cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
2015-10-21 05:03:22 +02:00
|
|
|
/*
|
|
|
|
* This file contains prototypes for the public SSL functions.
|
|
|
|
*
|
2018-05-04 16:08:28 +02:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
#ifndef __sslt_h_
|
|
|
|
#define __sslt_h_
|
|
|
|
|
|
|
|
#include "prtypes.h"
|
|
|
|
|
|
|
|
typedef struct SSL3StatisticsStr {
|
|
|
|
/* statistics from ssl3_SendClientHello (sch) */
|
|
|
|
long sch_sid_cache_hits;
|
|
|
|
long sch_sid_cache_misses;
|
|
|
|
long sch_sid_cache_not_ok;
|
|
|
|
|
|
|
|
/* statistics from ssl3_HandleServerHello (hsh) */
|
|
|
|
long hsh_sid_cache_hits;
|
|
|
|
long hsh_sid_cache_misses;
|
|
|
|
long hsh_sid_cache_not_ok;
|
|
|
|
|
|
|
|
/* statistics from ssl3_HandleClientHello (hch) */
|
|
|
|
long hch_sid_cache_hits;
|
|
|
|
long hch_sid_cache_misses;
|
|
|
|
long hch_sid_cache_not_ok;
|
|
|
|
|
|
|
|
/* statistics related to stateless resume */
|
|
|
|
long sch_sid_stateless_resumes;
|
|
|
|
long hsh_sid_stateless_resumes;
|
|
|
|
long hch_sid_stateless_resumes;
|
|
|
|
long hch_sid_ticket_parse_failures;
|
|
|
|
} SSL3Statistics;
|
|
|
|
|
|
|
|
/* Key Exchange algorithm values */
|
|
|
|
typedef enum {
|
|
|
|
ssl_kea_null = 0,
|
|
|
|
ssl_kea_rsa = 1,
|
|
|
|
ssl_kea_dh = 2,
|
|
|
|
ssl_kea_fortezza = 3, /* deprecated, now unused */
|
|
|
|
ssl_kea_ecdh = 4,
|
|
|
|
ssl_kea_size /* number of ssl_kea_ algorithms */
|
|
|
|
} SSLKEAType;
|
|
|
|
|
|
|
|
/* The following defines are for backwards compatibility.
|
|
|
|
** They will be removed in a forthcoming release to reduce namespace pollution.
|
|
|
|
** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
|
|
|
|
** soon.
|
|
|
|
*/
|
|
|
|
#define kt_null ssl_kea_null
|
|
|
|
#define kt_rsa ssl_kea_rsa
|
|
|
|
#define kt_dh ssl_kea_dh
|
|
|
|
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
|
|
|
|
#define kt_ecdh ssl_kea_ecdh
|
|
|
|
#define kt_kea_size ssl_kea_size
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
|
|
|
|
/* Values of this enum match the SignatureAlgorithm enum from
|
|
|
|
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
2015-10-21 05:03:22 +02:00
|
|
|
typedef enum {
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
ssl_sign_null = 0, /* "anonymous" in TLS */
|
2015-10-21 05:03:22 +02:00
|
|
|
ssl_sign_rsa = 1,
|
|
|
|
ssl_sign_dsa = 2,
|
|
|
|
ssl_sign_ecdsa = 3
|
|
|
|
} SSLSignType;
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
/* Values of this enum match the HashAlgorithm enum from
|
|
|
|
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
|
|
typedef enum {
|
|
|
|
/* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
|
|
|
|
* and SHA1. The other values are only used in TLS 1.2. */
|
|
|
|
ssl_hash_none = 0,
|
|
|
|
ssl_hash_md5 = 1,
|
|
|
|
ssl_hash_sha1 = 2,
|
|
|
|
ssl_hash_sha224 = 3,
|
|
|
|
ssl_hash_sha256 = 4,
|
|
|
|
ssl_hash_sha384 = 5,
|
|
|
|
ssl_hash_sha512 = 6
|
|
|
|
} SSLHashType;
|
|
|
|
|
|
|
|
typedef struct SSLSignatureAndHashAlgStr {
|
|
|
|
SSLHashType hashAlg;
|
|
|
|
SSLSignType sigAlg;
|
|
|
|
} SSLSignatureAndHashAlg;
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
typedef enum {
|
|
|
|
ssl_auth_null = 0,
|
|
|
|
ssl_auth_rsa = 1,
|
|
|
|
ssl_auth_dsa = 2,
|
|
|
|
ssl_auth_kea = 3,
|
|
|
|
ssl_auth_ecdsa = 4
|
|
|
|
} SSLAuthType;
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
ssl_calg_null = 0,
|
|
|
|
ssl_calg_rc4 = 1,
|
|
|
|
ssl_calg_rc2 = 2,
|
|
|
|
ssl_calg_des = 3,
|
|
|
|
ssl_calg_3des = 4,
|
|
|
|
ssl_calg_idea = 5,
|
|
|
|
ssl_calg_fortezza = 6, /* deprecated, now unused */
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_calg_aes = 7,
|
2015-10-21 05:03:22 +02:00
|
|
|
ssl_calg_camellia = 8,
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_calg_seed = 9,
|
2018-08-18 18:30:36 +02:00
|
|
|
ssl_calg_aes_gcm = 10,
|
2020-01-31 08:54:04 +01:00
|
|
|
ssl_calg_chacha20 = 11,
|
|
|
|
ssl_calg_camellia_gcm = 12
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLCipherAlgorithm;
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
ssl_mac_null = 0,
|
|
|
|
ssl_mac_md5 = 1,
|
|
|
|
ssl_mac_sha = 2,
|
|
|
|
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
|
|
|
ssl_hmac_sha256 = 5,
|
2020-01-08 00:39:56 +01:00
|
|
|
ssl_mac_aead = 6,
|
|
|
|
ssl_hmac_sha384 = 7
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLMACAlgorithm;
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
typedef enum {
|
|
|
|
ssl_compression_null = 0,
|
|
|
|
ssl_compression_deflate = 1 /* RFC 3749 */
|
|
|
|
} SSLCompressionMethod;
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
typedef struct SSLChannelInfoStr {
|
|
|
|
PRUint32 length;
|
|
|
|
PRUint16 protocolVersion;
|
|
|
|
PRUint16 cipherSuite;
|
|
|
|
|
|
|
|
/* server authentication info */
|
|
|
|
PRUint32 authKeyBits;
|
|
|
|
|
|
|
|
/* key exchange algorithm info */
|
|
|
|
PRUint32 keaKeyBits;
|
|
|
|
|
|
|
|
/* session info */
|
|
|
|
PRUint32 creationTime; /* seconds since Jan 1, 1970 */
|
|
|
|
PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
|
|
|
PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
|
|
|
|
PRUint32 sessionIDLength; /* up to 32 */
|
|
|
|
PRUint8 sessionID [32];
|
2018-05-04 16:08:28 +02:00
|
|
|
|
|
|
|
/* The following fields are added in NSS 3.12.5. */
|
|
|
|
|
|
|
|
/* compression method info */
|
|
|
|
const char * compressionMethodName;
|
|
|
|
SSLCompressionMethod compressionMethod;
|
2020-01-07 08:11:52 +01:00
|
|
|
|
|
|
|
/* The following fields are added in NSS 3.21.
|
|
|
|
* This field only has meaning in TLS < 1.3 and will be set to
|
|
|
|
* PR_FALSE in TLS 1.3.
|
|
|
|
*/
|
|
|
|
PRBool extendedMasterSecretUsed;
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLChannelInfo;
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
/* Preliminary channel info */
|
|
|
|
#define ssl_preinfo_version (1U << 0)
|
|
|
|
#define ssl_preinfo_cipher_suite (1U << 1)
|
|
|
|
#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite)
|
|
|
|
|
|
|
|
typedef struct SSLPreliminaryChannelInfoStr {
|
|
|
|
/* This is set to the length of the struct. */
|
|
|
|
PRUint32 length;
|
|
|
|
/* A bitfield over SSLPreliminaryValueSet that describes which
|
|
|
|
* preliminary values are set (see ssl_preinfo_*). */
|
|
|
|
PRUint32 valuesSet;
|
|
|
|
/* Protocol version: test (valuesSet & ssl_preinfo_version) */
|
|
|
|
PRUint16 protocolVersion;
|
|
|
|
/* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
|
|
|
|
PRUint16 cipherSuite;
|
|
|
|
} SSLPreliminaryChannelInfo;
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
typedef struct SSLCipherSuiteInfoStr {
|
|
|
|
PRUint16 length;
|
|
|
|
PRUint16 cipherSuite;
|
|
|
|
|
|
|
|
/* Cipher Suite Name */
|
|
|
|
const char * cipherSuiteName;
|
|
|
|
|
|
|
|
/* server authentication info */
|
|
|
|
const char * authAlgorithmName;
|
|
|
|
SSLAuthType authAlgorithm;
|
|
|
|
|
|
|
|
/* key exchange algorithm info */
|
|
|
|
const char * keaTypeName;
|
|
|
|
SSLKEAType keaType;
|
|
|
|
|
|
|
|
/* symmetric encryption info */
|
|
|
|
const char * symCipherName;
|
|
|
|
SSLCipherAlgorithm symCipher;
|
|
|
|
PRUint16 symKeyBits;
|
|
|
|
PRUint16 symKeySpace;
|
|
|
|
PRUint16 effectiveKeyBits;
|
|
|
|
|
|
|
|
/* MAC info */
|
2018-05-04 16:08:28 +02:00
|
|
|
/* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
|
|
|
|
* is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
|
|
|
|
* bits of the authentication tag. */
|
2015-10-21 05:03:22 +02:00
|
|
|
const char * macAlgorithmName;
|
|
|
|
SSLMACAlgorithm macAlgorithm;
|
|
|
|
PRUint16 macBits;
|
|
|
|
|
|
|
|
PRUintn isFIPS : 1;
|
|
|
|
PRUintn isExportable : 1;
|
|
|
|
PRUintn nonStandard : 1;
|
|
|
|
PRUintn reservedBits :29;
|
|
|
|
|
|
|
|
} SSLCipherSuiteInfo;
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
typedef enum {
|
|
|
|
ssl_variant_stream = 0,
|
|
|
|
ssl_variant_datagram = 1
|
|
|
|
} SSLProtocolVariant;
|
|
|
|
|
|
|
|
typedef struct SSLVersionRangeStr {
|
|
|
|
PRUint16 min;
|
|
|
|
PRUint16 max;
|
|
|
|
} SSLVersionRange;
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
SSL_sni_host_name = 0,
|
|
|
|
SSL_sni_type_total
|
|
|
|
} SSLSniNameType;
|
|
|
|
|
|
|
|
/* Supported extensions. */
|
|
|
|
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
|
|
|
|
typedef enum {
|
|
|
|
ssl_server_name_xtn = 0,
|
|
|
|
ssl_cert_status_xtn = 5,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
#ifndef NSS_DISABLE_ECC
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_elliptic_curves_xtn = 10,
|
|
|
|
ssl_ec_point_formats_xtn = 11,
|
|
|
|
#endif
|
|
|
|
ssl_signature_algorithms_xtn = 13,
|
|
|
|
ssl_use_srtp_xtn = 14,
|
|
|
|
ssl_app_layer_protocol_xtn = 16,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
ssl_padding_xtn = 21,
|
2020-01-07 08:11:52 +01:00
|
|
|
ssl_extended_master_secret_xtn = 23,
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_session_ticket_xtn = 35,
|
|
|
|
ssl_next_proto_nego_xtn = 13172,
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
ssl_renegotiation_info_xtn = 0xff01,
|
|
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
2018-05-04 16:08:28 +02:00
|
|
|
} SSLExtensionType;
|
|
|
|
|
2020-01-07 08:11:52 +01:00
|
|
|
#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
2018-05-04 16:08:28 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-12 15:44:51 +02:00
|
|
|
typedef enum {
|
|
|
|
ssl_dhe_group_none = 0,
|
|
|
|
ssl_ff_dhe_2048_group = 1,
|
|
|
|
ssl_ff_dhe_3072_group = 2,
|
|
|
|
ssl_ff_dhe_4096_group = 3,
|
|
|
|
ssl_ff_dhe_6144_group = 4,
|
|
|
|
ssl_ff_dhe_8192_group = 5,
|
|
|
|
ssl_dhe_group_max
|
|
|
|
} SSLDHEGroupType;
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
#endif /* __sslt_h_ */
|