net: rework the NPN patch.

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
@@ skipping 145 matching lines @@
     ssl_SecureRead,
     ssl_SecureWrite,
     ssl_DefGetpeername,
     ssl_DefGetsockname
 };
 
 /*
 ** default settings for socket enables
 */
 static sslOptions ssl_defaults = {
-    { siBuffer, NULL, 0 },      /* nextProtoNego */
     PR_TRUE,    /* useSecurity        */
     PR_FALSE,   /* useSocks           */
     PR_FALSE,   /* requestCertificate */
     2,          /* requireCertificate */
     PR_FALSE,   /* handshakeAsClient  */
     PR_FALSE,   /* handshakeAsServer  */
     PR_TRUE,    /* enableSSL2         */
     PR_TRUE,    /* enableSSL3         */
     PR_TRUE,    /* enableTLS          */ /* now defaults to on in NSS 3.0 */
     PR_FALSE,   /* noCache            */
@@ skipping 262 matching lines @@
             ssl3_FreeKeyPair(sc->serverKeyPair);
     }
     if (ss->stepDownKeyPair) {
         ssl3_FreeKeyPair(ss->stepDownKeyPair);
         ss->stepDownKeyPair = NULL;
     }
     if (ss->ephemeralECDHKeyPair) {
         ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
         ss->ephemeralECDHKeyPair = NULL;
     }
-    if (ss->opt.nextProtoNego.data) {
-        PORT_Free(ss->opt.nextProtoNego.data);
-        ss->opt.nextProtoNego.data = NULL;
-    }
     PORT_Assert(!ss->xtnData.sniNameArr);
     if (ss->xtnData.sniNameArr) {
         PORT_Free(ss->xtnData.sniNameArr);
         ss->xtnData.sniNameArr = NULL;
     }
 }
 
 /*
  * free an sslSocket struct, and all the stuff that hangs off of it
  */
@@ skipping 840 matching lines @@
 #ifdef _WIN32
     PR_Sleep(PR_INTERVAL_NO_WAIT);     /* workaround NT winsock connect bug. */
 #endif
     ns = ssl_FindSocket(fd);
     PORT_Assert(ns);
     if (ns)
         ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
     return fd;
 }
 
-/* SSL_SetNextProtoNego sets the list of supported protocols for the given
- * socket. The list is a series of 8-bit, length prefixed strings. */
 SECStatus
-SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-                     unsigned short length)
-{
+SSL_SetNextProtoCallback(PRFileDesc *fd,
+                         SSLNextProtoCallback callback,
+                         void *arg) {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID(),
                 fd));
         return SECFailure;
     }
 
-    if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
-        return SECFailure;
-
     ssl_GetSSL3HandshakeLock(ss);
-    if (ss->opt.nextProtoNego.data)
-        PORT_Free(ss->opt.nextProtoNego.data);
-    ss->opt.nextProtoNego.data = PORT_Alloc(length);
-    if (!ss->opt.nextProtoNego.data) {
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        return SECFailure;
-    }
-    memcpy(ss->opt.nextProtoNego.data, data, length);
-    ss->opt.nextProtoNego.len = length;
-    ss->opt.nextProtoNego.type = siBuffer;
+    ss->nextProtoCallback = callback;
+    ss->nextProtoArg = arg;
     ssl_ReleaseSSL3HandshakeLock(ss);
-
-    return SECSuccess;
-}
-
-/* SSL_GetNextProto reads the resulting Next Protocol Negotiation result for
- * the given socket. It's only valid to call this once the handshake has
- * completed.
- *
- * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated
- * protocol, if any, is written into buf, which must be at least buf_len
- * bytes long. If the negotiated protocol is longer than this, it is truncated.
- * The number of bytes copied is written into length.
- */
-SECStatus
-SSL_GetNextProto(PRFileDesc *fd, int *state, unsigned char *buf,
-                 unsigned int *length, unsigned int buf_len)
-{
-    sslSocket *ss = ssl_FindSocket(fd);
-
-    if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-                fd));
-        return SECFailure;
-    }
-
-    *state = ss->ssl3.nextProtoState;
-
-    if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
-        ss->ssl3.nextProto.data) {
-        *length = ss->ssl3.nextProto.len;
-        if (*length > buf_len)
-            *length = buf_len;
-        PORT_Memcpy(buf, ss->ssl3.nextProto.data, *length);
-    } else {
-        *length = 0;
-    }
-
-    return SECSuccess;
 }
 
 PRFileDesc *
 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
 {
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     PR_NOT_REACHED("not implemented");
     return NULL;
 
 #if 0
@@ skipping 1170 matching lines @@
 loser:
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
     }
     return ss;
 }