OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
266 /* | 266 /* |
267 ** A buffer object. | 267 ** A buffer object. |
268 */ | 268 */ |
269 struct sslBufferStr { | 269 struct sslBufferStr { |
270 unsigned char * buf; | 270 unsigned char * buf; |
271 unsigned int len; | 271 unsigned int len; |
272 unsigned int space; | 272 unsigned int space; |
273 }; | 273 }; |
274 | 274 |
275 /* | 275 /* |
276 ** SSL3 cipher suite policy and preference struct. | 276 ** SSL3 cipher suite preference struct. |
277 */ | 277 */ |
278 typedef struct { | 278 typedef struct { |
279 #if !defined(_WIN32) | 279 #if !defined(_WIN32) |
280 unsigned int cipher_suite : 16; | 280 unsigned int cipher_suite : 16; |
281 unsigned int policy : 8; | |
282 unsigned int enabled : 1; | 281 unsigned int enabled : 1; |
283 unsigned int isPresent : 1; | 282 unsigned int isPresent : 1; |
284 #else | 283 #else |
285 ssl3CipherSuite cipher_suite; | 284 ssl3CipherSuite cipher_suite; |
286 PRUint8 policy; | |
287 unsigned char enabled : 1; | 285 unsigned char enabled : 1; |
288 unsigned char isPresent : 1; | 286 unsigned char isPresent : 1; |
289 #endif | 287 #endif |
290 } ssl3CipherSuiteCfg; | 288 } ssl3CipherSuiteCfg; |
291 | 289 |
292 #ifdef NSS_ENABLE_ECC | 290 #ifdef NSS_ENABLE_ECC |
293 #define ssl_V3_SUITES_IMPLEMENTED 57 | 291 #define ssl_V3_SUITES_IMPLEMENTED 57 |
294 #else | 292 #else |
295 #define ssl_V3_SUITES_IMPLEMENTED 35 | 293 #define ssl_V3_SUITES_IMPLEMENTED 35 |
296 #endif /* NSS_ENABLE_ECC */ | 294 #endif /* NSS_ENABLE_ECC */ |
(...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
630 int keyBits; | 628 int keyBits; |
631 int secretKeyBits; | 629 int secretKeyBits; |
632 } ssl2; | 630 } ssl2; |
633 struct { | 631 struct { |
634 /* values that are copied into the server's on-disk SID cache. */ | 632 /* values that are copied into the server's on-disk SID cache. */ |
635 PRUint8 sessionIDLength; | 633 PRUint8 sessionIDLength; |
636 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; | 634 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
637 | 635 |
638 ssl3CipherSuite cipherSuite; | 636 ssl3CipherSuite cipherSuite; |
639 SSLCompressionMethod compression; | 637 SSLCompressionMethod compression; |
640 int policy; | |
641 ssl3SidKeys keys; | 638 ssl3SidKeys keys; |
642 CK_MECHANISM_TYPE masterWrapMech; | 639 CK_MECHANISM_TYPE masterWrapMech; |
643 /* mechanism used to wrap master secret */ | 640 /* mechanism used to wrap master secret */ |
644 SSL3KEAType exchKeyType; | 641 SSL3KEAType exchKeyType; |
645 /* key type used in exchange algorithm, | 642 /* key type used in exchange algorithm, |
646 * and to wrap the sym wrapping key. */ | 643 * and to wrap the sym wrapping key. */ |
647 #ifdef NSS_ENABLE_ECC | 644 #ifdef NSS_ENABLE_ECC |
648 PRUint32 negotiatedECCurves; | 645 PRUint32 negotiatedECCurves; |
649 #endif /* NSS_ENABLE_ECC */ | 646 #endif /* NSS_ENABLE_ECC */ |
650 | 647 |
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
916 SECKEYPrivateKey * clientPrivateKey; /* used by client */ | 913 SECKEYPrivateKey * clientPrivateKey; /* used by client */ |
917 /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not | 914 /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not |
918 * defined in order to allow cleaner conditional code. | 915 * defined in order to allow cleaner conditional code. |
919 * At most one of clientPrivateKey and platformClientKey may be set. */ | 916 * At most one of clientPrivateKey and platformClientKey may be set. */ |
920 PlatformKey platformClientKey; /* used by client */ | 917 PlatformKey platformClientKey; /* used by client */ |
921 CERTCertificateList *clientCertChain; /* used by client */ | 918 CERTCertificateList *clientCertChain; /* used by client */ |
922 PRBool sendEmptyCert; /* used by client */ | 919 PRBool sendEmptyCert; /* used by client */ |
923 | 920 |
924 SECKEYPrivateKey *channelID; /* used by client */ | 921 SECKEYPrivateKey *channelID; /* used by client */ |
925 SECKEYPublicKey *channelIDPub; /* used by client */ | 922 SECKEYPublicKey *channelIDPub; /* used by client */ |
926 | |
wtc
2013/08/09 19:28:19
Resurrect this blank line.
agl
2013/08/12 11:29:12
Done.
| |
927 int policy; | |
928 /* This says what cipher suites we can do, and should | |
929 * be either SSL_ALLOWED or SSL_RESTRICTED | |
930 */ | |
931 PLArenaPool * peerCertArena; | 923 PLArenaPool * peerCertArena; |
932 /* These are used to keep track of the peer CA */ | 924 /* These are used to keep track of the peer CA */ |
933 void * peerCertChain; | 925 void * peerCertChain; |
934 /* chain while we are trying to validate it. */ | 926 /* chain while we are trying to validate it. */ |
935 CERTDistNames * ca_list; | 927 CERTDistNames * ca_list; |
936 /* used by server. trusted CAs for this socket. */ | 928 /* used by server. trusted CAs for this socket. */ |
937 PRBool initialized; | 929 PRBool initialized; |
938 SSL3HandshakeState hs; | 930 SSL3HandshakeState hs; |
939 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ | 931 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
940 | 932 |
(...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1226 | 1218 |
1227 /* handle to perm cert db (and implicitly to the temp cert db) used | 1219 /* handle to perm cert db (and implicitly to the temp cert db) used |
1228 ** with this socket. | 1220 ** with this socket. |
1229 */ | 1221 */ |
1230 CERTCertDBHandle * dbHandle; | 1222 CERTCertDBHandle * dbHandle; |
1231 | 1223 |
1232 PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ | 1224 PRThread * writerThread; /* thread holds SSL_LOCK_WRITER lock */ |
1233 | 1225 |
1234 PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ | 1226 PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */ |
1235 | 1227 |
1236 PRUint16 allowedByPolicy; /* copy of global policy bits. */ | |
1237 PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */ | |
1238 PRUint16 chosenPreference; /* SSL2 cipher preferences. */ | 1228 PRUint16 chosenPreference; /* SSL2 cipher preferences. */ |
1239 | 1229 |
1240 sslHandshakingType handshaking; | 1230 sslHandshakingType handshaking; |
1241 | 1231 |
1242 /* Gather object used for gathering data */ | 1232 /* Gather object used for gathering data */ |
1243 sslGather gs; /*recvBufLock*/ | 1233 sslGather gs; /*recvBufLock*/ |
1244 | 1234 |
1245 sslBuffer saveBuf; /*xmitBufLock*/ | 1235 sslBuffer saveBuf; /*xmitBufLock*/ |
1246 sslBuffer pendingBuf; /*xmitBufLock*/ | 1236 sslBuffer pendingBuf; /*xmitBufLock*/ |
1247 | 1237 |
(...skipping 386 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1634 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); | 1624 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); |
1635 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); | 1625 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); |
1636 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); | 1626 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
1637 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); | 1627 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled); |
1638 | 1628 |
1639 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); | 1629 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); |
1640 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); | 1630 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); |
1641 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled ); | 1631 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled ); |
1642 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable d); | 1632 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enable d); |
1643 | 1633 |
1644 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); | 1634 extern void ssl2_InitSocketCipherSuites(sslSocket *ss); |
1645 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); | 1635 extern void ssl3_InitSocketCipherSuites(sslSocket *ss); |
1646 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); | |
1647 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); | |
1648 | |
1649 extern void ssl2_InitSocketPolicy(sslSocket *ss); | |
1650 extern void ssl3_InitSocketPolicy(sslSocket *ss); | |
1651 | 1636 |
1652 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, | 1637 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
1653 unsigned char *cs, int *size); | 1638 unsigned char *cs, int *size); |
1654 | 1639 |
1655 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); | 1640 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
1656 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, | 1641 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, |
1657 PRUint32 length); | 1642 PRUint32 length); |
1658 | 1643 |
1659 extern void ssl3_DestroySSL3Info(sslSocket *ss); | 1644 extern void ssl3_DestroySSL3Info(sslSocket *ss); |
1660 | 1645 |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1781 | 1766 |
1782 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, | 1767 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, |
1783 unsigned char *out, | 1768 unsigned char *out, |
1784 unsigned int *outLen, | 1769 unsigned int *outLen, |
1785 unsigned int outLenMax); | 1770 unsigned int outLenMax); |
1786 | 1771 |
1787 /* Construct a new NSPR socket for the app to use */ | 1772 /* Construct a new NSPR socket for the app to use */ |
1788 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); | 1773 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); |
1789 extern void ssl_FreePRSocket(PRFileDesc *fd); | 1774 extern void ssl_FreePRSocket(PRFileDesc *fd); |
1790 | 1775 |
1791 /* Internal config function so SSL2 can initialize the present state of | 1776 /* Internal config function so SSL3 can test the present state of various |
1792 * various ciphers */ | 1777 * ciphers */ |
1793 extern int ssl3_config_match_init(sslSocket *); | 1778 extern int ssl3_cipher_suite_available_init(sslSocket *); |
1794 | 1779 |
1795 /* Create a new ref counted key pair object from two keys. */ | 1780 /* Create a new ref counted key pair object from two keys. */ |
1796 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, | 1781 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, |
1797 SECKEYPublicKey * pubKey); | 1782 SECKEYPublicKey * pubKey); |
1798 | 1783 |
1799 /* get a new reference (bump ref count) to an ssl3KeyPair. */ | 1784 /* get a new reference (bump ref count) to an ssl3KeyPair. */ |
1800 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); | 1785 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair); |
1801 | 1786 |
1802 /* Decrement keypair's ref count and free if zero. */ | 1787 /* Decrement keypair's ref count and free if zero. */ |
1803 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); | 1788 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1919 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1904 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1920 #define SSL_GETPID getpid | 1905 #define SSL_GETPID getpid |
1921 #elif defined(WIN32) | 1906 #elif defined(WIN32) |
1922 extern int __cdecl _getpid(void); | 1907 extern int __cdecl _getpid(void); |
1923 #define SSL_GETPID _getpid | 1908 #define SSL_GETPID _getpid |
1924 #else | 1909 #else |
1925 #define SSL_GETPID() 0 | 1910 #define SSL_GETPID() 0 |
1926 #endif | 1911 #endif |
1927 | 1912 |
1928 #endif /* __sslimpl_h_ */ | 1913 #endif /* __sslimpl_h_ */ |
OLD | NEW |