Update NSS libSSL to NSS_3_15_BETA2.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslimpl.h,v 1.108 2012/09/28 01:46:45 wtc%google.com Exp $ */
+/* $Id$ */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
 
 #ifdef DEBUG
 #undef NDEBUG
 #else
 #undef NDEBUG
 #define NDEBUG
 #endif
@@ skipping 125 matching lines @@
 
 /* number of wrap mechanisms potentially used to wrap master secrets. */
 #define SSL_NUM_WRAP_MECHS              16
 
 /* This makes the cert cache entry exactly 4k. */
 #define SSL_MAX_CACHED_CERT_LEN         4060
 
 #define NUM_MIXERS                      9
 
 /* Mask of the 25 named curves we support. */
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
-#define SSL3_SUPPORTED_CURVES_MASK 0x3800000    /* only 3 curves, suite B*/
-#else
-#define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
-#endif
+#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
+/* only 3 curves, suite B*/
+#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
 
 #ifndef BPB
 #define BPB 8 /* Bits Per Byte */
 #endif
 
 #define EXPORT_RSA_KEY_LENGTH 64        /* bytes */
 
 #define INITIAL_DTLS_TIMEOUT_MS   1000  /* Default value from RFC 4347 = 1s*/
 #define MAX_DTLS_TIMEOUT_MS      60000  /* 1 minute */
 #define DTLS_FINISHED_TIMER_MS  120000  /* Time to wait in FINISHED state */
@@ skipping 421 matching lines @@
                 invalid_cache           /* no longer in any cache. */
 } Cached;
 
 #define MAX_PEER_CERT_CHAIN_SIZE 8
 
 struct sslSessionIDStr {
     sslSessionID *        next;   /* chain used for client sockets, only */
 
     CERTCertificate *     peerCert;
     CERTCertificate *     peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
+    SECItemArray          peerCertStatus; /* client only */
     const char *          peerID;     /* client only */
     const char *          urlSvrName; /* client only */
     CERTCertificate *     localCert;
 
     PRIPv6Addr            addr;
     PRUint16              port;
 
     SSL3ProtocolVersion   version;
 
     PRUint32              creationTime;         /* seconds since Jan 1, 1970 */
@@ skipping 122 matching lines @@
 };
 
 typedef enum {
     wait_client_hello, 
     wait_client_cert, 
     wait_client_key,
     wait_cert_verify, 
     wait_change_cipher, 
     wait_finished,
     wait_server_hello, 
+    wait_certificate_status,
     wait_server_cert, 
     wait_server_key,
     wait_cert_request, 
     wait_hello_done,
     wait_new_session_ticket,
     idle_handshake
 } SSL3WaitState;
 
 /*
  * TLS extension related constants and data structures.
@@ skipping 55 matching lines @@
                                /* partial handshake message from record layer */
     unsigned int          header_bytes; 
                                /* number of bytes consumed from handshake */
                                /* message for message type and header length */
     SSL3HandshakeType     msg_type;
     unsigned long         msg_len;
     SECItem               ca_list;     /* used only by client */
     PRBool                isResuming;  /* are we resuming a session */
     PRBool                usedStepDownKey;  /* we did a server key exchange. */
     PRBool                sendingSCSV; /* instead of empty RI */
-    PRBool                may_get_cert_status; /* the server echoed a
-                                                * status_request extension so
-                                                * may send a CertificateStatus
-                                                * handshake message. */
-    SECItem               pending_cert_msg; /* a Certificate message which we
-                                             * save temporarily if we may get
-                                             * a CertificateStatus message */
-    SECItem               cert_status; /* an OCSP response */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
     sslBuffer             messages;    /* Accumulated handshake messages */
     PRUint16              finishedBytes; /* size of single finished below */
     union {
         TLSFinished       tFinished[2]; /* client, then server */
         SSL3Hashes        sFinished[2];
         SSL3Opaque        data[72];
     }                     finishedMsgs;
 #ifdef NSS_ENABLE_ECC
@@ skipping 380 matching lines @@
 
     /* Gather object used for gathering data */
     sslGather        gs;                                /*recvBufLock*/
 
     sslBuffer        saveBuf;                           /*xmitBufLock*/
     sslBuffer        pendingBuf;                        /*xmitBufLock*/
 
     /* Configuration state for server sockets */
     /* server cert and key for each KEA type */
     sslServerCerts        serverCerts[kt_kea_size];
+    SECItemArray *        certStatusArray;
 
     ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
     ssl3KeyPair *         ephemeralECDHKeyPair; /* for ECDHE-* handshake */
 
     /* SSL3 state info.  Formerly was a pointer */
     ssl3State        ssl3;
 
     /*
      * TLS extension related data.
      */
@@ skipping 23 matching lines @@
 extern const char * const      ssl3_cipherName[];
 
 extern sslSessionIDLookupFunc  ssl_sid_lookup;
 extern sslSessionIDCacheFunc   ssl_sid_cache;
 extern sslSessionIDUncacheFunc ssl_sid_uncache;
 
 /************************************************************************/
 
 SEC_BEGIN_PROTOS
 
+/* Functions for handling SECItemArrays, added in NSS 3.15 */
+extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena,
+                                        SECItemArray *array,
+                                        unsigned int len);
+extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena,
+                                      const SECItemArray *from);
+extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit);
+extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit);
+
 /* Internal initialization and installation of the SSL error tables */
 extern SECStatus ssl_Init(void);
 extern SECStatus ssl_InitializePRErrorTable(void);
 
 /* Implementation of ops for default (non socks, non secure) case */
 extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
 extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
 extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
 extern int ssl_DefListen(sslSocket *ss, int backlog);
 extern int ssl_DefShutdown(sslSocket *ss, int how);
@@ skipping 257 matching lines @@
  * key, signed by the larger key.  The smaller key is a "step down" key.
  * Generate that key pair and keep it around.
  */
 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
 
 #ifdef NSS_ENABLE_ECC
 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
                                        const ssl3CipherSuite * suite);
+extern PRInt32   ssl3_GetSupportedECCCurveMask(sslSocket *ss);
+
 
 /* Macro for finding a curve equivalent in strength to RSA key's */
 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \
         ((s <= 1024) ? 160 \
           : ((s <= 2048) ? 224 \
             : ((s <= 3072) ? 256 \
               : ((s <= 7168) ? 384 : 521 ) ) ) )
 
 /* Types and names of elliptic curves used in TLS */
 typedef enum { ec_type_explicitPrime      = 1,
@@ skipping 113 matching lines @@
 
 /* Functions that handle ClientHello and ServerHello extensions. */
 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
-                        PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 
 /* ClientHello and ServerHello extension senders.
  * Note that not all extension senders are exposed here; only those that
  * that need exposure.
  */
 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
                         PRUint32 maxBytes);
-extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
-                        PRUint32 maxBytes);

[wtc, 2013/04/29 18:09:59]

This function and ssl3_ClientHandleStatusRequestXtn (lines
1678 - 1679) still exist. They became static functions in
ssl3ext.c.

 
 /* ClientHello and ServerHello extension senders.
  * The code is in ssl3ext.c.
  */
 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
                      PRUint32 maxBytes);
 
 /* Assigns new cert, cert chain and keys to ss->serverCerts
  * struct. If certChain is NULL, tries to find one. Aborts if
  * fails to do so. If cert and keyPair are NULL - unconfigures
@@ skipping 164 matching lines @@
 #else
 #define SSL_TRACE(msg)
 #endif
 
 void ssl_Trace(const char *format, ...);
 
 SEC_END_PROTOS
 
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
-#elif defined(_WIN32_WCE)
-#define SSL_GETPID GetCurrentProcessId
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */