summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/ssl3prot.h
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
commitfba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/ssl/ssl3prot.h
parentb4154e043bfc0d2f301d88304efc896989d650bf (diff)
downloadUXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/lib/ssl/ssl3prot.h')
-rw-r--r--security/nss/lib/ssl/ssl3prot.h126
1 files changed, 121 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h
index d1f46db97..ac31cf263 100644
--- a/security/nss/lib/ssl/ssl3prot.h
+++ b/security/nss/lib/ssl/ssl3prot.h
@@ -16,12 +16,13 @@ typedef PRUint16 SSL3ProtocolVersion;
/* The TLS 1.3 draft version. Used to avoid negotiating
* between incompatible pre-standard TLS 1.3 drafts.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
-#define TLS_1_3_DRAFT_VERSION 23
+#define TLS_1_3_DRAFT_VERSION 18
typedef PRUint16 ssl3CipherSuite;
/* The cipher suites are defined in sslproto.h */
#define MAX_CERT_TYPES 10
+#define MAX_COMPRESSION_METHODS 10
#define MAX_MAC_LENGTH 64
#define MAX_PADDING_LENGTH 64
#define MAX_KEY_LENGTH 64
@@ -29,6 +30,7 @@ typedef PRUint16 ssl3CipherSuite;
#define SSL3_RANDOM_LENGTH 32
#define SSL3_RECORD_HEADER_LENGTH 5
+#define TLS13_RECORD_HEADER_LENGTH_SHORT 2
/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
#define DTLS_RECORD_HEADER_LENGTH 13
@@ -39,18 +41,47 @@ typedef enum {
content_change_cipher_spec = 20,
content_alert = 21,
content_handshake = 22,
- content_application_data = 23,
- content_alt_handshake = 24,
- content_ack = 25
+ content_application_data = 23
} SSL3ContentType;
+typedef struct {
+ SSL3ContentType type;
+ SSL3ProtocolVersion version;
+ PRUint16 length;
+ SECItem fragment;
+} SSL3Plaintext;
+
+typedef struct {
+ SSL3ContentType type;
+ SSL3ProtocolVersion version;
+ PRUint16 length;
+ SECItem fragment;
+} SSL3Compressed;
+
+typedef struct {
+ SECItem content;
+ PRUint8 MAC[MAX_MAC_LENGTH];
+} SSL3GenericStreamCipher;
+
+typedef struct {
+ SECItem content;
+ PRUint8 MAC[MAX_MAC_LENGTH];
+ PRUint8 padding[MAX_PADDING_LENGTH];
+ PRUint8 padding_length;
+} SSL3GenericBlockCipher;
+
typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
+typedef struct {
+ SSL3ChangeCipherSpecChoice choice;
+} SSL3ChangeCipherSpec;
+
typedef enum { alert_warning = 1,
alert_fatal = 2 } SSL3AlertLevel;
typedef enum {
close_notify = 0,
+ end_of_early_data = 1, /* TLS 1.3 */
unexpected_message = 10,
bad_record_mac = 20,
decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
@@ -91,13 +122,64 @@ typedef enum {
no_alert = 256
} SSL3AlertDescription;
-typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH];
+typedef struct {
+ SSL3AlertLevel level;
+ SSL3AlertDescription description;
+} SSL3Alert;
+
+typedef enum {
+ hello_request = 0,
+ client_hello = 1,
+ server_hello = 2,
+ hello_verify_request = 3,
+ new_session_ticket = 4,
+ hello_retry_request = 6,
+ encrypted_extensions = 8,
+ certificate = 11,
+ server_key_exchange = 12,
+ certificate_request = 13,
+ server_hello_done = 14,
+ certificate_verify = 15,
+ client_key_exchange = 16,
+ finished = 20,
+ certificate_status = 22,
+ next_proto = 67
+} SSL3HandshakeType;
+
+typedef struct {
+ PRUint8 empty;
+} SSL3HelloRequest;
+
+typedef struct {
+ PRUint8 rand[SSL3_RANDOM_LENGTH];
+} SSL3Random;
typedef struct {
PRUint8 id[32];
PRUint8 length;
} SSL3SessionID;
+typedef struct {
+ SSL3ProtocolVersion client_version;
+ SSL3Random random;
+ SSL3SessionID session_id;
+ SECItem cipher_suites;
+ PRUint8 cm_count;
+ SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
+} SSL3ClientHello;
+
+typedef struct {
+ SSL3ProtocolVersion server_version;
+ SSL3Random random;
+ SSL3SessionID session_id;
+ ssl3CipherSuite cipher_suite;
+ SSLCompressionMethod compression_method;
+} SSL3ServerHello;
+
+typedef struct {
+ SECItem list;
+} SSL3Certificate;
+
/* SSL3SignType moved to ssl.h */
/* The SSL key exchange method used */
@@ -119,6 +201,24 @@ typedef enum {
kea_tls13_any,
} SSL3KeyExchangeAlgorithm;
+typedef struct {
+ SECItem modulus;
+ SECItem exponent;
+} SSL3ServerRSAParams;
+
+typedef struct {
+ SECItem p;
+ SECItem g;
+ SECItem Ys;
+} SSL3ServerDHParams;
+
+typedef struct {
+ union {
+ SSL3ServerDHParams dh;
+ SSL3ServerRSAParams rsa;
+ } u;
+} SSL3ServerParams;
+
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
* prior to 1.2. */
typedef struct {
@@ -135,9 +235,17 @@ typedef struct {
union {
PRUint8 raw[64];
SSL3HashesIndividually s;
+ unsigned int transcriptLen;
} u;
} SSL3Hashes;
+typedef struct {
+ union {
+ PRUint8 anonymous;
+ SSL3Hashes certified;
+ } u;
+} SSL3ServerKeyExchange;
+
typedef enum {
ct_RSA_sign = 1,
ct_DSS_sign = 2,
@@ -148,8 +256,16 @@ typedef enum {
ct_ECDSA_sign = 64,
ct_RSA_fixed_ECDH = 65,
ct_ECDSA_fixed_ECDH = 66
+
} SSL3ClientCertificateType;
+typedef struct {
+ PRUint8 client_version[2];
+ PRUint8 random[46];
+} SSL3RSAPreMasterSecret;
+
+typedef PRUint8 SSL3MasterSecret[48];
+
typedef enum {
sender_client = 0x434c4e54,
sender_server = 0x53525652