net: rework the NPN patch.

net/third_party/nss/patches/nextproto.patch

-From 6b594dc531e7a1d1d5bca2f0f78e7bc0ac3ff937 Mon Sep 17 00:00:00 2001
+From 3caa0f573d2637bfed99dcc0e5887fe3a52462ba Mon Sep 17 00:00:00 2001
 From: Adam Langley <agl@chromium.org>
 Date: Mon, 3 Oct 2011 12:19:28 -0400
-Subject: [PATCH] nextproto.patch
+Subject: [PATCH 01/15] nextproto.patch
 
 ---
- mozilla/security/nss/cmd/tstclnt/tstclnt.c |    6 ++
- mozilla/security/nss/lib/ssl/ssl.def       |    7 ++
- mozilla/security/nss/lib/ssl/ssl.h         |   12 +++
- mozilla/security/nss/lib/ssl/ssl3con.c     |   54 ++++++++++++
- mozilla/security/nss/lib/ssl/ssl3ext.c     |  122 +++++++++++++++++++++++++++-
- mozilla/security/nss/lib/ssl/ssl3prot.h    |    3 +-
- mozilla/security/nss/lib/ssl/sslimpl.h     |   24 ++++++
- mozilla/security/nss/lib/ssl/sslsock.c     |   74 +++++++++++++++++
- mozilla/security/nss/lib/ssl/sslt.h        |    3 +-
- 9 files changed, 302 insertions(+), 3 deletions(-)
+ mozilla/security/nss/lib/ssl/ssl.def    |    6 ++
+ mozilla/security/nss/lib/ssl/ssl.h      |   51 ++++++++++++
+ mozilla/security/nss/lib/ssl/ssl3con.c  |   54 +++++++++++++
+ mozilla/security/nss/lib/ssl/ssl3ext.c  |  104 ++++++++++++++++++++++++-
+ mozilla/security/nss/lib/ssl/ssl3prot.h |    3 +-
+ mozilla/security/nss/lib/ssl/sslerr.h   |    2 +
+ mozilla/security/nss/lib/ssl/sslimpl.h  |   21 +++++
+ mozilla/security/nss/lib/ssl/sslsock.c  |  131 +++++++++++++++++++++++++++++++
+ mozilla/security/nss/lib/ssl/sslt.h     |    3 +-
+ 9 files changed, 372 insertions(+), 3 deletions(-)
 
-diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
-index 55684e6..d209a33 100644
---- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c
-+++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
-@@ -868,6 +868,12 @@ int main(int argc, char **argv)
-        return 1;
-     }
- 
-+    rv = SSL_SetNextProtoNego(s, "\004flip\004http1.1", 10);
-+    if (rv != SECSuccess) {
-+       SECU_PrintError(progName, "error enabling next protocol negotiation");
-+       return 1;
-+    }
-+
-     /* enable false start. */
-     rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart);
-     if (rv != SECSuccess) {
 diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
-index d3f455c..a1f4b51 100644
+index d3f455c..5256ae2 100644
 --- a/mozilla/security/nss/lib/ssl/ssl.def
 +++ b/mozilla/security/nss/lib/ssl/ssl.def
-@@ -152,3 +152,10 @@ SSL_SNISocketConfigHook;
+@@ -152,3 +152,9 @@ SSL_SNISocketConfigHook;
  ;+    local:
  ;+*;
  ;+};
 +;+NSS_CHROMIUM {
 +;+    global:
-+SSL_GetNextProto;
-+SSL_SetNextProtoNego;
++SSL_SetNextProtoCallback;
 +;+    local:
 +;+*;
 +;+};
 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 4a9e89d..ffa973c 100644
+index 4a9e89d..2cf777d 100644
 --- a/mozilla/security/nss/lib/ssl/ssl.h
 +++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -153,6 +153,18 @@ SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
+@@ -153,6 +153,57 @@ SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
  SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
  SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
  
++/* SSLNextProtoCallback is called, during the handshake, when the server has
++ * sent a Next Protocol Negotiation extension. |protos| and |protosLen| define
++ * a buffer which contains the server's advertisement. This data is guaranteed
++ * to be well formed per the NPN spec. |protoOut| is a buffer provided by the
++ * caller, of length 255 (the maximum allowed by the protocol).
++ * On successful return, the protocol to be announced to the server will be in
++ * |protoOut| and its length in |protoOutLen|. */
++typedef SECStatus (PR_CALLBACK *SSLNextProtoCallback)(
++    void *arg,
++    PRFileDesc *fd,
++    const unsigned char* protos,
++    unsigned int protosLen,
++    unsigned char* protoOut,
++    unsigned int* protoOutLen);
++
++/* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
++ * Negotiation. It causes a client to advertise NPN. */
++SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
++                                              SSLNextProtoCallback callback,
++                                              void *arg);
++
++/* SSL_SetNextProtoNego can be used as an alternative to
++ * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
++ * installs a default callback function which selects the first supported
++ * protocol in server-preference order. If no matching protocol is found it
++ * selects the first supported protocol.
++ *
++ * The supported protocols are specified in |data| in wire-format (8-bit
++ * length-prefixed). For example: "\010http/1.1\006spdy/2". */
 +SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
 +                                         const unsigned char *data,
-+                                         unsigned short length);
++                                         unsigned int length);
++/* SSL_GetNextProto can be used after a handshake on a socket where
++ * SSL_SetNextProtoNego was called to retrieve the result of the Next Protocol
++ * negotiation.
++ *
++ * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated
++ * protocol, if any, is written into buf, which must be at least buf_len bytes
++ * long. If the negotiated protocol is longer than this, it is truncated.  The
++ * number of bytes copied is written into *length. */
 +SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
 +                                     int *state,
 +                                     unsigned char *buf,
-+                                     unsigned *length,
-+                                     unsigned buf_len);
++                                     unsigned int *length,
++                                     unsigned int buf_len);
++
++// TODO(wtc): it may be a good idea to define these as an enum type.
 +#define SSL_NEXT_PROTO_NO_SUPPORT      0 /* No peer support                */
 +#define SSL_NEXT_PROTO_NEGOTIATED      1 /* Mutual agreement               */
 +#define SSL_NEXT_PROTO_NO_OVERLAP      2 /* No protocol overlap found      */
 +
  /*
  ** Control ciphers that SSL uses. If on is non-zero then the named cipher
  ** is enabled, otherwise it is disabled. 
 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 8048913..e0cb4e9 100644
+index 8048913..8f860a9 100644
 --- a/mozilla/security/nss/lib/ssl/ssl3con.c
 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c
 @@ -81,6 +81,7 @@ static SECStatus ssl3_InitState(             sslSocket *ss);
  static SECStatus ssl3_SendCertificate(       sslSocket *ss);
  static SECStatus ssl3_SendEmptyCertificate(  sslSocket *ss);
  static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
 +static SECStatus ssl3_SendNextProto(         sslSocket *ss);
  static SECStatus ssl3_SendFinished(          sslSocket *ss, PRInt32 flags);
  static SECStatus ssl3_SendServerHello(       sslSocket *ss);
  static SECStatus ssl3_SendServerHelloDone(   sslSocket *ss);
@@ skipping 15 matching lines @@
  
  /* called from ssl3_HandleServerHelloDone
 + */
 +static SECStatus
 +ssl3_SendNextProto(sslSocket *ss)
 +{
 +    SECStatus rv;
 +    int padding_len;
 +    static const unsigned char padding[32] = {0};
 +
-+    if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NO_SUPPORT)
++    if (ss->ssl3.nextProto.len == 0)
 +       return SECSuccess;
 +
 +    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
 +    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 +
 +    padding_len = 32 - ((ss->ssl3.nextProto.len + 2) % 32);
 +
 +    rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->ssl3.nextProto.len +
 +                                                   2 + padding_len);
 +    if (rv != SECSuccess) {
@@ skipping 36 matching lines @@
      ss->ssl3.initialized = PR_FALSE;
 +
 +    if (ss->ssl3.nextProto.data) {
 +       PORT_Free(ss->ssl3.nextProto.data);
 +       ss->ssl3.nextProto.data = NULL;
 +    }
  }
  
  /* End of ssl3con.c */
 diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index becbfe9..fbd5a91 100644
+index becbfe9..36ac4de 100644
 --- a/mozilla/security/nss/lib/ssl/ssl3ext.c
 +++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
 @@ -235,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
  #endif
      { ssl_session_ticket_xtn,     &ssl3_ServerHandleSessionTicketXtn },
      { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
 +    { ssl_next_proto_neg_xtn,     &ssl3_ServerHandleNextProtoNegoXtn },
      { -1, NULL }
  };
  
 @@ -245,6 +246,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
      /* TODO: add a handler for ssl_ec_point_formats_xtn */
      { ssl_session_ticket_xtn,     &ssl3_ClientHandleSessionTicketXtn },
      { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
 +    { ssl_next_proto_neg_xtn,     &ssl3_ClientHandleNextProtoNegoXtn },
      { -1, NULL }
  };
  
 @@ -267,7 +269,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
      { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
      { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
  #endif
 -    { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn }
 +    { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
 +    { ssl_next_proto_neg_xtn,     &ssl3_ClientSendNextProtoNegoXtn }
      /* any extra entries will appear as { 0, NULL }    */
  };
  
-@@ -534,6 +537,123 @@ ssl3_SendSessionTicketXtn(
+@@ -534,6 +537,105 @@ ssl3_SendSessionTicketXtn(
      return -1;
  }
  
 +/* handle an incoming Next Protocol Negotiation extension. */
 +SECStatus
 +ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
 +{
 +    if (data->len != 0) {
 +       /* Clients MUST send an empty NPN extension, if any. */
 +       return SECFailure;
 +    }
 +
-+    ss->ssl3.hs.nextProtoNego = PR_TRUE;
 +    return SECSuccess;
 +}
 +
 +/* ssl3_ValidateNextProtoNego checks that the given block of data is valid: none
-+ * of the length may be 0 and the sum of the lengths must equal the length of
++ * of the lengths may be 0 and the sum of the lengths must equal the length of
 + * the block. */
 +SECStatus
 +ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned short length)
 +{
 +    unsigned int offset = 0;
 +
 +    while (offset < length) {
 +       if (data[offset] == 0) {
++           PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
 +           return SECFailure;
 +       }
 +       offset += (unsigned int)data[offset] + 1;
 +    }
 +
-+    if (offset > length)
++    if (offset > length) {
++       PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
 +       return SECFailure;
++    }
 +
 +    return SECSuccess;
 +}
 +
 +SECStatus
 +ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-+                                 SECItem *data)
++                                  SECItem *data)
 +{
-+    unsigned int i, j;
 +    SECStatus rv;
-+    unsigned char *result;
-+
-+    if (data->len == 0) {
-+       /* The server supports the extension, but doesn't have any
-+        * protocols configured. In this case we request our favoured
-+        * protocol. */
-+       goto pick_first;
-+    }
++    unsigned char result[255];
++    unsigned int result_len;
 +
 +    rv = ssl3_ValidateNextProtoNego(data->data, data->len);
 +    if (rv != SECSuccess)
 +       return rv;
 +
-+    /* For each protocol in server preference order, see if we support it. */
-+    for (i = 0; i < data->len; ) {
-+       for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-+           if (data->data[i] == ss->opt.nextProtoNego.data[j] &&
-+               memcmp(&data->data[i+1], &ss->opt.nextProtoNego.data[j+1],
-+                      data->data[i]) == 0) {
-+               /* We found a match */
-+               ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
-+               result = &data->data[i];
-+               goto found;
-+           }
-+           j += (unsigned int)ss->opt.nextProtoNego.data[j] + 1;
-+       }
++    rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd,
++                               data->data, data->len,
++                               result, &result_len);
++    if (rv != SECSuccess)
++       return rv;
++    // If the callback wrote more than allowed to |result| it has corrupted our
++    // stack.
++    PORT_Assert(result_len <= sizeof(result));
 +
-+       i += (unsigned int)data->data[i] + 1;
-+    }
-+
-+  pick_first:
-+    ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
-+    result = ss->opt.nextProtoNego.data;
-+
-+  found:
 +    if (ss->ssl3.nextProto.data)
 +       PORT_Free(ss->ssl3.nextProto.data);
-+    ss->ssl3.nextProto.data = PORT_Alloc(result[0]);
-+    PORT_Memcpy(ss->ssl3.nextProto.data, result + 1, result[0]);
-+    ss->ssl3.nextProto.len = result[0];
++    ss->ssl3.nextProto.data = PORT_Alloc(result_len);
++    PORT_Memcpy(ss->ssl3.nextProto.data, result, result_len);
++    ss->ssl3.nextProto.len = result_len;
 +    return SECSuccess;
 +}
 +
 +PRInt32
 +ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss,
 +                              PRBool      append,
 +                              PRUint32    maxBytes)
 +{
 +    PRInt32 extension_length;
 +
 +    /* Renegotiations do not send this extension. */
-+    if (ss->opt.nextProtoNego.len == 0 || ss->firstHsDone) {
++    if (!ss->nextProtoCallback || ss->firstHsDone) {
 +       return 0;
 +    }
 +
 +    extension_length = 4;
 +
 +    if (append && maxBytes >= extension_length) {
 +       SECStatus rv;
 +       rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_neg_xtn, 2);
 +       if (rv != SECSuccess)
 +           goto loser;
@@ skipping 22 matching lines @@
 @@ -157,7 +157,8 @@ typedef enum {
      server_hello_done  = 14,
      certificate_verify = 15, 
      client_key_exchange        = 16, 
 -    finished           = 20
 +    finished           = 20,
 +    next_proto         = 67
  } SSL3HandshakeType;
  
  typedef struct {
+diff --git a/mozilla/security/nss/lib/ssl/sslerr.h b/mozilla/security/nss/lib/ssl/sslerr.h
+index a2f6524..c76ffa9 100644
+--- a/mozilla/security/nss/lib/ssl/sslerr.h
++++ b/mozilla/security/nss/lib/ssl/sslerr.h
+@@ -203,6 +203,8 @@ SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
+ 
+ SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY  = (SSL_ERROR_BASE + 115),
+ 
++SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID   = (SSL_ERROR_BASE + 117),
++
+ SSL_ERROR_END_OF_LIST  /* let the c compiler determine the value of this. */
+ } SSLErrorCodes;
+ #endif /* NO_SECURITY_ERROR_ENUM */
 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index 9af471d..d1c1181 100644
+index 9af471d..199c573 100644
 --- a/mozilla/security/nss/lib/ssl/sslimpl.h
 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -313,6 +313,11 @@ typedef struct {
+@@ -313,6 +313,10 @@ typedef struct {
  #endif /* NSS_ENABLE_ECC */
  
  typedef struct sslOptionsStr {
-+    /* For clients, this is a validated list of protocols in preference order
-+     * and wire format. For servers, this is the list of support protocols,
-+     * also in wire format. */
++    /* If SSL_SetNextProtoNego has been called, then this contains the
++     * list of supported protocols. */
 +    SECItem      nextProtoNego;
 +
      unsigned int useSecurity           : 1;  /*  1 */
      unsigned int useSocks              : 1;  /*  2 */
      unsigned int requestCertificate    : 1;  /*  3 */
-@@ -786,6 +791,7 @@ const ssl3CipherSuiteDef *suite_def;
- #ifdef NSS_ENABLE_ECC
-     PRUint32              negotiatedECCurves; /* bit mask */
- #endif /* NSS_ENABLE_ECC */
-+    PRBool                nextProtoNego;/* Our peer has sent this extension */
- } SSL3HandshakeState;
- 
- 
-@@ -827,6 +833,16 @@ struct ssl3StateStr {
+@@ -827,6 +831,13 @@ struct ssl3StateStr {
      PRBool               initialized;
      SSL3HandshakeState   hs;
      ssl3CipherSpec       specs[2];     /* one is current, one is pending. */
 +
 +    /* In a client: if the server supports Next Protocol Negotiation, then
-+     * this is the protocol that was requested.
-+     * In a server: this is the protocol that the client requested via Next
-+     * Protocol Negotiation.
++     * this is the protocol that was negotiated.
 +     *
-+     * In either case, if the data pointer is non-NULL, then it is malloced
-+     * data.  */
++     * If the data pointer is non-NULL, then it is malloced data.  */
 +    SECItem            nextProto;
-+    int                        nextProtoState; /* See SSL_NEXT_PROTO_* defines */
++    int                        nextProtoState; /* See NEXT_PROTO_* defines */
  };
  
  typedef struct {
-@@ -1494,8 +1510,12 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
+@@ -1058,6 +1069,8 @@ const unsigned char *  preferredCipher;
+     SSLHandshakeCallback      handshakeCallback;
+     void                     *handshakeCallbackData;
+     void                     *pkcs11PinArg;
++    SSLNextProtoCallback      nextProtoCallback;
++    void                     *nextProtoArg;
+ 
+     PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
+     PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
+@@ -1494,8 +1507,12 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
  extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 +extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
 +                       PRUint16 ex_type, SECItem *data);
  extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 +extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
 +                       PRUint16 ex_type, SECItem *data);
  
  /* ClientHello and ServerHello extension senders.
   * Note that not all extension senders are exposed here; only those that
-@@ -1526,6 +1546,10 @@ extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
+@@ -1526,6 +1543,10 @@ extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
  extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
                         PRBool append, PRUint32 maxBytes);
  #endif
 +extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
 +                                              PRUint32 maxBytes);
 +extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
 +                                           unsigned short length);
  
  /* call the registered extension handlers. */
  extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, 
 diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index bc770a1..4c8fbfd 100644
+index bc770a1..769ea0a 100644
 --- a/mozilla/security/nss/lib/ssl/sslsock.c
 +++ b/mozilla/security/nss/lib/ssl/sslsock.c
 @@ -163,6 +163,7 @@ static const sslSocketOps ssl_secure_ops = {        /* SSL. */
  ** default settings for socket enables
  */
  static sslOptions ssl_defaults = {
 +    { siBuffer, NULL, 0 },     /* nextProtoNego */
      PR_TRUE,   /* useSecurity        */
      PR_FALSE,  /* useSocks           */
      PR_FALSE,  /* requestCertificate */
 @@ -438,6 +439,10 @@ ssl_DestroySocketContents(sslSocket *ss)
         ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
         ss->ephemeralECDHKeyPair = NULL;
      }
 +    if (ss->opt.nextProtoNego.data) {
 +       PORT_Free(ss->opt.nextProtoNego.data);
 +       ss->opt.nextProtoNego.data = NULL;
 +    }
      PORT_Assert(!ss->xtnData.sniNameArr);
      if (ss->xtnData.sniNameArr) {
          PORT_Free(ss->xtnData.sniNameArr);
-@@ -1266,6 +1271,75 @@ SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
+@@ -1266,6 +1271,132 @@ SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
      return fd;
  }
  
-+/* SSL_SetNextProtoNego sets the list of supported protocols for the given
-+ * socket. The list is a series of 8-bit, length prefixed strings. */
 +SECStatus
-+SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-+                    unsigned short length)
-+{
++SSL_SetNextProtoCallback(PRFileDesc *fd,
++                         SSLNextProtoCallback callback,
++                         void *arg) {
 +    sslSocket *ss = ssl_FindSocket(fd);
 +
 +    if (!ss) {
 +       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID(),
 +               fd));
 +       return SECFailure;
 +    }
 +
++    ssl_GetSSL3HandshakeLock(ss);
++    ss->nextProtoCallback = callback;
++    ss->nextProtoArg = arg;
++    ssl_ReleaseSSL3HandshakeLock(ss);
++}
++
++/* NextProtoStandardCallback is set as an NPN callback for the case when the
++ * user of the sockets wants the standard selection algorithm. */
++static SECStatus
++NextProtoStandardCallback(void *arg,
++                         PRFileDesc *fd,
++                         const unsigned char *protos,
++                         unsigned int protos_len,
++                         unsigned char *protoOut,
++                         unsigned int *protoOutLen)
++{
++    unsigned int i, j;
++    const unsigned char *result;
++
++    sslSocket *ss = ssl_FindSocket(fd);
++    PORT_Assert(ss);
++
++    if (protos_len == 0) {
++       /* The server supports the extension, but doesn't have any protocols
++        * configured. In this case we request our favoured protocol. */
++       goto pick_first;
++    }
++
++    /* For each protocol in server preference, see if we support it. */
++    for (i = 0; i < protos_len; ) {
++       for (j = 0; j < ss->opt.nextProtoNego.len; ) {
++           if (protos[i] == ss->opt.nextProtoNego.data[j] &&
++               memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
++                      protos[i]) == 0) {
++               /* We found a match. */
++               ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
++               result = &protos[i];
++               goto found;
++           }
++           j += (unsigned int)ss->opt.nextProtoNego.data[j] + 1;
++       }
++       i += (unsigned int)protos[i] + 1;
++    }
++
++pick_first:
++    ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
++    result = ss->opt.nextProtoNego.data;
++
++found:
++    memcpy(protoOut, result + 1, result[0]);
++    *protoOutLen = result[0];
++    return SECSuccess;
++}
++
++SECStatus
++SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
++                    unsigned int length)
++{
++    SECStatus rv;
++
++    sslSocket *ss = ssl_FindSocket(fd);
++
++    if (!ss) {
++       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
++                SSL_GETPID(), fd));
++       return SECFailure;
++    }
++
 +    if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
 +       return SECFailure;
 +
 +    ssl_GetSSL3HandshakeLock(ss);
 +    if (ss->opt.nextProtoNego.data)
 +       PORT_Free(ss->opt.nextProtoNego.data);
 +    ss->opt.nextProtoNego.data = PORT_Alloc(length);
 +    if (!ss->opt.nextProtoNego.data) {
 +       ssl_ReleaseSSL3HandshakeLock(ss);
 +       return SECFailure;
 +    }
 +    memcpy(ss->opt.nextProtoNego.data, data, length);
 +    ss->opt.nextProtoNego.len = length;
 +    ss->opt.nextProtoNego.type = siBuffer;
 +    ssl_ReleaseSSL3HandshakeLock(ss);
 +
-+    return SECSuccess;
++    return SSL_SetNextProtoCallback(fd, NextProtoStandardCallback, NULL);
 +}
 +
-+/* SSL_GetNextProto reads the resulting Next Protocol Negotiation result for
-+ * the given socket. It's only valid to call this once the handshake has
-+ * completed.
-+ *
-+ * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated
-+ * protocol, if any, is written into buf, which must be at least buf_len
-+ * bytes long. If the negotiated protocol is longer than this, it is truncated.
-+ * The number of bytes copied is written into length.
-+ */
 +SECStatus
 +SSL_GetNextProto(PRFileDesc *fd, int *state, unsigned char *buf,
 +                unsigned int *length, unsigned int buf_len)
 +{
 +    sslSocket *ss = ssl_FindSocket(fd);
 +
 +    if (!ss) {
 +       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
 +               fd));
 +       return SECFailure;
@@ skipping 26 matching lines @@
  #endif
      ssl_session_ticket_xtn           = 35,
 +    ssl_next_proto_neg_xtn           = 13172,
      ssl_renegotiation_info_xtn       = 0xff01  /* experimental number */
  } SSLExtensionType;
  
 -#define SSL_MAX_EXTENSIONS             5
 +#define SSL_MAX_EXTENSIONS             6
  
  #endif /* __sslt_h_ */