Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * This file is PRIVATE to SSL and should be the first thing included by | 3 * This file is PRIVATE to SSL and should be the first thing included by |
4 * any SSL implementation file. | 4 * any SSL implementation file. |
5 * | 5 * |
6 * This Source Code Form is subject to the terms of the Mozilla Public | 6 * This Source Code Form is subject to the terms of the Mozilla Public |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | 7 * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
9 | 9 |
10 #ifndef __sslimpl_h_ | 10 #ifndef __sslimpl_h_ |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
139 #endif | 139 #endif |
140 | 140 |
141 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ | 141 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
142 | 142 |
143 /* The default value from RFC 4347 is 1s, which is too slow. */ | 143 /* The default value from RFC 4347 is 1s, which is too slow. */ |
144 #define DTLS_RETRANSMIT_INITIAL_MS 50 | 144 #define DTLS_RETRANSMIT_INITIAL_MS 50 |
145 /* The maximum time to wait between retransmissions. */ | 145 /* The maximum time to wait between retransmissions. */ |
146 #define DTLS_RETRANSMIT_MAX_MS 10000 | 146 #define DTLS_RETRANSMIT_MAX_MS 10000 |
147 /* Time to wait in FINISHED state for retransmissions. */ | 147 /* Time to wait in FINISHED state for retransmissions. */ |
148 #define DTLS_RETRANSMIT_FINISHED_MS 30000 | 148 #define DTLS_RETRANSMIT_FINISHED_MS 30000 |
149 | |
150 /* number of entries in ssl_named_groups */ | |
151 #define SSL_NAMED_GROUP_COUNT 30 | |
149 | 152 |
150 /* Types and names of elliptic curves used in TLS */ | 153 /* Types and names of elliptic curves used in TLS */ |
151 typedef enum { | 154 typedef enum { |
152 ec_type_explicitPrime = 1, /* not supported */ | 155 ec_type_explicitPrime = 1, /* not supported */ |
153 ec_type_explicitChar2Curve = 2, /* not supported */ | 156 ec_type_explicitChar2Curve = 2, /* not supported */ |
154 ec_type_named = 3 | 157 ec_type_named = 3 |
155 } ECType; | 158 } ECType; |
156 | 159 |
157 /* TODO: decide if SSLKEAType might be better here. */ | 160 /* TODO: decide if SSLKEAType might be better here. */ |
158 typedef enum { | 161 typedef enum { |
(...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
602 | 605 |
603 SSL3ProtocolVersion version; | 606 SSL3ProtocolVersion version; |
604 | 607 |
605 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ | 608 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
606 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ | 609 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
607 | 610 |
608 SSLAuthType authType; | 611 SSLAuthType authType; |
609 PRUint32 authKeyBits; | 612 PRUint32 authKeyBits; |
610 SSLKEAType keaType; | 613 SSLKEAType keaType; |
611 PRUint32 keaKeyBits; | 614 PRUint32 keaKeyBits; |
612 namedGroupDef namedGroupPreferences[30]; | 615 namedGroupDef namedGroupPreferences[SSL_NAMED_GROUP_COUNT]; |
mt
2016/09/14 20:22:05
I'd much prefer if this were const namedGroupDef *
| |
613 PRUint32 namedGroupPreferenceCount; | 616 PRUint32 namedGroupPreferenceCount; |
614 | 617 |
615 union { | 618 union { |
616 struct { | 619 struct { |
617 /* values that are copied into the server's on-disk SID cache. */ | 620 /* values that are copied into the server's on-disk SID cache. */ |
618 PRUint8 sessionIDLength; | 621 PRUint8 sessionIDLength; |
619 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; | 622 SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; |
620 | 623 |
621 ssl3CipherSuite cipherSuite; | 624 ssl3CipherSuite cipherSuite; |
622 SSLCompressionMethod compression; | 625 SSLCompressionMethod compression; |
(...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1076 } SSL3Ciphertext; | 1079 } SSL3Ciphertext; |
1077 | 1080 |
1078 struct sslKeyPairStr { | 1081 struct sslKeyPairStr { |
1079 SECKEYPrivateKey *privKey; | 1082 SECKEYPrivateKey *privKey; |
1080 SECKEYPublicKey *pubKey; | 1083 SECKEYPublicKey *pubKey; |
1081 PRInt32 refCount; /* use PR_Atomic calls for this. */ | 1084 PRInt32 refCount; /* use PR_Atomic calls for this. */ |
1082 }; | 1085 }; |
1083 | 1086 |
1084 typedef struct { | 1087 typedef struct { |
1085 PRCList link; | 1088 PRCList link; |
1086 namedGroupDef *group; | 1089 namedGroupDef *group; |
mt
2016/09/14 20:22:05
const
| |
1087 sslKeyPair *keys; | 1090 sslKeyPair *keys; |
1088 } sslEphemeralKeyPair; | 1091 } sslEphemeralKeyPair; |
1089 | 1092 |
1090 struct ssl3DHParamsStr { | 1093 struct ssl3DHParamsStr { |
1091 SSLNamedGroup name; | 1094 SSLNamedGroup name; |
1092 SECItem prime; /* p */ | 1095 SECItem prime; /* p */ |
1093 SECItem base; /* g */ | 1096 SECItem base; /* g */ |
1094 }; | 1097 }; |
1095 | 1098 |
1096 typedef struct SSLWrappedSymWrappingKeyStr { | 1099 typedef struct SSLWrappedSymWrappingKeyStr { |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1306 | 1309 |
1307 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; | 1310 ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED]; |
1308 | 1311 |
1309 /* Pointer to a list of groups that are sorted according to user preferences . | 1312 /* Pointer to a list of groups that are sorted according to user preferences . |
1310 * This points to ssl_named_groups by default. | 1313 * This points to ssl_named_groups by default. |
1311 * This list also determines which groups are enabled. This | 1314 * This list also determines which groups are enabled. This |
1312 * starts with all being enabled and can be modified either by negotiation | 1315 * starts with all being enabled and can be modified either by negotiation |
1313 * (in which case groups not supported by a peer are masked off), or by | 1316 * (in which case groups not supported by a peer are masked off), or by |
1314 * calling SSL_DHEGroupPrefSet(). | 1317 * calling SSL_DHEGroupPrefSet(). |
1315 */ | 1318 */ |
1316 namedGroupDef namedGroupPreferences[30]; | 1319 namedGroupDef namedGroupPreferences[SSL_NAMED_GROUP_COUNT]; |
ekr-rietveld
2016/09/07 23:30:06
Please no numeric constants here.
franziskus
2016/09/08 17:26:58
Then we have to move this to the heap. I'd prefer
| |
1317 PRUint32 namedGroupPreferenceCount; | 1320 PRUint32 namedGroupPreferenceCount; |
ekr-rietveld
2016/09/07 23:30:06
IMPORTANT: How does this interact with renegotiati
franziskus
2016/09/08 17:26:58
No, the socket is re-used and the group preference
ekr-rietveld
2016/09/10 19:09:50
But this is my point:
Say that I support P-348 and
| |
1318 | 1321 |
1319 /* SSL3 state info. Formerly was a pointer */ | 1322 /* SSL3 state info. Formerly was a pointer */ |
1320 ssl3State ssl3; | 1323 ssl3State ssl3; |
1321 | 1324 |
1322 /* | 1325 /* |
1323 * TLS extension related data. | 1326 * TLS extension related data. |
1324 */ | 1327 */ |
1325 /* True when the current session is a stateless resume. */ | 1328 /* True when the current session is a stateless resume. */ |
1326 PRBool statelessResume; | 1329 PRBool statelessResume; |
1327 TLSExtensionData xtnData; | 1330 TLSExtensionData xtnData; |
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1718 /* Macro for finding a curve equivalent in strength to RSA key's */ | 1721 /* Macro for finding a curve equivalent in strength to RSA key's */ |
1719 /* clang-format off */ | 1722 /* clang-format off */ |
1720 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ | 1723 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \ |
1721 ((s <= 1024) ? 160 \ | 1724 ((s <= 1024) ? 160 \ |
1722 : ((s <= 2048) ? 224 \ | 1725 : ((s <= 2048) ? 224 \ |
1723 : ((s <= 3072) ? 256 \ | 1726 : ((s <= 3072) ? 256 \ |
1724 : ((s <= 7168) ? 384 \ | 1727 : ((s <= 7168) ? 384 \ |
1725 : 521 ) ) ) ) | 1728 : 521 ) ) ) ) |
1726 /* clang-format on */ | 1729 /* clang-format on */ |
1727 | 1730 |
1728 extern const namedGroupDef *ssl_LookupNamedGroup(SSLNamedGroup group); | 1731 extern const namedGroupDef *ssl_LookupNamedGroup(sslSocket *ss, SSLNamedGroup gr oup); |
1729 extern PRBool ssl_NamedGroupEnabled(const sslSocket *ss, const namedGroupDef *gr oup); | 1732 extern PRBool ssl_NamedGroupEnabled(const sslSocket *ss, const namedGroupDef *gr oup); |
1730 extern SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, | 1733 extern SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, |
1731 const namedGroupDef *curve, | 1734 const namedGroupDef *curve, |
1732 SECKEYECParams *params); | 1735 SECKEYECParams *params); |
1733 extern const namedGroupDef *ssl_ECPubKey2NamedGroup( | 1736 extern const namedGroupDef *ssl_ECPubKey2NamedGroup( |
1734 const SECKEYPublicKey *pubKey); | 1737 const SECKEYPublicKey *pubKey); |
1735 | 1738 |
1736 extern const namedGroupDef *ssl_GetECGroupWithStrength(sslSocket *ss, | 1739 extern const namedGroupDef *ssl_GetECGroupWithStrength(sslSocket *ss, |
1737 unsigned int requiredECCb its); | 1740 unsigned int requiredECCb its); |
1738 extern const namedGroupDef *ssl_GetECGroupForServerSocket(sslSocket *ss); | 1741 extern const namedGroupDef *ssl_GetECGroupForServerSocket(sslSocket *ss); |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2053 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 2056 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
2054 #define SSL_GETPID getpid | 2057 #define SSL_GETPID getpid |
2055 #elif defined(WIN32) | 2058 #elif defined(WIN32) |
2056 extern int __cdecl _getpid(void); | 2059 extern int __cdecl _getpid(void); |
2057 #define SSL_GETPID _getpid | 2060 #define SSL_GETPID _getpid |
2058 #else | 2061 #else |
2059 #define SSL_GETPID() 0 | 2062 #define SSL_GETPID() 0 |
2060 #endif | 2063 #endif |
2061 | 2064 |
2062 #endif /* __sslimpl_h_ */ | 2065 #endif /* __sslimpl_h_ */ |
LEFT | RIGHT |