Update net/third_party/nss to NSS 3.13.3.

net/third_party/nss/patches/origin_bound_certs.patch

Index: net/third_party/nss/patches/origin_bound_certs.patch
===================================================================
--- net/third_party/nss/patches/origin_bound_certs.patch	(revision 124320)
+++ net/third_party/nss/patches/origin_bound_certs.patch	(working copy)
@@ -1,59 +1,44 @@
-From 68d651bb679cd9da8f162774c5dcf40aad5ae3f1 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:25:10 -0400
-Subject: [PATCH] origin_bound_certs.patch
-
----
- mozilla/security/nss/lib/ssl/ssl.h     |    1 +
- mozilla/security/nss/lib/ssl/ssl3ext.c |   82 +++++++++++++++++++++++++++++++-
- mozilla/security/nss/lib/ssl/sslimpl.h |    7 +++
- mozilla/security/nss/lib/ssl/sslsock.c |   13 +++++-
- mozilla/security/nss/lib/ssl/sslt.h    |    5 +-
- 5 files changed, 104 insertions(+), 4 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index c32438d..1115fa9 100644
---- a/mozilla/security/nss/lib/ssl/ssl.h
-+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -142,6 +142,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
- #define SSL_ENABLE_OCSP_STAPLING       23 /* Request OCSP stapling (client) */
- #define SSL_ENABLE_CACHED_INFO         24 /* Enable TLS cached information  */
-                                           /* extension, off by default.     */
+diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h	2012-02-29 14:41:25.755295547 -0800
++++ b/src/net/third_party/nss/ssl/ssl.h	2012-02-29 16:45:47.368569394 -0800
+@@ -168,6 +168,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi
+  */
+ #define SSL_CBC_RANDOM_IV 23
+ #define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
 +#define SSL_ENABLE_OB_CERTS            25 /* Enable origin bound certs.     */
  
  #ifdef SSL_DEPRECATED_FUNCTION 
  /* Old deprecated function names */
-diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index 17898fb..887344b 100644
---- a/mozilla/security/nss/lib/ssl/ssl3ext.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
-@@ -237,6 +237,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
+diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/ssl3ext.c
+--- a/src/net/third_party/nss/ssl/ssl3ext.c	2012-02-28 20:34:50.114663722 -0800
++++ b/src/net/third_party/nss/ssl/ssl3ext.c	2012-02-29 17:05:21.684414824 -0800
+@@ -242,6 +242,7 @@ static const ssl3HelloExtensionHandler c
+     { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
      { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-     { ssl_next_proto_neg_xtn,     &ssl3_ServerHandleNextProtoNegoXtn },
-     { ssl_cached_info_xtn,        &ssl3_ServerHandleCachedInfoXtn },
+     { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
 +    { ssl_ob_cert_xtn,            &ssl3_ServerHandleOBCertXtn },
      { -1, NULL }
  };
  
-@@ -250,6 +251,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
-     { ssl_next_proto_neg_xtn,     &ssl3_ClientHandleNextProtoNegoXtn },
-     { ssl_cached_info_xtn,        &ssl3_ClientHandleCachedInfoXtn },
+@@ -254,6 +255,7 @@ static const ssl3HelloExtensionHandler s
+     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+     { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
      { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
 +    { ssl_ob_cert_xtn,            &ssl3_ClientHandleOBCertXtn },
      { -1, NULL }
  };
  
-@@ -275,7 +277,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+@@ -278,7 +280,8 @@ ssl3HelloExtensionSender clientHelloSend
+ #endif
      { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
-     { ssl_next_proto_neg_xtn,     &ssl3_ClientSendNextProtoNegoXtn },
-     { ssl_cached_info_xtn,        &ssl3_ClientSendCachedInfoXtn },
+     { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
 -    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn }
 +    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
 +    { ssl_ob_cert_xtn,            &ssl3_SendOBCertXtn }
      /* any extra entries will appear as { 0, NULL }    */
  };
  
-@@ -1973,3 +1976,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
+@@ -1723,3 +1726,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocke
      return rv;
  }
  
@@ -134,19 +119,18 @@
 +
 +    return SECSuccess;
 +}
-diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index f1e9a3e..973a3c9 100644
---- a/mozilla/security/nss/lib/ssl/sslimpl.h
-+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -341,6 +341,7 @@ typedef struct sslOptionsStr {
+diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h	2012-02-28 20:34:50.114663722 -0800
++++ b/src/net/third_party/nss/ssl/sslimpl.h	2012-02-29 16:57:21.097919853 -0800
+@@ -349,6 +349,7 @@ typedef struct sslOptionsStr {
      unsigned int enableFalseStart       : 1;  /* 23 */
-     unsigned int enableOCSPStapling     : 1;  /* 24 */
-     unsigned int enableCachedInfo       : 1;  /* 25 */
+     unsigned int cbcRandomIV            : 1;  /* 24 */
+     unsigned int enableOCSPStapling     : 1;  /* 25 */
 +    unsigned int enableOBCerts          : 1;  /* 26 */
  } sslOptions;
  
  typedef enum { sslHandshakingUndetermined = 0,
-@@ -1547,10 +1548,14 @@ extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
+@@ -1563,8 +1564,12 @@ extern SECStatus ssl3_ClientHandleSessio
  			PRUint16 ex_type, SECItem *data);
  extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
  			PRUint16 ex_type, SECItem *data);
@@ -154,36 +138,33 @@
 +			PRUint16 ex_type, SECItem *data);
  extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
  			PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
- 			PRUint16 ex_type, SECItem *data);
 +extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss,
 +			PRUint16 ex_type, SECItem *data);
  
  /* ClientHello and ServerHello extension senders.
   * Note that not all extension senders are exposed here; only those that
-@@ -1570,6 +1575,8 @@ extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
+@@ -1580,6 +1585,8 @@ extern PRInt32 ssl3_ClientSendStatusRequ
+  */
+ extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
                       PRUint32 maxBytes);
- extern PRInt32 ssl3_ServerSendCachedInfoXtn(sslSocket *ss, PRBool append,
- 		     PRUint32 maxBytes);
 +extern PRInt32 ssl3_SendOBCertXtn(sslSocket *ss, PRBool append,
 +			PRUint32 maxBytes);
  
  /* Assigns new cert, cert chain and keys to ss->serverCerts
   * struct. If certChain is NULL, tries to find one. Aborts if
-diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index 11b53da..7d12bfe 100644
---- a/mozilla/security/nss/lib/ssl/sslsock.c
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c
+diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/sslsock.c
+--- a/src/net/third_party/nss/ssl/sslsock.c	2012-02-29 14:41:25.755295547 -0800
++++ b/src/net/third_party/nss/ssl/sslsock.c	2012-02-29 17:03:16.272715683 -0800
 @@ -187,6 +187,7 @@ static sslOptions ssl_defaults = {
      PR_FALSE,   /* enableFalseStart   */
+     PR_TRUE,    /* cbcRandomIV        */
      PR_FALSE,   /* enableOCSPStapling */
-     PR_FALSE,   /* enableCachedInfo */
 +    PR_FALSE,   /* enableOBCerts */
  };
  
  sslSessionIDLookupFunc  ssl_sid_lookup;
-@@ -748,6 +749,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
- 	ss->opt.enableCachedInfo = on;
+@@ -750,6 +751,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ 	ss->opt.enableOCSPStapling = on;
  	break;
  
 +      case SSL_ENABLE_OB_CERTS:
@@ -193,26 +174,24 @@
        default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
  	rv = SECFailure;
-@@ -813,7 +818,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
-                                   on = ss->opt.requireSafeNegotiation; break;
+@@ -816,6 +821,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
      case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
+     case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
      case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
--    case SSL_ENABLE_CACHED_INFO:  on = ss->opt.enableCachedInfo; break;
-+    case SSL_ENABLE_CACHED_INFO:  on = ss->opt.enableCachedInfo;   break;
 +    case SSL_ENABLE_OB_CERTS:     on = ss->opt.enableOBCerts;      break;
  
      default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -869,6 +875,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+@@ -873,6 +879,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
+     case SSL_ENABLE_OCSP_STAPLING:
  	on = ssl_defaults.enableOCSPStapling;
  	break;
-     case SSL_ENABLE_CACHED_INFO:  on = ssl_defaults.enableCachedInfo;   break;
 +    case SSL_ENABLE_OB_CERTS:     on = ssl_defaults.enableOBCerts;      break;
  
      default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1024,6 +1031,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
- 	ssl_defaults.enableCachedInfo = on;
+@@ -1036,6 +1043,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
+ 	ssl_defaults.enableOCSPStapling = on;
  	break;
  
 +      case SSL_ENABLE_OB_CERTS:
@@ -222,20 +201,19 @@
        default:
  	PORT_SetError(SEC_ERROR_INVALID_ARGS);
  	return SECFailure;
-diff --git a/mozilla/security/nss/lib/ssl/sslt.h b/mozilla/security/nss/lib/ssl/sslt.h
-index bca7496..5f852fe 100644
---- a/mozilla/security/nss/lib/ssl/sslt.h
-+++ b/mozilla/security/nss/lib/ssl/sslt.h
-@@ -206,9 +206,10 @@ typedef enum {
+diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt.h
+--- a/src/net/third_party/nss/ssl/sslt.h	2012-02-28 19:26:04.057351342 -0800
++++ b/src/net/third_party/nss/ssl/sslt.h	2012-02-29 17:05:03.744171015 -0800
+@@ -205,9 +205,10 @@ typedef enum {
+ #endif
      ssl_session_ticket_xtn           = 35,
-     ssl_next_proto_neg_xtn           = 13172,
-     ssl_cached_info_xtn              = 13173,
+     ssl_next_proto_nego_xtn          = 13172,
 -    ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
 +    ssl_renegotiation_info_xtn       = 0xff01,	/* experimental number */
 +    ssl_ob_cert_xtn                  = 13175	/* experimental number */
  } SSLExtensionType;
  
--#define SSL_MAX_EXTENSIONS             8
-+#define SSL_MAX_EXTENSIONS             9
+-#define SSL_MAX_EXTENSIONS             7
++#define SSL_MAX_EXTENSIONS             8
  
  #endif /* __sslt_h_ */