Commit 30191537 authored by EKR's avatar EKR

Bug 1315455 - Constify sslSocket for extension processing. r=mt.

Summary:
Extension handlers now take a const sslSocket* and a non-const xtnData.

Things aren't entirely clean yet. I had to do two things:

- Write a series of ssl_Ext* thunks for things that have innocuous
  side effects in sslSocket like updating the transcript or
  encrypting stuff.

- Add a CONST_CAST macro for the few cases where it's clear we're
  having real side effects but they weren't simple to unwind.
  them. The macro makes them easy to find.

Test Plan: None

Differential Revision: https://nss-review.dev.mozaws.net/D17
parent 26e52540
......@@ -179,12 +179,12 @@ SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
return SECFailure;
}
ss->ssl3.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
if (ss->ssl3.nextProto.data) {
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
if (ss->xtnData.nextProto.data) {
SECITEM_FreeItem(&ss->xtnData.nextProto, PR_FALSE);
}
if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len)) return SECFailure;
PORT_Memcpy(ss->ssl3.nextProto.data, data, len);
if (!SECITEM_AllocItem(NULL, &ss->xtnData.nextProto, len)) return SECFailure;
PORT_Memcpy(ss->xtnData.nextProto.data, data, len);
return SECSuccess;
}
......
......@@ -154,6 +154,25 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
extension->Write(3, namelen, 2);
extension->Write(5, reinterpret_cast<const uint8_t*>(name), namelen);
}
void HrrThenRemoveExtensionsTest(SSLExtensionType type, PRInt32 client_error,
PRInt32 server_error) {
static const std::vector<SSLNamedGroup> client_groups = {
ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
static const std::vector<SSLNamedGroup> server_groups = {
ssl_grp_ec_curve25519, ssl_grp_ec_secp384r1};
client_->ConfigNamedGroups(client_groups);
server_->ConfigNamedGroups(server_groups);
EnsureTlsSetup();
client_->StartConnect();
server_->StartConnect();
client_->Handshake(); // Send ClientHello
server_->Handshake(); // Send HRR.
client_->SetPacketFilter(new TlsExtensionDropper(type));
Handshake();
client_->CheckErrorCode(client_error);
server_->CheckErrorCode(server_error);
}
};
class TlsExtensionTestDtls : public TlsExtensionTestBase,
......@@ -772,6 +791,24 @@ TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListBothV12) {
#endif
}
TEST_P(TlsExtensionTest13, HrrThenRemoveSignatureAlgorithms) {
HrrThenRemoveExtensionsTest(ssl_signature_algorithms_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
}
TEST_P(TlsExtensionTest13, HrrThenRemoveKeyShare) {
HrrThenRemoveExtensionsTest(ssl_tls13_key_share_xtn,
SSL_ERROR_ILLEGAL_PARAMETER_ALERT,
SSL_ERROR_BAD_2ND_CLIENT_HELLO);
}
TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) {
HrrThenRemoveExtensionsTest(ssl_supported_groups_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
}
TEST_P(TlsExtensionTest13, EmptyVersionList) {
static const uint8_t ext[] = {0x00, 0x00};
ConnectWithBogusVersionList(ext, sizeof(ext));
......
This diff is collapsed.
......@@ -18,6 +18,7 @@
#include "sslimpl.h"
#include "sslproto.h"
#include "sslerr.h"
#include "ssl3ext.h"
#include "prtime.h"
#include "prinrval.h"
#include "prerror.h"
......@@ -269,14 +270,14 @@ tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey)
/* This function encodes the key_exchange field in
* the KeyShareEntry structure. */
SECStatus
tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, const SECKEYPublicKey *pubKey)
tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey)
{
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert(pubKey->keyType == ecKey);
return ssl3_AppendHandshake(ss, pubKey->u.ec.publicValue.data,
pubKey->u.ec.publicValue.len);
return ssl3_ExtAppendHandshake(ss, pubKey->u.ec.publicValue.data,
pubKey->u.ec.publicValue.len);
}
/*
......@@ -860,7 +861,7 @@ static const ssl3CipherSuite ssl_dhe_suites[] = {
/* Order(N^2). Yuk. */
static PRBool
ssl_IsSuiteEnabled(sslSocket *ss, const ssl3CipherSuite *list)
ssl_IsSuiteEnabled(const sslSocket *ss, const ssl3CipherSuite *list)
{
const ssl3CipherSuite *suite;
......@@ -877,7 +878,7 @@ ssl_IsSuiteEnabled(sslSocket *ss, const ssl3CipherSuite *list)
/* Ask: is ANY ECC cipher suite enabled on this socket? */
PRBool
ssl_IsECCEnabled(sslSocket *ss)
ssl_IsECCEnabled(const sslSocket *ss)
{
PK11SlotInfo *slot;
......@@ -893,14 +894,16 @@ ssl_IsECCEnabled(sslSocket *ss)
}
PRBool
ssl_IsDHEEnabled(sslSocket *ss)
ssl_IsDHEEnabled(const sslSocket *ss)
{
return ssl_IsSuiteEnabled(ss, ssl_dhe_suites);
}
/* Send our Supported Groups extension. */
PRInt32
ssl_SendSupportedGroupsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
ssl_SendSupportedGroupsXtn(const sslSocket *ss,
TLSExtensionData *xtnData,
PRBool append, PRUint32 maxBytes)
{
PRInt32 extension_length;
unsigned char enabledGroups[64];
......@@ -960,18 +963,17 @@ ssl_SendSupportedGroupsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_supported_groups_xtn, 2);
rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_supported_groups_xtn, 2);
if (rv != SECSuccess)
return -1;
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
if (rv != SECSuccess)
return -1;
rv = ssl3_AppendHandshakeVariable(ss, enabledGroups,
enabledGroupsLen, 2);
rv = ssl3_ExtAppendHandshakeVariable(ss, enabledGroups,
enabledGroupsLen, 2);
if (rv != SECSuccess)
return -1;
if (!ss->sec.isServer) {
TLSExtensionData *xtnData = &ss->xtnData;
xtnData->advertised[xtnData->numAdvertised++] =
ssl_supported_groups_xtn;
}
......@@ -984,7 +986,8 @@ ssl_SendSupportedGroupsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
*/
PRInt32
ssl3_SendSupportedPointFormatsXtn(
sslSocket *ss,
const sslSocket *ss,
TLSExtensionData *xtnData,
PRBool append,
PRUint32 maxBytes)
{
......@@ -1003,138 +1006,13 @@ ssl3_SendSupportedPointFormatsXtn(
(ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3))
return 0;
if (append && maxBytes >= (sizeof ecPtFmt)) {
SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
SECStatus rv = ssl3_ExtAppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
if (rv != SECSuccess)
return -1;
if (!ss->sec.isServer) {
TLSExtensionData *xtnData = &ss->xtnData;
xtnData->advertised[xtnData->numAdvertised++] =
ssl_ec_point_formats_xtn;
}
}
return sizeof(ecPtFmt);
}
/* Just make sure that the remote client supports uncompressed points,
* Since that is all we support. Disable ECC cipher suites if it doesn't.
*/
SECStatus
ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
{
int i;
if (data->len < 2 || data->len > 255 || !data->data ||
data->len != (unsigned int)data->data[0] + 1) {
return ssl3_DecodeError(ss);
}
for (i = data->len; --i > 0;) {
if (data->data[i] == 0) {
/* indicate that we should send a reply */
SECStatus rv;
rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
&ssl3_SendSupportedPointFormatsXtn);
return rv;
}
}
/* Poor client doesn't support uncompressed points. */
PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
static SECStatus
ssl_UpdateSupportedGroups(sslSocket *ss, SECItem *data)
{
PRInt32 list_len;
unsigned int i;
const sslNamedGroupDef *enabled[SSL_NAMED_GROUP_COUNT] = { 0 };
PORT_Assert(SSL_NAMED_GROUP_COUNT == PR_ARRAY_SIZE(enabled));
if (!data->data || data->len < 4) {
(void)ssl3_DecodeError(ss);
return SECFailure;
}
/* get the length of elliptic_curve_list */
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
(void)ssl3_DecodeError(ss);
return SECFailure;
}
/* disable all groups and remember the enabled groups */
for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
enabled[i] = ss->namedGroupPreferences[i];
ss->namedGroupPreferences[i] = NULL;
}
/* Read groups from data and enable if in |enabled| */
while (data->len) {
const sslNamedGroupDef *group;
PRInt32 curve_name =
ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (curve_name < 0) {
return SECFailure; /* fatal alert already sent */
}
group = ssl_LookupNamedGroup(curve_name);
if (group) {
for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
if (enabled[i] && group == enabled[i]) {
ss->namedGroupPreferences[i] = enabled[i];
break;
}
}
}
/* "Codepoints in the NamedCurve registry with a high byte of 0x01 (that
* is, between 256 and 511 inclusive) are set aside for FFDHE groups,"
* -- https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-10
*/
if ((curve_name & 0xff00) == 0x0100) {
ss->ssl3.hs.peerSupportsFfdheGroups = PR_TRUE;
}
}
/* Note: if ss->opt.requireDHENamedGroups is set, we disable DHE cipher
* suites, but we do that in ssl3_config_match(). */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
!ss->opt.requireDHENamedGroups && !ss->ssl3.hs.peerSupportsFfdheGroups) {
/* If we don't require that DHE use named groups, and no FFDHE was
* included, we pretend that they support all the FFDHE groups we do. */
for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
if (enabled[i] && enabled[i]->keaType == ssl_kea_dh) {
ss->namedGroupPreferences[i] = enabled[i];
}
}
}
return SECSuccess;
}
/* Ensure that the curve in our server cert is one of the ones supported
* by the remote client, and disable all ECC cipher suites if not.
*/
SECStatus
ssl_HandleSupportedGroupsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
{
SECStatus rv;
rv = ssl_UpdateSupportedGroups(ss, data);
if (rv != SECSuccess)
return SECFailure;
/* TLS 1.3 permits the server to send this extension so make it so. */
if (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
&ssl_SendSupportedGroupsXtn);
if (rv != SECSuccess) {
return SECFailure; /* error already set. */
}
}
/* Remember that we negotiated this extension. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
return SECSuccess;
}
......@@ -130,17 +130,17 @@ arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
}
PRBool
ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type)
ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type)
{
TLSExtensionData *xtnData = &ss->xtnData;
const TLSExtensionData *xtnData = &ss->xtnData;
return arrayContainsExtension(xtnData->negotiated,
xtnData->numNegotiated, ex_type);
}
PRBool
ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type)
ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type)
{
TLSExtensionData *xtnData = &ss->xtnData;
const TLSExtensionData *xtnData = &ss->xtnData;
return arrayContainsExtension(xtnData->advertised,
xtnData->numAdvertised, ex_type);
}
......@@ -297,7 +297,8 @@ ssl3_HandleParsedExtensions(sslSocket *ss,
if (handler->ex_type == extension->type) {
SECStatus rv;
rv = (*handler->ex_handler)(ss, (PRUint16)extension->type,
rv = (*handler->ex_handler)(ss, &ss->xtnData,
(PRUint16)extension->type,
&extension->data);
if (rv != SECSuccess) {
if (!ss->ssl3.fatalAlertSent) {
......@@ -336,20 +337,22 @@ ssl3_HandleExtensions(sslSocket *ss,
/* Add a callback function to the table of senders of server hello extensions.
*/
SECStatus
ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type,
ssl3HelloExtensionSenderFunc cb)
ssl3_RegisterExtensionSender(const sslSocket *ss,
TLSExtensionData *xtnData,
PRUint16 ex_type,
ssl3HelloExtensionSenderFunc cb)
{
int i;
ssl3HelloExtensionSender *sender;
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
sender = &ss->xtnData.serverHelloSenders[0];
sender = &xtnData->serverHelloSenders[0];
} else {
if (tls13_ExtensionAllowed(ex_type, server_hello)) {
PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.serverHelloSenders[0];
sender = &xtnData->serverHelloSenders[0];
} else {
PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
sender = &ss->xtnData.encryptedExtensionsSenders[0];
sender = &xtnData->encryptedExtensionsSenders[0];
}
}
......@@ -389,7 +392,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
if (sender->ex_sender) {
PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes);
PRInt32 extLen = (*sender->ex_sender)(ss, &ss->xtnData, append, maxBytes);
if (extLen < 0)
return -1;
maxBytes -= extLen;
......@@ -410,3 +413,86 @@ ssl3_DestroyRemoteExtensions(PRCList *list)
PORT_Free(cur_p);
}
}
/* Initialize the extension data block. */
void
ssl3_InitExtensionData(TLSExtensionData *xtnData)
{
/* Set things up to the right starting state. */
PORT_Memset(xtnData, 0, sizeof(*xtnData));
xtnData->peerSupportsFfdheGroups = PR_FALSE;
PR_INIT_CLIST(&xtnData->remoteKeyShares);
}
/* Free everything that has been allocated and then reset back to
* the starting state. */
void
ssl3_ResetExtensionData(TLSExtensionData *xtnData)
{
/* Clean up. */
ssl3_FreeSniNameArray(xtnData);
PORT_Free(xtnData->clientSigSchemes);
SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
/* Now reinit. */
ssl3_InitExtensionData(xtnData);
}
/* Thunks to let extension handlers operate on const sslSocket* objects. */
SECStatus
ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
PRInt32 bytes)
{
return ssl3_AppendHandshake((sslSocket *)ss, void_src, bytes);
}
SECStatus
ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
PRInt32 lenSize)
{
return ssl3_AppendHandshakeNumber((sslSocket *)ss, num, lenSize);
}
SECStatus
ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
const SSL3Opaque *src, PRInt32 bytes,
PRInt32 lenSize)
{
return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize);
}
void
ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
SSL3AlertDescription desc)
{
(void)SSL3_SendAlert((sslSocket *)ss, level, desc);
}
void
ssl3_ExtDecodeError(const sslSocket *ss)
{
(void)ssl3_DecodeError((sslSocket *)ss);
}
SECStatus
ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length)
{
return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length);
}
PRInt32
ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length)
{
return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, bytes, b, length);
}
SECStatus
ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b,
PRUint32 *length)
{
return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length);
}
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is PRIVATE to SSL.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __ssl3ext_h_
#define __ssl3ext_h_
typedef enum {
sni_nametype_hostname
} SNINameType;
typedef struct TLSExtensionDataStr TLSExtensionData;
/* registerable callback function that either appends extension to buffer
* or returns length of data that it would have appended.
*/
typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss,
TLSExtensionData *xtnData,
PRBool append,
PRUint32 maxBytes);
/* registerable callback function that handles a received extension,
* of the given type.
*/
typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
TLSExtensionData *xtnData,
PRUint16 ex_type,
SECItem *data);
/* row in a table of hello extension senders */
typedef struct {
PRInt32 ex_type;
ssl3HelloExtensionSenderFunc ex_sender;
} ssl3HelloExtensionSender;
/* row in a table of hello extension handlers */
typedef struct {
PRInt32 ex_type;
ssl3ExtensionHandlerFunc ex_handler;
} ssl3ExtensionHandler;
struct TLSExtensionDataStr {
/* registered callbacks that send server hello extensions */
ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
/* Keep track of the extensions that are negotiated. */
PRUint16 numAdvertised;
PRUint16 numNegotiated;
PRUint16 advertised[SSL_MAX_EXTENSIONS];
PRUint16 negotiated[SSL_MAX_EXTENSIONS];
/* SessionTicket Extension related data. */
PRBool ticketTimestampVerified;
PRBool emptySessionTicket;
PRBool sentSessionTicketInClientHello;
SECItem psk_ke_modes;
SECItem psk_auth_modes;
PRUint32 ticket_age_add;
PRBool ticket_age_add_found;
/* SNI Extension related data
* Names data is not coppied from the input buffer. It can not be
* used outside the scope where input buffer is defined and that
* is beyond ssl3_HandleClientHello function. */
SECItem *sniNameArr;
PRUint32 sniNameArrSize;
/* Signed Certificate Timestamps extracted from the TLS extension.
* (client only).
* This container holds a temporary pointer to the extension data,
* until a session structure (the sec.ci.sid of an sslSocket) is setup
* that can hold a permanent copy of the data
* (in sec.ci.sid.u.ssl3.signedCertTimestamps).
* The data pointed to by this structure is neither explicitly allocated
* nor copied: the pointer points to the handshake message buffer and is
* only valid in the scope of ssl3_HandleServerHello.
*/
SECItem signedCertTimestamps;
PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
/* clientSigAndHash contains the contents of the signature_algorithms
* extension (if any) from the client. This is only valid for TLS 1.2
* or later. */
SSLSignatureScheme *clientSigSchemes;
unsigned int numClientSigScheme;
/* In a client: if the server supports Next Protocol Negotiation, then
* this is the protocol that was negotiated.
*/
SECItem nextProto;
SSLNextProtoState nextProtoState;
PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */
};
typedef struct TLSExtensionStr {
PRCList link; /* The linked list link */
PRUint16 type; /* Extension type */
SECItem data; /* Pointers into the handshake data. */
} TLSExtension;
SECStatus ssl3_HandleExtensions(sslSocket *ss,
SSL3Opaque **b, PRUint32 *length,
SSL3HandshakeType handshakeMessage);
SECStatus ssl3_ParseExtensions(sslSocket *ss,
SSL3Opaque **b, PRUint32 *length);
SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
SSL3HandshakeType handshakeMessage);
TLSExtension *ssl3_FindExtension(sslSocket *ss,
SSLExtensionType extension_type);
void ssl3_DestroyRemoteExtensions(PRCList *list);
void ssl3_InitExtensionData(TLSExtensionData *xtnData);
void ssl3_ResetExtensionData(TLSExtensionData *xtnData);
PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
TLSExtensionData *xtnData,
PRUint16 ex_type,
ssl3HelloExtensionSenderFunc cb);
PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
const ssl3HelloExtensionSender *sender);
unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
PRUint32 maxBytes);
/* Thunks to let us operate on const sslSocket* objects. */
SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
PRInt32 bytes);
SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
PRInt32 lenSize);
SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
const SSL3Opaque *src, PRInt32 bytes,
PRInt32 lenSize);
void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
SSL3AlertDescription desc);
void ssl3_ExtDecodeError(const sslSocket *ss);
SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
PRInt32 ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b,
PRUint32 *length);
#endif
This diff is collapsed.
......@@ -9,63 +9,87 @@
#ifndef __ssl3exthandle_h_
#define __ssl3exthandle_h_
PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket *ss,
PRInt32 ssl3_SendRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRBool append, PRUint32 maxBytes);
SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss,
SECStatus ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
SECStatus ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
SECStatus ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
SECStatus ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type,
SECStatus ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
SECStatus ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data);
SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket *ss, PRUint16 ex_type,
SECStatus ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket *ss,
PRInt32 ssl3_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRBool append, PRUint32 maxBytes);
SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
SECStatus ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
SECStatus ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_ClientSendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
SECStatus ssl3_ServerHandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss,
PRInt32 ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss,
SECStatus ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_ServerSendSignedCertTimestampXtn(sslSocket *ss,
PRInt32 ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_ServerHandleSignedCertTimestampXtn(sslSocket *ss,
SECStatus ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type,
SECItem *data);
PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
PRInt32 ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss,
SECStatus ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type,
SECItem *data);
SECStatus ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data);
PRInt32 ssl3_SendServerNameXtn(const sslSocket *ss,
TLSExtensionData *xtnData,
PRBool append,
PRUint32 maxBytes);
SECStatus ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
PRUint16 ex_type, SECItem *data);
SECStatus ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,