diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c --- a/nss/lib/ssl/ssl3con.c 2013-04-27 09:23:52.361985404 -0700 +++ b/nss/lib/ssl/ssl3con.c 2013-04-27 09:24:01.302111964 -0700 @@ -54,6 +54,7 @@ static SECStatus ssl3_SendCertificateSta static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss); static SECStatus ssl3_SendCertificateRequest(sslSocket *ss); static SECStatus ssl3_SendNextProto( sslSocket *ss); +static SECStatus ssl3_SendEncryptedExtensions(sslSocket *ss); static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); static SECStatus ssl3_SendServerHello( sslSocket *ss); static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); @@ -5454,6 +5455,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS } #endif /* NSS_PLATFORM_CLIENT_AUTH */ + if (ss->ssl3.channelID != NULL) { + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); + ss->ssl3.channelID = NULL; + } + if (ss->ssl3.channelIDPub != NULL) { + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); + ss->ssl3.channelIDPub = NULL; + } + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { goto loser; /* alert has been sent */ @@ -5726,7 +5736,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS if (rv != SECSuccess) { goto alert_loser; /* err code was set */ } - return SECSuccess; + goto winner; } while (0); if (sid_match) @@ -5752,6 +5762,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS ss->ssl3.hs.isResuming = PR_FALSE; ss->ssl3.hs.ws = wait_server_cert; + +winner: + /* If we will need a ChannelID key then we make the callback now. This + * allows the handshake to be restarted cleanly if the callback returns + * SECWouldBlock. */ + if (ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) { + rv = ss->getChannelID(ss->getChannelIDArg, ss->fd, + &ss->ssl3.channelIDPub, &ss->ssl3.channelID); + if (rv == SECWouldBlock) { + ssl3_SetAlwaysBlock(ss); + return rv; + } + if (rv != SECSuccess || + ss->ssl3.channelIDPub == NULL || + ss->ssl3.channelID == NULL) { + PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED); + desc = internal_error; + goto alert_loser; + } + } + return SECSuccess; alert_loser: @@ -6506,6 +6537,10 @@ ssl3_SendClientSecondRound(sslSocket *ss goto loser; /* err code was set. */ } } + rv = ssl3_SendEncryptedExtensions(ss); + if (rv != SECSuccess) { + goto loser; /* err code was set. */ + } rv = ssl3_SendFinished(ss, 0); if (rv != SECSuccess) { @@ -9286,6 +9321,164 @@ ssl3_RecordKeyLog(sslSocket *ss) return; } +/* called from ssl3_SendClientSecondRound + * ssl3_HandleFinished + */ +static SECStatus +ssl3_SendEncryptedExtensions(sslSocket *ss) +{ + static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature"; + /* This is the ASN.1 prefix for a P-256 public key. Specifically it's: + * SEQUENCE + * SEQUENCE + * OID id-ecPublicKey + * OID prime256v1 + * BIT STRING, length 66, 0 trailing bits: 0x04 + * + * The 0x04 in the BIT STRING is the prefix for an uncompressed, X9.62 + * public key. Following that are the two field elements as 32-byte, + * big-endian numbers, as required by the Channel ID. */ + static const unsigned char P256_SPKI_PREFIX[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04 + }; + /* ChannelIDs are always 128 bytes long: 64 bytes of P-256 public key and 64 + * bytes of ECDSA signature. */ + static const int CHANNEL_ID_PUBLIC_KEY_LENGTH = 64; + static const int CHANNEL_ID_LENGTH = 128; + + SECStatus rv = SECFailure; + SECItem *spki = NULL; + SSL3Hashes hashes; + const unsigned char *pub_bytes; + unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)]; + unsigned char digest[SHA256_LENGTH]; + SECItem digest_item; + unsigned char signature[64]; + SECItem signature_item; + + PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + + if (ss->ssl3.channelID == NULL) + return SECSuccess; + + PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)); + + if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey || + PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) { + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); + rv = SECFailure; + goto loser; + } + + ssl_GetSpecReadLock(ss); + rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0); + ssl_ReleaseSpecReadLock(ss); + + if (rv != SECSuccess) + goto loser; + + rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions, + 2 + 2 + CHANNEL_ID_LENGTH); + if (rv != SECSuccess) + goto loser; /* error code set by AppendHandshakeHeader */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); + if (rv != SECSuccess) + goto loser; /* error code set by AppendHandshake */ + rv = ssl3_AppendHandshakeNumber(ss, CHANNEL_ID_LENGTH, 2); + if (rv != SECSuccess) + goto loser; /* error code set by AppendHandshake */ + + spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub); + + if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH || + memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) { + PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY); + rv = SECFailure; + goto loser; + } + + pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); + + memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); + + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data)); + if (rv != SECSuccess) + goto loser; + + digest_item.data = digest; + digest_item.len = sizeof(digest); + + signature_item.data = signature; + signature_item.len = sizeof(signature); + + rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item); + if (rv != SECSuccess) + goto loser; + + rv = ssl3_AppendHandshake(ss, pub_bytes, CHANNEL_ID_PUBLIC_KEY_LENGTH); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshake(ss, signature, sizeof(signature)); + +loser: + if (spki) + SECITEM_FreeItem(spki, PR_TRUE); + if (ss->ssl3.channelID) { + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); + ss->ssl3.channelID = NULL; + } + if (ss->ssl3.channelIDPub) { + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); + ss->ssl3.channelIDPub = NULL; + } + + return rv; +} + +/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake + * after a ChannelID callback returned SECWouldBlock. At this point we have + * processed the server's ServerHello but not yet any further messages. We will + * always get a message from the server after a ServerHello so either they are + * waiting in the buffer or we'll get network I/O. */ +SECStatus +ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss, + SECKEYPublicKey *channelIDPub, + SECKEYPrivateKey *channelID) +{ + if (ss->handshake == 0) { + SECKEY_DestroyPublicKey(channelIDPub); + SECKEY_DestroyPrivateKey(channelID); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + if (channelIDPub == NULL || + channelID == NULL) { + if (channelIDPub) + SECKEY_DestroyPublicKey(channelIDPub); + if (channelID) + SECKEY_DestroyPrivateKey(channelID); + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return SECFailure; + } + + if (ss->ssl3.channelID) + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); + if (ss->ssl3.channelIDPub) + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); + + ss->handshake = ssl_GatherRecord1stHandshake; + ss->ssl3.channelID = channelID; + ss->ssl3.channelIDPub = channelIDPub; + + return SECSuccess; +} + /* called from ssl3_HandleServerHelloDone * ssl3_HandleClientHello * ssl3_HandleFinished @@ -9539,11 +9732,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; } - if (!isServer && !ss->firstHsDone) { - rv = ssl3_SendNextProto(ss); - if (rv != SECSuccess) { - goto xmit_loser; /* err code was set. */ + if (!isServer) { + if (!ss->firstHsDone) { + rv = ssl3_SendNextProto(ss); + if (rv != SECSuccess) { + goto xmit_loser; /* err code was set. */ + } } + rv = ssl3_SendEncryptedExtensions(ss); + if (rv != SECSuccess) + goto xmit_loser; /* err code was set. */ } if (IS_DTLS(ss)) { @@ -10985,6 +11183,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) ssl_FreePlatformKey(ss->ssl3.platformClientKey); #endif /* NSS_PLATFORM_CLIENT_AUTH */ + if (ss->ssl3.channelID) + SECKEY_DestroyPrivateKey(ss->ssl3.channelID); + if (ss->ssl3.channelIDPub) + SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub); + if (ss->ssl3.peerCertArena != NULL) ssl3_CleanupPeerCerts(ss); diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c --- a/nss/lib/ssl/ssl3ext.c 2013-04-27 09:21:28.339946428 -0700 +++ b/nss/lib/ssl/ssl3ext.c 2013-04-27 09:36:58.433109462 -0700 @@ -61,6 +61,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo PRUint32 maxBytes); static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data); +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, + PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, @@ -244,6 +248,7 @@ static const ssl3HelloExtensionHandler s { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } }; @@ -270,6 +275,7 @@ ssl3HelloExtensionSender clientHelloSend { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } /* any extra entries will appear as { 0, NULL } */ }; @@ -655,6 +661,52 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke } return extension_length; + +loser: + return -1; +} + +static SECStatus +ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data) +{ + PORT_Assert(ss->getChannelID != NULL); + + if (data->len) { + PORT_SetError(SSL_ERROR_BAD_CHANNEL_ID_DATA); + return SECFailure; + } + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + return SECSuccess; +} + +static PRInt32 +ssl3_ClientSendChannelIDXtn(sslSocket * ss, PRBool append, + PRUint32 maxBytes) +{ + PRInt32 extension_length = 4; + + if (!ss->getChannelID) + return 0; + + if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; + } + + if (append) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_channel_id_xtn; + } + + return extension_length; loser: return -1; diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h --- a/nss/lib/ssl/ssl3prot.h 2013-04-27 09:17:17.216390477 -0700 +++ b/nss/lib/ssl/ssl3prot.h 2013-04-27 09:24:01.302111964 -0700 @@ -130,7 +130,8 @@ typedef enum { client_key_exchange = 16, finished = 20, certificate_status = 22, - next_proto = 67 + next_proto = 67, + encrypted_extensions= 203 } SSL3HandshakeType; typedef struct { diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c --- a/nss/lib/ssl/sslauth.c 2013-04-27 09:21:28.339946428 -0700 +++ b/nss/lib/ssl/sslauth.c 2013-04-27 09:24:01.302111964 -0700 @@ -220,6 +220,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, return SECSuccess; } +SECStatus +SSL_SetClientChannelIDCallback(PRFileDesc *fd, + SSLClientChannelIDCallback callback, + void *arg) { + sslSocket *ss = ssl_FindSocket(fd); + + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetClientChannelIDCallback", + SSL_GETPID(), fd)); + return SECFailure; + } + + ss->getChannelID = callback; + ss->getChannelIDArg = arg; + + return SECSuccess; +} + #ifdef NSS_PLATFORM_CLIENT_AUTH /* NEED LOCKS IN HERE. */ SECStatus diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h --- a/nss/lib/ssl/sslerr.h 2013-04-27 09:17:17.216390477 -0700 +++ b/nss/lib/ssl/sslerr.h 2013-04-27 09:24:01.302111964 -0700 @@ -190,6 +190,10 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERS SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125), +SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 126), +SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 127), +SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 128), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h --- a/nss/lib/ssl/SSLerrs.h 2013-04-27 09:16:26.795676403 -0700 +++ b/nss/lib/ssl/SSLerrs.h 2013-04-27 09:24:01.302111964 -0700 @@ -403,3 +403,12 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_ ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125), "SSL received an unexpected Certificate Status handshake message.") + +ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 126), +"SSL received a malformed TLS Channel ID extension.") + +ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 127), +"The application provided an invalid TLS Channel ID key.") + +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 128), +"The application could not get a TLS Channel ID.") diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h --- a/nss/lib/ssl/ssl.h 2013-04-27 09:23:52.361985404 -0700 +++ b/nss/lib/ssl/ssl.h 2013-04-27 09:24:01.302111964 -0700 @@ -960,6 +960,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *last_handshake_resumed); +/* See SSL_SetClientChannelIDCallback for usage. If the callback returns + * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in + * the future to restart the handshake. On SECSuccess, the callback must have + * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */ +typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)( + void *arg, + PRFileDesc *fd, + SECKEYPublicKey **out_public_key, + SECKEYPrivateKey **out_private_key); + +/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake + * after a ChannelID callback returned SECWouldBlock. + * + * This function takes ownership of |channelIDPub| and |channelID|. */ +SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq( + PRFileDesc *fd, + SECKEYPublicKey *channelIDPub, + SECKEYPrivateKey *channelID); + +/* SSL_SetClientChannelIDCallback sets a callback function that will be called + * once the server's ServerHello has been processed. This is only applicable to + * a client socket and setting this callback causes the TLS Channel ID + * extension to be advertised. */ +SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback( + PRFileDesc *fd, + SSLClientChannelIDCallback callback, + void *arg); + /* ** How long should we wait before retransmitting the next flight of ** the DTLS handshake? Returns SECFailure if not DTLS or not in a diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h --- a/nss/lib/ssl/sslimpl.h 2013-04-27 09:23:52.361985404 -0700 +++ b/nss/lib/ssl/sslimpl.h 2013-04-27 09:24:01.302111964 -0700 @@ -887,6 +887,9 @@ struct ssl3StateStr { CERTCertificateList *clientCertChain; /* used by client */ PRBool sendEmptyCert; /* used by client */ + SECKEYPrivateKey *channelID; /* used by client */ + SECKEYPublicKey *channelIDPub; /* used by client */ + int policy; /* This says what cipher suites we can do, and should * be either SSL_ALLOWED or SSL_RESTRICTED @@ -1158,6 +1161,8 @@ const unsigned char * preferredCipher; void *pkcs11PinArg; SSLNextProtoCallback nextProtoCallback; void *nextProtoArg; + SSLClientChannelIDCallback getChannelID; + void *getChannelIDArg; PRIntervalTime rTimeout; /* timeout for NSPR I/O */ PRIntervalTime wTimeout; /* timeout for NSPR I/O */ @@ -1489,6 +1494,11 @@ extern SECStatus ssl3_RestartHandshakeAf SECKEYPrivateKey * key, CERTCertificateList *certChain); +extern SECStatus ssl3_RestartHandshakeAfterChannelIDReq( + sslSocket *ss, + SECKEYPublicKey *channelIDPub, + SECKEYPrivateKey *channelID); + extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error); /* diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c --- a/nss/lib/ssl/sslsecur.c 2013-04-27 09:23:52.371985544 -0700 +++ b/nss/lib/ssl/sslsecur.c 2013-04-27 09:24:01.302111964 -0700 @@ -1503,6 +1503,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD return ret; } +SECStatus +SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd, + SECKEYPublicKey * channelIDPub, + SECKEYPrivateKey *channelID) +{ + sslSocket * ss = ssl_FindSocket(fd); + SECStatus ret; + + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in" + " SSL_RestartHandshakeAfterChannelIDReq", + SSL_GETPID(), fd)); + goto loser; + } + + + ssl_Get1stHandshakeLock(ss); + + if (ss->version < SSL_LIBRARY_VERSION_3_0) { + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); + ssl_Release1stHandshakeLock(ss); + goto loser; + } + + ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub, + channelID); + ssl_Release1stHandshakeLock(ss); + + return ret; + +loser: + SECKEY_DestroyPublicKey(channelIDPub); + SECKEY_DestroyPrivateKey(channelID); + return SECFailure; +} + /* DO NOT USE. This function was exported in ssl.def with the wrong signature; * this implementation exists to maintain link-time compatibility. */ diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c --- a/nss/lib/ssl/sslsock.c 2013-04-27 09:23:12.121415729 -0700 +++ b/nss/lib/ssl/sslsock.c 2013-04-27 09:24:01.312112105 -0700 @@ -348,6 +348,8 @@ ssl_DupSocket(sslSocket *os) ss->handshakeCallback = os->handshakeCallback; ss->handshakeCallbackData = os->handshakeCallbackData; ss->pkcs11PinArg = os->pkcs11PinArg; + ss->getChannelID = os->getChannelID; + ss->getChannelIDArg = os->getChannelIDArg; /* Create security data */ rv = ssl_CopySecurityInfo(ss, os); @@ -1749,6 +1751,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile ss->handshakeCallbackData = sm->handshakeCallbackData; if (sm->pkcs11PinArg) ss->pkcs11PinArg = sm->pkcs11PinArg; + if (sm->getChannelID) + ss->getChannelID = sm->getChannelID; + if (sm->getChannelIDArg) + ss->getChannelIDArg = sm->getChannelIDArg; return fd; loser: return NULL; @@ -3024,6 +3030,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto ss->badCertArg = NULL; ss->pkcs11PinArg = NULL; ss->ephemeralECDHKeyPair = NULL; + ss->getChannelID = NULL; + ss->getChannelIDArg = NULL; ssl_ChooseOps(ss); ssl2_InitSocketPolicy(ss); diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h --- a/nss/lib/ssl/sslt.h 2013-04-27 09:17:17.226390616 -0700 +++ b/nss/lib/ssl/sslt.h 2013-04-27 09:24:01.312112105 -0700 @@ -183,9 +183,10 @@ typedef enum { ssl_use_srtp_xtn = 14, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, + ssl_channel_id_xtn = 30031, ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 8 +#define SSL_MAX_EXTENSIONS 9 #endif /* __sslt_h_ */