Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslimpl.h

Issue 64553002: Certificate Transparency TLS extension patch for NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: more review comments Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/third_party/nss/ssl/ssl3ext.c ('K') | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslnonce.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file is PRIVATE to SSL and should be the first thing included by 2 * This file is PRIVATE to SSL and should be the first thing included by
3 * any SSL implementation file. 3 * any SSL implementation file.
4 * 4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public 5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 8
9 #ifndef __sslimpl_h_ 9 #ifndef __sslimpl_h_
10 #define __sslimpl_h_ 10 #define __sslimpl_h_
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after
305 #define ssl_V3_SUITES_IMPLEMENTED 37 305 #define ssl_V3_SUITES_IMPLEMENTED 37
306 #endif /* NSS_ENABLE_ECC */ 306 #endif /* NSS_ENABLE_ECC */
307 307
308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 308 #define MAX_DTLS_SRTP_CIPHER_SUITES 4
309 309
310 typedef struct sslOptionsStr { 310 typedef struct sslOptionsStr {
311 /* If SSL_SetNextProtoNego has been called, then this contains the 311 /* If SSL_SetNextProtoNego has been called, then this contains the
312 * list of supported protocols. */ 312 * list of supported protocols. */
313 SECItem nextProtoNego; 313 SECItem nextProtoNego;
314 314
315 unsigned int useSecurity» » : 1; /* 1 */ 315 unsigned int useSecurity» » : 1; /* 1 */
316 unsigned int useSocks» » : 1; /* 2 */ 316 unsigned int useSocks» » : 1; /* 2 */
317 unsigned int requestCertificate» : 1; /* 3 */ 317 unsigned int requestCertificate» : 1; /* 3 */
318 unsigned int requireCertificate» : 2; /* 4-5 */ 318 unsigned int requireCertificate» : 2; /* 4-5 */
319 unsigned int handshakeAsClient» : 1; /* 6 */ 319 unsigned int handshakeAsClient» : 1; /* 6 */
320 unsigned int handshakeAsServer» : 1; /* 7 */ 320 unsigned int handshakeAsServer» : 1; /* 7 */
321 unsigned int enableSSL2» » : 1; /* 8 */ 321 unsigned int enableSSL2» » : 1; /* 8 */
322 unsigned int unusedBit9» » : 1; /* 9 */ 322 unsigned int unusedBit9» » : 1; /* 9 */
323 unsigned int unusedBit10» » : 1; /* 10 */ 323 unsigned int unusedBit10» » : 1; /* 10 */
324 unsigned int noCache» » : 1; /* 11 */ 324 unsigned int noCache» » : 1; /* 11 */
325 unsigned int fdx» » » : 1; /* 12 */ 325 unsigned int fdx» » » : 1; /* 12 */
326 unsigned int v2CompatibleHello» : 1; /* 13 */ 326 unsigned int v2CompatibleHello» : 1; /* 13 */
327 unsigned int detectRollBack » : 1; /* 14 */ 327 unsigned int detectRollBack » : 1; /* 14 */
328 unsigned int noStepDown : 1; /* 15 */ 328 unsigned int noStepDown : 1; /* 15 */
329 unsigned int bypassPKCS11 : 1; /* 16 */ 329 unsigned int bypassPKCS11 : 1; /* 16 */
330 unsigned int noLocks : 1; /* 17 */ 330 unsigned int noLocks : 1; /* 17 */
331 unsigned int enableSessionTickets : 1; /* 18 */ 331 unsigned int enableSessionTickets : 1; /* 18 */
332 unsigned int enableDeflate : 1; /* 19 */ 332 unsigned int enableDeflate : 1; /* 19 */
333 unsigned int enableRenegotiation : 2; /* 20-21 */ 333 unsigned int enableRenegotiation : 2; /* 20-21 */
334 unsigned int requireSafeNegotiation : 1; /* 22 */ 334 unsigned int requireSafeNegotiation : 1; /* 22 */
335 unsigned int enableFalseStart : 1; /* 23 */ 335 unsigned int enableFalseStart : 1; /* 23 */
336 unsigned int cbcRandomIV : 1; /* 24 */ 336 unsigned int cbcRandomIV : 1; /* 24 */
337 unsigned int enableOCSPStapling : 1; /* 25 */ 337 unsigned int enableOCSPStapling» : 1; /* 25 */
338 unsigned int enableSignedCertTimestamps : 1; /* 26 */
338 } sslOptions; 339 } sslOptions;
339 340
340 typedef enum { sslHandshakingUndetermined = 0, 341 typedef enum { sslHandshakingUndetermined = 0,
341 sslHandshakingAsClient, 342 sslHandshakingAsClient,
342 sslHandshakingAsServer 343 sslHandshakingAsServer
343 } sslHandshakingType; 344 } sslHandshakingType;
344 345
345 typedef struct sslServerCertsStr { 346 typedef struct sslServerCertsStr {
346 /* Configuration state for server sockets */ 347 /* Configuration state for server sockets */
347 CERTCertificate * serverCert; 348 CERTCertificate * serverCert;
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after
706 NewSessionTicket sessionTicket; 707 NewSessionTicket sessionTicket;
707 SECItem srvName; 708 SECItem srvName;
708 709
709 /* originalHandshakeHash contains the hash of the original, full 710 /* originalHandshakeHash contains the hash of the original, full
710 * handshake prior to the server's final flow. This is either a 711 * handshake prior to the server's final flow. This is either a
711 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for 712 * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
712 * TLS 1.2). This is recorded and used only when ChannelID is 713 * TLS 1.2). This is recorded and used only when ChannelID is
713 * negotiated as it's used to bind the ChannelID signature on the 714 * negotiated as it's used to bind the ChannelID signature on the
714 * resumption handshake to the original handshake. */ 715 * resumption handshake to the original handshake. */
715 SECItem originalHandshakeHash; 716 SECItem originalHandshakeHash;
717
718 /* Signed certificate timestamps received in a TLS extension.
719 ** (used only in client).
720 */
721 SECItem signedCertTimestamps;
716 } ssl3; 722 } ssl3;
717 } u; 723 } u;
718 }; 724 };
719 725
720 726
721 typedef struct ssl3CipherSuiteDefStr { 727 typedef struct ssl3CipherSuiteDefStr {
722 ssl3CipherSuite cipher_suite; 728 ssl3CipherSuite cipher_suite;
723 SSL3BulkCipher bulk_cipher_alg; 729 SSL3BulkCipher bulk_cipher_alg;
724 SSL3MACAlgorithm mac_alg; 730 SSL3MACAlgorithm mac_alg;
725 SSL3KeyExchangeAlgorithm key_exchange_alg; 731 SSL3KeyExchangeAlgorithm key_exchange_alg;
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
797 /* SessionTicket Extension related data. */ 803 /* SessionTicket Extension related data. */
798 PRBool ticketTimestampVerified; 804 PRBool ticketTimestampVerified;
799 PRBool emptySessionTicket; 805 PRBool emptySessionTicket;
800 806
801 /* SNI Extension related data 807 /* SNI Extension related data
802 * Names data is not coppied from the input buffer. It can not be 808 * Names data is not coppied from the input buffer. It can not be
803 * used outside the scope where input buffer is defined and that 809 * used outside the scope where input buffer is defined and that
804 * is beyond ssl3_HandleClientHello function. */ 810 * is beyond ssl3_HandleClientHello function. */
805 SECItem *sniNameArr; 811 SECItem *sniNameArr;
806 PRUint32 sniNameArrSize; 812 PRUint32 sniNameArrSize;
813
814 /* Signed Certificate Timestamps extracted from the TLS extension.
815 * (client only).
816 * This container holds a temporary pointer to the extension data,
817 * until a session structure (the sec.ci.sid of an sslSocket) is setup
818 * that can hold a permanent copy of the data
819 * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
820 * The data pointed to by this structure is neither explicitly allocated
821 * nor copied: the pointer points to the handshake message buffer and is
822 * only valid in the scope of ssl3_HandleServerHello.
823 */
824 SECItem signedCertTimestamps;
807 }; 825 };
808 826
809 typedef SECStatus (*sslRestartTarget)(sslSocket *); 827 typedef SECStatus (*sslRestartTarget)(sslSocket *);
810 828
811 /* 829 /*
812 ** A DTLS queued message (potentially to be retransmitted) 830 ** A DTLS queued message (potentially to be retransmitted)
813 */ 831 */
814 typedef struct DTLSQueuedMessageStr { 832 typedef struct DTLSQueuedMessageStr {
815 PRCList link; /* The linked list link */ 833 PRCList link; /* The linked list link */
816 DTLSEpoch epoch; /* The epoch to use */ 834 DTLSEpoch epoch; /* The epoch to use */
(...skipping 1153 matching lines...) Expand 10 before | Expand all | Expand 10 after
1970 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) 1988 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
1971 #define SSL_GETPID getpid 1989 #define SSL_GETPID getpid
1972 #elif defined(WIN32) 1990 #elif defined(WIN32)
1973 extern int __cdecl _getpid(void); 1991 extern int __cdecl _getpid(void);
1974 #define SSL_GETPID _getpid 1992 #define SSL_GETPID _getpid
1975 #else 1993 #else
1976 #define SSL_GETPID() 0 1994 #define SSL_GETPID() 0
1977 #endif 1995 #endif
1978 1996
1979 #endif /* __sslimpl_h_ */ 1997 #endif /* __sslimpl_h_ */
OLDNEW
« net/third_party/nss/ssl/ssl3ext.c ('K') | « net/third_party/nss/ssl/ssl3ext.c ('k') | net/third_party/nss/ssl/sslnonce.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698