diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c index b33dc2a779..fbd1779dbb 100644 --- a/lib/ssl/dtlscon.c +++ b/lib/ssl/dtlscon.c @@ -236,7 +236,7 @@ dtls_RetransmitDetected(sslSocket *ss) } static SECStatus -dtls_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *data, PRBool last) +dtls_HandleHandshakeMessage(sslSocket *ss, PRUint8 *data, PRBool last) { /* At this point we are advancing our state machine, so we can free our last @@ -482,7 +482,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) */ SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, - const SSL3Opaque *pIn, PRInt32 nIn) + const PRUint8 *pIn, PRInt32 nIn) { SECStatus rv = SECSuccess; DTLSQueuedMessage *msg = NULL; @@ -941,7 +941,7 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) * Caller must hold Handshake and RecvBuf locks. */ SECStatus -dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +dtls_HandleHelloVerifyRequest(sslSocket *ss, PRUint8 *b, PRUint32 length) { int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; SECStatus rv; diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 5d3bd07618..edad2f5186 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -57,7 +57,7 @@ static SECStatus ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes, int *retErrCode); static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, - SSL3Opaque *b, + PRUint8 *b, PRUint32 length, SSL3Hashes *hashesPtr); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); @@ -1072,7 +1072,7 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, /* Used by the client when the server produces a version number. * This reads, validates, and normalizes the value. */ SECStatus -ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b, unsigned int *len, +ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b, unsigned int *len, SSL3ProtocolVersion *version) { SSL3ProtocolVersion v; @@ -2216,7 +2216,7 @@ ssl3_ComputeRecordMAC( PRBool useServerMacKey, const unsigned char *header, unsigned int headerLen, - const SSL3Opaque *input, + const PRUint8 *input, int inputLength, unsigned char *outbuf, unsigned int *outLength) @@ -2263,7 +2263,7 @@ ssl3_ComputeRecordMACConstantTime( PRBool useServerMacKey, const unsigned char *header, unsigned int headerLen, - const SSL3Opaque *input, + const PRUint8 *input, int inputLen, int originalLen, unsigned char *outbuf, @@ -2368,7 +2368,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, PRBool isDTLS, PRBool capRecordVersion, SSL3ContentType type, - const SSL3Opaque *pIn, + const PRUint8 *pIn, PRUint32 contentLen, sslBuffer *wrBuf) { @@ -2537,7 +2537,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec, SECStatus ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, PRBool capRecordVersion, SSL3ContentType type, - const SSL3Opaque *pIn, PRUint32 contentLen, sslBuffer *wrBuf) + const PRUint8 *pIn, PRUint32 contentLen, sslBuffer *wrBuf) { const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def; PRUint16 headerLen; @@ -2654,8 +2654,8 @@ PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, /* non-NULL for DTLS retransmits */ SSL3ContentType type, - const SSL3Opaque *pIn, /* input buffer */ - PRInt32 nIn, /* bytes of input */ + const PRUint8 *pIn, /* input buffer */ + PRInt32 nIn, /* bytes of input */ PRInt32 flags) { sslBuffer *wrBuf = &ss->sec.writeBuf; @@ -4219,7 +4219,7 @@ ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize) SECStatus ssl3_AppendHandshakeVariable( - sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize) + sslSocket *ss, const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize) { SECStatus rv; @@ -4306,7 +4306,7 @@ ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) * override the generic error code by setting another. */ SECStatus -ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, SSL3Opaque **b, +ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, PRUint8 **b, PRUint32 *length) { PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); @@ -4331,7 +4331,7 @@ ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, SSL3Opaque **b, */ SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes, - SSL3Opaque **b, PRUint32 *length) + PRUint8 **b, PRUint32 *length) { PRUint8 *buf = *b; int i; @@ -4369,7 +4369,7 @@ ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes, */ SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRUint32 bytes, - SSL3Opaque **b, PRUint32 *length) + PRUint8 **b, PRUint32 *length) { PRUint32 count; SECStatus rv; @@ -4651,7 +4651,7 @@ ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme) * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECStatus -ssl_ConsumeSignatureScheme(sslSocket *ss, SSL3Opaque **b, +ssl_ConsumeSignatureScheme(sslSocket *ss, PRUint8 **b, PRUint32 *length, SSLSignatureScheme *out) { PRUint32 tmp; @@ -4717,8 +4717,8 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, SECStatus rv = SECSuccess; PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); unsigned int outLength; - SSL3Opaque md5_inner[MAX_MAC_LENGTH]; - SSL3Opaque sha_inner[MAX_MAC_LENGTH]; + PRUint8 md5_inner[MAX_MAC_LENGTH]; + PRUint8 sha_inner[MAX_MAC_LENGTH]; PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); if (ss->ssl3.hs.hashType == handshake_hash_unknown) { @@ -6603,7 +6603,7 @@ ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite, * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleServerHello(sslSocket *ss, PRUint8 *b, PRUint32 length) { PRUint32 temp; PRBool suite_found = PR_FALSE; @@ -7084,7 +7084,7 @@ ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes, } static SECStatus -ssl_HandleDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH; @@ -7244,7 +7244,7 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; @@ -7295,7 +7295,7 @@ typedef struct dnameNode { * tls13_HandleCertificateRequest */ SECStatus -ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, PRUint32 *length, +ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length, PLArenaPool *arena, CERTDistNames *ca_list) { PRUint32 remaining; @@ -7439,7 +7439,7 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena, * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length) { PLArenaPool *arena = NULL; PRBool isTLS = PR_FALSE; @@ -8285,7 +8285,7 @@ ssl3_SelectServerCert(sslSocket *ss) * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length) { sslSessionID *sid = NULL; PRUint32 tmp; @@ -8532,7 +8532,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) for (i = 0; i + 1 < suites.len; i += 2) { PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { - SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext; + PRUint8 *b2 = (PRUint8 *)emptyRIext; PRUint32 L2 = sizeof emptyRIext; (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello); break; @@ -9220,7 +9220,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length, for (i = 0; i + 2 < suite_length; i += 3) { PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2]; if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { - SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext; + PRUint8 *b2 = (PRUint8 *)emptyRIext; PRUint32 L2 = sizeof emptyRIext; (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello); break; @@ -9716,7 +9716,7 @@ ssl3_SendServerHelloDone(sslSocket *ss) * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashes) { SECItem signed_hash = { siBuffer, NULL, 0 }; @@ -9904,7 +9904,7 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, */ static SECStatus ssl3_HandleRSAClientKeyExchange(sslSocket *ss, - SSL3Opaque *b, + PRUint8 *b, PRUint32 length, sslKeyPair *serverKeyPair) { @@ -10031,7 +10031,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, static SECStatus ssl3_HandleDHClientKeyExchange(sslSocket *ss, - SSL3Opaque *b, + PRUint8 *b, PRUint32 length, sslKeyPair *serverKeyPair) { @@ -10089,7 +10089,7 @@ ssl3_HandleDHClientKeyExchange(sslSocket *ss, * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleClientKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) { sslKeyPair *serverKeyPair = NULL; SECStatus rv; @@ -10240,7 +10240,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) } static SECStatus -ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; SECItem ticketData; @@ -10551,7 +10551,7 @@ ssl3_CleanupPeerCerts(sslSocket *ss) * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleCertificateStatus(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; @@ -10570,7 +10570,7 @@ ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } SECStatus -ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b, PRUint32 length) { PRUint32 status, len; SECStatus rv; @@ -10618,7 +10618,7 @@ ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length) { SSL_TRC(3, ("%d: SSL3[%d]: handle certificate handshake", SSL_GETPID(), ss->fd)); @@ -10638,7 +10638,7 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* Called from ssl3_HandleCertificate */ SECStatus -ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_CompleteHandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length) { ssl3CertNode *c; ssl3CertNode *lastCert = NULL; @@ -11377,7 +11377,7 @@ ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid, * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +ssl3_HandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes) { sslSessionID *sid = ss->sec.ci.sid; @@ -11638,7 +11638,7 @@ ssl3_FinishHandshake(sslSocket *ss) * Caller must hold Handshake and RecvBuf locks. */ SECStatus -ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, PRBool endOfRecord) { SECStatus rv = SECSuccess; @@ -11824,7 +11824,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length, } static SECStatus -ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b, +ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashesPtr) { SECStatus rv; @@ -12192,7 +12192,7 @@ ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize) static void ssl_CBCExtractMAC(sslBuffer *plaintext, unsigned int originalLength, - SSL3Opaque *out, + PRUint8 *out, unsigned int macSize) { unsigned char rotatedMac[MAX_MAC_LENGTH]; @@ -12303,9 +12303,9 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, unsigned int originalLen = 0; unsigned char header[13]; unsigned int headerLen; - SSL3Opaque hash[MAX_MAC_LENGTH]; - SSL3Opaque givenHashBuf[MAX_MAC_LENGTH]; - SSL3Opaque *givenHash; + PRUint8 hash[MAX_MAC_LENGTH]; + PRUint8 givenHashBuf[MAX_MAC_LENGTH]; + PRUint8 *givenHash; unsigned int hashBytes = MAX_MAC_LENGTH + 1; SECStatus rv; @@ -12336,7 +12336,7 @@ ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext, * component." Instead, we decrypt the first cipher block and then * discard it before decrypting the rest. */ - SSL3Opaque iv[MAX_IV_LENGTH]; + PRUint8 iv[MAX_IV_LENGTH]; int decoded; ivLen = cipher_def->iv_size; diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c index 2b2a611165..b440b4b024 100644 --- a/lib/ssl/ssl3ecc.c +++ b/lib/ssl/ssl3ecc.c @@ -267,7 +267,7 @@ tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey) ** Called from ssl3_HandleClientKeyExchange() */ SECStatus -ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, +ssl3_HandleECDHClientKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length, sslKeyPair *serverKeyPair) { @@ -341,7 +341,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, */ SECStatus ssl_ImportECDHKeyShare(sslSocket *ss, SECKEYPublicKey *peerKey, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, const sslNamedGroupDef *ecGroup) { SECStatus rv; @@ -498,7 +498,7 @@ ssl_CreateECDHEphemeralKeyPair(const sslSocket *ss, } SECStatus -ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +ssl3_HandleECDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) { PLArenaPool *arena = NULL; SECKEYPublicKey *peerKey = NULL; diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index 7700be2e8a..271084cf73 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -172,7 +172,7 @@ ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type) * buffer so they can only be used during ClientHello processing. */ SECStatus -ssl3_ParseExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) +ssl3_ParseExtensions(sslSocket *ss, PRUint8 **b, PRUint32 *length) { /* Clean out the extensions list. */ ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions); @@ -360,7 +360,7 @@ ssl3_HandleParsedExtensions(sslSocket *ss, * ssl3_HandleParsedExtensions. */ SECStatus ssl3_HandleExtensions(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length, + PRUint8 **b, PRUint32 *length, SSL3HandshakeType handshakeMessage) { SECStatus rv; @@ -500,7 +500,7 @@ ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num, SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss, - const SSL3Opaque *src, PRInt32 bytes, + const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize) { return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize); @@ -521,21 +521,21 @@ ssl3_ExtDecodeError(const sslSocket *ss) SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes, - SSL3Opaque **b, PRUint32 *length) + PRUint8 **b, PRUint32 *length) { return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length); } SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num, - PRUint32 bytes, SSL3Opaque **b, PRUint32 *length) + PRUint32 bytes, PRUint8 **b, PRUint32 *length) { return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, num, bytes, b, length); } SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, - PRUint32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length) { return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length); diff --git a/lib/ssl/ssl3ext.h b/lib/ssl/ssl3ext.h index 0aff52399e..90407375ad 100644 --- a/lib/ssl/ssl3ext.h +++ b/lib/ssl/ssl3ext.h @@ -111,10 +111,10 @@ typedef struct TLSExtensionStr { } TLSExtension; SECStatus ssl3_HandleExtensions(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length, + PRUint8 **b, PRUint32 *length, SSL3HandshakeType handshakeMessage); SECStatus ssl3_ParseExtensions(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length); + PRUint8 **b, PRUint32 *length); SECStatus ssl3_HandleParsedExtensions(sslSocket *ss, SSL3HandshakeType handshakeMessage); TLSExtension *ssl3_FindExtension(sslSocket *ss, @@ -142,18 +142,18 @@ SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src, SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num, PRInt32 lenSize); SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss, - const SSL3Opaque *src, PRInt32 bytes, + const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize); void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc); void ssl3_ExtDecodeError(const sslSocket *ss); SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes, - SSL3Opaque **b, PRUint32 *length); + PRUint8 **b, PRUint32 *length); SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num, - PRUint32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length); SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, - PRUint32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length); #endif diff --git a/lib/ssl/ssl3exthandle.c b/lib/ssl/ssl3exthandle.c index 421e883232..a89d1c1b4e 100644 --- a/lib/ssl/ssl3exthandle.c +++ b/lib/ssl/ssl3exthandle.c @@ -1292,8 +1292,8 @@ ssl_DecryptSessionTicket(sslSocket *ss, const SECItem *rawTicket, SECItem ivItem; unsigned int i; - SSL3Opaque *padding; - SSL3Opaque paddingLength; + PRUint8 *padding; + PRUint8 paddingLength; #endif PORT_Assert(!decryptedTicket->data); @@ -1438,7 +1438,7 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket, PRUint32 temp; SECStatus rv; - SSL3Opaque *buffer = decryptedTicket->data; + PRUint8 *buffer = decryptedTicket->data; unsigned int len = decryptedTicket->len; PORT_Memset(parsedTicket, 0, sizeof(*parsedTicket)); diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h index 60a978bfdc..95cf9baca4 100644 --- a/lib/ssl/ssl3prot.h +++ b/lib/ssl/ssl3prot.h @@ -10,8 +10,6 @@ #ifndef __ssl3proto_h_ #define __ssl3proto_h_ -typedef PRUint8 SSL3Opaque; - typedef PRUint16 SSL3ProtocolVersion; /* version numbers are defined in sslproto.h */ @@ -62,12 +60,12 @@ typedef struct { typedef struct { SECItem content; - SSL3Opaque MAC[MAX_MAC_LENGTH]; + PRUint8 MAC[MAX_MAC_LENGTH]; } SSL3GenericStreamCipher; typedef struct { SECItem content; - SSL3Opaque MAC[MAX_MAC_LENGTH]; + PRUint8 MAC[MAX_MAC_LENGTH]; PRUint8 padding[MAX_PADDING_LENGTH]; PRUint8 padding_length; } SSL3GenericBlockCipher; @@ -153,11 +151,11 @@ typedef struct { } SSL3HelloRequest; typedef struct { - SSL3Opaque rand[SSL3_RANDOM_LENGTH]; + PRUint8 rand[SSL3_RANDOM_LENGTH]; } SSL3Random; typedef struct { - SSL3Opaque id[32]; + PRUint8 id[32]; PRUint8 length; } SSL3SessionID; @@ -243,7 +241,7 @@ typedef struct { typedef struct { union { - SSL3Opaque anonymous; + PRUint8 anonymous; SSL3Hashes certified; } u; } SSL3ServerKeyExchange; @@ -262,11 +260,11 @@ typedef enum { } SSL3ClientCertificateType; typedef struct { - SSL3Opaque client_version[2]; - SSL3Opaque random[46]; + PRUint8 client_version[2]; + PRUint8 random[46]; } SSL3RSAPreMasterSecret; -typedef SSL3Opaque SSL3MasterSecret[48]; +typedef PRUint8 SSL3MasterSecret[48]; typedef enum { sender_client = 0x434c4e54, @@ -276,7 +274,7 @@ typedef enum { typedef SSL3HashesIndividually SSL3Finished; typedef struct { - SSL3Opaque verify_data[12]; + PRUint8 verify_data[12]; } TLSFinished; /* diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index 55fb8cbf2f..aa8a244de6 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -416,7 +416,7 @@ typedef PRUint16 DTLSEpoch; typedef void (*DTLSTimerCb)(sslSocket *); typedef struct { - SSL3Opaque wrapped_master_secret[48]; + PRUint8 wrapped_master_secret[48]; PRUint16 wrapped_master_secret_len; PRUint8 msIsWrapped; PRUint8 resumable; @@ -430,7 +430,7 @@ typedef struct { SECItem write_key_item; SECItem write_iv_item; SECItem write_mac_key_item; - SSL3Opaque write_iv[MAX_IV_LENGTH]; + PRUint8 write_iv[MAX_IV_LENGTH]; } ssl3KeyMaterial; typedef SECStatus (*SSLCipher)(void *context, @@ -557,7 +557,7 @@ struct sslSessionIDStr { struct { /* values that are copied into the server's on-disk SID cache. */ PRUint8 sessionIDLength; - SSL3Opaque sessionID[SSL3_SESSIONID_BYTES]; + PRUint8 sessionID[SSL3_SESSIONID_BYTES]; ssl3CipherSuite cipherSuite; SSLCompressionMethod compression; @@ -815,7 +815,7 @@ typedef struct SSL3HandshakeStateStr { union { TLSFinished tFinished[2]; /* client, then server */ SSL3Finished sFinished[2]; - SSL3Opaque data[72]; + PRUint8 data[72]; } finishedMsgs; PRBool authCertificatePending; @@ -980,7 +980,7 @@ struct ssl3DHParamsStr { }; typedef struct SSLWrappedSymWrappingKeyStr { - SSL3Opaque wrappedSymmetricWrappingkey[512]; + PRUint8 wrappedSymmetricWrappingkey[512]; CK_MECHANISM_TYPE symWrapMechanism; /* unwrapped symmetric wrapping key uses this mechanism */ CK_MECHANISM_TYPE asymWrapMechanism; @@ -1008,7 +1008,7 @@ typedef struct SessionTicketStr { PRUint8 ms_is_wrapped; CK_MECHANISM_TYPE msWrapMech; PRUint16 ms_length; - SSL3Opaque master_secret[48]; + PRUint8 master_secret[48]; PRBool extendedMasterSecretUsed; ClientAuthenticationType client_auth_type; SECItem peer_cert; @@ -1369,7 +1369,7 @@ extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss); extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type, - const SSL3Opaque *pIn, PRInt32 nIn, + const PRUint8 *pIn, PRInt32 nIn, PRInt32 flags); #ifdef NSS_SSL_ENABLE_ZLIB @@ -1625,13 +1625,13 @@ extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); extern void ssl3_InitSocketPolicy(sslSocket *ss); extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); -extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, +extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, PRBool endOfRecord); extern void ssl3_DestroySSL3Info(sslSocket *ss); -extern SECStatus ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b, +extern SECStatus ssl_ClientReadVersion(sslSocket *ss, PRUint8 **b, PRUint32 *length, SSL3ProtocolVersion *version); extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, @@ -1644,14 +1644,14 @@ extern SECStatus ssl_GetPeerInfo(sslSocket *ss); extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey); extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, sslKeyPair *serverKeys); extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss); extern SECStatus ssl_ImportECDHKeyShare( sslSocket *ss, SECKEYPublicKey *peerKey, - SSL3Opaque *b, PRUint32 length, const sslNamedGroupDef *curve); + PRUint8 *b, PRUint32 length, const sslNamedGroupDef *curve); SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey); @@ -1668,16 +1668,16 @@ extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize); extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss, - const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); + const PRUint8 *src, PRInt32 bytes, PRInt32 lenSize); extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, - SSL3Opaque **b, PRUint32 *length); + PRUint8 **b, PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, - PRUint32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, - PRUint32 bytes, SSL3Opaque **b, + PRUint32 bytes, PRUint8 **b, PRUint32 *length); extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes, PRUint8 *to); @@ -1690,7 +1690,7 @@ extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *are unsigned char **b, unsigned int *len); extern SECStatus ssl_ConsumeSignatureScheme( - sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SSLSignatureScheme *out); + sslSocket *ss, PRUint8 **b, PRUint32 *length, SSLSignatureScheme *out); extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf); extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme, @@ -1755,10 +1755,10 @@ extern void dtls_FreeHandshakeMessages(PRCList *lst); extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf); extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, - const SSL3Opaque *pIn, PRInt32 nIn); + const PRUint8 *pIn, PRInt32 nIn); extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss); extern SECStatus dtls_StartHolddownTimer(sslSocket *ss); @@ -1789,20 +1789,20 @@ SECStatus ssl3_ServerCallSNICallback(sslSocket *ss); SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss); SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags); SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss, - SSL3Opaque *b, PRUint32 length); + PRUint8 *b, PRUint32 length); void ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode); SECStatus ssl3_HandleNoCertificate(sslSocket *ss); SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); void ssl3_CleanupPeerCerts(sslSocket *ss); SECStatus ssl3_SendCertificateStatus(sslSocket *ss); SECStatus ssl3_AuthCertificate(sslSocket *ss); -SECStatus ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b, +SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b, PRUint32 length); SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len); SECStatus ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calenp, SECItem **namesp, unsigned int *nnamesp); -SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, +SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, PRUint8 **b, PRUint32 *length, PLArenaPool *arena, CERTDistNames *ca_list); SECStatus ssl3_CompleteHandleCertificateRequest( diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 37b7e810a3..560493848b 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -57,17 +57,17 @@ static SECStatus tls13_SendHelloRetryRequest(sslSocket *ss, const sslNamedGroupDef *selectedGroup); static SECStatus tls13_HandleServerKeyShare(sslSocket *ss); -static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, +static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b, PRUint32 length); static SECStatus tls13_SendCertificate(sslSocket *ss); static SECStatus tls13_HandleCertificate( - sslSocket *ss, SSL3Opaque *b, PRUint32 length); -static SECStatus tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, + sslSocket *ss, PRUint8 *b, PRUint32 length); +static SECStatus tls13_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length); static SECStatus tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey); static SECStatus tls13_HandleCertificateVerify( - sslSocket *ss, SSL3Opaque *b, PRUint32 length, + sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashes); static SECStatus tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid); @@ -84,15 +84,15 @@ static SECStatus tls13_ComputePskBinderHash(sslSocket *ss, SSL3Hashes *hashes); static SECStatus tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message, PK11SymKey *secret, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes); static SECStatus tls13_ClientHandleFinished(sslSocket *ss, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes); static SECStatus tls13_ServerHandleFinished(sslSocket *ss, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes); -static SECStatus tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, +static SECStatus tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length); static SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss, SSL3Hashes *hashes); @@ -468,7 +468,7 @@ tls13_SetupClientHello(sslSocket *ss) static SECStatus tls13_ImportDHEKeyShare(sslSocket *ss, SECKEYPublicKey *peerKey, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, SECKEYPublicKey *pubKey) { SECStatus rv; @@ -559,7 +559,7 @@ tls13_HandleKeyShare(sslSocket *ss, } SECStatus -tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b, +tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashesPtr) { if (ss->sec.isServer && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) { @@ -1662,7 +1662,7 @@ tls13_SendCertificateRequest(sslSocket *ss) } SECStatus -tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +tls13_HandleHelloRetryRequest(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; PRUint32 tmp; @@ -1751,7 +1751,7 @@ tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } static SECStatus -tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +tls13_HandleCertificateRequest(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; TLS13CertificateRequest *certRequest = NULL; @@ -2328,7 +2328,7 @@ tls13_HandleCertificateEntry(sslSocket *ss, SECItem *data, PRBool first, * Caller must hold Handshake and RecvBuf locks. */ static SECStatus -tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +tls13_HandleCertificate(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; SECItem context = { siBuffer, NULL, 0 }; @@ -3026,7 +3026,7 @@ tls13_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt, } static SECStatus -tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +tls13_HandleEncryptedExtensions(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; PRUint32 innerLength; @@ -3238,7 +3238,7 @@ tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey) * Caller must hold Handshake and RecvBuf locks. */ SECStatus -tls13_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashes) { SECItem signed_hash = { siBuffer, NULL, 0 }; @@ -3479,7 +3479,7 @@ tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey) static SECStatus tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message, PK11SymKey *secret, - SSL3Opaque *b, PRUint32 length, + PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes) { SECStatus rv; @@ -3517,7 +3517,7 @@ tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message, } static SECStatus -tls13_ClientHandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +tls13_ClientHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes) { SECStatus rv; @@ -3544,7 +3544,7 @@ tls13_ClientHandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, } static SECStatus -tls13_ServerHandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +tls13_ServerHandleFinished(sslSocket *ss, PRUint8 *b, PRUint32 length, const SSL3Hashes *hashes) { SECStatus rv; @@ -3868,7 +3868,7 @@ tls13_SendNewSessionTicket(sslSocket *ss) } static SECStatus -tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +tls13_HandleNewSessionTicket(sslSocket *ss, PRUint8 *b, PRUint32 length) { SECStatus rv; PRUint32 utmp; @@ -4123,7 +4123,7 @@ SECStatus tls13_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type, - const SSL3Opaque *pIn, + const PRUint8 *pIn, PRUint32 contentLen, sslBuffer *wrBuf) { diff --git a/lib/ssl/tls13con.h b/lib/ssl/tls13con.h index 189da0aed6..92eb545b00 100644 --- a/lib/ssl/tls13con.h +++ b/lib/ssl/tls13con.h @@ -57,10 +57,10 @@ SECStatus tls13_HandleClientHelloPart2(sslSocket *ss, const SECItem *suites, sslSessionID *sid); SECStatus tls13_HandleServerHelloPart2(sslSocket *ss); -SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b, +SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length, SSL3Hashes *hashesPtr); -SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, +SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, PRUint8 *b, PRUint32 length); void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry); void tls13_DestroyKeyShares(PRCList *list); @@ -73,7 +73,7 @@ PRBool tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message); SECStatus tls13_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec, SSL3ContentType type, - const SSL3Opaque *pIn, + const PRUint8 *pIn, PRUint32 contentLen, sslBuffer *wrBuf); PRInt32 tls13_Read0RttData(sslSocket *ss, void *buf, PRInt32 len);