From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:13:27 +0200
Subject: Adding upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/nss/lib/ssl/ssl3ext.h | 10 ----------
 security/nss/lib/ssl/sslexp.h  |  8 ++++----
 security/nss/lib/ssl/sslimpl.h | 15 ++++-----------
 security/nss/lib/ssl/sslsock.c |  1 +
 security/nss/lib/ssl/sslt.h    | 17 +++++++++++++++++
 5 files changed, 26 insertions(+), 25 deletions(-)

(limited to 'security/nss/lib/ssl')

diff --git a/security/nss/lib/ssl/ssl3ext.h b/security/nss/lib/ssl/ssl3ext.h
index c1bed29901..6176bd5c9e 100644
--- a/security/nss/lib/ssl/ssl3ext.h
+++ b/security/nss/lib/ssl/ssl3ext.h
@@ -30,16 +30,6 @@ typedef struct {
     sslExtensionBuilderFunc ex_sender;
 } sslExtensionBuilder;
 
-/* RFC 8879: TLS Certificate Compression - 3. Negotiating Certificate Compression 
-** enum {
-**  zlib(1),
-**  brotli(2),
-**  zstd(3),
-**  (65535)
-** } CertificateCompressionAlgorithm; 
-*/
-typedef PRUint16 SSLCertificateCompressionAlgorithmID;
-
 struct TLSExtensionDataStr {
     /* registered callbacks that send server hello extensions */
     sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS];
diff --git a/security/nss/lib/ssl/sslexp.h b/security/nss/lib/ssl/sslexp.h
index b26afd9b17..b51d224d50 100644
--- a/security/nss/lib/ssl/sslexp.h
+++ b/security/nss/lib/ssl/sslexp.h
@@ -1079,10 +1079,10 @@ typedef struct SSLMaskingContextStr {
  * The function SSL_SetCertificateCompressionAlgorithm() adds a certificate
  * compression mechanism to the socket fd. */
 
-#define SSL_SetCertificateCompressionAlgorithm(fd, t)                \
-    SSL_EXPERIMENTAL_API("SSL_SetCertificateCompressionAlgorithm",   \
-                         (PRFileDesc * _fd,                          \
-                          SSLCertificateCompressionAlgorithmType t), \
+#define SSL_SetCertificateCompressionAlgorithm(fd, t)              \
+    SSL_EXPERIMENTAL_API("SSL_SetCertificateCompressionAlgorithm", \
+                         (PRFileDesc * _fd,                        \
+                          SSLCertificateCompressionAlgorithm t),   \
                          (fd, t))
 
 /* Deprecated experimental APIs */
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index 7a5757b6db..973a5db9f7 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -26,6 +26,8 @@
 #include "pkcs11t.h"
 #if defined(XP_UNIX)
 #include "unistd.h"
+#elif defined(XP_WIN)
+#include <process.h>
 #endif
 #include "nssrwlk.h"
 #include "prthread.h"
@@ -733,8 +735,8 @@ typedef struct SSL3HandshakeStateStr {
 
     PRUint32 rtRetries;  /* The retry counter */
     SECItem srvVirtName; /* for server: name that was negotiated
-                                    * with a client. For client - is
-                                    * always set to NULL.*/
+                          * with a client. For client - is
+                          * always set to NULL.*/
 
     /* This group of values is used for TLS 1.3 and above */
     PK11SymKey *currentSecret;            /* The secret down the "left hand side"
@@ -815,14 +817,6 @@ typedef struct SSL3HandshakeStateStr {
         PORT_Assert(ss->ssl3.hs.messages.len == 0);                  \
         PORT_Assert(ss->ssl3.hs.echInnerMessages.len == 0);          \
     } while (0)
-
-typedef struct SSLCertificateCompressionAlgorithmStr {
-    SSLCertificateCompressionAlgorithmID id;
-    const char *name;
-    SECStatus (*encode)(const SECItem *input, SECItem *output);
-    SECStatus (*decode)(const SECItem *input, SECItem *output, size_t expectedLenDecodedCertificate);
-} SSLCertificateCompressionAlgorithm;
-
 /*
 ** This is the "ssl3" struct, as in "ss->ssl3".
 ** note:
@@ -2039,7 +2033,6 @@ SEC_END_PROTOS
 #if defined(XP_UNIX) || defined(XP_OS2)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
-extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index 8f6c50c67c..befa4eda43 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -4376,6 +4376,7 @@ struct {
     EXP(SetResumptionToken),
     EXP(SetServerEchConfigs),
     EXP(SetTimeFunc),
+    EXP(SetCertificateCompressionAlgorithm),
 #endif
     { "", NULL }
 };
diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h
index 133ae6a296..d8927319c2 100644
--- a/security/nss/lib/ssl/sslt.h
+++ b/security/nss/lib/ssl/sslt.h
@@ -585,4 +585,21 @@ typedef enum {
     ssl_dhe_group_max
 } SSLDHEGroupType;
 
+/* RFC 8879: TLS Certificate Compression - 3. Negotiating Certificate Compression 
+** enum {
+**  zlib(1),
+**  brotli(2),
+**  zstd(3),
+**  (65535)
+** } CertificateCompressionAlgorithm; 
+*/
+typedef PRUint16 SSLCertificateCompressionAlgorithmID;
+
+typedef struct SSLCertificateCompressionAlgorithmStr {
+    SSLCertificateCompressionAlgorithmID id;
+    const char* name;
+    SECStatus (*encode)(const SECItem* input, SECItem* output);
+    SECStatus (*decode)(const SECItem* input, SECItem* output, size_t expectedLenDecodedCertificate);
+} SSLCertificateCompressionAlgorithm;
+
 #endif /* __sslt_h_ */
-- 
cgit v1.2.3