Issue #1693 - Update NSS to 3.79.4

1 files changed, 22 insertions, 13 deletions

diff --git a/security/nss/lib/ssl/ssl3ext.h b/security/nss/lib/ssl/ssl3ext.h
index 7f09e5fd74..73daffb089 100644
--- a/security/nss/lib/ssl/ssl3ext.h
+++ b/security/nss/lib/ssl/ssl3ext.h
@@ -9,10 +9,9 @@
 #ifndef __ssl3ext_h_
 #define __ssl3ext_h_
 
+#include "pk11hpke.h"
 #include "sslencode.h"
 
-#define TLS13_ESNI_NONCE_SIZE 16
-
 typedef enum {
     sni_nametype_hostname
 } SNINameType;
@@ -39,7 +38,9 @@ struct TLSExtensionDataStr {
 
     /* Keep track of the extensions that are advertised or negotiated. */
     PRUint16 numAdvertised;
-    PRUint16 *advertised; /* Allocated dynamically. */
+    PRUint16 *advertised;      /* Allocated dynamically. */
+    PRUint16 echNumAdvertised; /* Tracks Xtns offered in ClientHelloInner. */
+    PRUint16 *echAdvertised;
     PRUint16 numNegotiated;
     PRUint16 negotiated[SSL_MAX_EXTENSIONS];
 
@@ -98,7 +99,9 @@ struct TLSExtensionDataStr {
 
     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
 
-    unsigned int lastXtnOffset; /* Where to insert padding. 0 = end. */
+    unsigned int echXtnOffset;  /* The start of the ECH Xtn (if any) */
+    unsigned int lastXtnOffset; /* Where to insert any other extensions.
+                                 * 0 = end, otherwise base of PSK xtn. */
     PRCList remoteKeyShares;    /* The other side's public keys (TLS 1.3) */
 
     /* The following are used by a TLS 1.3 server. */
@@ -114,14 +117,6 @@ struct TLSExtensionDataStr {
     /* The record size limit set by the peer. Our value is kept in ss->opt. */
     PRUint16 recordSizeLimit;
 
-    /* ESNI working state */
-    SECItem keyShareExtension;
-    ssl3CipherSuite esniSuite;
-    sslEphemeralKeyPair *esniPrivateKey;
-    /* Pointer into |ss->esniKeys->keyShares| */
-    TLS13KeyShareEntry *peerEsniShare;
-    PRUint8 esniNonce[TLS13_ESNI_NONCE_SIZE];
-
     /* Delegated credentials.
      *
      * The delegated credential sent by the peer. Set by
@@ -134,6 +129,14 @@ struct TLSExtensionDataStr {
      * |tls13_MaybeSetDelegatedCredential|.
      */
     PRBool sendingDelegCredToPeer;
+
+    /* A non-owning reference to the selected PSKs. MUST NOT be freed directly,
+     * rather through tls13_DestoryPskList(). */
+    sslPsk *selectedPsk;
+
+    /* ECH working state. Non-null when a valid Encrypted Client Hello extension
+     * was received. */
+    sslEchXtnState *ech;
 };
 
 typedef struct TLSExtensionStr {
@@ -161,6 +164,7 @@ SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
 TLSExtension *ssl3_FindExtension(sslSocket *ss,
                                  SSLExtensionType extension_type);
 void ssl3_DestroyRemoteExtensions(PRCList *list);
+void ssl3_MoveRemoteExtensions(PRCList *dst, PRCList *src);
 void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
 void ssl3_DestroyExtensionData(TLSExtensionData *xtnData);
 void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
@@ -176,7 +180,9 @@ SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf,
                                   SSLHandshakeType message);
 SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData,
                                  sslBuffer *buf, PRBool *append);
-SECStatus ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen,
+SECStatus ssl3_EmplaceExtension(sslSocket *ss, sslBuffer *buf, PRUint16 exType,
+                                const PRUint8 *data, unsigned int len, PRBool advertise);
+SECStatus ssl_InsertPaddingExtension(sslSocket *ss, unsigned int prefixLen,
                                      sslBuffer *buf);
 
 /* Thunks to let us operate on const sslSocket* objects. */
@@ -197,5 +203,8 @@ SECStatus SSLExp_GetExtensionSupport(PRUint16 type,
 SECStatus SSLExp_InstallExtensionHooks(
     PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer,
     void *writerArg, SSLExtensionHandler handler, void *handlerArg);
+sslCustomExtensionHooks *ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension);
+SECStatus ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf,
+                                         SSLHandshakeType message);
 
 #endif