Left: | ||
Right: |
OLD | NEW |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * This file is PRIVATE to SSL and should be the first thing included by | 3 * This file is PRIVATE to SSL and should be the first thing included by |
4 * any SSL implementation file. | 4 * any SSL implementation file. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 | 9 |
10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
168 SSLNamedGroup name; | 168 SSLNamedGroup name; |
169 /* The number of bits in the group. */ | 169 /* The number of bits in the group. */ |
170 unsigned int bits; | 170 unsigned int bits; |
171 /* Whether the group is Elliptic or Finite-Field. */ | 171 /* Whether the group is Elliptic or Finite-Field. */ |
172 NamedGroupType type; | 172 NamedGroupType type; |
173 /* The OID that identifies the group to PKCS11. This also determines | 173 /* The OID that identifies the group to PKCS11. This also determines |
174 * whether the group is enabled in policy. */ | 174 * whether the group is enabled in policy. */ |
175 SECOidTag oidTag; | 175 SECOidTag oidTag; |
176 /* Non-suite-B groups are enabled by patching NSS. Yuck. */ | 176 /* Non-suite-B groups are enabled by patching NSS. Yuck. */ |
177 PRBool suiteb; | 177 PRBool suiteb; |
178 /* Defines whether the group is enabled or not */ | |
179 PRBool enabled; | |
178 } namedGroupDef; | 180 } namedGroupDef; |
179 | 181 |
180 typedef struct sslBufferStr sslBuffer; | 182 typedef struct sslBufferStr sslBuffer; |
181 typedef struct sslConnectInfoStr sslConnectInfo; | 183 typedef struct sslConnectInfoStr sslConnectInfo; |
182 typedef struct sslGatherStr sslGather; | 184 typedef struct sslGatherStr sslGather; |
183 typedef struct sslSecurityInfoStr sslSecurityInfo; | 185 typedef struct sslSecurityInfoStr sslSecurityInfo; |
184 typedef struct sslSessionIDStr sslSessionID; | 186 typedef struct sslSessionIDStr sslSessionID; |
185 typedef struct sslSocketStr sslSocket; | 187 typedef struct sslSocketStr sslSocket; |
186 typedef struct sslSocketOpsStr sslSocketOps; | 188 typedef struct sslSocketOpsStr sslSocketOps; |
187 | 189 |
(...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
600 | 602 |
601 SSL3ProtocolVersion version; | 603 SSL3ProtocolVersion version; |
602 | 604 |
603 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ | 605 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
604 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ | 606 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
605 | 607 |
606 SSLAuthType authType; | 608 SSLAuthType authType; |
607 PRUint32 authKeyBits; | 609 PRUint32 authKeyBits; |
608 SSLKEAType keaType; | 610 SSLKEAType keaType; |
609 PRUint32 keaKeyBits; | 611 PRUint32 keaKeyBits; |
610 PRUint32 namedGroups; | 612 namedGroupDef namedGroupPreferences[30]; |
613 PRUint32 namedGroupPreferenceCount; | |
611 | 614 |
612 union { | 615 union { |
613 struct { | 616 struct { |
614 /* values that are copied into the server's on-disk SID cache. */ | 617 /* values that are copied into the server's on-disk SID cache. */ |
615 PRUint8 sessionIDLength; | 618 PRUint8 sessionIDLength; |
616 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; | 619 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
617 | 620 |
618 ssl3CipherSuite cipherSuite; | 621 ssl3CipherSuite cipherSuite; |
619 SSLCompressionMethod compression; | 622 SSLCompressionMethod compression; |
620 int policy; | 623 int policy; |
(...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1073 } SSL3Ciphertext; | 1076 } SSL3Ciphertext; |
1074 | 1077 |
1075 struct sslKeyPairStr { | 1078 struct sslKeyPairStr { |
1076 SECKEYPrivateKey *privKey; | 1079 SECKEYPrivateKey *privKey; |
1077 SECKEYPublicKey *pubKey; | 1080 SECKEYPublicKey *pubKey; |
1078 PRInt32 refCount; /* use PR_Atomic calls for this. */ | 1081 PRInt32 refCount; /* use PR_Atomic calls for this. */ |
1079 }; | 1082 }; |
1080 | 1083 |
1081 typedef struct { | 1084 typedef struct { |
1082 PRCList link; | 1085 PRCList link; |
1083 const namedGroupDef *group; | 1086 namedGroupDef *group; |
1084 sslKeyPair *keys; | 1087 sslKeyPair *keys; |
1085 } sslEphemeralKeyPair; | 1088 } sslEphemeralKeyPair; |
1086 | 1089 |
1087 struct ssl3DHParamsStr { | 1090 struct ssl3DHParamsStr { |
1088 SSLNamedGroup name; | 1091 SSLNamedGroup name; |
1089 SECItem prime; /* p */ | 1092 SECItem prime; /* p */ |
1090 SECItem base; /* g */ | 1093 SECItem base; /* g */ |
1091 }; | 1094 }; |
1092 | 1095 |
1093 typedef struct SSLWrappedSymWrappingKeyStr { | 1096 typedef struct SSLWrappedSymWrappingKeyStr { |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1295 sslGather gs; /*recvBufLock*/ | 1298 sslGather gs; /*recvBufLock*/ |
1296 | 1299 |
1297 sslBuffer saveBuf; /*xmitBufLock*/ | 1300 sslBuffer saveBuf; /*xmitBufLock*/ |
1298 sslBuffer pendingBuf; /*xmitBufLock*/ | 1301 sslBuffer pendingBuf; /*xmitBufLock*/ |
1299 | 1302 |
1300 /* Configuration state for server sockets */ | 1303 /* Configuration state for server sockets */ |
1301 /* One server cert and key for each authentication type. */ | 1304 /* One server cert and key for each authentication type. */ |
1302 PRCList /* <sslServerCert> */ serverCerts; | 1305 PRCList /* <sslServerCert> */ serverCerts; |
1303 | 1306 |
1304 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; | 1307 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; |
1305 /* This bit mask determines what EC and FFDHE groups are enabled. This | 1308 |
1309 /* Pointer to a list of groups that are sorted according to user preferences . | |
1310 * This points to ssl_named_groups by default. | |
1311 * This list also determines which groups are enabled. This | |
1306 * starts with all being enabled and can be modified either by negotiation | 1312 * starts with all being enabled and can be modified either by negotiation |
1307 * (in which case groups not supported by a peer are masked off), or by | 1313 * (in which case groups not supported by a peer are masked off), or by |
1308 * calling SSL_DHEGroupPrefSet(), which will alter the mask for FFDHE. */ | 1314 * calling SSL_DHEGroupPrefSet(). |
1309 PRUint32 namedGroups; | 1315 */ |
1316 namedGroupDef namedGroupPreferences[30]; | |
ekr-rietveld
2016/09/07 23:30:06
Please no numeric constants here.
franziskus
2016/09/08 17:26:58
Then we have to move this to the heap. I'd prefer
| |
1317 PRUint32 namedGroupPreferenceCount; | |
ekr-rietveld
2016/09/07 23:30:06
IMPORTANT: How does this interact with renegotiati
franziskus
2016/09/08 17:26:58
No, the socket is re-used and the group preference
ekr-rietveld
2016/09/10 19:09:50
But this is my point:
Say that I support P-348 and
| |
1310 | 1318 |
1311 /* SSL3 state info. Formerly was a pointer */ | 1319 /* SSL3 state info. Formerly was a pointer */ |
1312 ssl3State ssl3; | 1320 ssl3State ssl3; |
1313 | 1321 |
1314 /* | 1322 /* |
1315 * TLS extension related data. | 1323 * TLS extension related data. |
1316 */ | 1324 */ |
1317 /* True when the current session is a stateless resume. */ | 1325 /* True when the current session is a stateless resume. */ |
1318 PRBool statelessResume; | 1326 PRBool statelessResume; |
1319 TLSExtensionData xtnData; | 1327 TLSExtensionData xtnData; |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1718 /* clang-format on */ | 1726 /* clang-format on */ |
1719 | 1727 |
1720 extern const namedGroupDef *ssl_LookupNamedGroup(SSLNamedGroup group); | 1728 extern const namedGroupDef *ssl_LookupNamedGroup(SSLNamedGroup group); |
1721 extern PRBool ssl_NamedGroupEnabled(const sslSocket *ss, const namedGroupDef *gr oup); | 1729 extern PRBool ssl_NamedGroupEnabled(const sslSocket *ss, const namedGroupDef *gr oup); |
1722 extern SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, | 1730 extern SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, |
1723 const namedGroupDef *curve, | 1731 const namedGroupDef *curve, |
1724 SECKEYECParams *params); | 1732 SECKEYECParams *params); |
1725 extern const namedGroupDef *ssl_ECPubKey2NamedGroup( | 1733 extern const namedGroupDef *ssl_ECPubKey2NamedGroup( |
1726 const SECKEYPublicKey *pubKey); | 1734 const SECKEYPublicKey *pubKey); |
1727 | 1735 |
1728 extern const namedGroupDef *ssl_GetECGroupWithStrength(PRUint32 curvemsk, | 1736 extern const namedGroupDef *ssl_GetECGroupWithStrength(sslSocket *ss, |
1729 unsigned int requiredECCb its); | 1737 unsigned int requiredECCb its); |
1730 extern const namedGroupDef *ssl_GetECGroupForServerSocket(sslSocket *ss); | 1738 extern const namedGroupDef *ssl_GetECGroupForServerSocket(sslSocket *ss); |
1731 extern void ssl_DisableNonSuiteBGroups(sslSocket *ss); | 1739 extern void ssl_DisableNonSuiteBGroups(sslSocket *ss); |
1732 | 1740 |
1733 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); | 1741 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); |
1734 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); | 1742 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); |
1735 | 1743 |
1736 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); | 1744 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on); |
1737 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); | 1745 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); |
1738 | 1746 |
(...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2045 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 2053 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
2046 #define SSL_GETPID getpid | 2054 #define SSL_GETPID getpid |
2047 #elif defined(WIN32) | 2055 #elif defined(WIN32) |
2048 extern int __cdecl _getpid(void); | 2056 extern int __cdecl _getpid(void); |
2049 #define SSL_GETPID _getpid | 2057 #define SSL_GETPID _getpid |
2050 #else | 2058 #else |
2051 #define SSL_GETPID() 0 | 2059 #define SSL_GETPID() 0 |
2052 #endif | 2060 #endif |
2053 | 2061 |
2054 #endif /* __sslimpl_h_ */ | 2062 #endif /* __sslimpl_h_ */ |
OLD | NEW |