summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/sslspec.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/ssl/sslspec.h')
-rw-r--r--security/nss/lib/ssl/sslspec.h27
1 files changed, 16 insertions, 11 deletions
diff --git a/security/nss/lib/ssl/sslspec.h b/security/nss/lib/ssl/sslspec.h
index ca9ef540f..061d888ae 100644
--- a/security/nss/lib/ssl/sslspec.h
+++ b/security/nss/lib/ssl/sslspec.h
@@ -105,16 +105,16 @@ typedef SECStatus (*SSLCipher)(void *context,
unsigned int maxout,
const unsigned char *in,
unsigned int inlen);
-typedef SECStatus (*SSLAEADCipher)(
- const ssl3KeyMaterial *keys,
- PRBool doDecrypt,
- unsigned char *out,
- unsigned int *outlen,
- unsigned int maxout,
- const unsigned char *in,
- unsigned int inlen,
- const unsigned char *additionalData,
- unsigned int additionalDataLen);
+typedef SECStatus (*SSLAEADCipher)(PK11Context *context,
+ CK_GENERATOR_FUNCTION ivGen,
+ unsigned int fixedbits,
+ unsigned char *iv, unsigned int ivlen,
+ const unsigned char *aad,
+ unsigned int aadlen,
+ unsigned char *out, unsigned int *outlen,
+ unsigned int maxout, unsigned char *tag,
+ unsigned int taglen,
+ const unsigned char *in, unsigned int inlen);
/* The DTLS anti-replay window in number of packets. Defined here because we
* need it in the cipher spec. Note that this is a ring buffer but left and
@@ -149,7 +149,6 @@ struct ssl3CipherSpecStr {
const ssl3MACDef *macDef;
SSLCipher cipher;
- SSLAEADCipher aead;
void *cipherContext;
PK11SymKey *masterSecret;
@@ -169,6 +168,12 @@ struct ssl3CipherSpecStr {
* negotiated value for TLS 1.3; it is reduced by one to account for the
* content type octet. */
PRUint16 recordSizeLimit;
+
+ /* DTLS 1.3: Sequence number masking context. */
+ SSLMaskingContext *maskContext;
+
+ /* DTLS 1.3: Count of decryption failures for the given key. */
+ PRUint64 deprotectionFailures;
};
typedef void (*sslCipherSpecChangedFunc)(void *arg,
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-02 13:30:51 +0000