OLD | NEW |
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 #define ssl_V3_SUITES_IMPLEMENTED 37 | 305 #define ssl_V3_SUITES_IMPLEMENTED 37 |
306 #endif /* NSS_ENABLE_ECC */ | 306 #endif /* NSS_ENABLE_ECC */ |
307 | 307 |
308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
309 | 309 |
310 typedef struct sslOptionsStr { | 310 typedef struct sslOptionsStr { |
311 /* If SSL_SetNextProtoNego has been called, then this contains the | 311 /* If SSL_SetNextProtoNego has been called, then this contains the |
312 * list of supported protocols. */ | 312 * list of supported protocols. */ |
313 SECItem nextProtoNego; | 313 SECItem nextProtoNego; |
314 | 314 |
315 unsigned int useSecurity» » : 1; /* 1 */ | 315 unsigned int useSecurity» » : 1; /* 1 */ |
316 unsigned int useSocks» » : 1; /* 2 */ | 316 unsigned int useSocks» » : 1; /* 2 */ |
317 unsigned int requestCertificate» : 1; /* 3 */ | 317 unsigned int requestCertificate» : 1; /* 3 */ |
318 unsigned int requireCertificate» : 2; /* 4-5 */ | 318 unsigned int requireCertificate» : 2; /* 4-5 */ |
319 unsigned int handshakeAsClient» : 1; /* 6 */ | 319 unsigned int handshakeAsClient» : 1; /* 6 */ |
320 unsigned int handshakeAsServer» : 1; /* 7 */ | 320 unsigned int handshakeAsServer» : 1; /* 7 */ |
321 unsigned int enableSSL2» » : 1; /* 8 */ | 321 unsigned int enableSSL2» » : 1; /* 8 */ |
322 unsigned int unusedBit9» » : 1; /* 9 */ | 322 unsigned int unusedBit9» » : 1; /* 9 */ |
323 unsigned int unusedBit10» » : 1; /* 10 */ | 323 unsigned int unusedBit10» » : 1; /* 10 */ |
324 unsigned int noCache» » : 1; /* 11 */ | 324 unsigned int noCache» » : 1; /* 11 */ |
325 unsigned int fdx» » » : 1; /* 12 */ | 325 unsigned int fdx» » » : 1; /* 12 */ |
326 unsigned int v2CompatibleHello» : 1; /* 13 */ | 326 unsigned int v2CompatibleHello» : 1; /* 13 */ |
327 unsigned int detectRollBack » : 1; /* 14 */ | 327 unsigned int detectRollBack » : 1; /* 14 */ |
328 unsigned int noStepDown : 1; /* 15 */ | 328 unsigned int noStepDown : 1; /* 15 */ |
329 unsigned int bypassPKCS11 : 1; /* 16 */ | 329 unsigned int bypassPKCS11 : 1; /* 16 */ |
330 unsigned int noLocks : 1; /* 17 */ | 330 unsigned int noLocks : 1; /* 17 */ |
331 unsigned int enableSessionTickets : 1; /* 18 */ | 331 unsigned int enableSessionTickets : 1; /* 18 */ |
332 unsigned int enableDeflate : 1; /* 19 */ | 332 unsigned int enableDeflate : 1; /* 19 */ |
333 unsigned int enableRenegotiation : 2; /* 20-21 */ | 333 unsigned int enableRenegotiation : 2; /* 20-21 */ |
334 unsigned int requireSafeNegotiation : 1; /* 22 */ | 334 unsigned int requireSafeNegotiation : 1; /* 22 */ |
335 unsigned int enableFalseStart : 1; /* 23 */ | 335 unsigned int enableFalseStart : 1; /* 23 */ |
336 unsigned int cbcRandomIV : 1; /* 24 */ | 336 unsigned int cbcRandomIV : 1; /* 24 */ |
337 unsigned int enableOCSPStapling : 1; /* 25 */ | 337 unsigned int enableOCSPStapling» : 1; /* 25 */ |
| 338 unsigned int enableSignedCertTimestamps : 1; /* 26 */ |
338 } sslOptions; | 339 } sslOptions; |
339 | 340 |
340 typedef enum { sslHandshakingUndetermined = 0, | 341 typedef enum { sslHandshakingUndetermined = 0, |
341 sslHandshakingAsClient, | 342 sslHandshakingAsClient, |
342 sslHandshakingAsServer | 343 sslHandshakingAsServer |
343 } sslHandshakingType; | 344 } sslHandshakingType; |
344 | 345 |
345 typedef struct sslServerCertsStr { | 346 typedef struct sslServerCertsStr { |
346 /* Configuration state for server sockets */ | 347 /* Configuration state for server sockets */ |
347 CERTCertificate * serverCert; | 348 CERTCertificate * serverCert; |
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
706 NewSessionTicket sessionTicket; | 707 NewSessionTicket sessionTicket; |
707 SECItem srvName; | 708 SECItem srvName; |
708 | 709 |
709 /* originalHandshakeHash contains the hash of the original, full | 710 /* originalHandshakeHash contains the hash of the original, full |
710 * handshake prior to the server's final flow. This is either a | 711 * handshake prior to the server's final flow. This is either a |
711 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for | 712 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for |
712 * TLS 1.2). This is recorded and used only when ChannelID is | 713 * TLS 1.2). This is recorded and used only when ChannelID is |
713 * negotiated as it's used to bind the ChannelID signature on the | 714 * negotiated as it's used to bind the ChannelID signature on the |
714 * resumption handshake to the original handshake. */ | 715 * resumption handshake to the original handshake. */ |
715 SECItem originalHandshakeHash; | 716 SECItem originalHandshakeHash; |
| 717 |
| 718 /* Signed certificate timestamps received in a TLS extension. |
| 719 ** (used only in client). |
| 720 */ |
| 721 SECItem signedCertTimestamps; |
716 } ssl3; | 722 } ssl3; |
717 } u; | 723 } u; |
718 }; | 724 }; |
719 | 725 |
720 | 726 |
721 typedef struct ssl3CipherSuiteDefStr { | 727 typedef struct ssl3CipherSuiteDefStr { |
722 ssl3CipherSuite cipher_suite; | 728 ssl3CipherSuite cipher_suite; |
723 SSL3BulkCipher bulk_cipher_alg; | 729 SSL3BulkCipher bulk_cipher_alg; |
724 SSL3MACAlgorithm mac_alg; | 730 SSL3MACAlgorithm mac_alg; |
725 SSL3KeyExchangeAlgorithm key_exchange_alg; | 731 SSL3KeyExchangeAlgorithm key_exchange_alg; |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
797 /* SessionTicket Extension related data. */ | 803 /* SessionTicket Extension related data. */ |
798 PRBool ticketTimestampVerified; | 804 PRBool ticketTimestampVerified; |
799 PRBool emptySessionTicket; | 805 PRBool emptySessionTicket; |
800 | 806 |
801 /* SNI Extension related data | 807 /* SNI Extension related data |
802 * Names data is not coppied from the input buffer. It can not be | 808 * Names data is not coppied from the input buffer. It can not be |
803 * used outside the scope where input buffer is defined and that | 809 * used outside the scope where input buffer is defined and that |
804 * is beyond ssl3_HandleClientHello function. */ | 810 * is beyond ssl3_HandleClientHello function. */ |
805 SECItem *sniNameArr; | 811 SECItem *sniNameArr; |
806 PRUint32 sniNameArrSize; | 812 PRUint32 sniNameArrSize; |
| 813 |
| 814 /* Signed Certificate Timestamps extracted from the TLS extension. |
| 815 * (client only). |
| 816 * This container holds a temporary pointer to the extension data, |
| 817 * until a session structure (the sec.ci.sid of an sslSocket) is setup |
| 818 * that can hold a permanent copy of the data |
| 819 * (in sec.ci.sid.u.ssl3.signedCertTimestamps). |
| 820 * The data pointed to by this structure is neither explicitly allocated |
| 821 * nor copied: the pointer points to the handshake message buffer and is |
| 822 * only valid in the scope of ssl3_HandleServerHello. |
| 823 */ |
| 824 SECItem signedCertTimestamps; |
807 }; | 825 }; |
808 | 826 |
809 typedef SECStatus (*sslRestartTarget)(sslSocket *); | 827 typedef SECStatus (*sslRestartTarget)(sslSocket *); |
810 | 828 |
811 /* | 829 /* |
812 ** A DTLS queued message (potentially to be retransmitted) | 830 ** A DTLS queued message (potentially to be retransmitted) |
813 */ | 831 */ |
814 typedef struct DTLSQueuedMessageStr { | 832 typedef struct DTLSQueuedMessageStr { |
815 PRCList link; /* The linked list link */ | 833 PRCList link; /* The linked list link */ |
816 DTLSEpoch epoch; /* The epoch to use */ | 834 DTLSEpoch epoch; /* The epoch to use */ |
(...skipping 1153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1970 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1988 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1971 #define SSL_GETPID getpid | 1989 #define SSL_GETPID getpid |
1972 #elif defined(WIN32) | 1990 #elif defined(WIN32) |
1973 extern int __cdecl _getpid(void); | 1991 extern int __cdecl _getpid(void); |
1974 #define SSL_GETPID _getpid | 1992 #define SSL_GETPID _getpid |
1975 #else | 1993 #else |
1976 #define SSL_GETPID() 0 | 1994 #define SSL_GETPID() 0 |
1977 #endif | 1995 #endif |
1978 | 1996 |
1979 #endif /* __sslimpl_h_ */ | 1997 #endif /* __sslimpl_h_ */ |
OLD | NEW |