Update net/third_party/nss to NSS 3.13.3.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 243 matching lines @@
 
 // PeerCertificateChain is a helper object which extracts the certificate
 // chain, as given by the server, from an NSS socket and performs the needed
 // resource management. The first element of the chain is the leaf certificate
 // and the other elements are in the order given by the server.
 class PeerCertificateChain {
  public:
   explicit PeerCertificateChain(PRFileDesc* nss_fd)
       : num_certs_(0),
         certs_(NULL) {
-    SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_);
+    SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_, 0);
     DCHECK_EQ(rv, SECSuccess);
 
     certs_ = new CERTCertificate*[num_certs_];
     const unsigned expected_num_certs = num_certs_;
-    rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_);
+    rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_,
+                                  expected_num_certs);
     DCHECK_EQ(rv, SECSuccess);
     DCHECK_EQ(num_certs_, expected_num_certs);
   }
 
   ~PeerCertificateChain() {
     for (unsigned i = 0; i < num_certs_; i++)
       CERT_DestroyCertificate(certs_[i]);
     delete[] certs_;
   }
 
@@ skipping 626 matching lines @@
 #ifdef SSL_ENABLE_DEFLATE
   // Some web servers have been found to break if TLS is used *or* if DEFLATE
   // is advertised. Thus, if TLS is disabled (probably because we are doing
   // SSLv3 fallback), we disable DEFLATE also.
   // See http://crbug.com/31628
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, ssl_config_.tls1_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE");
 #endif
 
-#ifdef SSL_ENABLE_FALSE_START
-  rv = SSL_OptionSet(
-      nss_fd_, SSL_ENABLE_FALSE_START,
+  PRBool false_start_enabled =
       ssl_config_.false_start_enabled &&
       !SSLConfigService::IsKnownFalseStartIncompatibleServer(
-          host_and_port_.host()));
+          host_and_port_.host());
+#ifdef SSL_ENABLE_FALSE_START
+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, false_start_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
 #endif
 
 #ifdef SSL_ENABLE_RENEGOTIATION
   // We allow servers to request renegotiation. Since we're a client,
   // prohibiting this is rather a waste of time. Only servers are in a
   // position to prevent renegotiation attacks.
   // http://extendedsubset.com/?p=8
 
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
                      SSL_RENEGOTIATE_TRANSITIONAL);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
   }
 #endif  // SSL_ENABLE_RENEGOTIATION
 
-#ifdef SSL_NEXT_PROTO_NEGOTIATED

[wtc, 2012/03/02 23:06:17]

In the NSS upstream, SSL_NEXT_PROTO_NEGOTIATED is defined as
an enum constant rather than a macro.  So we can't use this
ifdef, and there is no macro that we can use to detect the
NPN feature.

   if (!ssl_config_.next_protos.empty()) {
     rv = SSL_SetNextProtoCallback(
         nss_fd_, SSLClientSocketNSS::NextProtoCallback, this);
     if (rv != SECSuccess)
       LogFailedNSSFunction(net_log_, "SSL_SetNextProtoCallback", "");
   }
+
+#ifdef SSL_CBC_RANDOM_IV
+  rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, false_start_enabled);

[wtc, 2012/03/02 23:06:17]

The SSL_CBC_RANDOM_IV option (SSL 1/n-1 record splitting) is
enabled by default.  But we are linking it to False Start to
work around Brocade SSL terminators' intolerance to record
splitting (http://codereview.chromium.org/8137027).

Our workaround was in ssl3con.c because the
SSL_CBC_RANDOM_IV option wasn't available.  Now we can do
it here.

+  if (rv != SECSuccess)
+    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
 #endif
 
 #ifdef SSL_ENABLE_OCSP_STAPLING
   if (IsOCSPStaplingSupported()) {
     rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
     if (rv != SECSuccess) {
       LogFailedNSSFunction(net_log_, "SSL_OptionSet",
                            "SSL_ENABLE_OCSP_STAPLING");
     }
   }
@@ skipping 406 matching lines @@
   LeaveFunction("");
   return rv;
 }
 
 bool SSLClientSocketNSS::LoadSSLHostInfo() {
   const SSLHostInfo::State& state(ssl_host_info_->state());
 
   if (state.certs.empty())
     return true;
 
-  SECStatus rv;
   const std::vector<std::string>& certs_in = state.certs;
   scoped_array<CERTCertificate*> certs(new CERTCertificate*[certs_in.size()]);
 
   for (size_t i = 0; i < certs_in.size(); i++) {
     SECItem derCert;
     derCert.data =
       const_cast<uint8*>(reinterpret_cast<const uint8*>(certs_in[i].data()));
     derCert.len = certs_in[i].size();
     certs[i] = CERT_NewTempCertificate(
         CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */,
         PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */);
     if (!certs[i]) {
       DestroyCertificates(&certs[0], i);
       NOTREACHED();
       return false;
     }
   }
 
+  SECStatus rv;
+#ifdef SSL_ENABLE_CACHED_INFO

[wtc, 2012/03/02 23:06:17]

This ifdef is necessary because SSL_SetPredictedPeerCertificates
is defined in cachedinfo.patch, which I removed in this CL.

   rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), certs_in.size());
+  DCHECK_EQ(SECSuccess, rv);
+#else
+  rv = SECFailure;  // Not implemented.
+#endif
   DestroyCertificates(&certs[0], certs_in.size());
-  DCHECK_EQ(SECSuccess, rv);
 
-  return true;
+  return rv == SECSuccess;
 }
 
 int SSLClientSocketNSS::DoLoadSSLHostInfo() {
   EnterFunction("");
   int rv = ssl_host_info_->WaitForDataReady(
       base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
                  base::Unretained(this)));
   GotoState(STATE_HANDSHAKE);
 
   if (rv == OK) {
@@ skipping 1242 matching lines @@
 // supports NPN, to select a protocol from the list that the server offered.
 // See the comment in net/third_party/nss/ssl/ssl.h for the meanings of the
 // arguments.
 // static
 SECStatus
 SSLClientSocketNSS::NextProtoCallback(void* arg,
                                       PRFileDesc* nss_fd,
                                       const unsigned char* protos,
                                       unsigned int protos_len,
                                       unsigned char* proto_out,
-                                      unsigned int* proto_out_len) {
+                                      unsigned int* proto_out_len,
+                                      unsigned int proto_max_len) {
   SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
 
   // For each protocol in server preference, see if we support it.
   for (unsigned int i = 0; i < protos_len; ) {
     const size_t len = protos[i];
     for (std::vector<std::string>::const_iterator
          j = that->ssl_config_.next_protos.begin();
          j != that->ssl_config_.next_protos.end(); j++) {
       // Having very long elements in the |next_protos| vector isn't a disaster
       // because they'll never be selected, but it does indicate an error
@@ skipping 18 matching lines @@
 
   that->server_protos_.assign(
       reinterpret_cast<const char*>(protos), protos_len);
 
   // If we didn't find a protocol, we select the first one from our list.
   if (that->next_proto_status_ != kNextProtoNegotiated) {
     that->next_proto_status_ = kNextProtoNoOverlap;
     that->next_proto_ = that->ssl_config_.next_protos[0];
   }
 
+  if (that->next_proto_.size() > proto_max_len) {
+    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+    return SECFailure;
+  }
   memcpy(proto_out, that->next_proto_.data(), that->next_proto_.size());
   *proto_out_len = that->next_proto_.size();
   return SECSuccess;
 }
 
 void SSLClientSocketNSS::EnsureThreadIdAssigned() const {
   base::AutoLock auto_lock(lock_);
   if (valid_thread_id_ != base::kInvalidThreadId)
     return;
   valid_thread_id_ = base::PlatformThread::CurrentId();
 }
 
 bool SSLClientSocketNSS::CalledOnValidThread() const {
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 OriginBoundCertService* SSLClientSocketNSS::GetOriginBoundCertService() const {
   return origin_bound_cert_service_;
 }
 
 }  // namespace net