Miscellaneous cleanup of TLS 1.2 code.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* $Id$ */
 
 #ifndef __sslimpl_h_
@@ skipping 488 matching lines @@
  */
 typedef struct {
     PRUint32         high;
     PRUint32         low;
 } SSL3SequenceNumber;
 
 typedef PRUint16 DTLSEpoch;
 
 typedef void (*DTLSTimerCb)(sslSocket *);
 
-#define MAX_MAC_CONTEXT_BYTES 400
+#define MAX_MAC_CONTEXT_BYTES 400  /* 400 is large enough for MD5, SHA-1, and
+                                    * SHA-256. For SHA-384 support, increase
+                                    * it to 712. */
 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
 
 #define MAX_CIPHER_CONTEXT_BYTES 2080
 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
 
 typedef struct {
     SSL3Opaque        wrapped_master_secret[48];
     PRUint16          wrapped_master_secret_len;
     PRUint8           msIsWrapped;
     PRUint8           resumable;
@@ skipping 261 matching lines @@
 ** A DTLS queued message (potentially to be retransmitted)
 */
 typedef struct DTLSQueuedMessageStr {
     PRCList link;         /* The linked list link */
     DTLSEpoch epoch;      /* The epoch to use */
     SSL3ContentType type; /* The message type */
     unsigned char *data;  /* The data */
     PRUint16 len;         /* The data length */
 } DTLSQueuedMessage;
 
+typedef enum {
+    HANDSHAKE_HASH_UNKNOWN = 0,
+    HANDSHAKE_HASH_COMBO = 1,  /* The MD5/SHA-1 combination */

[wtc, 2013/06/15 19:40:55]

Do you think this should be named HANDSHAKE_HASH_MD5SHA instead?

[agl, 2013/06/17 14:01:14]

I think this name is fine if you like it.

+    HANDSHAKE_HASH_SINGLE = 2  /* A single hash */
+} SSL3HandshakeHashType;
+
 /*
 ** This is the "hs" member of the "ssl3" struct.
 ** This entire struct is protected by ssl3HandshakeLock
 */
 typedef struct SSL3HandshakeStateStr {
     SSL3Random            server_random;
     SSL3Random            client_random;
     SSL3WaitState         ws;
+
+    /* This group of members is used for handshake running hashes. */
+    SSL3HandshakeHashType hashType;
+    sslBuffer             messages;    /* Accumulated handshake messages */
+#ifndef NO_PKCS11_BYPASS
+    /* Bypass mode:
+     * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for
+     * MD5 and |sha_cx| for SHA-1.
+     * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support
+     * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */
     PRUint64              md5_cx[MAX_MAC_CONTEXT_LLONGS];
     PRUint64              sha_cx[MAX_MAC_CONTEXT_LLONGS];
-    PK11Context *         md5;            /* handshake running hashes */
+    const SECHashObject * sha_obj;
+    /* The function prototype of sha_obj->clone() does not match the prototype
+     * of the freebl <HASH>_Clone functions, so we need a dedicated function
+     * pointer for the <HASH>_Clone function. */
+    void (*sha_clone)(void *dest, void *src);

[wtc, 2013/06/15 19:40:55]

The sha_obj and sha_clone members are not necessary now, but they will be
necessary when we support using SHA-384 in the TLS 1.2 PRF.

The function prototype of sha_obj->clone() matches the prototype of
PK11_CloneContext, but not those of freebl's SHA256_Clone, SHA384_Clone, etc.
So we need a dedicated function pointer for cloning freebl hash contexts.

+#endif
+    /* PKCS #11 mode:
+     * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
+     * |sha| for SHA-1.
+     * TLS 1.2 and later use only |sha|, for SHA-256. */
+    PK11Context *         md5;
     PK11Context *         sha;
-    PK11Context *         tls12_handshake_hash;
+
 const ssl3KEADef *        kea_def;
     ssl3CipherSuite       cipher_suite;
 const ssl3CipherSuiteDef *suite_def;
     SSLCompressionMethod  compression;
     sslBuffer             msg_body;    /* protected by recvBufLock */
                                /* partial handshake message from record layer */
     unsigned int          header_bytes; 
                                /* number of bytes consumed from handshake */
                                /* message for message type and header length */
     SSL3HandshakeType     msg_type;
     unsigned long         msg_len;
     SECItem               ca_list;     /* used only by client */
     PRBool                isResuming;  /* are we resuming a session */
     PRBool                usedStepDownKey;  /* we did a server key exchange. */
     PRBool                sendingSCSV; /* instead of empty RI */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
-    sslBuffer             messages;    /* Accumulated handshake messages */
     PRUint16              finishedBytes; /* size of single finished below */
     union {
         TLSFinished       tFinished[2]; /* client, then server */
         SSL3Finished      sFinished[2];
         SSL3Opaque        data[72];
     }                     finishedMsgs;
 #ifdef NSS_ENABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
 #endif /* NSS_ENABLE_ECC */
 
@@ skipping 1062 matching lines @@
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */