItem peer_cert; |
- PRUint32 timestamp; |
- SECItem srvName; /* negotiated server name */ |
-} SessionTicket; |
+ PRUint8 ms_is_wrapped; |
+ SSLKEAType exchKeyType; /* XXX(wtc): same as keaType above? */ |
+ CK_MECHANISM_TYPE msWrapMech; |
+ PRUint16 ms_length; |
+ SSL3Opaque master_secret[48]; |
+ PRBool extendedMasterSecretUsed; |
+ ClientIdentity client_identity; |
+ SECItem peer_cert; |
+ PRUint32 timestamp; |
+ SECItem srvName; /* negotiated server name */ |
+} SessionTicket; |
/* |
* SSL2 buffers used in SSL3. |
@@ -1137,112 +1149,111 @@ typedef struct SessionTicketStr { |
/* |
** This is "ci", as in "ss->sec.ci". |
** |
-** Protection: All the variables in here are protected by |
-** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock |
+** Protection: All the variables in here are protected by |
+** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock |
*/ |
struct sslConnectInfoStr { |
/* outgoing handshakes appended to this. */ |
- sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
+ sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
- PRIPv6Addr peer; /* ssl 2 & 3 */ |
- unsigned short port; /* ssl 2 & 3 */ |
+ PRIPv6Addr peer; /* ssl 2 & 3 */ |
+ unsigned short port; /* ssl 2 & 3 */ |
- sslSessionID *sid; /* ssl 2 & 3 */ |
+ sslSessionID *sid; /* ssl 2 & 3 */ |
/* see CIS_HAVE defines below for the bit values in *elements. */ |
- char elements; /* ssl2 only */ |
- char requiredElements; /* ssl2 only */ |
- char sentElements; /* ssl2 only */ |
+ char elements; /* ssl2 only */ |
+ char requiredElements; /* ssl2 only */ |
+ char sentElements; /* ssl2 only */ |
- char sentFinished; /* ssl2 only */ |
+ char sentFinished; /* ssl2 only */ |
/* Length of server challenge. Used by client when saving challenge */ |
- int serverChallengeLen; /* ssl2 only */ |
+ int serverChallengeLen; /* ssl2 only */ |
/* type of authentication requested by server */ |
- unsigned char authType; /* ssl2 only */ |
+ unsigned char authType; /* ssl2 only */ |
/* Challenge sent by client to server in client-hello message */ |
/* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */ |
- unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ |
+ unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */ |
/* Connection-id sent by server to client in server-hello message */ |
- unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */ |
+ unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */ |
/* Challenge sent by server to client in request-certificate message */ |
- unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */ |
+ unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */ |
/* Information kept to handle a request-certificate message */ |
- unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
- unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
- unsigned keySize; /* ssl2 only */ |
+ unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
+ unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */ |
+ unsigned keySize; /* ssl2 only */ |
}; |
/* bit values for ci->elements, ci->requiredElements, sentElements. */ |
-#define CIS_HAVE_MASTER_KEY 0x01 |
-#define CIS_HAVE_CERTIFICATE 0x02 |
-#define CIS_HAVE_FINISHED 0x04 |
-#define CIS_HAVE_VERIFY 0x08 |
+#define CIS_HAVE_MASTER_KEY 0x01 |
+#define CIS_HAVE_CERTIFICATE 0x02 |
+#define CIS_HAVE_FINISHED 0x04 |
+#define CIS_HAVE_VERIFY 0x08 |
/* Note: The entire content of this struct and whatever it points to gets |
* blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec". |
* |
- * Unless otherwise specified below, the contents of this struct are |
+ * Unless otherwise specified below, the contents of this struct are |
* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. |
*/ |
struct sslSecurityInfoStr { |
- sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */ |
- int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */ |
- sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
- |
- int cipherType; /* ssl 2 & 3 */ |
- int keyBits; /* ssl 2 & 3 */ |
- int secretKeyBits; /* ssl 2 & 3 */ |
- CERTCertificate *localCert; /* ssl 2 & 3 */ |
- CERTCertificate *peerCert; /* ssl 2 & 3 */ |
- SECKEYPublicKey *peerKey; /* ssl3 only */ |
- |
- SSLSignType authAlgorithm; |
- PRUint32 authKeyBits; |
- SSLKEAType keaType; |
- PRUint32 keaKeyBits; |
+ sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */ |
+ int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */ |
+ sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */ |
+ |
+ int cipherType; /* ssl 2 & 3 */ |
+ int keyBits; /* ssl 2 & 3 */ |
+ int secretKeyBits; /* ssl 2 & 3 */ |
+ CERTCertificate *localCert; /* ssl 2 & 3 */ |
+ CERTCertificate *peerCert; /* ssl 2 & 3 */ |
+ SECKEYPublicKey *peerKey; /* ssl3 only */ |
+ |
+ SSLSignType authAlgorithm; |
+ PRUint32 authKeyBits; |
+ SSLKEAType keaType; |
+ PRUint32 keaKeyBits; |
/* |
- ** Procs used for SID cache (nonce) management. |
- ** Different implementations exist for clients/servers |
+ ** Procs used for SID cache (nonce) management. |
+ ** Different implementations exist for clients/servers |
** The lookup proc is only used for servers. Baloney! |
*/ |
- sslSessionIDCacheFunc cache; /* ssl 2 & 3 */ |
- sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */ |
+ sslSessionIDCacheFunc cache; /* ssl 2 & 3 */ |
+ sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */ |
/* |
** everything below here is for ssl2 only. |
- ** This stuff is equivalent to SSL3's "spec", and is protected by the |
+ ** This stuff is equivalent to SSL3's "spec", and is protected by the |
** same "Spec Lock" as used for SSL3's specs. |
*/ |
- PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */ |
- PRUint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */ |
+ PRUint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */ |
+ PRUint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */ |
/* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */ |
- const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */ |
- void *hashcx; /* Spec Lock */ /* ssl2 only */ |
+ const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */ |
+ void *hashcx; /* Spec Lock */ /* ssl2 only */ |
- SECItem sendSecret; /* Spec Lock */ /* ssl2 only */ |
- SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */ |
+ SECItem sendSecret; /* Spec Lock */ /* ssl2 only */ |
+ SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */ |
/* Session cypher contexts; one for each direction */ |
- void *readcx; /* Spec Lock */ /* ssl2 only */ |
- void *writecx; /* Spec Lock */ /* ssl2 only */ |
- SSLCipher enc; /* Spec Lock */ /* ssl2 only */ |
- SSLCipher dec; /* Spec Lock */ /* ssl2 only */ |
- void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */ |
+ void *readcx; /* Spec Lock */ /* ssl2 only */ |
+ void *writecx; /* Spec Lock */ /* ssl2 only */ |
+ SSLCipher enc; /* Spec Lock */ /* ssl2 only */ |
+ SSLCipher dec; /* Spec Lock */ /* ssl2 only */ |
+ void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */ |
/* Blocking information for the session cypher */ |
- int blockShift; /* Spec Lock */ /* ssl2 only */ |
- int blockSize; /* Spec Lock */ /* ssl2 only */ |
+ int blockShift; /* Spec Lock */ /* ssl2 only */ |
+ int blockSize; /* Spec Lock */ /* ssl2 only */ |
/* These are used during a connection handshake */ |
- sslConnectInfo ci; /* ssl 2 & 3 */ |
- |
+ sslConnectInfo ci; /* ssl 2 & 3 */ |
}; |
/* |
@@ -1251,187 +1262,178 @@ struct sslSecurityInfoStr { |
** Protection: XXX |
*/ |
struct sslSocketStr { |
- PRFileDesc * fd; |
+ PRFileDesc *fd; |
/* Pointer to operations vector for this socket */ |
- const sslSocketOps * ops; |
+ const sslSocketOps *ops; |
/* SSL socket options */ |
- sslOptions opt; |
+ sslOptions opt; |
/* Enabled version range */ |
- SSLVersionRange vrange; |
+ SSLVersionRange vrange; |
/* State flags */ |
- unsigned long clientAuthRequested; |
- unsigned long delayDisabled; /* Nagle delay disabled */ |
- unsigned long firstHsDone; /* first handshake is complete. */ |
- unsigned long enoughFirstHsDone; /* enough of the first handshake is |
- * done for callbacks to be able to |
- * retrieve channel security |
- * parameters from the SSL socket. */ |
- unsigned long handshakeBegun; |
- unsigned long lastWriteBlocked; |
- unsigned long recvdCloseNotify; /* received SSL EOF. */ |
- unsigned long TCPconnected; |
- unsigned long appDataBuffered; |
- unsigned long peerRequestedProtection; /* from old renegotiation */ |
+ unsigned long clientAuthRequested; |
+ unsigned long delayDisabled; /* Nagle delay disabled */ |
+ unsigned long firstHsDone; /* first handshake is complete. */ |
+ unsigned long enoughFirstHsDone; /* enough of the first handshake is |
+ * done for callbacks to be able to |
+ * retrieve channel security |
+ * parameters from the SSL socket. */ |
+ unsigned long handshakeBegun; |
+ unsigned long lastWriteBlocked; |
+ unsigned long recvdCloseNotify; /* received SSL EOF. */ |
+ unsigned long TCPconnected; |
+ unsigned long appDataBuffered; |
+ unsigned long peerRequestedProtection; /* from old renegotiation */ |
/* version of the protocol to use */ |
SSL3ProtocolVersion version; |
SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ |
- sslSecurityInfo sec; /* not a pointer any more */ |
+ sslSecurityInfo sec; /* not a pointer any more */ |
/* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ |
- const char *url; /* ssl 2 & 3 */ |
+ const char *url; /* ssl 2 & 3 */ |
- sslHandshakeFunc handshake; /*firstHandshakeLock*/ |
- sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ |
- sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ |
+ sslHandshakeFunc handshake; /*firstHandshakeLock*/ |
+ sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ |
+ sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ |
/* the following variable is only used with socks or other proxies. */ |
- char * peerID; /* String uniquely identifies target server. */ |
+ char *peerID; /* String uniquely identifies target server. */ |
- unsigned char * cipherSpecs; |
- unsigned int sizeCipherSpecs; |
-const unsigned char * preferredCipher; |
+ unsigned char *cipherSpecs; |
+ unsigned int sizeCipherSpecs; |
+ const unsigned char *preferredCipher; |
/* TLS ClientCertificateTypes requested during HandleCertificateRequest. */ |
/* Will be NULL at all other times. */ |
- const SECItem *requestedCertTypes; |
+ const SECItem *requestedCertTypes; |
- ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ |
+ ssl3KeyPair *stepDownKeyPair; /* RSA step down keys */ |
- const ssl3DHParams *dheParams; /* DHE param */ |
- ssl3KeyPair * dheKeyPair; /* DHE keys */ |
+ const ssl3DHParams *dheParams; /* DHE param */ |
+ ssl3KeyPair *dheKeyPair; /* DHE keys */ |
/* Callbacks */ |
- SSLAuthCertificate authCertificate; |
- void *authCertificateArg; |
- SSLGetClientAuthData getClientAuthData; |
- void *getClientAuthDataArg; |
-#ifdef NSS_PLATFORM_CLIENT_AUTH |
- SSLGetPlatformClientAuthData getPlatformClientAuthData; |
- void *getPlatformClientAuthDataArg; |
-#endif /* NSS_PLATFORM_CLIENT_AUTH */ |
- SSLSNISocketConfig sniSocketConfig; |
- void *sniSocketConfigArg; |
- SSLBadCertHandler handleBadCert; |
- void *badCertArg; |
- SSLHandshakeCallback handshakeCallback; |
- void *handshakeCallbackData; |
- SSLCanFalseStartCallback canFalseStartCallback; |
- void *canFalseStartCallbackData; |
- void *pkcs11PinArg; |
- SSLNextProtoCallback nextProtoCallback; |
- void *nextProtoArg; |
+ SSLAuthCertificate authCertificate; |
+ void *authCertificateArg; |
+ SSLGetClientAuthData getClientAuthData; |
+ void *getClientAuthDataArg; |
+ SSLSNISocketConfig sniSocketConfig; |
+ void *sniSocketConfigArg; |
+ SSLBadCertHandler handleBadCert; |
+ void *badCertArg; |
+ SSLHandshakeCallback handshakeCallback; |
+ void *handshakeCallbackData; |
+ SSLCanFalseStartCallback canFalseStartCallback; |
+ void *canFalseStartCallbackData; |
+ void *pkcs11PinArg; |
+ SSLNextProtoCallback nextProtoCallback; |
+ void *nextProtoArg; |
+ |
SSLClientChannelIDCallback getChannelID; |
- void *getChannelIDArg; |
+ void *getChannelIDArg; |
- PRIntervalTime rTimeout; /* timeout for NSPR I/O */ |
- PRIntervalTime wTimeout; /* timeout for NSPR I/O */ |
- PRIntervalTime cTimeout; /* timeout for NSPR I/O */ |
+ PRIntervalTime rTimeout; /* timeout for NSPR I/O */ |
+ PRIntervalTime wTimeout; /* timeout for NSPR I/O */ |
+ PRIntervalTime cTimeout; /* timeout for NSPR I/O */ |
- PZLock * recvLock; /* lock against multiple reader threads. */ |
- PZLock * sendLock; /* lock against multiple sender threads. */ |
+ PZLock *recvLock; /* lock against multiple reader threads. */ |
+ PZLock *sendLock; /* lock against multiple sender threads. */ |
- PZMonitor * recvBufLock; /* locks low level recv buffers. */ |
- PZMonitor * xmitBufLock; /* locks low level xmit buffers. */ |
+ PZMonitor *recvBufLock; /* locks low level recv buffers. */ |
+ PZMonitor *xmitBufLock; /* locks low level xmit buffers. */ |
/* Only one thread may operate on the socket until the initial handshake |
** is complete. This Monitor ensures that. Since SSL2 handshake is |
** only done once, this is also effectively the SSL2 handshake lock. |
*/ |
- PZMonitor * firstHandshakeLock; |
+ PZMonitor *firstHandshakeLock; |
/* This monitor protects the ssl3 handshake state machine data. |
** Only one thread (reader or writer) may be in the ssl3 handshake state |
** machine at any time. */ |
- PZMonitor * ssl3HandshakeLock; |
+ PZMonitor *ssl3HandshakeLock; |
/* reader/writer lock, protects the secret data needed to encrypt and MAC |
- ** outgoing records, and to decrypt and MAC check incoming ciphertext |
+ ** outgoing records, and to decrypt and MAC check incoming ciphertext |
** records. */ |
- NSSRWLock * specLock; |
+ NSSRWLock *specLock; |
- /* handle to perm cert db (and implicitly to the temp cert db) used |
- ** with this socket. |
+ /* handle to perm cert db (and implicitly to the temp cert db) used |
+ ** with this socket. |
*/ |
- CERTCertDBHandle * dbHandle; |
+ CERTCertDBHandle *dbHandle; |
- PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ |
+ PRThread *writerThread; /* thread holds SSL_LOCK_WRITER lock */ |
- PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ |
+ PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ |
- PRUint16 allowedByPolicy; /* copy of global policy bits. */ |
- PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ |
- PRUint16 chosenPreference; /* SSL2 cipher preferences. */ |
+ PRUint16 allowedByPolicy; /* copy of global policy bits. */ |
+ PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ |
+ PRUint16 chosenPreference; /* SSL2 cipher preferences. */ |
sslHandshakingType handshaking; |
/* Gather object used for gathering data */ |
- sslGather gs; /*recvBufLock*/ |
+ sslGather gs; /*recvBufLock*/ |
- sslBuffer saveBuf; /*xmitBufLock*/ |
- sslBuffer pendingBuf; /*xmitBufLock*/ |
+ sslBuffer saveBuf; /*xmitBufLock*/ |
+ sslBuffer pendingBuf; /*xmitBufLock*/ |
/* Configuration state for server sockets */ |
/* server cert and key for each KEA type */ |
- sslServerCerts serverCerts[kt_kea_size]; |
+ sslServerCerts serverCerts[kt_kea_size]; |
/* each cert needs its own status */ |
- SECItemArray * certStatusArray[kt_kea_size]; |
+ SECItemArray *certStatusArray[kt_kea_size]; |
+ /* Serialized signed certificate timestamps to be sent to the client |
+ ** in a TLS extension (server only). Each certificate needs its own |
+ ** timestamps item. |
+ */ |
+ SECItem signedCertTimestamps[kt_kea_size]; |
ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; |
- ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ |
+ ssl3KeyPair *ephemeralECDHKeyPair; /* for ECDHE-* handshake */ |
/* SSL3 state info. Formerly was a pointer */ |
- ssl3State ssl3; |
+ ssl3State ssl3; |
/* |
* TLS extension related data. |
*/ |
/* True when the current session is a stateless resume. */ |
- PRBool statelessResume; |
- TLSExtensionData xtnData; |
+ PRBool statelessResume; |
+ TLSExtensionData xtnData; |
/* Whether we are doing stream or datagram mode */ |
- SSLProtocolVariant protocolVariant; |
+ SSLProtocolVariant protocolVariant; |
}; |
- |
- |
-/* All the global data items declared here should be protected using the |
+/* All the global data items declared here should be protected using the |
** ssl_global_data_lock, which is a reader/writer lock. |
*/ |
-extern NSSRWLock * ssl_global_data_lock; |
-extern char ssl_debug; |
-extern char ssl_trace; |
-extern FILE * ssl_trace_iob; |
-extern FILE * ssl_keylog_iob; |
-extern CERTDistNames * ssl3_server_ca_list; |
-extern PRUint32 ssl_sid_timeout; |
-extern PRUint32 ssl3_sid_timeout; |
- |
-extern const char * const ssl_cipherName[]; |
-extern const char * const ssl3_cipherName[]; |
- |
-extern sslSessionIDLookupFunc ssl_sid_lookup; |
-extern sslSessionIDCacheFunc ssl_sid_cache; |
+extern NSSRWLock *ssl_global_data_lock; |
+extern char ssl_debug; |
+extern char ssl_trace; |
+extern FILE *ssl_trace_iob; |
+extern FILE *ssl_keylog_iob; |
+extern CERTDistNames *ssl3_server_ca_list; |
+extern PRUint32 ssl_sid_timeout; |
+extern PRUint32 ssl3_sid_timeout; |
+ |
+extern const char *const ssl_cipherName[]; |
+extern const char *const ssl3_cipherName[]; |
+ |
+extern sslSessionIDLookupFunc ssl_sid_lookup; |
+extern sslSessionIDCacheFunc ssl_sid_cache; |
extern sslSessionIDUncacheFunc ssl_sid_uncache; |
/************************************************************************/ |
SEC_BEGIN_PROTOS |
-/* Functions for handling SECItemArrays, added in NSS 3.15 */ |
-extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena, |
- SECItemArray *array, |
- unsigned int len); |
-extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena, |
- const SECItemArray *from); |
-extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit); |
-extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit); |
- |
/* Internal initialization and installation of the SSL error tables */ |
extern SECStatus ssl_Init(void); |
extern SECStatus ssl_InitializePRErrorTable(void); |
@@ -1445,15 +1447,15 @@ extern int ssl_DefShutdown(sslSocket *ss, int how); |
extern int ssl_DefClose(sslSocket *ss); |
extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags); |
extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf, |
- int len, int flags); |
+ int len, int flags); |
extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len); |
extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len); |
extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name); |
extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name); |
extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname, |
- void *optval, PRInt32 *optlen); |
+ void *optval, PRInt32 *optlen); |
extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname, |
- const void *optval, PRInt32 optlen); |
+ const void *optval, PRInt32 optlen); |
/* Implementation of ops for socks only case */ |
extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr); |
@@ -1463,7 +1465,7 @@ extern int ssl_SocksListen(sslSocket *ss, int backlog); |
extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name); |
extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags); |
extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf, |
- int len, int flags); |
+ int len, int flags); |
extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len); |
extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); |
@@ -1471,9 +1473,9 @@ extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len); |
extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr); |
extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr); |
extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, |
- int len, int flags); |
+ int len, int flags); |
extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf, |
- int len, int flags); |
+ int len, int flags); |
extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len); |
extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len); |
extern int ssl_SecureShutdown(sslSocket *ss, int how); |
@@ -1485,88 +1487,90 @@ extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr); |
extern PRFileDesc *ssl_FindTop(sslSocket *ss); |
/* Gather funcs. */ |
-extern sslGather * ssl_NewGather(void); |
-extern SECStatus ssl_InitGather(sslGather *gs); |
-extern void ssl_DestroyGather(sslGather *gs); |
-extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); |
-extern int ssl2_GatherRecord(sslSocket *ss, int flags); |
-extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); |
- |
-extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); |
-extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); |
- |
-extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); |
-extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); |
-extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); |
-extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); |
- |
-extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len); |
-extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); |
- |
-extern int ssl_SendSavedWriteData(sslSocket *ss); |
-extern SECStatus ssl_SaveWriteData(sslSocket *ss, |
- const void* p, unsigned int l); |
+extern sslGather *ssl_NewGather(void); |
+extern SECStatus ssl_InitGather(sslGather *gs); |
+extern void ssl_DestroyGather(sslGather *gs); |
+extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags); |
+extern int ssl2_GatherRecord(sslSocket *ss, int flags); |
+extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); |
+ |
+extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); |
+extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); |
+ |
+extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); |
+extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); |
+extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset); |
+extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec); |
+ |
+extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len); |
+extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len); |
+ |
+extern int ssl_SendSavedWriteData(sslSocket *ss); |
+extern SECStatus ssl_SaveWriteData(sslSocket *ss, |
+ const void *p, unsigned int l); |
extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss); |
extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss); |
-extern int ssl_Do1stHandshake(sslSocket *ss); |
+extern int ssl_Do1stHandshake(sslSocket *ss); |
extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen); |
-extern SECStatus sslBuffer_Append(sslBuffer *b, const void * data, |
- unsigned int len); |
+extern SECStatus sslBuffer_Append(sslBuffer *b, const void *data, |
+ unsigned int len); |
-extern void ssl2_UseClearSendFunc(sslSocket *ss); |
-extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); |
+extern void ssl2_UseClearSendFunc(sslSocket *ss); |
+extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec); |
extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); |
-extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, |
+extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, |
const char *peerID, const char *urlSvrName); |
-extern void ssl_FreeSID(sslSessionID *sid); |
+extern void ssl_FreeSID(sslSessionID *sid); |
-extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, |
- int len, int flags); |
+extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in, |
+ int len, int flags); |
-extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
+extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
-extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
+extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
-extern void ssl3_SetAlwaysBlock(sslSocket *ss); |
+extern void ssl3_SetAlwaysBlock(sslSocket *ss); |
extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
-extern void ssl_FinishHandshake(sslSocket *ss); |
+extern void ssl_FinishHandshake(sslSocket *ss); |
+ |
+extern SECStatus ssl_CipherPolicySet(PRInt32 which, PRInt32 policy); |
-/* Returns PR_TRUE if we are still waiting for the server to respond to our |
- * client second round. Once we've received any part of the server's second |
- * round then we don't bother trying to false start since it is almost always |
- * the case that the NewSessionTicket, ChangeCipherSoec, and Finished messages |
- * were sent in the same packet and we want to process them all at the same |
- * time. If we were to try to false start in the middle of the server's second |
- * round, then we would increase the number of I/O operations |
- * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake. |
+extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
+ |
+extern SECStatus ssl3_ConstrainRangeByPolicy(void); |
+ |
+/* Returns PR_TRUE if we are still waiting for the server to complete its |
+ * response to our client second round. Once we've received the Finished from |
+ * the server then there is no need to check false start. |
*/ |
-extern PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss); |
+extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss); |
extern SECStatus |
-ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, |
- PRBool isServer, |
- PRBool isDTLS, |
- PRBool capRecordVersion, |
- SSL3ContentType type, |
- const SSL3Opaque * pIn, |
- PRUint32 contentLen, |
- sslBuffer * wrBuf); |
-extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
- SSL3ContentType type, |
- const SSL3Opaque* pIn, PRInt32 nIn, |
- PRInt32 flags); |
- |
-#ifdef NSS_ENABLE_ZLIB |
+ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, |
+ PRBool isServer, |
+ PRBool isDTLS, |
+ PRBool capRecordVersion, |
+ SSL3ContentType type, |
+ const SSL3Opaque *pIn, |
+ PRUint32 contentLen, |
+ sslBuffer *wrBuf); |
+ |
+extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
+ SSL3ContentType type, |
+ const SSL3Opaque *pIn, PRInt32 nIn, |
+ PRInt32 flags); |
+ |
+#ifdef NSS_SSL_ENABLE_ZLIB |
/* |
* The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a |
* maximum TLS record payload of 2**14 bytes, that's 29 bytes. |
*/ |
#define SSL3_COMPRESSION_MAX_EXPANSION 29 |
-#else /* !NSS_ENABLE_ZLIB */ |
+#else /* !NSS_SSL_ENABLE_ZLIB */ |
#define SSL3_COMPRESSION_MAX_EXPANSION 0 |
#endif |
@@ -1574,68 +1578,109 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
* make sure there is room in the write buffer for padding and |
* other compression and cryptographic expansions. |
*/ |
-#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION |
- |
-#define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) |
-#define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock) |
-#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) |
-#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock) |
+#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION |
+ |
+#define SSL_LOCK_READER(ss) \ |
+ if (ss->recvLock) \ |
+ PZ_Lock(ss->recvLock) |
+#define SSL_UNLOCK_READER(ss) \ |
+ if (ss->recvLock) \ |
+ PZ_Unlock(ss->recvLock) |
+#define SSL_LOCK_WRITER(ss) \ |
+ if (ss->sendLock) \ |
+ PZ_Lock(ss->sendLock) |
+#define SSL_UNLOCK_WRITER(ss) \ |
+ if (ss->sendLock) \ |
+ PZ_Unlock(ss->sendLock) |
/* firstHandshakeLock -> recvBufLock */ |
-#define ssl_Get1stHandshakeLock(ss) \ |
- { if (!ss->opt.noLocks) { \ |
- PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ |
- !ssl_HaveRecvBufLock(ss)); \ |
- PZ_EnterMonitor((ss)->firstHandshakeLock); \ |
- } } |
-#define ssl_Release1stHandshakeLock(ss) \ |
- { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->firstHandshakeLock); } |
-#define ssl_Have1stHandshakeLock(ss) \ |
+#define ssl_Get1stHandshakeLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) { \ |
+ PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ |
+ !ssl_HaveRecvBufLock(ss)); \ |
+ PZ_EnterMonitor((ss)->firstHandshakeLock); \ |
+ } \ |
+ } |
+#define ssl_Release1stHandshakeLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ PZ_ExitMonitor((ss)->firstHandshakeLock); \ |
+ } |
+#define ssl_Have1stHandshakeLock(ss) \ |
(PZ_InMonitor((ss)->firstHandshakeLock)) |
/* ssl3HandshakeLock -> xmitBufLock */ |
-#define ssl_GetSSL3HandshakeLock(ss) \ |
- { if (!ss->opt.noLocks) { \ |
- PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
- PZ_EnterMonitor((ss)->ssl3HandshakeLock); \ |
- } } |
-#define ssl_ReleaseSSL3HandshakeLock(ss) \ |
- { if (!ss->opt.noLocks) PZ_ExitMonitor((ss)->ssl3HandshakeLock); } |
-#define ssl_HaveSSL3HandshakeLock(ss) \ |
+#define ssl_GetSSL3HandshakeLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) { \ |
+ PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
+ PZ_EnterMonitor((ss)->ssl3HandshakeLock); \ |
+ } \ |
+ } |
+#define ssl_ReleaseSSL3HandshakeLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ PZ_ExitMonitor((ss)->ssl3HandshakeLock); \ |
+ } |
+#define ssl_HaveSSL3HandshakeLock(ss) \ |
(PZ_InMonitor((ss)->ssl3HandshakeLock)) |
-#define ssl_GetSpecReadLock(ss) \ |
- { if (!ss->opt.noLocks) NSSRWLock_LockRead((ss)->specLock); } |
-#define ssl_ReleaseSpecReadLock(ss) \ |
- { if (!ss->opt.noLocks) NSSRWLock_UnlockRead((ss)->specLock); } |
+#define ssl_GetSpecReadLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ NSSRWLock_LockRead((ss)->specLock); \ |
+ } |
+#define ssl_ReleaseSpecReadLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ NSSRWLock_UnlockRead((ss)->specLock); \ |
+ } |
/* NSSRWLock_HaveReadLock is not exported so there's no |
* ssl_HaveSpecReadLock macro. */ |
-#define ssl_GetSpecWriteLock(ss) \ |
- { if (!ss->opt.noLocks) NSSRWLock_LockWrite((ss)->specLock); } |
-#define ssl_ReleaseSpecWriteLock(ss) \ |
- { if (!ss->opt.noLocks) NSSRWLock_UnlockWrite((ss)->specLock); } |
-#define ssl_HaveSpecWriteLock(ss) \ |
+#define ssl_GetSpecWriteLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ NSSRWLock_LockWrite((ss)->specLock); \ |
+ } |
+#define ssl_ReleaseSpecWriteLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ NSSRWLock_UnlockWrite((ss)->specLock); \ |
+ } |
+#define ssl_HaveSpecWriteLock(ss) \ |
(NSSRWLock_HaveWriteLock((ss)->specLock)) |
/* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */ |
-#define ssl_GetRecvBufLock(ss) \ |
- { if (!ss->opt.noLocks) { \ |
- PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \ |
- PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
- PZ_EnterMonitor((ss)->recvBufLock); \ |
- } } |
-#define ssl_ReleaseRecvBufLock(ss) \ |
- { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->recvBufLock); } |
-#define ssl_HaveRecvBufLock(ss) \ |
+#define ssl_GetRecvBufLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) { \ |
+ PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \ |
+ PORT_Assert(!ssl_HaveXmitBufLock(ss)); \ |
+ PZ_EnterMonitor((ss)->recvBufLock); \ |
+ } \ |
+ } |
+#define ssl_ReleaseRecvBufLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ PZ_ExitMonitor((ss)->recvBufLock); \ |
+ } |
+#define ssl_HaveRecvBufLock(ss) \ |
(PZ_InMonitor((ss)->recvBufLock)) |
/* xmitBufLock -> specLock */ |
-#define ssl_GetXmitBufLock(ss) \ |
- { if (!ss->opt.noLocks) PZ_EnterMonitor((ss)->xmitBufLock); } |
-#define ssl_ReleaseXmitBufLock(ss) \ |
- { if (!ss->opt.noLocks) PZ_ExitMonitor( (ss)->xmitBufLock); } |
-#define ssl_HaveXmitBufLock(ss) \ |
+#define ssl_GetXmitBufLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ PZ_EnterMonitor((ss)->xmitBufLock); \ |
+ } |
+#define ssl_ReleaseXmitBufLock(ss) \ |
+ { \ |
+ if (!ss->opt.noLocks) \ |
+ PZ_ExitMonitor((ss)->xmitBufLock); \ |
+ } |
+#define ssl_HaveXmitBufLock(ss) \ |
(PZ_InMonitor((ss)->xmitBufLock)) |
/* Placeholder value used in version ranges when SSL 3.0 and all |
@@ -1643,7 +1688,7 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
*/ |
#define SSL_LIBRARY_VERSION_NONE 0 |
-/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version |
+/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version |
* of libssl supports. Applications should use SSL_VersionRangeGetSupported at |
* runtime to determine which versions are supported by the version of libssl |
* in use. |
@@ -1659,14 +1704,14 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, |
((vrange)->min == SSL_LIBRARY_VERSION_NONE) |
extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, |
- SSL3ProtocolVersion version); |
+ SSL3ProtocolVersion version); |
-extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, |
- const unsigned char * cr, const unsigned char * sr, |
- PRBool isTLS, PRBool isExport); |
-extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, |
- const unsigned char * cr, const unsigned char * sr, |
- const SECItem * pms, PRBool isTLS, PRBool isRSA); |
+extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec *pwSpec, |
+ const unsigned char *cr, const unsigned char *sr, |
+ PRBool isTLS, PRBool isExport); |
+extern SECStatus ssl3_MasterSecretDeriveBypass(ssl3CipherSpec *pwSpec, |
+ const unsigned char *cr, const unsigned char *sr, |
+ const SECItem *pms, PRBool isTLS, PRBool isRSA); |
/* These functions are called from secnav, even though they're "private". */ |
@@ -1674,13 +1719,13 @@ extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); |
extern sslSocket *ssl_FindSocket(PRFileDesc *fd); |
extern void ssl_FreeSocket(struct sslSocketStr *ssl); |
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, |
- SSL3AlertDescription desc); |
+ SSL3AlertDescription desc); |
extern SECStatus ssl3_DecodeError(sslSocket *ss); |
-extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, |
- CERTCertificate * cert, |
- SECKEYPrivateKey * key, |
- CERTCertificateList *certChain); |
+extern SECStatus ssl3_RestartHandshakeAfterCertReq(struct sslSocketStr *ss, |
+ CERTCertificate *cert, |
+ SECKEYPrivateKey *key, |
+ CERTCertificateList *certChain); |
extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( |
sslSocket *ss, |
@@ -1711,7 +1756,7 @@ SECStatus ssl3_HandleRecord( |
int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); |
int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); |
/* |
- * When talking to export clients or using export cipher suites, servers |
+ * When talking to export clients or using export cipher suites, servers |
* with public RSA keys larger than 512 bits need to use a 512-bit public |
* key, signed by the larger key. The smaller key is a "step down" key. |
* Generate that key pair and keep it around. |
@@ -1721,59 +1766,63 @@ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); |
extern SECStatus ssl3_SelectDHParams(sslSocket *ss); |
#ifndef NSS_DISABLE_ECC |
-extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); |
-extern PRBool ssl3_IsECCEnabled(sslSocket *ss); |
-extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, |
- const ssl3CipherSuite * suite); |
-extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); |
- |
+extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); |
+extern PRBool ssl3_IsECCEnabled(sslSocket *ss); |
+extern SECStatus ssl3_DisableECCSuites(sslSocket *ss, |
+ const ssl3CipherSuite *suite); |
+extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); |
/* Macro for finding a curve equivalent in strength to RSA key's */ |
-#define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ |
- ((s <= 1024) ? 160 \ |
- : ((s <= 2048) ? 224 \ |
- : ((s <= 3072) ? 256 \ |
- : ((s <= 7168) ? 384 : 521 ) ) ) ) |
+/* clang-format off */ |
+#define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ |
+ ((s <= 1024) ? 160 \ |
+ : ((s <= 2048) ? 224 \ |
+ : ((s <= 3072) ? 256 \ |
+ : ((s <= 7168) ? 384 \ |
+ : 521 ) ) ) ) |
+/* clang-format on */ |
/* Types and names of elliptic curves used in TLS */ |
-typedef enum { ec_type_explicitPrime = 1, |
- ec_type_explicitChar2Curve = 2, |
- ec_type_named |
+typedef enum { ec_type_explicitPrime = 1, |
+ ec_type_explicitChar2Curve = 2, |
+ ec_type_named |
} ECType; |
-typedef enum { ec_noName = 0, |
- ec_sect163k1 = 1, |
- ec_sect163r1 = 2, |
- ec_sect163r2 = 3, |
- ec_sect193r1 = 4, |
- ec_sect193r2 = 5, |
- ec_sect233k1 = 6, |
- ec_sect233r1 = 7, |
- ec_sect239k1 = 8, |
- ec_sect283k1 = 9, |
- ec_sect283r1 = 10, |
- ec_sect409k1 = 11, |
- ec_sect409r1 = 12, |
- ec_sect571k1 = 13, |
- ec_sect571r1 = 14, |
- ec_secp160k1 = 15, |
- ec_secp160r1 = 16, |
- ec_secp160r2 = 17, |
- ec_secp192k1 = 18, |
- ec_secp192r1 = 19, |
- ec_secp224k1 = 20, |
- ec_secp224r1 = 21, |
- ec_secp256k1 = 22, |
- ec_secp256r1 = 23, |
- ec_secp384r1 = 24, |
- ec_secp521r1 = 25, |
- ec_pastLastName |
+typedef enum { ec_noName = 0, |
+ ec_sect163k1 = 1, |
+ ec_sect163r1 = 2, |
+ ec_sect163r2 = 3, |
+ ec_sect193r1 = 4, |
+ ec_sect193r2 = 5, |
+ ec_sect233k1 = 6, |
+ ec_sect233r1 = 7, |
+ ec_sect239k1 = 8, |
+ ec_sect283k1 = 9, |
+ ec_sect283r1 = 10, |
+ ec_sect409k1 = 11, |
+ ec_sect409r1 = 12, |
+ ec_sect571k1 = 13, |
+ ec_sect571r1 = 14, |
+ ec_secp160k1 = 15, |
+ ec_secp160r1 = 16, |
+ ec_secp160r2 = 17, |
+ ec_secp192k1 = 18, |
+ ec_secp192r1 = 19, |
+ ec_secp224k1 = 20, |
+ ec_secp224r1 = 21, |
+ ec_secp256k1 = 22, |
+ ec_secp256r1 = 23, |
+ ec_secp384r1 = 24, |
+ ec_secp521r1 = 25, |
+ ec_pastLastName |
} ECName; |
extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, |
- SECKEYECParams *params); |
-ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); |
+ SECKEYECParams *params); |
+ECName ssl3_PubKey2ECName(SECKEYPublicKey *pubKey); |
+ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); |
+ECName ssl3_GetCurveNameForServerSocket(sslSocket *ss); |
#endif /* NSS_DISABLE_ECC */ |
@@ -1787,108 +1836,113 @@ extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool |
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); |
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); |
extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *cipher, |
- unsigned int len); |
+ unsigned int len); |
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); |
extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); |
-extern void ssl2_InitSocketPolicy(sslSocket *ss); |
-extern void ssl3_InitSocketPolicy(sslSocket *ss); |
+extern void ssl2_InitSocketPolicy(sslSocket *ss); |
+extern void ssl3_InitSocketPolicy(sslSocket *ss); |
extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
- unsigned char *cs, int *size); |
+ unsigned char *cs, int *size); |
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
-extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, |
- PRUint32 length); |
+extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, |
+ PRUint32 length); |
extern void ssl3_DestroySSL3Info(sslSocket *ss); |
-extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
- SSL3ProtocolVersion peerVersion, |
- PRBool allowLargerPeerVersion); |
+extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
+ SSL3ProtocolVersion peerVersion, |
+ PRBool allowLargerPeerVersion); |
extern SECStatus ssl_GetPeerInfo(sslSocket *ss); |
#ifndef NSS_DISABLE_ECC |
/* ECDH functions */ |
-extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, |
- SECKEYPublicKey * svrPubKey); |
-extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, |
- SSL3Opaque *b, PRUint32 length); |
-extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, |
- SSL3Opaque *b, PRUint32 length, |
- SECKEYPublicKey *srvrPubKey, |
- SECKEYPrivateKey *srvrPrivKey); |
+extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss, |
+ SECKEYPublicKey *svrPubKey); |
+extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, |
+ SSL3Opaque *b, PRUint32 length); |
+extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, |
+ SSL3Opaque *b, PRUint32 length, |
+ SECKEYPublicKey *srvrPubKey, |
+ SECKEYPrivateKey *srvrPrivKey); |
extern SECStatus ssl3_SendECDHServerKeyExchange( |
sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); |
+SECKEYPublicKey *tls13_ImportECDHKeyShare( |
+ sslSocket *ss, SSL3Opaque *b, PRUint32 length, ECName curve); |
+ECName tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair); |
+unsigned int tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair *pair); |
+SECStatus tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair); |
#endif |
extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, |
- PRUint8 * hashBuf, |
- unsigned int bufLen, SSL3Hashes *hashes, |
- PRBool bypassPKCS11); |
+ PRUint8 *hashBuf, |
+ unsigned int bufLen, SSL3Hashes *hashes, |
+ PRBool bypassPKCS11); |
extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); |
extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms); |
-extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, |
- PRInt32 bytes); |
-extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, |
- SSL3HandshakeType t, PRUint32 length); |
-extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, |
- PRInt32 lenSize); |
-extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, |
- const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); |
+extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, |
+ PRInt32 bytes); |
+extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, |
+ SSL3HandshakeType t, PRUint32 length); |
+extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, |
+ PRInt32 lenSize); |
+extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss, |
+ const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); |
extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( |
- sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash); |
-extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, |
- SSL3Opaque **b, PRUint32 *length); |
-extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |
- SSL3Opaque **b, PRUint32 *length); |
-extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
- PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); |
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); |
+extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, |
+ SSL3Opaque **b, PRUint32 *length); |
+extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, |
+ SSL3Opaque **b, PRUint32 *length); |
+extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, |
+ PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); |
extern PRBool ssl3_IsSupportedSignatureAlgorithm( |
const SSLSignatureAndHashAlg *alg); |
extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( |
sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, |
- CERTCertificate* cert); |
+ CERTCertificate *cert); |
extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( |
sslSocket *ss, SSL3Opaque **b, PRUint32 *length, |
SSLSignatureAndHashAlg *out); |
-extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
- SECItem *buf, PRBool isTLS); |
-extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
- CERTCertificate *cert, SECItem *buf, PRBool isTLS, |
- void *pwArg); |
+extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, |
+ SECItem *buf, PRBool isTLS); |
+extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, |
+ CERTCertificate *cert, SECItem *buf, PRBool isTLS, |
+ void *pwArg); |
extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss, |
- sslSessionID *sid, ssl3CipherSpec *spec, |
- SSL3KEAType effectiveExchKeyType); |
+ sslSessionID *sid, ssl3CipherSpec *spec, |
+ SSL3KEAType effectiveExchKeyType); |
/* Functions that handle ClientHello and ServerHello extensions. */ |
-extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss, |
- PRUint16 ex_type, SECItem *data); |
-extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss, |
- PRUint16 ex_type, SECItem *data); |
-extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss, |
- PRUint16 ex_type, SECItem *data); |
+extern SECStatus ssl3_HandleServerNameXtn(sslSocket *ss, |
+ PRUint16 ex_type, SECItem *data); |
+extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket *ss, |
+ PRUint16 ex_type, SECItem *data); |
+extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, |
+ PRUint16 ex_type, SECItem *data); |
extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, |
- PRUint16 ex_type, SECItem *data); |
+ PRUint16 ex_type, SECItem *data); |
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
- PRUint16 ex_type, SECItem *data); |
+ PRUint16 ex_type, SECItem *data); |
/* ClientHello and ServerHello extension senders. |
* Note that not all extension senders are exposed here; only those that |
* that need exposure. |
*/ |
extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append, |
- PRUint32 maxBytes); |
+ PRUint32 maxBytes); |
/* ClientHello and ServerHello extension senders. |
* The code is in ssl3ext.c. |
*/ |
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
- PRUint32 maxBytes); |
+ PRUint32 maxBytes); |
/* Assigns new cert, cert chain and keys to ss->serverCerts |
* struct. If certChain is NULL, tries to find one. Aborts if |
@@ -1900,38 +1954,39 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
#ifndef NSS_DISABLE_ECC |
extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, |
- PRBool append, PRUint32 maxBytes); |
+ PRBool append, PRUint32 maxBytes); |
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, |
- PRBool append, PRUint32 maxBytes); |
+ PRBool append, PRUint32 maxBytes); |
#endif |
/* call the registered extension handlers. */ |
-extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, |
- SSL3Opaque **b, PRUint32 *length); |
+extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, |
+ SSL3Opaque **b, PRUint32 *length, |
+ SSL3HandshakeType handshakeMessage); |
/* Hello Extension related routines. */ |
extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type); |
extern void ssl3_SetSIDSessionTicket(sslSessionID *sid, |
- /*in/out*/ NewSessionTicket *session_ticket); |
+ /*in/out*/ NewSessionTicket *session_ticket); |
extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss); |
extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName, |
- unsigned char *encKey, unsigned char *macKey); |
+ unsigned char *encKey, unsigned char *macKey); |
extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, |
- SECKEYPublicKey *svrPubKey, void *pwArg, |
- unsigned char *keyName, PK11SymKey **aesKey, |
- PK11SymKey **macKey); |
+ SECKEYPublicKey *svrPubKey, void *pwArg, |
+ unsigned char *keyName, PK11SymKey **aesKey, |
+ PK11SymKey **macKey); |
/* Tell clients to consider tickets valid for this long. */ |
-#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ |
-#define TLS_EX_SESS_TICKET_VERSION (0x0101) |
+#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ |
+#define TLS_EX_SESS_TICKET_VERSION (0x0101) |
-extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, |
- unsigned int length); |
+extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data, |
+ unsigned int length); |
extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
- unsigned char *out, |
- unsigned int *outLen, |
- unsigned int outLenMax); |
+ unsigned char *out, |
+ unsigned int *outLen, |
+ unsigned int outLenMax); |
/* Construct a new NSPR socket for the app to use */ |
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); |
@@ -1941,30 +1996,29 @@ extern void ssl_FreePRSocket(PRFileDesc *fd); |
* various ciphers */ |
extern int ssl3_config_match_init(sslSocket *); |
- |
/* Create a new ref counted key pair object from two keys. */ |
-extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, |
- SECKEYPublicKey * pubKey); |
+extern ssl3KeyPair *ssl3_NewKeyPair(SECKEYPrivateKey *privKey, |
+ SECKEYPublicKey *pubKey); |
/* get a new reference (bump ref count) to an ssl3KeyPair. */ |
-extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); |
+extern ssl3KeyPair *ssl3_GetKeyPairRef(ssl3KeyPair *keyPair); |
/* Decrement keypair's ref count and free if zero. */ |
-extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); |
+extern void ssl3_FreeKeyPair(ssl3KeyPair *keyPair); |
/* calls for accessing wrapping keys across processes. */ |
extern PRBool |
-ssl_GetWrappingKey( PRInt32 symWrapMechIndex, |
- SSL3KEAType exchKeyType, |
- SSLWrappedSymWrappingKey *wswk); |
+ssl_GetWrappingKey(PRInt32 symWrapMechIndex, |
+ SSL3KEAType exchKeyType, |
+ SSLWrappedSymWrappingKey *wswk); |
/* The caller passes in the new value it wants |
- * to set. This code tests the wrapped sym key entry in the file on disk. |
- * If it is uninitialized, this function writes the caller's value into |
- * the disk entry, and returns false. |
- * Otherwise, it overwrites the caller's wswk with the value obtained from |
- * the disk, and returns PR_TRUE. |
- * This is all done while holding the locks/semaphores necessary to make |
+ * to set. This code tests the wrapped sym key entry in the file on disk. |
+ * If it is uninitialized, this function writes the caller's value into |
+ * the disk entry, and returns false. |
+ * Otherwise, it overwrites the caller's wswk with the value obtained from |
+ * the disk, and returns PR_TRUE. |
+ * This is all done while holding the locks/semaphores necessary to make |
* the operation atomic. |
*/ |
extern PRBool |
@@ -1979,27 +2033,6 @@ extern SECStatus ssl_FreeSymWrapKeysLock(void); |
extern SECStatus ssl_InitSessionCacheLocks(void); |
-/***************** platform client auth ****************/ |
- |
-#ifdef NSS_PLATFORM_CLIENT_AUTH |
-// Releases the platform key. |
-extern void ssl_FreePlatformKey(PlatformKey key); |
- |
-// Implement the client CertificateVerify message for SSL3/TLS1.0 |
-extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, |
- PlatformKey key, SECItem *buf, |
- PRBool isTLS, KeyType keyType); |
- |
-// Converts a CERTCertList* (A collection of CERTCertificates) into a |
-// CERTCertificateList* (A collection of SECItems), or returns NULL if |
-// it cannot be converted. |
-// This is to allow the platform-supplied chain to be created with purely |
-// public API functions, using the preferred CERTCertList mutators, rather |
-// pushing this hack to clients. |
-extern CERTCertificateList* hack_NewCertificateListFromCertList( |
- CERTCertList* list); |
-#endif /* NSS_PLATFORM_CLIENT_AUTH */ |
- |
/**************** DTLS-specific functions **************/ |
extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); |
extern void dtls_FreeQueuedMessages(PRCList *lst); |
@@ -2007,34 +2040,78 @@ extern void dtls_FreeHandshakeMessages(PRCList *lst); |
extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); |
extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, |
- SSL3Opaque *b, PRUint32 length); |
+ SSL3Opaque *b, PRUint32 length); |
extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); |
extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, |
- const SSL3Opaque *pIn, PRInt32 nIn); |
+ const SSL3Opaque *pIn, PRInt32 nIn); |
extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); |
extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss, |
- DTLSEpoch epoch, |
- PRBool use_epoch, |
- SSL3ContentType type, |
- const SSL3Opaque *pIn, |
- PRUint32 contentLen, |
- sslBuffer *wrBuf); |
-SECStatus ssl3_DisableNonDTLSSuites(sslSocket * ss); |
+ DTLSEpoch epoch, |
+ PRBool use_epoch, |
+ SSL3ContentType type, |
+ const SSL3Opaque *pIn, |
+ PRUint32 contentLen, |
+ sslBuffer *wrBuf); |
+SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss); |
extern SECStatus dtls_StartTimer(sslSocket *ss, DTLSTimerCb cb); |
extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, |
- DTLSTimerCb cb); |
+ DTLSTimerCb cb); |
extern void dtls_CheckTimer(sslSocket *ss); |
extern void dtls_CancelTimer(sslSocket *ss); |
extern void dtls_FinishedTimerCb(sslSocket *ss); |
extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised); |
extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records); |
-extern int dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq); |
+extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records, PRUint64 seq); |
extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq); |
extern void dtls_RehandshakeCleanup(sslSocket *ss); |
extern SSL3ProtocolVersion |
dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv); |
extern SSL3ProtocolVersion |
dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv); |
+extern PRBool dtls_IsRelevant(sslSocket *ss, const ssl3CipherSpec *crSpec, |
+ const SSL3Ciphertext *cText, PRUint64 *seqNum); |
+ |
+CK_MECHANISM_TYPE ssl3_Alg2Mech(SSLCipherAlgorithm calg); |
+SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss); |
+SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags); |
+SECStatus ssl3_SendCertificate(sslSocket *ss); |
+SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss, |
+ SSL3Opaque *b, PRUint32 length); |
+SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); |
+SECStatus ssl3_SendCertificateStatus(sslSocket *ss); |
+SECStatus ssl3_CompleteHandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, |
+ PRUint32 length); |
+SECStatus ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, |
+ unsigned maxLen, PRUint32 *len); |
+void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp, |
+ int *nnamesp); |
+SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, |
+ PRUint32 *length, PLArenaPool *arena, |
+ CERTDistNames *ca_list); |
+SECStatus ssl3_CompleteHandleCertificateRequest(sslSocket *ss, |
+ SECItem *algorithms, |
+ CERTDistNames *ca_list); |
+SECStatus ssl3_SendCertificateVerify(sslSocket *ss, |
+ SECKEYPrivateKey *privKey); |
+SECStatus ssl3_SendServerHello(sslSocket *ss); |
+SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); |
+SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, |
+ ssl3CipherSpec *spec, |
+ SSL3Hashes *hashes, |
+ PRUint32 sender); |
+void ssl3_BumpSequenceNumber(SSL3SequenceNumber *num); |
+PRInt32 tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append, |
+ PRUint32 maxBytes); |
+#ifndef NSS_DISABLE_ECC |
+SECStatus ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, |
+ ssl3KeyPair **keyPair); |
+PK11SymKey *tls13_ComputeECDHSharedKey(sslSocket *ss, |
+ SECKEYPrivateKey *myPrivKey, |
+ SECKEYPublicKey *peerKey); |
+#endif |
+ |
+/* Pull in TLS 1.3 functions */ |
+#include "tls13con.h" |
/********************** misc calls *********************/ |
@@ -2046,11 +2123,13 @@ extern int ssl_MapLowLevelError(int hiLevelError); |
extern PRUint32 ssl_Time(void); |
-extern void SSL_AtomicIncrementLong(long * x); |
+extern void SSL_AtomicIncrementLong(long *x); |
SECStatus SSL_DisableDefaultExportCipherSuites(void); |
-SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); |
-PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
+SECStatus SSL_DisableExportCipherSuites(PRFileDesc *fd); |
+PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
+ |
+SECStatus ssl3_ApplyNSSPolicy(void); |
extern SECStatus |
ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, |