Make SSLClientSocketNSS full-duplex

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code GetDefaultCertNickname(), derived from
 // nsNSSCertificate::defaultServerNickName()
 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp
 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from
 // AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
@@ skipping 63 matching lines @@
 
 static const int kRecvBufferSize = 4096;
 
 namespace net {
 
 // State machines are easier to debug if you log state transitions.
 // Enable these if you want to see what's going on.
 #if 1
 #define EnterFunction(x)
 #define LeaveFunction(x)
-#define GotoState(s) next_state_ = s
+#define GotoState(s) next_handshake_state_ = s
 #define LogData(s, len)
 #else
 #define EnterFunction(x)  LOG(INFO) << (void *)this << " " << __FUNCTION__ << \
-                           " enter " << x << "; next_state " << next_state_
+                           " enter " << x << \
+                           "; next_handshake_state " << next_handshake_state_
 #define LeaveFunction(x)  LOG(INFO) << (void *)this << " " << __FUNCTION__ << \
-                           " leave " << x << "; next_state " << next_state_
+                           " leave " << x << \
+                           "; next_handshake_state " << next_handshake_state_
 #define GotoState(s) do { LOG(INFO) << (void *)this << " " << __FUNCTION__ << \
-                           " jump to state " << s; next_state_ = s; } while (0)
+                           " jump to state " << s; \
+                           next_handshake_state_ = s; } while (0)
 #define LogData(s, len)   LOG(INFO) << (void *)this << " " << __FUNCTION__ << \
                            " data [" << std::string(s, len) << "]";
 
 #endif
 
 namespace {
 
 // Gets default certificate nickname from cert.
 // Derived from nsNSSCertificate::defaultServerNickname
 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp.
@@ skipping 83 matching lines @@
 bool SSLClientSocketNSS::nss_options_initialized_ = false;
 
 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocket* transport_socket,
                                        const std::string& hostname,
                                        const SSLConfig& ssl_config)
     :
       buffer_send_callback_(this, &SSLClientSocketNSS::BufferSendComplete),
       buffer_recv_callback_(this, &SSLClientSocketNSS::BufferRecvComplete),
       transport_send_busy_(false),
       transport_recv_busy_(false),
-      io_callback_(this, &SSLClientSocketNSS::OnIOComplete),
+      handshake_io_callback_(this, &SSLClientSocketNSS::OnHandshakeIOComplete),
       transport_(transport_socket),
       hostname_(hostname),
       ssl_config_(ssl_config),
       user_connect_callback_(NULL),
-      user_callback_(NULL),
-      user_buf_len_(0),
+      user_read_callback_(NULL),
+      user_write_callback_(NULL),
+      user_read_buf_len_(0),
+      user_write_buf_len_(0),
       completed_handshake_(false),
-      next_state_(STATE_NONE),
+      next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
       nss_bufs_(NULL) {
   EnterFunction("");
 }
 
 SSLClientSocketNSS::~SSLClientSocketNSS() {
   EnterFunction("");
   Disconnect();
   LeaveFunction("");
 }
 
 int SSLClientSocketNSS::Init() {
   EnterFunction("");
   // Initialize NSS in a threadsafe way.
   base::EnsureNSSInit();
   // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop
   // by MessageLoopForIO::current().
   // X509Certificate::Verify() runs on a worker thread of CertVerifier.
   EnsureOCSPInit();
 
   LeaveFunction("");
   return OK;
 }
 
 int SSLClientSocketNSS::Connect(CompletionCallback* callback) {
   EnterFunction("");
   DCHECK(transport_.get());
-  DCHECK(next_state_ == STATE_NONE);
-  DCHECK(!user_callback_);
+  DCHECK(next_handshake_state_ == STATE_NONE);
+  DCHECK(!user_read_callback_);
+  DCHECK(!user_write_callback_);
   DCHECK(!user_connect_callback_);
-  DCHECK(!user_buf_);
+  DCHECK(!user_read_buf_);
+  DCHECK(!user_write_buf_);
 
   if (Init() != OK) {
     NOTREACHED() << "Couldn't initialize nss";
   }
 
   // Transport connected, now hook it up to nss
   // TODO(port): specify rx and tx buffer sizes separately
   nss_fd_ = memio_CreateIOLayer(kRecvBufferSize);
   if (nss_fd_ == NULL) {
     return 9999;  // TODO(port): real error
@@ skipping 68 matching lines @@
   rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this);
   if (rv != SECSuccess)
     return ERR_UNEXPECTED;
 
   // Tell SSL the hostname we're trying to connect to.
   SSL_SetURL(nss_fd_, hostname_.c_str());
 
   // Tell SSL we're a client; needed if not letting NSPR do socket I/O
   SSL_ResetHandshake(nss_fd_, 0);
 
-  GotoState(STATE_HANDSHAKE_READ);
-  rv = DoLoop(OK);
+  GotoState(STATE_HANDSHAKE);
+  rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING)
     user_connect_callback_ = callback;
 
   LeaveFunction("");
   return rv > OK ? OK : rv;
 }
 
 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() {
   if (UpdateServerCert() != NULL &&
       ssl_config_.IsAllowedBadCert(server_cert_)) {
     SSL_InvalidateSession(nss_fd_);
   }
 }
 
 void SSLClientSocketNSS::Disconnect() {
   EnterFunction("");
 
   // TODO(wtc): Send SSL close_notify alert.
   if (nss_fd_ != NULL) {
     InvalidateSessionIfBadCertificate();
     PR_Close(nss_fd_);
     nss_fd_ = NULL;
   }
 
   // Shut down anything that may call us back (through buffer_send_callback_,
-  // buffer_recv_callback, or io_callback_).
+  // buffer_recv_callback, or handshake_io_callback_).
   verifier_.reset();
   transport_->Disconnect();
 
   // Reset object state
   transport_send_busy_   = false;
   transport_recv_busy_   = false;
   user_connect_callback_ = NULL;
-  user_callback_         = NULL;
-  user_buf_              = NULL;
-  user_buf_len_          = 0;
+  user_read_callback_    = NULL;
+  user_write_callback_   = NULL;
+  user_read_buf_         = NULL;
+  user_read_buf_len_     = 0;
+  user_write_buf_        = NULL;
+  user_write_buf_len_    = 0;
   server_cert_           = NULL;
   server_cert_verify_result_.Reset();
   completed_handshake_   = false;
   nss_bufs_              = NULL;
 
   LeaveFunction("");
 }
 
 bool SSLClientSocketNSS::IsConnected() const {
   // Ideally, we should also check if we have received the close_notify alert
@@ skipping 19 matching lines @@
   EnterFunction("");
   bool ret = completed_handshake_ && transport_->IsConnectedAndIdle();
   LeaveFunction("");
   return ret;
 }
 
 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
                              CompletionCallback* callback) {
   EnterFunction(buf_len);
   DCHECK(completed_handshake_);
-  DCHECK(next_state_ == STATE_NONE);
-  DCHECK(!user_callback_);
+  DCHECK(next_handshake_state_ == STATE_NONE);
+  DCHECK(!user_read_callback_);
   DCHECK(!user_connect_callback_);
-  DCHECK(!user_buf_);
+  DCHECK(!user_read_buf_);
+  DCHECK(nss_bufs_);
 
-  user_buf_ = buf;
-  user_buf_len_ = buf_len;
+  user_read_buf_ = buf;
+  user_read_buf_len_ = buf_len;
 
-  GotoState(STATE_PAYLOAD_READ);
-  int rv = DoLoop(OK);
+  int rv = DoReadLoop(OK);
+
   if (rv == ERR_IO_PENDING)

[wtc, 2009/10/14 01:54:15]

Please add braces {} to "if" when "else" has braces.

-    user_callback_ = callback;
+    user_read_callback_ = callback;
+  else {
+    user_read_buf_ = NULL;
+    user_read_buf_len_ = 0;
+  }
   LeaveFunction(rv);
   return rv;
 }
 
 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len,
-                           CompletionCallback* callback) {
+                              CompletionCallback* callback) {
   EnterFunction(buf_len);
   DCHECK(completed_handshake_);
-  DCHECK(next_state_ == STATE_NONE);
-  DCHECK(!user_callback_);
+  DCHECK(next_handshake_state_ == STATE_NONE);
+  DCHECK(!user_write_callback_);
   DCHECK(!user_connect_callback_);
-  DCHECK(!user_buf_);
+  DCHECK(!user_write_buf_);
+  DCHECK(nss_bufs_);
 
-  user_buf_ = buf;
-  user_buf_len_ = buf_len;
+  user_write_buf_ = buf;
+  user_write_buf_len_ = buf_len;
 
-  GotoState(STATE_PAYLOAD_WRITE);
-  int rv = DoLoop(OK);
+  int rv = DoWriteLoop(OK);
+
   if (rv == ERR_IO_PENDING)
-    user_callback_ = callback;
+    user_write_callback_ = callback;

[wtc, 2009/10/14 01:54:15]

Same here: both "if" and "else" should have braces {}.

+  else {
+    user_write_buf_ = NULL;
+    user_write_buf_len_ = 0;
+  }
   LeaveFunction(rv);
   return rv;
 }
 
 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) {
   return transport_->SetReceiveBufferSize(size);
 }
 
 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) {
   return transport_->SetSendBufferSize(size);
@@ skipping 41 matching lines @@
   DCHECK(server_cert_ != NULL);
   ssl_info->cert = server_cert_;
   LeaveFunction("");
 }
 
 void SSLClientSocketNSS::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   // TODO(wtc): implement this.
 }
 
-void SSLClientSocketNSS::DoCallback(int rv) {
+void SSLClientSocketNSS::DoReadCallback(int rv) {
   EnterFunction(rv);
   DCHECK(rv != ERR_IO_PENDING);
-  DCHECK(user_callback_);
+  DCHECK(user_read_callback_);
 
-  // Since Run may result in Read being called, clear |user_callback_| up front.
-  CompletionCallback* c = user_callback_;
-  user_callback_ = NULL;
-  user_buf_ = NULL;
+  // Since Run may result in Read being called, clear |user_read_callback_|
+  // up front.
+  CompletionCallback* c = user_read_callback_;
+  user_read_callback_ = NULL;
+  user_read_buf_ = NULL;
+  user_read_buf_len_ = 0;
   c->Run(rv);
   LeaveFunction("");
 }
+
+void SSLClientSocketNSS::DoWriteCallback(int rv) {
+  EnterFunction(rv);
+  DCHECK(rv != ERR_IO_PENDING);
+  DCHECK(user_write_callback_);
+
+  // Since Run may result in Write being called, clear |user_write_callback_|
+  // up front.
+  CompletionCallback* c = user_write_callback_;
+  user_write_callback_ = NULL;
+  user_write_buf_ = NULL;
+  user_write_buf_len_ = 0;
+  c->Run(rv);
+  LeaveFunction("");
+}
 
 // As part of Connect(), the SSLClientSocketNSS object performs an SSL
 // handshake. This requires network IO, which in turn calls
 // BufferRecvComplete() with a non-zero byte count. This byte count eventually
 // winds its way through the state machine and ends up being passed to the
 // callback. For Read() and Write(), that's what we want. But for Connect(),
 // the caller expects OK (i.e. 0) for success.
 //
 void SSLClientSocketNSS::DoConnectCallback(int rv) {
   EnterFunction(rv);
   DCHECK_NE(rv, ERR_IO_PENDING);
   DCHECK(user_connect_callback_);
 
-  // Since Run may result in Read being called, clear |user_connect_callback_|
-  // up front.
   CompletionCallback* c = user_connect_callback_;
   user_connect_callback_ = NULL;
   c->Run(rv > OK ? OK : rv);
   LeaveFunction("");
 }
 
-void SSLClientSocketNSS::OnIOComplete(int result) {
+void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
   EnterFunction(result);
-  int rv = DoLoop(result);
-  if (rv != ERR_IO_PENDING) {
-    if (user_callback_) {
-      DoCallback(rv);
-    } else if (user_connect_callback_) {
-      DoConnectCallback(rv);
-    }
-  }
+  int rv = DoHandshakeLoop(result);
+  if (rv != ERR_IO_PENDING)
+    DoConnectCallback(rv);
   LeaveFunction("");
 }
 
+void SSLClientSocketNSS::OnSendComplete(int result) {
+  EnterFunction(result);
+  if (next_handshake_state_ != STATE_NONE) {
+    // In handshake phase.
+    OnHandshakeIOComplete(result);
+    LeaveFunction("");
+    return;
+  }
+
+  // OnSendComplete may need to call DoPayloadRead while the renegotiation
+  // handshake is in progress.
+  int rv_read = ERR_IO_PENDING;
+  int rv_write = ERR_IO_PENDING;
+  bool network_moved;
+  do {
+      if (user_read_buf_)
+          rv_read = DoPayloadRead();
+      if (user_write_buf_)
+          rv_write = DoPayloadWrite();
+      network_moved = DoTransportIO();
+  } while (rv_read == ERR_IO_PENDING &&
+           rv_write == ERR_IO_PENDING &&
+           network_moved);
+
+  if (user_read_buf_ && rv_read != ERR_IO_PENDING)
+      DoReadCallback(rv_read);
+  if (user_write_buf_ && rv_write != ERR_IO_PENDING)
+      DoWriteCallback(rv_write);
+
+  LeaveFunction("");
+}
+
+void SSLClientSocketNSS::OnRecvComplete(int result) {
+  EnterFunction(result);
+  if (next_handshake_state_ != STATE_NONE) {
+    // In handshake phase.
+    OnHandshakeIOComplete(result);
+    LeaveFunction("");
+    return;
+  }
+
+  // Network layer received some data, check if client requested to read
+  // decrypted data.
+  if (!user_read_buf_) {
+    LeaveFunction("");
+    return;
+  }
+
+  int rv = DoReadLoop(result);
+  if (rv != ERR_IO_PENDING)
+    DoReadCallback(rv);
+  LeaveFunction("");
+}
+
 // Map a Chromium net error code to an NSS error code
 // See _MD_unix_map_default_error in the NSS source
 // tree for inspiration.
 static PRErrorCode MapErrorToNSS(int result) {
   if (result >=0)
     return result;
   // TODO(port): add real table
   LOG(ERROR) << "MapErrorToNSS " << result;
   return PR_UNKNOWN_ERROR;
 }
 
 // Do network I/O between the given buffer and the given socket.
+// Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING)
+bool SSLClientSocketNSS::DoTransportIO() {
+  EnterFunction("");
+  bool network_moved = false;
+  if (nss_bufs_ != NULL) {
+    int nsent = BufferSend();
+    int nreceived = BufferRecv();
+    network_moved = (nsent > 0 || nreceived >= 0);
+  }
+  LeaveFunction(network_moved);
+  return network_moved;
+}
+
 // Return 0 for EOF,
 // > 0 for bytes transferred immediately,
 // < 0 for error (or the non-error ERR_IO_PENDING).
 int SSLClientSocketNSS::BufferSend(void) {
   if (transport_send_busy_) return ERR_IO_PENDING;
 
   const char *buf;
   int nb = memio_GetWriteParams(nss_bufs_, &buf);
   EnterFunction(nb);
 
@@ skipping 11 matching lines @@
   }
 
   LeaveFunction(rv);
   return rv;
 }
 
 void SSLClientSocketNSS::BufferSendComplete(int result) {
   EnterFunction(result);
   memio_PutWriteResult(nss_bufs_, result);
   transport_send_busy_ = false;
-  OnIOComplete(result);
+  OnSendComplete(result);
   LeaveFunction("");
 }
 
 
 int SSLClientSocketNSS::BufferRecv(void) {
   if (transport_recv_busy_) return ERR_IO_PENDING;
 
   char *buf;
   int nb = memio_GetReadParams(nss_bufs_, &buf);
   EnterFunction(nb);
@@ skipping 20 matching lines @@
 void SSLClientSocketNSS::BufferRecvComplete(int result) {
   EnterFunction(result);
   if (result > 0) {
     char *buf;
     memio_GetReadParams(nss_bufs_, &buf);
     memcpy(buf, recv_buffer_->data(), result);
   }
   recv_buffer_ = NULL;
   memio_PutReadResult(nss_bufs_, result);
   transport_recv_busy_ = false;
-  OnIOComplete(result);
+  OnRecvComplete(result);
   LeaveFunction("");
 }
 
-int SSLClientSocketNSS::DoLoop(int last_io_result) {
+int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
   EnterFunction(last_io_result);
   bool network_moved;
   int rv = last_io_result;
   do {
-    network_moved = false;
     // Default to STATE_NONE for next state.
     // (This is a quirk carried over from the windows
     // implementation.  It makes reading the logs a bit harder.)
     // State handlers can and often do call GotoState just
     // to stay in the current state.
-    State state = next_state_;
+    State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
       case STATE_NONE:
         // we're just pumping data between the buffer and the network
         break;
-      case STATE_HANDSHAKE_READ:
-        rv = DoHandshakeRead();
+      case STATE_HANDSHAKE:
+        rv = DoHandshake();
         break;
       case STATE_VERIFY_CERT:
         DCHECK(rv == OK);
         rv = DoVerifyCert(rv);
         break;
       case STATE_VERIFY_CERT_COMPLETE:
         rv = DoVerifyCertComplete(rv);
         break;
-      case STATE_PAYLOAD_READ:
-        rv = DoPayloadRead();
-        break;
-      case STATE_PAYLOAD_WRITE:
-        rv = DoPayloadWrite();
-        break;
       default:
         rv = ERR_UNEXPECTED;
         NOTREACHED() << "unexpected state";
         break;
     }
 
     // Do the actual network I/O
-    if (nss_bufs_ != NULL) {
-      int nsent = BufferSend();
-      int nreceived = BufferRecv();
-      network_moved = (nsent > 0 || nreceived >= 0);
-    }
+    network_moved = DoTransportIO();
   } while ((rv != ERR_IO_PENDING || network_moved) &&
-            next_state_ != STATE_NONE);
+            next_handshake_state_ != STATE_NONE);
   LeaveFunction("");
   return rv;
 }
+
+int SSLClientSocketNSS::DoReadLoop(int result) {
+  EnterFunction("");
+  DCHECK(completed_handshake_);
+  DCHECK(next_handshake_state_ == STATE_NONE);
+
+  if (result < 0)
+    return result;
+
+  if (!nss_bufs_)
+    return ERR_UNEXPECTED;
+
+  bool network_moved;
+  int rv;
+  do {
+    rv = DoPayloadRead();
+    network_moved = DoTransportIO();
+  } while (rv == ERR_IO_PENDING && network_moved);
+
+  LeaveFunction("");
+  return rv;
+}
+
+int SSLClientSocketNSS::DoWriteLoop(int result) {
+  EnterFunction("");
+  DCHECK(completed_handshake_);
+  DCHECK(next_handshake_state_ == STATE_NONE);
+
+  if (result < 0)
+    return result;
+
+  if (!nss_bufs_)
+    return ERR_UNEXPECTED;
+
+  bool network_moved;
+  int rv;
+  do {
+    rv = DoPayloadWrite();
+    network_moved = DoTransportIO();
+  } while (rv == ERR_IO_PENDING && network_moved);
+
+  LeaveFunction("");
+  return rv;
+}
 
 // static
 // NSS calls this if an incoming certificate needs to be verified.
 // Do nothing but return SECSuccess.
 // This is called only in full handshake mode.
 // Peer certificate is retrieved in HandshakeCallback() later, which is called
 // in full handshake mode or in resumption handshake mode.
 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
                                                  PRFileDesc* socket,
                                                  PRBool checksig,
                                                  PRBool is_server) {
   // Tell NSS to not verify the certificate.
   return SECSuccess;
 }
 
 // static
 // NSS calls this when handshake is completed.
 // After the SSL handshake is finished, use CertVerifier to verify
 // the saved server certificate.
 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket,
                                            void* arg) {
   SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
 
   that->UpdateServerCert();
 }
 
-int SSLClientSocketNSS::DoHandshakeRead() {
+int SSLClientSocketNSS::DoHandshake() {
   EnterFunction("");
   int net_error = net::OK;
   int rv = SSL_ForceHandshake(nss_fd_);
 
   if (rv == SECSuccess) {
     // SSL handshake is completed.  Let's verify the certificate.
     GotoState(STATE_VERIFY_CERT);
     // Done!
   } else {
     PRErrorCode prerr = PR_GetError();
 
     // If the server closed on us, it is a protocol error.
     // Some TLS-intolerant servers do this when we request TLS.
     if (prerr == PR_END_OF_FILE_ERROR) {
       net_error = ERR_SSL_PROTOCOL_ERROR;
     } else {
       net_error = NetErrorFromNSPRError(prerr);
     }
 
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
-      GotoState(STATE_HANDSHAKE_READ);
+      GotoState(STATE_HANDSHAKE);
     } else {
       LOG(ERROR) << "handshake failed; NSS error code " << prerr
                  << ", net_error " << net_error;
     }
   }
 
   LeaveFunction("");
   return net_error;
 }
 
 int SSLClientSocketNSS::DoVerifyCert(int result) {
   DCHECK(server_cert_);
   GotoState(STATE_VERIFY_CERT_COMPLETE);
   int flags = 0;
   if (ssl_config_.rev_checking_enabled)
     flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
   if (ssl_config_.verify_ev_cert)
     flags |= X509Certificate::VERIFY_EV_CERT;
   verifier_.reset(new CertVerifier);
   return verifier_->Verify(server_cert_, hostname_, flags,
-                           &server_cert_verify_result_, &io_callback_);
+                           &server_cert_verify_result_,
+                           &handshake_io_callback_);
 }
 
 // Derived from AuthCertificateCallback() in
 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
 int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
   DCHECK(verifier_.get());
   verifier_.reset();
 
   if (result == OK) {
     // Remember the intermediate CA certs if the server sends them to us.
@@ skipping 40 matching lines @@
   if (IsCertificateError(result) &&
       ssl_config_.IsAllowedBadCert(server_cert_)) {
     LOG(INFO) << "accepting bad SSL certificate, as user told us to";
     result = OK;
   }
 
   completed_handshake_ = true;
   // TODO(ukai): we may not need this call because it is now harmless to have an
   // session with a bad cert.
   InvalidateSessionIfBadCertificate();
-  // Exit DoLoop and return the result to the caller to Connect.
-  DCHECK(next_state_ == STATE_NONE);
+  // Exit DoHandshakeLoop and return the result to the caller to Connect.
+  DCHECK(next_handshake_state_ == STATE_NONE);
   return result;
 }
 
 int SSLClientSocketNSS::DoPayloadRead() {
-  EnterFunction(user_buf_len_);
-  int rv = PR_Read(nss_fd_, user_buf_->data(), user_buf_len_);
+  EnterFunction(user_read_buf_len_);
+  DCHECK(user_read_buf_);
+  DCHECK(user_read_buf_len_ > 0);
+  int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_);
   if (rv >= 0) {
-    LogData(user_buf_->data(), rv);
-    user_buf_ = NULL;
+    LogData(user_read_buf_->data(), rv);
     LeaveFunction("");
     return rv;
   }
   PRErrorCode prerr = PR_GetError();
   if (prerr == PR_WOULD_BLOCK_ERROR) {
-    GotoState(STATE_PAYLOAD_READ);
     LeaveFunction("");
     return ERR_IO_PENDING;
   }
-  user_buf_ = NULL;
   LeaveFunction("");
   return NetErrorFromNSPRError(prerr);
 }
 
 int SSLClientSocketNSS::DoPayloadWrite() {
-  EnterFunction(user_buf_len_);
-  int rv = PR_Write(nss_fd_, user_buf_->data(), user_buf_len_);
+  EnterFunction(user_write_buf_len_);
+  DCHECK(user_write_buf_);
+  int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
   if (rv >= 0) {
-    LogData(user_buf_->data(), rv);
-    user_buf_ = NULL;
+    LogData(user_write_buf_->data(), rv);
     LeaveFunction("");
     return rv;
   }
   PRErrorCode prerr = PR_GetError();
   if (prerr == PR_WOULD_BLOCK_ERROR) {
-    GotoState(STATE_PAYLOAD_WRITE);
     return ERR_IO_PENDING;
   }
-  user_buf_ = NULL;
   LeaveFunction("");
   return NetErrorFromNSPRError(prerr);
 }
 
 }  // namespace net