| OLD | NEW |
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
| 10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
| (...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 305 #define ssl_V3_SUITES_IMPLEMENTED 37 | 305 #define ssl_V3_SUITES_IMPLEMENTED 37 |
| 306 #endif /* NSS_ENABLE_ECC */ | 306 #endif /* NSS_ENABLE_ECC */ |
| 307 | 307 |
| 308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
| 309 | 309 |
| 310 typedef struct sslOptionsStr { | 310 typedef struct sslOptionsStr { |
| 311 /* If SSL_SetNextProtoNego has been called, then this contains the | 311 /* If SSL_SetNextProtoNego has been called, then this contains the |
| 312 * list of supported protocols. */ | 312 * list of supported protocols. */ |
| 313 SECItem nextProtoNego; | 313 SECItem nextProtoNego; |
| 314 | 314 |
| 315 unsigned int useSecurity» » : 1; /* 1 */ | 315 unsigned int useSecurity» » : 1; /* 1 */ |
| 316 unsigned int useSocks» » : 1; /* 2 */ | 316 unsigned int useSocks» » : 1; /* 2 */ |
| 317 unsigned int requestCertificate» : 1; /* 3 */ | 317 unsigned int requestCertificate» : 1; /* 3 */ |
| 318 unsigned int requireCertificate» : 2; /* 4-5 */ | 318 unsigned int requireCertificate» : 2; /* 4-5 */ |
| 319 unsigned int handshakeAsClient» : 1; /* 6 */ | 319 unsigned int handshakeAsClient» : 1; /* 6 */ |
| 320 unsigned int handshakeAsServer» : 1; /* 7 */ | 320 unsigned int handshakeAsServer» : 1; /* 7 */ |
| 321 unsigned int enableSSL2» » : 1; /* 8 */ | 321 unsigned int enableSSL2» » : 1; /* 8 */ |
| 322 unsigned int unusedBit9» » : 1; /* 9 */ | 322 unsigned int unusedBit9» » : 1; /* 9 */ |
| 323 unsigned int unusedBit10» » : 1; /* 10 */ | 323 unsigned int unusedBit10» » : 1; /* 10 */ |
| 324 unsigned int noCache» » : 1; /* 11 */ | 324 unsigned int noCache» » : 1; /* 11 */ |
| 325 unsigned int fdx» » » : 1; /* 12 */ | 325 unsigned int fdx» » » : 1; /* 12 */ |
| 326 unsigned int v2CompatibleHello» : 1; /* 13 */ | 326 unsigned int v2CompatibleHello» : 1; /* 13 */ |
| 327 unsigned int detectRollBack » : 1; /* 14 */ | 327 unsigned int detectRollBack » : 1; /* 14 */ |
| 328 unsigned int noStepDown : 1; /* 15 */ | 328 unsigned int noStepDown : 1; /* 15 */ |
| 329 unsigned int bypassPKCS11 : 1; /* 16 */ | 329 unsigned int bypassPKCS11 : 1; /* 16 */ |
| 330 unsigned int noLocks : 1; /* 17 */ | 330 unsigned int noLocks : 1; /* 17 */ |
| 331 unsigned int enableSessionTickets : 1; /* 18 */ | 331 unsigned int enableSessionTickets : 1; /* 18 */ |
| 332 unsigned int enableDeflate : 1; /* 19 */ | 332 unsigned int enableDeflate : 1; /* 19 */ |
| 333 unsigned int enableRenegotiation : 2; /* 20-21 */ | 333 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| 334 unsigned int requireSafeNegotiation : 1; /* 22 */ | 334 unsigned int requireSafeNegotiation : 1; /* 22 */ |
| 335 unsigned int enableFalseStart : 1; /* 23 */ | 335 unsigned int enableFalseStart : 1; /* 23 */ |
| 336 unsigned int cbcRandomIV : 1; /* 24 */ | 336 unsigned int cbcRandomIV : 1; /* 24 */ |
| 337 unsigned int enableOCSPStapling : 1; /* 25 */ | 337 unsigned int enableOCSPStapling» : 1; /* 25 */ |
| 338 unsigned int enableSignedCertTimestamps : 1; /* 26 */ |
| 338 } sslOptions; | 339 } sslOptions; |
| 339 | 340 |
| 340 typedef enum { sslHandshakingUndetermined = 0, | 341 typedef enum { sslHandshakingUndetermined = 0, |
| 341 sslHandshakingAsClient, | 342 sslHandshakingAsClient, |
| 342 sslHandshakingAsServer | 343 sslHandshakingAsServer |
| 343 } sslHandshakingType; | 344 } sslHandshakingType; |
| 344 | 345 |
| 345 typedef struct sslServerCertsStr { | 346 typedef struct sslServerCertsStr { |
| 346 /* Configuration state for server sockets */ | 347 /* Configuration state for server sockets */ |
| 347 CERTCertificate * serverCert; | 348 CERTCertificate * serverCert; |
| (...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 706 NewSessionTicket sessionTicket; | 707 NewSessionTicket sessionTicket; |
| 707 SECItem srvName; | 708 SECItem srvName; |
| 708 | 709 |
| 709 /* originalHandshakeHash contains the hash of the original, full | 710 /* originalHandshakeHash contains the hash of the original, full |
| 710 * handshake prior to the server's final flow. This is either a | 711 * handshake prior to the server's final flow. This is either a |
| 711 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for | 712 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for |
| 712 * TLS 1.2). This is recorded and used only when ChannelID is | 713 * TLS 1.2). This is recorded and used only when ChannelID is |
| 713 * negotiated as it's used to bind the ChannelID signature on the | 714 * negotiated as it's used to bind the ChannelID signature on the |
| 714 * resumption handshake to the original handshake. */ | 715 * resumption handshake to the original handshake. */ |
| 715 SECItem originalHandshakeHash; | 716 SECItem originalHandshakeHash; |
| 717 |
| 718 /* Signed certificate timestamps received in a TLS extension. |
| 719 ** (used only in client). |
| 720 */ |
| 721 SECItem signedCertTimestamps; |
| 716 } ssl3; | 722 } ssl3; |
| 717 } u; | 723 } u; |
| 718 }; | 724 }; |
| 719 | 725 |
| 720 | 726 |
| 721 typedef struct ssl3CipherSuiteDefStr { | 727 typedef struct ssl3CipherSuiteDefStr { |
| 722 ssl3CipherSuite cipher_suite; | 728 ssl3CipherSuite cipher_suite; |
| 723 SSL3BulkCipher bulk_cipher_alg; | 729 SSL3BulkCipher bulk_cipher_alg; |
| 724 SSL3MACAlgorithm mac_alg; | 730 SSL3MACAlgorithm mac_alg; |
| 725 SSL3KeyExchangeAlgorithm key_exchange_alg; | 731 SSL3KeyExchangeAlgorithm key_exchange_alg; |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 797 /* SessionTicket Extension related data. */ | 803 /* SessionTicket Extension related data. */ |
| 798 PRBool ticketTimestampVerified; | 804 PRBool ticketTimestampVerified; |
| 799 PRBool emptySessionTicket; | 805 PRBool emptySessionTicket; |
| 800 | 806 |
| 801 /* SNI Extension related data | 807 /* SNI Extension related data |
| 802 * Names data is not coppied from the input buffer. It can not be | 808 * Names data is not coppied from the input buffer. It can not be |
| 803 * used outside the scope where input buffer is defined and that | 809 * used outside the scope where input buffer is defined and that |
| 804 * is beyond ssl3_HandleClientHello function. */ | 810 * is beyond ssl3_HandleClientHello function. */ |
| 805 SECItem *sniNameArr; | 811 SECItem *sniNameArr; |
| 806 PRUint32 sniNameArrSize; | 812 PRUint32 sniNameArrSize; |
| 813 |
| 814 /* Signed Certificate Timestamps extracted from the TLS extension. |
| 815 * (client only). |
| 816 * This container holds a temporary pointer to the extension data, |
| 817 * until a session structure (the sec.ci.sid of an sslSocket) is setup |
| 818 * that can hold a permanent copy of the data |
| 819 * (in sec.ci.sid.u.ssl3.signedCertTimestamps). |
| 820 * The data pointed to by this structure is neither explicitly allocated |
| 821 * nor copied: the pointer points to the handshake message buffer and is |
| 822 * only valid in the scope of ssl3_HandleServerHello. |
| 823 */ |
| 824 SECItem signedCertTimestamps; |
| 807 }; | 825 }; |
| 808 | 826 |
| 809 typedef SECStatus (*sslRestartTarget)(sslSocket *); | 827 typedef SECStatus (*sslRestartTarget)(sslSocket *); |
| 810 | 828 |
| 811 /* | 829 /* |
| 812 ** A DTLS queued message (potentially to be retransmitted) | 830 ** A DTLS queued message (potentially to be retransmitted) |
| 813 */ | 831 */ |
| 814 typedef struct DTLSQueuedMessageStr { | 832 typedef struct DTLSQueuedMessageStr { |
| 815 PRCList link; /* The linked list link */ | 833 PRCList link; /* The linked list link */ |
| 816 DTLSEpoch epoch; /* The epoch to use */ | 834 DTLSEpoch epoch; /* The epoch to use */ |
| (...skipping 1153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1970 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1988 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
| 1971 #define SSL_GETPID getpid | 1989 #define SSL_GETPID getpid |
| 1972 #elif defined(WIN32) | 1990 #elif defined(WIN32) |
| 1973 extern int __cdecl _getpid(void); | 1991 extern int __cdecl _getpid(void); |
| 1974 #define SSL_GETPID _getpid | 1992 #define SSL_GETPID _getpid |
| 1975 #else | 1993 #else |
| 1976 #define SSL_GETPID() 0 | 1994 #define SSL_GETPID() 0 |
| 1977 #endif | 1995 #endif |
| 1978 | 1996 |
| 1979 #endif /* __sslimpl_h_ */ | 1997 #endif /* __sslimpl_h_ */ |
| OLD | NEW |