net: add NSS support for RFC 5705

net/third_party/nss/ssl/ssl.h

Index: net/third_party/nss/ssl/ssl.h
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 53ca30172f4ec3f3a95c7417759105e291fae5f9..1537aae543f921707e73fd4e99f78720ed90cc49 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -686,6 +686,17 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
 /* Returnes negotiated through SNI host info. */
 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
 
+/* Export keying material according to RFC 5705.
+** fd must correspond to a TLS 1.0 or higher socket and out must
+** already be allocated.

[wtc, 2011/07/21 19:56:16]

We should say if contextlen is 0, the exporter will use the
no-context construction defined in the RFC.

[agl, 2011/07/22 14:05:40]

Done.

+*/
+SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
+                                              const char *label,
+                                              const unsigned char *context,
+                                              unsigned int contextlen,
+                                              unsigned char *out,
+                                              unsigned int outlen);
+
 /*
 ** Return a new reference to the certificate that was most recently sent
 ** to the peer on this SSL/TLS connection, or NULL if none has been sent.