LEFT | RIGHT |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * This file is PRIVATE to SSL and should be the first thing included by | 3 * This file is PRIVATE to SSL and should be the first thing included by |
4 * any SSL implementation file. | 4 * any SSL implementation file. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 | 9 |
10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
(...skipping 20 matching lines...) Expand all Loading... |
31 #include "prclist.h" | 31 #include "prclist.h" |
32 | 32 |
33 #include "sslt.h" /* for some formerly private types, now public */ | 33 #include "sslt.h" /* for some formerly private types, now public */ |
34 | 34 |
35 /* to make some of these old enums public without namespace pollution, | 35 /* to make some of these old enums public without namespace pollution, |
36 ** it was necessary to prepend ssl_ to the names. | 36 ** it was necessary to prepend ssl_ to the names. |
37 ** These #defines preserve compatibility with the old code here in libssl. | 37 ** These #defines preserve compatibility with the old code here in libssl. |
38 */ | 38 */ |
39 typedef SSLKEAType SSL3KEAType; | 39 typedef SSLKEAType SSL3KEAType; |
40 typedef SSLMACAlgorithm SSL3MACAlgorithm; | 40 typedef SSLMACAlgorithm SSL3MACAlgorithm; |
41 typedef SSLSignType SSL3SignType; | |
42 | |
43 #define sign_null ssl_sign_null | |
44 #define sign_rsa ssl_sign_rsa | |
45 #define sign_dsa ssl_sign_dsa | |
46 #define sign_ecdsa ssl_sign_ecdsa | |
47 | 41 |
48 #define calg_null ssl_calg_null | 42 #define calg_null ssl_calg_null |
49 #define calg_rc4 ssl_calg_rc4 | 43 #define calg_rc4 ssl_calg_rc4 |
50 #define calg_rc2 ssl_calg_rc2 | 44 #define calg_rc2 ssl_calg_rc2 |
51 #define calg_des ssl_calg_des | 45 #define calg_des ssl_calg_des |
52 #define calg_3des ssl_calg_3des | 46 #define calg_3des ssl_calg_3des |
53 #define calg_idea ssl_calg_idea | 47 #define calg_idea ssl_calg_idea |
54 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ | 48 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
55 #define calg_aes ssl_calg_aes | 49 #define calg_aes ssl_calg_aes |
56 #define calg_camellia ssl_calg_camellia | 50 #define calg_camellia ssl_calg_camellia |
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
332 unsigned int requireSafeNegotiation : 1; /* 22 */ | 326 unsigned int requireSafeNegotiation : 1; /* 22 */ |
333 unsigned int enableFalseStart : 1; /* 23 */ | 327 unsigned int enableFalseStart : 1; /* 23 */ |
334 unsigned int cbcRandomIV : 1; /* 24 */ | 328 unsigned int cbcRandomIV : 1; /* 24 */ |
335 unsigned int enableOCSPStapling : 1; /* 25 */ | 329 unsigned int enableOCSPStapling : 1; /* 25 */ |
336 unsigned int enableNPN : 1; /* 26 */ | 330 unsigned int enableNPN : 1; /* 26 */ |
337 unsigned int enableALPN : 1; /* 27 */ | 331 unsigned int enableALPN : 1; /* 27 */ |
338 unsigned int reuseServerECDHEKey : 1; /* 28 */ | 332 unsigned int reuseServerECDHEKey : 1; /* 28 */ |
339 unsigned int enableFallbackSCSV : 1; /* 29 */ | 333 unsigned int enableFallbackSCSV : 1; /* 29 */ |
340 unsigned int enableServerDhe : 1; /* 30 */ | 334 unsigned int enableServerDhe : 1; /* 30 */ |
341 unsigned int enableExtendedMS : 1; /* 31 */ | 335 unsigned int enableExtendedMS : 1; /* 31 */ |
| 336 unsigned int enableSignedCertTimestamps : 1; /* 32 */ |
342 } sslOptions; | 337 } sslOptions; |
343 | 338 |
344 typedef enum { sslHandshakingUndetermined = 0, | 339 typedef enum { sslHandshakingUndetermined = 0, |
345 sslHandshakingAsClient, | 340 sslHandshakingAsClient, |
346 sslHandshakingAsServer· | 341 sslHandshakingAsServer· |
347 } sslHandshakingType; | 342 } sslHandshakingType; |
348 | 343 |
349 typedef struct sslServerCertsStr { | 344 typedef struct sslServerCertsStr { |
350 /* Configuration state for server sockets */ | 345 /* Configuration state for server sockets */ |
351 CERTCertificate * serverCert; | 346 CERTCertificate * serverCert; |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
492 */ | 487 */ |
493 typedef struct { | 488 typedef struct { |
494 PRUint32 high; | 489 PRUint32 high; |
495 PRUint32 low; | 490 PRUint32 low; |
496 } SSL3SequenceNumber; | 491 } SSL3SequenceNumber; |
497 | 492 |
498 typedef PRUint16 DTLSEpoch; | 493 typedef PRUint16 DTLSEpoch; |
499 | 494 |
500 typedef void (*DTLSTimerCb)(sslSocket *); | 495 typedef void (*DTLSTimerCb)(sslSocket *); |
501 | 496 |
502 #define MAX_MAC_CONTEXT_BYTES 400 /* 400 is large enough for MD5, SHA-1, and | 497 /* 400 is large enough for MD5, SHA-1, and SHA-256. |
503 * SHA-256. For SHA-384 support, increase | 498 * For SHA-384 support, increase it to 712. */ |
504 * it to 712. */ | 499 #define MAX_MAC_CONTEXT_BYTES 400 |
505 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) | 500 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) |
506 | 501 |
507 #define MAX_CIPHER_CONTEXT_BYTES 2080 | 502 #define MAX_CIPHER_CONTEXT_BYTES 2080 |
508 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) | 503 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) |
509 | 504 |
510 typedef struct { | 505 typedef struct { |
511 SSL3Opaque wrapped_master_secret[48]; | 506 SSL3Opaque wrapped_master_secret[48]; |
512 PRUint16 wrapped_master_secret_len; | 507 PRUint16 wrapped_master_secret_len; |
513 PRUint8 msIsWrapped; | 508 PRUint8 msIsWrapped; |
514 PRUint8 resumable; | 509 PRUint8 resumable; |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
696 */ | 691 */ |
697 SECMODModuleID clAuthModuleID; | 692 SECMODModuleID clAuthModuleID; |
698 CK_SLOT_ID clAuthSlotID; | 693 CK_SLOT_ID clAuthSlotID; |
699 PRUint16 clAuthSeries; | 694 PRUint16 clAuthSeries; |
700 | 695 |
701 char masterValid; | 696 char masterValid; |
702 char clAuthValid; | 697 char clAuthValid; |
703 | 698 |
704 SECItem srvName; | 699 SECItem srvName; |
705 | 700 |
| 701 /* Signed certificate timestamps received in a TLS extension. |
| 702 ** (used only in client). |
| 703 */ |
| 704 SECItem signedCertTimestamps; |
| 705 |
706 /* This lock is lazily initialized by CacheSID when a sid is first | 706 /* This lock is lazily initialized by CacheSID when a sid is first |
707 * cached. Before then, there is no need to lock anything because | 707 * cached. Before then, there is no need to lock anything because |
708 * the sid isn't being shared by anything. | 708 * the sid isn't being shared by anything. |
709 */ | 709 */ |
710 PRRWLock *lock; | 710 PRRWLock *lock; |
711 | 711 |
712 /* The lock must be held while reading or writing these members | 712 /* The lock must be held while reading or writing these members |
713 * because they change while the sid is cached. | 713 * because they change while the sid is cached. |
714 */ | 714 */ |
715 struct { | 715 struct { |
(...skipping 14 matching lines...) Expand all Loading... |
730 SSL3MACAlgorithm mac_alg; | 730 SSL3MACAlgorithm mac_alg; |
731 SSL3KeyExchangeAlgorithm key_exchange_alg; | 731 SSL3KeyExchangeAlgorithm key_exchange_alg; |
732 } ssl3CipherSuiteDef; | 732 } ssl3CipherSuiteDef; |
733 | 733 |
734 /* | 734 /* |
735 ** There are tables of these, all const. | 735 ** There are tables of these, all const. |
736 */ | 736 */ |
737 typedef struct { | 737 typedef struct { |
738 SSL3KeyExchangeAlgorithm kea; | 738 SSL3KeyExchangeAlgorithm kea; |
739 SSL3KEAType exchKeyType; | 739 SSL3KEAType exchKeyType; |
740 SSL3SignType signKeyType; | 740 SSLSignType signKeyType; |
741 /* For export cipher suites: | 741 /* For export cipher suites: |
742 * is_limited identifies a suite as having a limit on the key size. | 742 * is_limited identifies a suite as having a limit on the key size. |
743 * key_size_limit provides the corresponding limit. */ | 743 * key_size_limit provides the corresponding limit. */ |
744 PRBool is_limited; | 744 PRBool is_limited; |
745 unsigned int key_size_limit; | 745 unsigned int key_size_limit; |
746 PRBool tls_keygen; | 746 PRBool tls_keygen; |
747 /* True if the key exchange for the suite is ephemeral. Or to be more | 747 /* True if the key exchange for the suite is ephemeral. Or to be more |
748 * precise: true if the ServerKeyExchange message is always required. */ | 748 * precise: true if the ServerKeyExchange message is always required. */ |
749 PRBool ephemeral; | 749 PRBool ephemeral; |
| 750 /* An OID describing the key exchange */ |
| 751 SECOidTag oid; |
750 } ssl3KEADef; | 752 } ssl3KEADef; |
751 | 753 |
752 /* | 754 /* |
753 ** There are tables of these, all const. | 755 ** There are tables of these, all const. |
754 */ | 756 */ |
755 struct ssl3BulkCipherDefStr { | 757 struct ssl3BulkCipherDefStr { |
756 SSL3BulkCipher cipher; | 758 SSL3BulkCipher cipher; |
757 SSLCipherAlgorithm calg; | 759 SSLCipherAlgorithm calg; |
758 int key_size; | 760 int key_size; |
759 int secret_key_size; | 761 int secret_key_size; |
760 CipherType type; | 762 CipherType type; |
761 int iv_size; | 763 int iv_size; |
762 int block_size; | 764 int block_size; |
763 int tag_size; /* authentication tag size for AEAD ciphers. */ | 765 int tag_size; /* authentication tag size for AEAD ciphers. */ |
764 int explicit_nonce_size; /* for AEAD ciphers. */ | 766 int explicit_nonce_size; /* for AEAD ciphers. */ |
| 767 SECOidTag oid; |
765 }; | 768 }; |
766 | 769 |
767 /* | 770 /* |
768 ** There are tables of these, all const. | 771 ** There are tables of these, all const. |
769 */ | 772 */ |
770 struct ssl3MACDefStr { | 773 struct ssl3MACDefStr { |
771 SSL3MACAlgorithm mac; | 774 SSL3MACAlgorithm mac; |
772 CK_MECHANISM_TYPE mmech; | 775 CK_MECHANISM_TYPE mmech; |
773 int pad_size; | 776 int pad_size; |
774 int mac_size; | 777 int mac_size; |
| 778 SECOidTag oid; |
775 }; | 779 }; |
776 | 780 |
777 typedef enum { | 781 typedef enum { |
778 wait_client_hello,· | 782 wait_client_hello,· |
779 wait_client_cert,· | 783 wait_client_cert,· |
780 wait_client_key, | 784 wait_client_key, |
781 wait_cert_verify,· | 785 wait_cert_verify,· |
782 wait_change_cipher,· | 786 wait_change_cipher,· |
783 wait_finished, | 787 wait_finished, |
784 wait_server_hello,· | 788 wait_server_hello,· |
(...skipping 25 matching lines...) Expand all Loading... |
810 PRBool ticketTimestampVerified; | 814 PRBool ticketTimestampVerified; |
811 PRBool emptySessionTicket; | 815 PRBool emptySessionTicket; |
812 PRBool sentSessionTicketInClientHello; | 816 PRBool sentSessionTicketInClientHello; |
813 | 817 |
814 /* SNI Extension related data | 818 /* SNI Extension related data |
815 * Names data is not coppied from the input buffer. It can not be | 819 * Names data is not coppied from the input buffer. It can not be |
816 * used outside the scope where input buffer is defined and that | 820 * used outside the scope where input buffer is defined and that |
817 * is beyond ssl3_HandleClientHello function. */ | 821 * is beyond ssl3_HandleClientHello function. */ |
818 SECItem *sniNameArr; | 822 SECItem *sniNameArr; |
819 PRUint32 sniNameArrSize; | 823 PRUint32 sniNameArrSize; |
| 824 |
| 825 /* Signed Certificate Timestamps extracted from the TLS extension. |
| 826 * (client only). |
| 827 * This container holds a temporary pointer to the extension data, |
| 828 * until a session structure (the sec.ci.sid of an sslSocket) is setup |
| 829 * that can hold a permanent copy of the data |
| 830 * (in sec.ci.sid.u.ssl3.signedCertTimestamps). |
| 831 * The data pointed to by this structure is neither explicitly allocated |
| 832 * nor copied: the pointer points to the handshake message buffer and is |
| 833 * only valid in the scope of ssl3_HandleServerHello. |
| 834 */ |
| 835 SECItem signedCertTimestamps; |
820 }; | 836 }; |
821 | 837 |
822 typedef SECStatus (*sslRestartTarget)(sslSocket *); | 838 typedef SECStatus (*sslRestartTarget)(sslSocket *); |
823 | 839 |
824 /* | 840 /* |
825 ** A DTLS queued message (potentially to be retransmitted) | 841 ** A DTLS queued message (potentially to be retransmitted) |
826 */ | 842 */ |
827 typedef struct DTLSQueuedMessageStr { | 843 typedef struct DTLSQueuedMessageStr { |
828 PRCList link; /* The linked list link */ | 844 PRCList link; /* The linked list link */ |
829 DTLSEpoch epoch; /* The epoch to use */ | 845 DTLSEpoch epoch; /* The epoch to use */ |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1006 PRUint16 numDHEGroups; /* used by server */ | 1022 PRUint16 numDHEGroups; /* used by server */ |
1007 SSLDHEGroupType * dheGroups; /* used by server */ | 1023 SSLDHEGroupType * dheGroups; /* used by server */ |
1008 PRBool dheWeakGroupEnabled; /* used by server */ | 1024 PRBool dheWeakGroupEnabled; /* used by server */ |
1009 | 1025 |
1010 /* TLS 1.2 introduces separate signature algorithm negotiation. | 1026 /* TLS 1.2 introduces separate signature algorithm negotiation. |
1011 * This is our preference order. */ | 1027 * This is our preference order. */ |
1012 SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; | 1028 SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; |
1013 unsigned int signatureAlgorithmCount; | 1029 unsigned int signatureAlgorithmCount; |
1014 }; | 1030 }; |
1015 | 1031 |
1016 #define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the | 1032 /* Ethernet MTU but without subtracting the headers, |
1017 » » » » * headers, so slightly larger than expected */ | 1033 * so slightly larger than expected */ |
| 1034 #define DTLS_MAX_MTU 1500U |
1018 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) | 1035 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) |
1019 | 1036 |
1020 typedef struct { | 1037 typedef struct { |
1021 SSL3ContentType type; | 1038 SSL3ContentType type; |
1022 SSL3ProtocolVersion version; | 1039 SSL3ProtocolVersion version; |
1023 SSL3SequenceNumber seq_num; /* DTLS only */ | 1040 SSL3SequenceNumber seq_num; /* DTLS only */ |
1024 sslBuffer * buf; | 1041 sslBuffer * buf; |
1025 } SSL3Ciphertext; | 1042 } SSL3Ciphertext; |
1026 | 1043 |
1027 struct ssl3KeyPairStr { | 1044 struct ssl3KeyPairStr { |
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1309 sslGather gs; /*recvBufLock*/ | 1326 sslGather gs; /*recvBufLock*/ |
1310 | 1327 |
1311 sslBuffer saveBuf; /*xmitBufLock*/ | 1328 sslBuffer saveBuf; /*xmitBufLock*/ |
1312 sslBuffer pendingBuf; /*xmitBufLock*/ | 1329 sslBuffer pendingBuf; /*xmitBufLock*/ |
1313 | 1330 |
1314 /* Configuration state for server sockets */ | 1331 /* Configuration state for server sockets */ |
1315 /* server cert and key for each KEA type */ | 1332 /* server cert and key for each KEA type */ |
1316 sslServerCerts serverCerts[kt_kea_size]; | 1333 sslServerCerts serverCerts[kt_kea_size]; |
1317 /* each cert needs its own status */ | 1334 /* each cert needs its own status */ |
1318 SECItemArray * certStatusArray[kt_kea_size]; | 1335 SECItemArray * certStatusArray[kt_kea_size]; |
| 1336 /* Serialized signed certificate timestamps to be sent to the client |
| 1337 ** in a TLS extension (server only). Each certificate needs its own |
| 1338 ** timestamps item. |
| 1339 */ |
| 1340 SECItem signedCertTimestamps[kt_kea_size]; |
1319 | 1341 |
1320 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; | 1342 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; |
1321 ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ | 1343 ssl3KeyPair * ephemeralECDHKeyPair; /* for ECDHE-* handshake */ |
1322 | 1344 |
1323 /* SSL3 state info. Formerly was a pointer */ | 1345 /* SSL3 state info. Formerly was a pointer */ |
1324 ssl3State ssl3; | 1346 ssl3State ssl3; |
1325 | 1347 |
1326 /* | 1348 /* |
1327 * TLS extension related data. | 1349 * TLS extension related data. |
1328 */ | 1350 */ |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1455 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); | 1477 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
1456 | 1478 |
1457 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); | 1479 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
1458 | 1480 |
1459 extern void ssl3_SetAlwaysBlock(sslSocket *ss); | 1481 extern void ssl3_SetAlwaysBlock(sslSocket *ss); |
1460 | 1482 |
1461 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 1483 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
1462 | 1484 |
1463 extern void ssl_FinishHandshake(sslSocket *ss); | 1485 extern void ssl_FinishHandshake(sslSocket *ss); |
1464 | 1486 |
| 1487 extern SECStatus ssl_CipherPolicySet(PRInt32 which, PRInt32 policy); |
| 1488 |
| 1489 extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled); |
| 1490 |
| 1491 extern SECStatus ssl3_ConstrainRangeByPolicy(void); |
| 1492 |
| 1493 |
1465 /* Returns PR_TRUE if we are still waiting for the server to respond to our | 1494 /* Returns PR_TRUE if we are still waiting for the server to respond to our |
1466 * client second round. Once we've received any part of the server's second | 1495 * client second round. Once we've received any part of the server's second |
1467 * round then we don't bother trying to false start since it is almost always | 1496 * round then we don't bother trying to false start since it is almost always |
1468 * the case that the NewSessionTicket, ChangeCipherSoec, and Finished messages | 1497 * the case that the NewSessionTicket, ChangeCipherSoec, and Finished messages |
1469 * were sent in the same packet and we want to process them all at the same | 1498 * were sent in the same packet and we want to process them all at the same |
1470 * time. If we were to try to false start in the middle of the server's second | 1499 * time. If we were to try to false start in the middle of the server's second |
1471 * round, then we would increase the number of I/O operations | 1500 * round, then we would increase the number of I/O operations |
1472 * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake. | 1501 * (SSL_ForceHandshake/PR_Recv/PR_Send/etc.) needed to finish the handshake. |
1473 */ | 1502 */ |
1474 extern PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss); | 1503 extern PRBool ssl3_WaitingForStartOfServerSecondRound(sslSocket *ss); |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1643 | 1672 |
1644 #ifndef NSS_DISABLE_ECC | 1673 #ifndef NSS_DISABLE_ECC |
1645 extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); | 1674 extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); |
1646 extern PRBool ssl3_IsECCEnabled(sslSocket *ss); | 1675 extern PRBool ssl3_IsECCEnabled(sslSocket *ss); |
1647 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,· | 1676 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,· |
1648 const ssl3CipherSuite * suite); | 1677 const ssl3CipherSuite * suite); |
1649 extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); | 1678 extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss); |
1650 | 1679 |
1651 | 1680 |
1652 /* Macro for finding a curve equivalent in strength to RSA key's */ | 1681 /* Macro for finding a curve equivalent in strength to RSA key's */ |
| 1682 /* clang-format off */ |
1653 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ | 1683 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ |
1654 ((s <= 1024) ? 160 \ | 1684 ((s <= 1024) ? 160 \ |
1655 : ((s <= 2048) ? 224 \ | 1685 : ((s <= 2048) ? 224 \ |
1656 : ((s <= 3072) ? 256 \ | 1686 : ((s <= 3072) ? 256 \ |
1657 : ((s <= 7168) ? 384 : 521 ) ) ) ) | 1687 : ((s <= 7168) ? 384 : 521 ) ) ) ) |
| 1688 /* clang-format on */ |
1658 | 1689 |
1659 /* Types and names of elliptic curves used in TLS */ | 1690 /* Types and names of elliptic curves used in TLS */ |
1660 typedef enum { ec_type_explicitPrime = 1, | 1691 typedef enum { ec_type_explicitPrime = 1, |
1661 ec_type_explicitChar2Curve = 2, | 1692 ec_type_explicitChar2Curve = 2, |
1662 ec_type_named | 1693 ec_type_named |
1663 } ECType; | 1694 } ECType; |
1664 | 1695 |
1665 typedef enum { ec_noName = 0, | 1696 typedef enum { ec_noName = 0, |
1666 ec_sect163k1 = 1,· | 1697 ec_sect163k1 = 1,· |
1667 ec_sect163r1 = 2,· | 1698 ec_sect163r1 = 2,· |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1941 extern int ssl_MapLowLevelError(int hiLevelError); | 1972 extern int ssl_MapLowLevelError(int hiLevelError); |
1942 | 1973 |
1943 extern PRUint32 ssl_Time(void); | 1974 extern PRUint32 ssl_Time(void); |
1944 | 1975 |
1945 extern void SSL_AtomicIncrementLong(long * x); | 1976 extern void SSL_AtomicIncrementLong(long * x); |
1946 | 1977 |
1947 SECStatus SSL_DisableDefaultExportCipherSuites(void); | 1978 SECStatus SSL_DisableDefaultExportCipherSuites(void); |
1948 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | 1979 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); |
1949 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | 1980 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
1950 | 1981 |
| 1982 SECStatus ssl3_ApplyNSSPolicy(void); |
| 1983 |
1951 extern SECStatus | 1984 extern SECStatus |
1952 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, | 1985 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, |
1953 const char *label, unsigned int labelLen, | 1986 const char *label, unsigned int labelLen, |
1954 const unsigned char *val, unsigned int valLen, | 1987 const unsigned char *val, unsigned int valLen, |
1955 unsigned char *out, unsigned int outLen); | 1988 unsigned char *out, unsigned int outLen); |
1956 extern SECOidTag | 1989 extern SECOidTag |
1957 ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); | 1990 ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); |
1958 | 1991 |
1959 #ifdef TRACE | 1992 #ifdef TRACE |
1960 #define SSL_TRACE(msg) ssl_Trace msg | 1993 #define SSL_TRACE(msg) ssl_Trace msg |
1961 #else | 1994 #else |
1962 #define SSL_TRACE(msg) | 1995 #define SSL_TRACE(msg) |
1963 #endif | 1996 #endif |
1964 | 1997 |
1965 void ssl_Trace(const char *format, ...); | 1998 void ssl_Trace(const char *format, ...); |
1966 | 1999 |
1967 SEC_END_PROTOS | 2000 SEC_END_PROTOS |
1968 | 2001 |
1969 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 2002 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1970 #define SSL_GETPID getpid | 2003 #define SSL_GETPID getpid |
1971 #elif defined(WIN32) | 2004 #elif defined(WIN32) |
1972 extern int __cdecl _getpid(void); | 2005 extern int __cdecl _getpid(void); |
1973 #define SSL_GETPID _getpid | 2006 #define SSL_GETPID _getpid |
1974 #else | 2007 #else |
1975 #define SSL_GETPID() 0 | 2008 #define SSL_GETPID() 0 |
1976 #endif | 2009 #endif |
1977 | 2010 |
1978 #endif /* __sslimpl_h_ */ | 2011 #endif /* __sslimpl_h_ */ |
LEFT | RIGHT |