diff options
author | Job Bautista <jobbautista9@aol.com> | 2023-03-04 13:13:49 +0800 |
---|---|---|
committer | Job Bautista <jobbautista9@aol.com> | 2023-03-04 13:13:49 +0800 |
commit | 43c816cd19e73b37d797b17105e4aede8772a6cf (patch) | |
tree | c9fc76105f89915411a61ab5ab515c855e138aca /security/nss/lib/ssl/ssl3ext.h | |
parent | 409d3e66de6517039165ec43dabd9b063a86d29b (diff) | |
download | uxp-43c816cd19e73b37d797b17105e4aede8772a6cf.tar.gz |
Issue #1693 - Update NSS to 3.79.4
Diffstat (limited to 'security/nss/lib/ssl/ssl3ext.h')
-rw-r--r-- | security/nss/lib/ssl/ssl3ext.h | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/security/nss/lib/ssl/ssl3ext.h b/security/nss/lib/ssl/ssl3ext.h index 7f09e5fd74..73daffb089 100644 --- a/security/nss/lib/ssl/ssl3ext.h +++ b/security/nss/lib/ssl/ssl3ext.h @@ -9,10 +9,9 @@ #ifndef __ssl3ext_h_ #define __ssl3ext_h_ +#include "pk11hpke.h" #include "sslencode.h" -#define TLS13_ESNI_NONCE_SIZE 16 - typedef enum { sni_nametype_hostname } SNINameType; @@ -39,7 +38,9 @@ struct TLSExtensionDataStr { /* Keep track of the extensions that are advertised or negotiated. */ PRUint16 numAdvertised; - PRUint16 *advertised; /* Allocated dynamically. */ + PRUint16 *advertised; /* Allocated dynamically. */ + PRUint16 echNumAdvertised; /* Tracks Xtns offered in ClientHelloInner. */ + PRUint16 *echAdvertised; PRUint16 numNegotiated; PRUint16 negotiated[SSL_MAX_EXTENSIONS]; @@ -98,7 +99,9 @@ struct TLSExtensionDataStr { PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ - unsigned int lastXtnOffset; /* Where to insert padding. 0 = end. */ + unsigned int echXtnOffset; /* The start of the ECH Xtn (if any) */ + unsigned int lastXtnOffset; /* Where to insert any other extensions. + * 0 = end, otherwise base of PSK xtn. */ PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */ /* The following are used by a TLS 1.3 server. */ @@ -114,14 +117,6 @@ struct TLSExtensionDataStr { /* The record size limit set by the peer. Our value is kept in ss->opt. */ PRUint16 recordSizeLimit; - /* ESNI working state */ - SECItem keyShareExtension; - ssl3CipherSuite esniSuite; - sslEphemeralKeyPair *esniPrivateKey; - /* Pointer into |ss->esniKeys->keyShares| */ - TLS13KeyShareEntry *peerEsniShare; - PRUint8 esniNonce[TLS13_ESNI_NONCE_SIZE]; - /* Delegated credentials. * * The delegated credential sent by the peer. Set by @@ -134,6 +129,14 @@ struct TLSExtensionDataStr { * |tls13_MaybeSetDelegatedCredential|. */ PRBool sendingDelegCredToPeer; + + /* A non-owning reference to the selected PSKs. MUST NOT be freed directly, + * rather through tls13_DestoryPskList(). */ + sslPsk *selectedPsk; + + /* ECH working state. Non-null when a valid Encrypted Client Hello extension + * was received. */ + sslEchXtnState *ech; }; typedef struct TLSExtensionStr { @@ -161,6 +164,7 @@ SECStatus ssl3_HandleParsedExtensions(sslSocket *ss, TLSExtension *ssl3_FindExtension(sslSocket *ss, SSLExtensionType extension_type); void ssl3_DestroyRemoteExtensions(PRCList *list); +void ssl3_MoveRemoteExtensions(PRCList *dst, PRCList *src); void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); void ssl3_DestroyExtensionData(TLSExtensionData *xtnData); void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); @@ -176,7 +180,9 @@ SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf, SSLHandshakeType message); SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData, sslBuffer *buf, PRBool *append); -SECStatus ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen, +SECStatus ssl3_EmplaceExtension(sslSocket *ss, sslBuffer *buf, PRUint16 exType, + const PRUint8 *data, unsigned int len, PRBool advertise); +SECStatus ssl_InsertPaddingExtension(sslSocket *ss, unsigned int prefixLen, sslBuffer *buf); /* Thunks to let us operate on const sslSocket* objects. */ @@ -197,5 +203,8 @@ SECStatus SSLExp_GetExtensionSupport(PRUint16 type, SECStatus SSLExp_InstallExtensionHooks( PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer, void *writerArg, SSLExtensionHandler handler, void *handlerArg); +sslCustomExtensionHooks *ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension); +SECStatus ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf, + SSLHandshakeType message); #endif |