diff options
author | Zeno Albisser <zeno.albisser@digia.com> | 2013-08-15 21:46:11 +0200 |
---|---|---|
committer | Zeno Albisser <zeno.albisser@digia.com> | 2013-08-15 21:46:11 +0200 |
commit | 679147eead574d186ebf3069647b4c23e8ccace6 (patch) | |
tree | fc247a0ac8ff119f7c8550879ebb6d3dd8d1ff69 /chromium/net/third_party/nss/patches/channelid.patch | |
download | qtwebengine-chromium-679147eead574d186ebf3069647b4c23e8ccace6.tar.gz |
Initial import.
Diffstat (limited to 'chromium/net/third_party/nss/patches/channelid.patch')
-rw-r--r-- | chromium/net/third_party/nss/patches/channelid.patch | 593 |
1 files changed, 593 insertions, 0 deletions
diff --git a/chromium/net/third_party/nss/patches/channelid.patch b/chromium/net/third_party/nss/patches/channelid.patch new file mode 100644 index 00000000000..46554f9014f --- /dev/null +++ b/chromium/net/third_party/nss/patches/channelid.patch @@ -0,0 +1,593 @@ +diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c +--- a/nss/lib/ssl/ssl3con.c 2013-07-31 12:45:11.497944276 -0700 ++++ b/nss/lib/ssl/ssl3con.c 2013-07-31 12:51:32.663550380 -0700 +@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateSta + static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); + static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); + static SECStatus ssl3_SendNextProto( sslSocket *ss); ++static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); + static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); + static SECStatus ssl3_SendServerHello( sslSocket *ss); + static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); +@@ -5891,6 +5892,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS + } + #endif /* NSS_PLATFORM_CLIENT_AUTH */ + ++ if (ss->ssl3.channelID != NULL) { ++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID); ++ ss->ssl3.channelID = NULL; ++ } ++ if (ss->ssl3.channelIDPub != NULL) { ++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); ++ ss->ssl3.channelIDPub = NULL; ++ } ++ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); + if (temp < 0) { + goto loser; /* alert has been sent */ +@@ -6170,7 +6180,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS + if (rv != SECSuccess) { + goto alert_loser; /* err code was set */ + } +- return SECSuccess; ++ goto winner; + } while (0); + + if (sid_match) +@@ -6196,6 +6206,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS + + ss->ssl3.hs.isResuming = PR_FALSE; + ss->ssl3.hs.ws = wait_server_cert; ++ ++winner: ++ /* If we will need a ChannelID key then we make the callback now. This ++ * allows the handshake to be restarted cleanly if the callback returns ++ * SECWouldBlock. */ ++ if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { ++ rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, ++ &ss->ssl3.channelIDPub, &ss->ssl3.channelID); ++ if (rv == SECWouldBlock) { ++ ssl3_SetAlwaysBlock(ss); ++ return rv; ++ } ++ if (rv != SECSuccess || ++ ss->ssl3.channelIDPub == NULL || ++ ss->ssl3.channelID == NULL) { ++ PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); ++ desc = internal_error; ++ goto alert_loser; ++ } ++ } ++ + return SECSuccess; + + alert_loser: +@@ -6993,6 +7024,10 @@ ssl3_SendClientSecondRound(sslSocket *ss + goto loser; /* err code was set. */ + } + } ++ rv = ssl3_SendEncryptedExtensions(ss); ++ if (rv != SECSuccess) { ++ goto loser; /* err code was set. */ ++ } + + rv = ssl3_SendFinished(ss, 0); + if (rv != SECSuccess) { +@@ -9947,6 +9982,165 @@ ssl3_RecordKeyLog(sslSocket *ss) + return; + } + ++/* called from ssl3_SendClientSecondRound ++ * ssl3_HandleFinished ++ */ ++static SECStatus ++ssl3_SendEncryptedExtensions(sslSocket *ss) ++{ ++ static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; ++ /* This is the ASN.1 prefix for a P-256 public key. Specifically it's: ++ * SEQUENCE ++ * SEQUENCE ++ * OID id-ecPublicKey ++ * OID prime256v1 ++ * BIT STRING, length 66, 0 trailing bits: 0x04 ++ * ++ * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62 ++ * public key. Following that are the two field elements as 32-byte, ++ * big-endian numbers, as required by the Channel ID. */ ++ static const unsigned char P256_SPKI_PREFIX[] = { ++ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, ++ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, ++ 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, ++ 0x42, 0x00, 0x04 ++ }; ++ /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64 ++ * bytes of ECDSA signature. */ ++ static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64; ++ static const int CHANNEL_ID_LENGTH = 128; ++ ++ SECStatus rv = SECFailure; ++ SECItem *spki = NULL; ++ SSL3Hashes hashes; ++ const unsigned char *pub_bytes; ++ unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; ++ unsigned char digest[SHA256_LENGTH]; ++ SECItem digest_item; ++ unsigned char signature[64]; ++ SECItem signature_item; ++ ++ PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); ++ PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); ++ ++ if (ss->ssl3.channelID == NULL) ++ return SECSuccess; ++ ++ PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)); ++ ++ if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey || ++ PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) { ++ PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); ++ rv = SECFailure; ++ goto loser; ++ } ++ ++ ssl_GetSpecReadLock(ss); ++ rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); ++ ssl_ReleaseSpecReadLock(ss); ++ ++ if (rv != SECSuccess) ++ goto loser; ++ ++ rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, ++ 2 + 2 + CHANNEL_ID_LENGTH); ++ if (rv != SECSuccess) ++ goto loser; /* error code set by AppendHandshakeHeader */ ++ rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); ++ if (rv != SECSuccess) ++ goto loser; /* error code set by AppendHandshake */ ++ rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); ++ if (rv != SECSuccess) ++ goto loser; /* error code set by AppendHandshake */ ++ ++ spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub); ++ ++ if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || ++ memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { ++ PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); ++ rv = SECFailure; ++ goto loser; ++ } ++ ++ pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); ++ ++ memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); ++ memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), hashes.u.raw, hashes.len); ++ ++ rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, ++ sizeof(CHANNEL_ID_MAGIC) + hashes.len); ++ if (rv != SECSuccess) ++ goto loser; ++ ++ digest_item.data = digest; ++ digest_item.len = sizeof(digest); ++ ++ signature_item.data = signature; ++ signature_item.len = sizeof(signature); ++ ++ rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); ++ if (rv != SECSuccess) ++ goto loser; ++ ++ rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); ++ if (rv != SECSuccess) ++ goto loser; ++ rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); ++ ++loser: ++ if (spki) ++ SECITEM_FreeItem(spki, PR_TRUE); ++ if (ss->ssl3.channelID) { ++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID); ++ ss->ssl3.channelID = NULL; ++ } ++ if (ss->ssl3.channelIDPub) { ++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); ++ ss->ssl3.channelIDPub = NULL; ++ } ++ ++ return rv; ++} ++ ++/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake ++ * after a ChannelID callback returned SECWouldBlock. At this point we have ++ * processed the server's ServerHello but not yet any further messages. We will ++ * always get a message from the server after a ServerHello so either they are ++ * waiting in the buffer or we'll get network I/O. */ ++SECStatus ++ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss, ++ SECKEYPublicKey *channelIDPub, ++ SECKEYPrivateKey *channelID) ++{ ++ if (ss->handshake == 0) { ++ SECKEY_DestroyPublicKey(channelIDPub); ++ SECKEY_DestroyPrivateKey(channelID); ++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); ++ return SECFailure; ++ } ++ ++ if (channelIDPub == NULL || ++ channelID == NULL) { ++ if (channelIDPub) ++ SECKEY_DestroyPublicKey(channelIDPub); ++ if (channelID) ++ SECKEY_DestroyPrivateKey(channelID); ++ PORT_SetError(PR_INVALID_ARGUMENT_ERROR); ++ return SECFailure; ++ } ++ ++ if (ss->ssl3.channelID) ++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID); ++ if (ss->ssl3.channelIDPub) ++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); ++ ++ ss->handshake = ssl_GatherRecord1stHandshake; ++ ss->ssl3.channelID = channelID; ++ ss->ssl3.channelIDPub = channelIDPub; ++ ++ return SECSuccess; ++} ++ + /* called from ssl3_HandleServerHelloDone + * ssl3_HandleClientHello + * ssl3_HandleFinished +@@ -10202,11 +10396,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O + flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; + } + +- if (!isServer && !ss->firstHsDone) { +- rv = ssl3_SendNextProto(ss); +- if (rv != SECSuccess) { +- goto xmit_loser; /* err code was set. */ ++ if (!isServer) { ++ if (!ss->firstHsDone) { ++ rv = ssl3_SendNextProto(ss); ++ if (rv != SECSuccess) { ++ goto xmit_loser; /* err code was set. */ ++ } + } ++ rv = ssl3_SendEncryptedExtensions(ss); ++ if (rv != SECSuccess) ++ goto xmit_loser; /* err code was set. */ + } + + if (IS_DTLS(ss)) { +@@ -11635,6 +11834,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) + ssl_FreePlatformKey(ss->ssl3.platformClientKey); + #endif /* NSS_PLATFORM_CLIENT_AUTH */ + ++ if (ss->ssl3.channelID) ++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID); ++ if (ss->ssl3.channelIDPub) ++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); ++ + if (ss->ssl3.peerCertArena != NULL) + ssl3_CleanupPeerCerts(ss); + +diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c +--- a/nss/lib/ssl/ssl3ext.c 2013-07-31 12:40:14.493586151 -0700 ++++ b/nss/lib/ssl/ssl3ext.c 2013-07-31 12:45:50.338515793 -0700 +@@ -60,6 +60,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo + PRUint32 maxBytes); + static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); ++static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, ++ PRUint16 ex_type, SECItem *data); ++static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, ++ PRUint32 maxBytes); + static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, + PRBool append, PRUint32 maxBytes); + static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, +@@ -248,6 +252,7 @@ static const ssl3HelloExtensionHandler s + { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, + { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, ++ { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, + { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, + { -1, NULL } + }; +@@ -274,6 +279,7 @@ ssl3HelloExtensionSender clientHelloSend + { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, + { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, ++ { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } + /* any extra entries will appear as { 0, NULL } */ +@@ -660,6 +666,52 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke + } + + return extension_length; ++ ++loser: ++ return -1; ++} ++ ++static SECStatus ++ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, ++ SECItem *data) ++{ ++ PORT_Assert(ss->getChannelID != NULL); ++ ++ if (data->len) { ++ PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA); ++ return SECFailure; ++ } ++ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; ++ return SECSuccess; ++} ++ ++static PRInt32 ++ssl3_ClientSendChannelIDXtn(sslSocket * ss, PRBool append, ++ PRUint32 maxBytes) ++{ ++ PRInt32 extension_length = 4; ++ ++ if (!ss->getChannelID) ++ return 0; ++ ++ if (maxBytes < extension_length) { ++ PORT_Assert(0); ++ return 0; ++ } ++ ++ if (append) { ++ SECStatus rv; ++ rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); ++ if (rv != SECSuccess) ++ goto loser; ++ rv = ssl3_AppendHandshakeNumber(ss, 0, 2); ++ if (rv != SECSuccess) ++ goto loser; ++ ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ++ ssl_channel_id_xtn; ++ } ++ ++ return extension_length; + + loser: + return -1; +diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h +--- a/nss/lib/ssl/ssl3prot.h 2013-07-31 12:07:10.974699609 -0700 ++++ b/nss/lib/ssl/ssl3prot.h 2013-07-31 12:45:50.338515793 -0700 +@@ -129,7 +129,8 @@ typedef enum { + client_key_exchange = 16, + finished = 20, + certificate_status = 22, +- next_proto = 67 ++ next_proto = 67, ++ encrypted_extensions= 203 + } SSL3HandshakeType; + + typedef struct { +diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c +--- a/nss/lib/ssl/sslauth.c 2013-07-31 12:40:14.503586299 -0700 ++++ b/nss/lib/ssl/sslauth.c 2013-07-31 12:45:50.338515793 -0700 +@@ -219,6 +219,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, + return SECSuccess; + } + ++SECStatus ++SSL_SetClientChannelIDCallback(PRFileDesc *fd, ++ SSLClientChannelIDCallback callback, ++ void *arg) { ++ sslSocket *ss = ssl_FindSocket(fd); ++ ++ if (!ss) { ++ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback", ++ SSL_GETPID(), fd)); ++ return SECFailure; ++ } ++ ++ ss->getChannelID = callback; ++ ss->getChannelIDArg = arg; ++ ++ return SECSuccess; ++} ++ + #ifdef NSS_PLATFORM_CLIENT_AUTH + /* NEED LOCKS IN HERE. */ + SECStatus +diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h +--- a/nss/lib/ssl/sslerr.h 2013-07-31 12:07:10.974699609 -0700 ++++ b/nss/lib/ssl/sslerr.h 2013-07-31 12:45:50.338515793 -0700 +@@ -193,6 +193,10 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = ( + SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), + SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128), + ++SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 129), ++SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 130), ++SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 131), ++ + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ + } SSLErrorCodes; + #endif /* NO_SECURITY_ERROR_ENUM */ +diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h +--- a/nss/lib/ssl/SSLerrs.h 2013-07-31 12:07:10.964699464 -0700 ++++ b/nss/lib/ssl/SSLerrs.h 2013-07-31 12:45:50.338515793 -0700 +@@ -412,3 +412,12 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR + + ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128), + "Incorrect signature algorithm specified in a digitally-signed element.") ++ ++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 129), ++"SSL received a malformed TLS Channel ID extension.") ++ ++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 130), ++"The application provided an invalid TLS Channel ID key.") ++ ++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131), ++"The application could not get a TLS Channel ID.") +diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h +--- a/nss/lib/ssl/ssl.h 2013-07-31 12:45:11.497944276 -0700 ++++ b/nss/lib/ssl/ssl.h 2013-07-31 12:45:50.338515793 -0700 +@@ -958,6 +958,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti + SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd, + PRBool *last_handshake_resumed); + ++/* See SSL_SetClientChannelIDCallback for usage. If the callback returns ++ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in ++ * the future to restart the handshake. On SECSuccess, the callback must have ++ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */ ++typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)( ++ void *arg, ++ PRFileDesc *fd, ++ SECKEYPublicKey **out_public_key, ++ SECKEYPrivateKey **out_private_key); ++ ++/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake ++ * after a ChannelID callback returned SECWouldBlock. ++ * ++ * This function takes ownership of |channelIDPub| and |channelID|. */ ++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq( ++ PRFileDesc *fd, ++ SECKEYPublicKey *channelIDPub, ++ SECKEYPrivateKey *channelID); ++ ++/* SSL_SetClientChannelIDCallback sets a callback function that will be called ++ * once the server's ServerHello has been processed. This is only applicable to ++ * a client socket and setting this callback causes the TLS Channel ID ++ * extension to be advertised. */ ++SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback( ++ PRFileDesc *fd, ++ SSLClientChannelIDCallback callback, ++ void *arg); ++ + /* + ** How long should we wait before retransmitting the next flight of + ** the DTLS handshake? Returns SECFailure if not DTLS or not in a +diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h +--- a/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:11.497944276 -0700 ++++ b/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:50.338515793 -0700 +@@ -921,6 +921,9 @@ struct ssl3StateStr { + CERTCertificateList *clientCertChain; /* used by client */ + PRBool sendEmptyCert; /* used by client */ + ++ SECKEYPrivateKey *channelID; /* used by client */ ++ SECKEYPublicKey *channelIDPub; /* used by client */ ++ + int policy; + /* This says what cipher suites we can do, and should + * be either SSL_ALLOWED or SSL_RESTRICTED +@@ -1192,6 +1195,8 @@ const unsigned char * preferredCipher; + void *pkcs11PinArg; + SSLNextProtoCallback nextProtoCallback; + void *nextProtoArg; ++ SSLClientChannelIDCallback getChannelID; ++ void *getChannelIDArg; + + PRIntervalTime rTimeout; /* timeout for NSPR I/O */ + PRIntervalTime wTimeout; /* timeout for NSPR I/O */ +@@ -1524,6 +1529,11 @@ extern SECStatus ssl3_RestartHandshakeAf + SECKEYPrivateKey * key, + CERTCertificateList *certChain); + ++extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( ++ sslSocket *ss, ++ SECKEYPublicKey *channelIDPub, ++ SECKEYPrivateKey *channelID); ++ + extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error); + + /* +diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c +--- a/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:11.497944276 -0700 ++++ b/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:50.338515793 -0700 +@@ -1502,6 +1502,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD + return ret; + } + ++SECStatus ++SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd, ++ SECKEYPublicKey * channelIDPub, ++ SECKEYPrivateKey *channelID) ++{ ++ sslSocket * ss = ssl_FindSocket(fd); ++ SECStatus ret; ++ ++ if (!ss) { ++ SSL_DBG(("%d: SSL[%d]: bad socket in" ++ " SSL_RestartHandshakeAfterChannelIDReq", ++ SSL_GETPID(), fd)); ++ goto loser; ++ } ++ ++ ++ ssl_Get1stHandshakeLock(ss); ++ ++ if (ss->version < SSL_LIBRARY_VERSION_3_0) { ++ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); ++ ssl_Release1stHandshakeLock(ss); ++ goto loser; ++ } ++ ++ ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub, ++ channelID); ++ ssl_Release1stHandshakeLock(ss); ++ ++ return ret; ++ ++loser: ++ SECKEY_DestroyPublicKey(channelIDPub); ++ SECKEY_DestroyPrivateKey(channelID); ++ return SECFailure; ++} ++ + /* DO NOT USE. This function was exported in ssl.def with the wrong signature; + * this implementation exists to maintain link-time compatibility. + */ +diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c +--- a/nss/lib/ssl/sslsock.c 2013-07-31 12:44:32.017363288 -0700 ++++ b/nss/lib/ssl/sslsock.c 2013-07-31 12:45:50.348515937 -0700 +@@ -354,6 +354,8 @@ ssl_DupSocket(sslSocket *os) + ss->handshakeCallback = os->handshakeCallback; + ss->handshakeCallbackData = os->handshakeCallbackData; + ss->pkcs11PinArg = os->pkcs11PinArg; ++ ss->getChannelID = os->getChannelID; ++ ss->getChannelIDArg = os->getChannelIDArg; + + /* Create security data */ + rv = ssl_CopySecurityInfo(ss, os); +@@ -1754,6 +1756,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile + ss->handshakeCallbackData = sm->handshakeCallbackData; + if (sm->pkcs11PinArg) + ss->pkcs11PinArg = sm->pkcs11PinArg; ++ if (sm->getChannelID) ++ ss->getChannelID = sm->getChannelID; ++ if (sm->getChannelIDArg) ++ ss->getChannelIDArg = sm->getChannelIDArg; + return fd; + loser: + return NULL; +@@ -3027,6 +3033,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto + ss->badCertArg = NULL; + ss->pkcs11PinArg = NULL; + ss->ephemeralECDHKeyPair = NULL; ++ ss->getChannelID = NULL; ++ ss->getChannelIDArg = NULL; + + ssl_ChooseOps(ss); + ssl2_InitSocketPolicy(ss); +diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h +--- a/nss/lib/ssl/sslt.h 2013-07-31 12:07:10.974699609 -0700 ++++ b/nss/lib/ssl/sslt.h 2013-07-31 12:45:50.348515937 -0700 +@@ -184,9 +184,10 @@ typedef enum { + ssl_use_srtp_xtn = 14, + ssl_session_ticket_xtn = 35, + ssl_next_proto_nego_xtn = 13172, ++ ssl_channel_id_xtn = 30031, + ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ + } SSLExtensionType; + +-#define SSL_MAX_EXTENSIONS 9 ++#define SSL_MAX_EXTENSIONS 10 + + #endif /* __sslt_h_ */ |