diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-04-25 21:33:33 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-04-25 21:33:33 +0200 |
commit | fba28f19754f62b5227650143d5441fc86d4c7d7 (patch) | |
tree | 26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/ssl/ssl3prot.h | |
parent | b4154e043bfc0d2f301d88304efc896989d650bf (diff) | |
download | UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip |
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/lib/ssl/ssl3prot.h')
-rw-r--r-- | security/nss/lib/ssl/ssl3prot.h | 126 |
1 files changed, 121 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index d1f46db97..ac31cf263 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -16,12 +16,13 @@ typedef PRUint16 SSL3ProtocolVersion; /* The TLS 1.3 draft version. Used to avoid negotiating * between incompatible pre-standard TLS 1.3 drafts. * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ -#define TLS_1_3_DRAFT_VERSION 23 +#define TLS_1_3_DRAFT_VERSION 18 typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ #define MAX_CERT_TYPES 10 +#define MAX_COMPRESSION_METHODS 10 #define MAX_MAC_LENGTH 64 #define MAX_PADDING_LENGTH 64 #define MAX_KEY_LENGTH 64 @@ -29,6 +30,7 @@ typedef PRUint16 ssl3CipherSuite; #define SSL3_RANDOM_LENGTH 32 #define SSL3_RECORD_HEADER_LENGTH 5 +#define TLS13_RECORD_HEADER_LENGTH_SHORT 2 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ #define DTLS_RECORD_HEADER_LENGTH 13 @@ -39,18 +41,47 @@ typedef enum { content_change_cipher_spec = 20, content_alert = 21, content_handshake = 22, - content_application_data = 23, - content_alt_handshake = 24, - content_ack = 25 + content_application_data = 23 } SSL3ContentType; +typedef struct { + SSL3ContentType type; + SSL3ProtocolVersion version; + PRUint16 length; + SECItem fragment; +} SSL3Plaintext; + +typedef struct { + SSL3ContentType type; + SSL3ProtocolVersion version; + PRUint16 length; + SECItem fragment; +} SSL3Compressed; + +typedef struct { + SECItem content; + PRUint8 MAC[MAX_MAC_LENGTH]; +} SSL3GenericStreamCipher; + +typedef struct { + SECItem content; + PRUint8 MAC[MAX_MAC_LENGTH]; + PRUint8 padding[MAX_PADDING_LENGTH]; + PRUint8 padding_length; +} SSL3GenericBlockCipher; + typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; +typedef struct { + SSL3ChangeCipherSpecChoice choice; +} SSL3ChangeCipherSpec; + typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; typedef enum { close_notify = 0, + end_of_early_data = 1, /* TLS 1.3 */ unexpected_message = 10, bad_record_mac = 20, decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ @@ -91,13 +122,64 @@ typedef enum { no_alert = 256 } SSL3AlertDescription; -typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH]; +typedef struct { + SSL3AlertLevel level; + SSL3AlertDescription description; +} SSL3Alert; + +typedef enum { + hello_request = 0, + client_hello = 1, + server_hello = 2, + hello_verify_request = 3, + new_session_ticket = 4, + hello_retry_request = 6, + encrypted_extensions = 8, + certificate = 11, + server_key_exchange = 12, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, + certificate_status = 22, + next_proto = 67 +} SSL3HandshakeType; + +typedef struct { + PRUint8 empty; +} SSL3HelloRequest; + +typedef struct { + PRUint8 rand[SSL3_RANDOM_LENGTH]; +} SSL3Random; typedef struct { PRUint8 id[32]; PRUint8 length; } SSL3SessionID; +typedef struct { + SSL3ProtocolVersion client_version; + SSL3Random random; + SSL3SessionID session_id; + SECItem cipher_suites; + PRUint8 cm_count; + SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; +} SSL3ClientHello; + +typedef struct { + SSL3ProtocolVersion server_version; + SSL3Random random; + SSL3SessionID session_id; + ssl3CipherSuite cipher_suite; + SSLCompressionMethod compression_method; +} SSL3ServerHello; + +typedef struct { + SECItem list; +} SSL3Certificate; + /* SSL3SignType moved to ssl.h */ /* The SSL key exchange method used */ @@ -119,6 +201,24 @@ typedef enum { kea_tls13_any, } SSL3KeyExchangeAlgorithm; +typedef struct { + SECItem modulus; + SECItem exponent; +} SSL3ServerRSAParams; + +typedef struct { + SECItem p; + SECItem g; + SECItem Ys; +} SSL3ServerDHParams; + +typedef struct { + union { + SSL3ServerDHParams dh; + SSL3ServerRSAParams rsa; + } u; +} SSL3ServerParams; + /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS * prior to 1.2. */ typedef struct { @@ -135,9 +235,17 @@ typedef struct { union { PRUint8 raw[64]; SSL3HashesIndividually s; + unsigned int transcriptLen; } u; } SSL3Hashes; +typedef struct { + union { + PRUint8 anonymous; + SSL3Hashes certified; + } u; +} SSL3ServerKeyExchange; + typedef enum { ct_RSA_sign = 1, ct_DSS_sign = 2, @@ -148,8 +256,16 @@ typedef enum { ct_ECDSA_sign = 64, ct_RSA_fixed_ECDH = 65, ct_ECDSA_fixed_ECDH = 66 + } SSL3ClientCertificateType; +typedef struct { + PRUint8 client_version[2]; + PRUint8 random[46]; +} SSL3RSAPreMasterSecret; + +typedef PRUint8 SSL3MasterSecret[48]; + typedef enum { sender_client = 0x434c4e54, sender_server = 0x53525652 |