Update net/third_party/nss to NSS 3.13.3.

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
@@ skipping 22 matching lines @@
  * in which case the provisions of the GPL or the LGPL are applicable instead
  * of those above. If you wish to allow use of your version of this file only
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: sslsock.c,v 1.67.2.1 2010/07/31 04:33:52 wtc%google.com Exp $ */
+/* $Id: sslsock.c,v 1.82 2012/02/15 21:52:08 kaie%kuix.de Exp $ */
 #include "seccomon.h"
 #include "cert.h"
 #include "keyhi.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "nspr.h"
 #include "private/pprio.h"
 #include "blapi.h"
 #include "nss.h"
@@ skipping 102 matching lines @@
     ssl_SecureRead,
     ssl_SecureWrite,
     ssl_DefGetpeername,
     ssl_DefGetsockname
 };
 
 /*
 ** default settings for socket enables
 */
 static sslOptions ssl_defaults = {
-    { siBuffer, NULL, 0 },      /* nextProtoNego */
+    { siBuffer, NULL, 0 }, /* nextProtoNego */
     PR_TRUE,    /* useSecurity        */
     PR_FALSE,   /* useSocks           */
     PR_FALSE,   /* requestCertificate */
     2,          /* requireCertificate */
     PR_FALSE,   /* handshakeAsClient  */
     PR_FALSE,   /* handshakeAsServer  */
-    PR_TRUE,    /* enableSSL2         */
+    PR_FALSE,   /* enableSSL2         */ /* now defaults to off in NSS 3.13 */
     PR_TRUE,    /* enableSSL3         */
     PR_TRUE,    /* enableTLS          */ /* now defaults to on in NSS 3.0 */
     PR_FALSE,   /* noCache            */
     PR_FALSE,   /* fdx                */
-    PR_TRUE,    /* v2CompatibleHello  */
+    PR_FALSE,   /* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
     PR_TRUE,    /* detectRollBack     */
     PR_FALSE,   /* noStepDown         */
     PR_FALSE,   /* bypassPKCS11       */
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
     2,          /* enableRenegotiation (default: requires extension) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
+    PR_TRUE,    /* cbcRandomIV        */
     PR_FALSE,   /* enableOCSPStapling */
-    PR_FALSE,   /* enableCachedInfo */
     PR_FALSE,   /* enableOBCerts */
     PR_FALSE,   /* encryptClientCerts */
 };
 
 sslSessionIDLookupFunc  ssl_sid_lookup;
 sslSessionIDCacheFunc   ssl_sid_cache;
 sslSessionIDUncacheFunc ssl_sid_uncache;
 
 static PRBool ssl_inited = PR_FALSE;
 static PRDescIdentity ssl_layer_id;
 
 PRBool                  locksEverDisabled;      /* implicitly PR_FALSE */
 PRBool                  ssl_force_locks;        /* implicitly PR_FALSE */
 int                     ssl_lock_readers        = 1;    /* default true. */
 char                    ssl_debug;
 char                    ssl_trace;
 FILE *                  ssl_trace_iob;
 FILE *                  ssl_keylog_iob;
 char lockStatus[] = "Locks are ENABLED.  ";
 #define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
 
 /* forward declarations. */
 static sslSocket *ssl_NewSocket(PRBool makeLocks);
 static SECStatus  ssl_MakeLocks(sslSocket *ss);
+static void       ssl_SetDefaultsFromEnvironment(void);
 static PRStatus   ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, 
                                   PRDescIdentity id);
 
 /************************************************************************/
 
 /*
 ** Lookup a socket structure from a file descriptor.
 ** Only functions called through the PRIOMethods table should use this.
 ** Other app-callable functions should use ssl_FindSocket.
 */
@@ skipping 216 matching lines @@
             ssl3_FreeKeyPair(sc->serverKeyPair);
     }
     if (ss->stepDownKeyPair) {
         ssl3_FreeKeyPair(ss->stepDownKeyPair);
         ss->stepDownKeyPair = NULL;
     }
     if (ss->ephemeralECDHKeyPair) {
         ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
         ss->ephemeralECDHKeyPair = NULL;
     }
-    if (ss->opt.nextProtoNego.data) {
-        PORT_Free(ss->opt.nextProtoNego.data);
-        ss->opt.nextProtoNego.data = NULL;
-    }
+    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
     PORT_Assert(!ss->xtnData.sniNameArr);
     if (ss->xtnData.sniNameArr) {
         PORT_Free(ss->xtnData.sniNameArr);
         ss->xtnData.sniNameArr = NULL;
     }
 }
 
 /*
  * free an sslSocket struct, and all the stuff that hangs off of it
  */
@@ skipping 275 matching lines @@
         break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
         ss->opt.requireSafeNegotiation = on;
         break;
 
       case SSL_ENABLE_FALSE_START:
         ss->opt.enableFalseStart = on;
         break;
 
+      case SSL_CBC_RANDOM_IV:
+        ss->opt.cbcRandomIV = on;
+        break;
+
       case SSL_ENABLE_OCSP_STAPLING:
         ss->opt.enableOCSPStapling = on;
         break;
 
-      case SSL_ENABLE_CACHED_INFO:
-        ss->opt.enableCachedInfo = on;
-        break;
-
       case SSL_ENABLE_OB_CERTS:
         ss->opt.enableOBCerts = on;
         break;
 
       case SSL_ENCRYPT_CLIENT_CERTS:
         ss->opt.encryptClientCerts = on;
         break;
 
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ skipping 52 matching lines @@
     case SSL_NO_LOCKS:            on = ss->opt.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
         on = ss->opt.enableSessionTickets;
         break;
     case SSL_ENABLE_DEFLATE:      on = ss->opt.enableDeflate;      break;
     case SSL_ENABLE_RENEGOTIATION:     
                                   on = ss->opt.enableRenegotiation; break;
     case SSL_REQUIRE_SAFE_NEGOTIATION: 
                                   on = ss->opt.requireSafeNegotiation; break;
     case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
+    case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
-    case SSL_ENABLE_CACHED_INFO:  on = ss->opt.enableCachedInfo;   break;
     case SSL_ENABLE_OB_CERTS:     on = ss->opt.enableOBCerts;      break;
     case SSL_ENCRYPT_CLIENT_CERTS:
                                   on = ss->opt.encryptClientCerts; break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
 
     *pOn = on;
     return rv;
 }
 
 SECStatus
 SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
 {
     SECStatus  rv = SECSuccess;
     PRBool     on = PR_FALSE;
 
     if (!pOn) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
+    ssl_SetDefaultsFromEnvironment();
+
     switch (which) {
     case SSL_SOCKS:               on = PR_FALSE;                        break;
     case SSL_SECURITY:            on = ssl_defaults.useSecurity;        break;
     case SSL_REQUEST_CERTIFICATE: on = ssl_defaults.requestCertificate; break;
     case SSL_REQUIRE_CERTIFICATE: on = ssl_defaults.requireCertificate; break;
     case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient;  break;
     case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer;  break;
     case SSL_ENABLE_TLS:          on = ssl_defaults.enableTLS;          break;
     case SSL_ENABLE_SSL3:         on = ssl_defaults.enableSSL3;         break;
     case SSL_ENABLE_SSL2:         on = ssl_defaults.enableSSL2;         break;
     case SSL_NO_CACHE:            on = ssl_defaults.noCache;            break;
     case SSL_ENABLE_FDX:          on = ssl_defaults.fdx;                break;
     case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello;  break;
     case SSL_ROLLBACK_DETECTION:  on = ssl_defaults.detectRollBack;     break;
     case SSL_NO_STEP_DOWN:        on = ssl_defaults.noStepDown;         break;
     case SSL_BYPASS_PKCS11:       on = ssl_defaults.bypassPKCS11;       break;
     case SSL_NO_LOCKS:            on = ssl_defaults.noLocks;            break;
     case SSL_ENABLE_SESSION_TICKETS:
         on = ssl_defaults.enableSessionTickets;
         break;
     case SSL_ENABLE_DEFLATE:      on = ssl_defaults.enableDeflate;      break;
     case SSL_ENABLE_RENEGOTIATION:     
                                   on = ssl_defaults.enableRenegotiation; break;
     case SSL_REQUIRE_SAFE_NEGOTIATION: 
                                   on = ssl_defaults.requireSafeNegotiation; 
                                   break;
     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
+    case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING:
         on = ssl_defaults.enableOCSPStapling;
         break;
-    case SSL_ENABLE_CACHED_INFO:  on = ssl_defaults.enableCachedInfo;   break;
     case SSL_ENABLE_OB_CERTS:     on = ssl_defaults.enableOBCerts;      break;
     case SSL_ENCRYPT_CLIENT_CERTS:
                                   on = ssl_defaults.encryptClientCerts; break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
     }
 
     *pOn = on;
     return rv;
 }
 
 /* XXX Use Global Lock to protect this stuff. */
 SECStatus
 SSL_EnableDefault(int which, PRBool on)
 {
     return SSL_OptionSetDefault(which, on);
 }
 
 SECStatus
 SSL_OptionSetDefault(PRInt32 which, PRBool on)
 {
+    SECStatus status = ssl_Init();
+
+    if (status != SECSuccess) {
+        return status;
+    }
+
+    ssl_SetDefaultsFromEnvironment();
+
     switch (which) {
       case SSL_SOCKS:
         ssl_defaults.useSocks = PR_FALSE;
         if (on) {
             PORT_SetError(SEC_ERROR_INVALID_ARGS);
             return SECFailure;
         }
         break;
 
       case SSL_SECURITY:
@@ skipping 107 matching lines @@
         break;
 
       case SSL_REQUIRE_SAFE_NEGOTIATION:
         ssl_defaults.requireSafeNegotiation = on;
         break;
 
       case SSL_ENABLE_FALSE_START:
         ssl_defaults.enableFalseStart = on;
         break;
 
+      case SSL_CBC_RANDOM_IV:
+        ssl_defaults.cbcRandomIV = on;
+        break;
+
       case SSL_ENABLE_OCSP_STAPLING:
         ssl_defaults.enableOCSPStapling = on;
         break;
 
-      case SSL_ENABLE_CACHED_INFO:
-        ssl_defaults.enableCachedInfo = on;
-        break;
-
       case SSL_ENABLE_OB_CERTS:
         ssl_defaults.enableOBCerts = on;
         break;
 
       case SSL_ENCRYPT_CLIENT_CERTS:
         ssl_defaults.encryptClientCerts = on;
         break;
 
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ skipping 31 matching lines @@
             which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
         return SECSuccess;
     return SSL_CipherPolicySet(which, policy);
 }
 
 SECStatus
 SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
 {
-    SECStatus rv;
+    SECStatus rv = ssl_Init();
+
+    if (rv != SECSuccess) {
+        return rv;
+    }
 
     if (ssl_IsRemovedCipherSuite(which)) {
         rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
         rv = ssl2_SetPolicy(which, policy);
     } else {
         rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
     }
     return rv;
 }
@@ skipping 34 matching lines @@
             which = SSL_RSA_FIPS_WITH_DES_CBC_SHA;
     }
     if (ssl_IsRemovedCipherSuite(which))
         return SECSuccess;
     return SSL_CipherPrefSetDefault(which, enabled);
 }
 
 SECStatus
 SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
 {
-    SECStatus rv;
+    SECStatus rv = ssl_Init();
+
+    if (rv != SECSuccess) {
+        return rv;
+    }
 
     if (ssl_IsRemovedCipherSuite(which))
         return SECSuccess;
     if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
         PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
         return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
         rv = ssl2_CipherPrefSetDefault(which, enabled);
     } else {
@@ skipping 68 matching lines @@
         rv = ssl2_CipherPrefGet(ss, which, enabled);
     } else {
         rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
     }
     return rv;
 }
 
 SECStatus
 NSS_SetDomesticPolicy(void)
 {
-#ifndef EXPORT_VERSION
     SECStatus      status = SECSuccess;
     cipherPolicy * policy;
 
     for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
         status = SSL_SetPolicy(policy->cipher, SSL_ALLOWED);
         if (status != SECSuccess)
             break;
     }
     return status;
-#else
-    return NSS_SetExportPolicy();
-#endif
-}
-
-SECStatus
-NSS_SetExportPolicy(void)
-{
-    SECStatus      status = SECSuccess;
-    cipherPolicy * policy;
-
-    for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
-        status = SSL_SetPolicy(policy->cipher, policy->export);
-        if (status != SECSuccess)
-            break;
-    }
-    return status;
 }
 
 SECStatus
+NSS_SetExportPolicy(void)
+{
+    return NSS_SetDomesticPolicy();
+}
+
+SECStatus
 NSS_SetFrancePolicy(void)
 {
-    SECStatus      status = SECSuccess;
-    cipherPolicy * policy;
-
-    for (policy = ssl_ciphers; policy->cipher != 0; ++policy) {
-        status = SSL_SetPolicy(policy->cipher, policy->france);
-        if (status != SECSuccess)
-            break;
-    }
-    return status;
+    return NSS_SetDomesticPolicy();
 }
 
 
 
 /* LOCKS ??? XXX */
 PRFileDesc *
 SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
 {
     sslSocket * ns = NULL;
     PRStatus    rv;
     PRNetAddr   addr;
+    SECStatus   status = ssl_Init();
+
+    if (status != SECSuccess) {
+        return NULL;
+    }
 
     if (model == NULL) {
         /* Just create a default socket if we're given NULL for the model */
         ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks));
     } else {
         sslSocket * ss = ssl_FindSocket(model);
         if (ss == NULL) {
             SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", 
                       SSL_GETPID(), model));
             return NULL;
@@ skipping 13 matching lines @@
     PR_Sleep(PR_INTERVAL_NO_WAIT);     /* workaround NT winsock connect bug. */
 #endif
     ns = ssl_FindSocket(fd);
     PORT_Assert(ns);
     if (ns)
         ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
     return fd;
 }
 
 SECStatus
-SSL_SetNextProtoCallback(PRFileDesc *fd,
-                         SSLNextProtoCallback callback,
-                         void *arg) {
+SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
+                         void *arg)
+{
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID(),
-                fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
+                 fd));
         return SECFailure;
     }
 
     ssl_GetSSL3HandshakeLock(ss);
     ss->nextProtoCallback = callback;
     ss->nextProtoArg = arg;
     ssl_ReleaseSSL3HandshakeLock(ss);
+
     return SECSuccess;
 }
 
-/* NextProtoStandardCallback is set as an NPN callback for the case when the
- * user of the sockets wants the standard selection algorithm. */
+/* NextProtoStandardCallback is set as an NPN callback for the case when
+ * SSL_SetNextProtoNego is used.
+ */
 static SECStatus
-NextProtoStandardCallback(void *arg,
-                          PRFileDesc *fd,
-                          const unsigned char *protos,
-                          unsigned int protos_len,
-                          unsigned char *protoOut,
-                          unsigned int *protoOutLen)
+ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
+                          const unsigned char *protos, unsigned int protos_len,
+                          unsigned char *protoOut, unsigned int *protoOutLen,
+                          unsigned int protoMaxLen)
 {
     unsigned int i, j;
     const unsigned char *result;
+    sslSocket *ss = ssl_FindSocket(fd);
 
-    sslSocket *ss = ssl_FindSocket(fd);
-    PORT_Assert(ss);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
 
     if (protos_len == 0) {
         /* The server supports the extension, but doesn't have any protocols
          * configured. In this case we request our favoured protocol. */
         goto pick_first;
     }
 
     /* For each protocol in server preference, see if we support it. */
     for (i = 0; i < protos_len; ) {
         for (j = 0; j < ss->opt.nextProtoNego.len; ) {
             if (protos[i] == ss->opt.nextProtoNego.data[j] &&
-                memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
-                       protos[i]) == 0) {
+                PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
+                             protos[i]) == 0) {
                 /* We found a match. */
                 ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
                 result = &protos[i];
                 goto found;
             }
-            j += (unsigned int)ss->opt.nextProtoNego.data[j] + 1;
+            j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
         }
-        i += (unsigned int)protos[i] + 1;
+        i += 1 + (unsigned int)protos[i];
     }
 
 pick_first:
     ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
     result = ss->opt.nextProtoNego.data;
 
 found:
+    *protoOutLen = result[0];
+    if (protoMaxLen < result[0]) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
     memcpy(protoOut, result + 1, result[0]);
-    *protoOutLen = result[0];
     return SECSuccess;
 }
 
 SECStatus
 SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
                      unsigned int length)
 {
+    sslSocket *ss;
     SECStatus rv;
+    SECItem dataItem = { siBuffer, (unsigned char *) data, length };
 
-    sslSocket *ss = ssl_FindSocket(fd);
-
+    ss = ssl_FindSocket(fd);
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
                  SSL_GETPID(), fd));
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
         return SECFailure;
 
     ssl_GetSSL3HandshakeLock(ss);
-    if (ss->opt.nextProtoNego.data)
-        PORT_Free(ss->opt.nextProtoNego.data);
-    ss->opt.nextProtoNego.data = PORT_Alloc(length);
-    if (!ss->opt.nextProtoNego.data) {
-        ssl_ReleaseSSL3HandshakeLock(ss);
-        return SECFailure;
-    }
-    memcpy(ss->opt.nextProtoNego.data, data, length);
-    ss->opt.nextProtoNego.len = length;
-    ss->opt.nextProtoNego.type = siBuffer;
+    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
+    rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
     ssl_ReleaseSSL3HandshakeLock(ss);
 
-    return SSL_SetNextProtoCallback(fd, NextProtoStandardCallback, NULL);
+    if (rv != SECSuccess)
+        return rv;
+
+    return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
 }
 
 SECStatus
-SSL_GetNextProto(PRFileDesc *fd, int *state, unsigned char *buf,
-                 unsigned int *length, unsigned int buf_len)
+SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
+                 unsigned int *bufLen, unsigned int bufLenMax)
 {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-                fd));
+                 fd));
+        return SECFailure;
+    }
+
+    if (!state || !buf || !bufLen) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     *state = ss->ssl3.nextProtoState;
 
     if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
         ss->ssl3.nextProto.data) {
-        *length = ss->ssl3.nextProto.len;
-        if (*length > buf_len)
-            *length = buf_len;
-        PORT_Memcpy(buf, ss->ssl3.nextProto.data, *length);
+        *bufLen = ss->ssl3.nextProto.len;
+        if (*bufLen > bufLenMax) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            *bufLen = 0;
+            return SECFailure;
+        }
+        PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
     } else {
-        *length = 0;
+        *bufLen = 0;
     }
 
     return SECSuccess;
 }
 
 PRFileDesc *
 SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
 {
     PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
     PR_NOT_REACHED("not implemented");
     return NULL;
 
 #if 0
     sslSocket * sm = NULL, *ss = NULL;
     int i;
-    sslServerCerts * mc = sm->serverCerts;
-    sslServerCerts * sc = ss->serverCerts;
+    sslServerCerts * mc = NULL;
+    sslServerCerts * sc = NULL;
 
     if (model == NULL) {
         PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
         return NULL;
     }
     sm = ssl_FindSocket(model);
     if (sm == NULL) {
         SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", 
                  SSL_GETPID(), model));
         return NULL;
     }
     ss = ssl_FindSocket(fd);
     PORT_Assert(ss);
     if (ss == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     
     ss->opt  = sm->opt;
     PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
 
     if (!ss->opt.useSecurity) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     /* This int should be SSLKEAType, but CC on Irix complains,
      * during the for loop.
      */
-    for (i=kt_null; i < kt_kea_size; i++, mc++, sc++) {
+    for (i=kt_null; i < kt_kea_size; i++) {
+        mc = &(sm->serverCerts[i]);
+        sc = &(ss->serverCerts[i]);
         if (mc->serverCert && mc->serverCertChain) {
             if (sc->serverCert) {
                 CERT_DestroyCertificate(sc->serverCert);
             }
             sc->serverCert      = CERT_DupCertificate(mc->serverCert);
             if (sc->serverCertChain) {
                 CERT_DestroyCertificateList(sc->serverCertChain);
             }
             sc->serverCertChain = CERT_DupCertList(mc->serverCertChain);
             if (!sc->serverCertChain)
@@ skipping 540 matching lines @@
                     new_flags ^=  PR_POLL_WRITE;   /* don't select on write. */
                     new_flags |=  PR_POLL_READ;    /* do    select on read. */
             }
         }
     } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
         *p_out_flags = PR_POLL_READ;    /* it's ready already. */
         return new_flags;
     } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
                (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
         new_flags |=  PR_POLL_WRITE;   /* also select on write. */
-    } 
+    }
+
+    if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
+        ss->ssl3.hs.restartTarget != NULL) {
+        /* Read and write will block until the asynchronous callback completes
+         * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
+         * the caller to poll the socket unless there is pending write data.
+         */
+        if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
+            /* Ignore any newly-received data on the socket, but do wait for
+             * the socket to become writable again. Here, it is OK for an error
+             * to be detected, because our logic for sending pending write data
+             * will allow us to report the error to the caller without the risk
+             * of the application spinning.
+             */
+            new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
+        } else {
+            /* Unfortunately, clearing new_flags will make it impossible for
+             * the application to detect errors that it would otherwise be
+             * able to detect with PR_POLL_EXCEPT, until the asynchronous
+             * callback completes. However, we must clear all the flags to
+             * prevent the application from spinning (alternating between
+             * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
+             * which won't actually report the I/O error while we are waiting
+             * for the asynchronous callback to complete).
+             */
+            new_flags = 0;
+        }
+    }
+
     if (new_flags && (fd->lower->methods->poll != NULL)) {
         PRInt16    lower_out_flags = 0;
         PRInt16    lower_new_flags;
         lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, 
                                                    &lower_out_flags);
         if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
             PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
             if (lower_out_flags & PR_POLL_READ) 
                 out_flags |= PR_POLL_WRITE;
             if (lower_out_flags & PR_POLL_WRITE) 
@@ skipping 354 matching lines @@
     return PR_SUCCESS;
 }
 
 static PRStatus
 ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
 {
     PRFileDesc *layer   = NULL;
     PRStatus    status;
 
     if (!ssl_inited) {
-        PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        if (status != PR_SUCCESS)
+            goto loser;
     }
 
     if (ns == NULL)
         goto loser;
 
     layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
     if (layer == NULL)
         goto loser;
     layer->secret = (PRFilePrivate *)ns;
 
@@ skipping 55 matching lines @@
     ssl_DestroyLocks(ss);
     return SECFailure;
 }
 
 #if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
 #define NSS_HAVE_GETENV 1
 #endif
 
 #define LOWER(x) (x | 0x20)  /* cheap ToLower function ignores LOCALE */
 
-/*
-** Create a newsocket structure for a file descriptor.
-*/
-static sslSocket *
-ssl_NewSocket(PRBool makeLocks)
+static void
+ssl_SetDefaultsFromEnvironment(void)
 {
-    sslSocket *ss;
 #if defined( NSS_HAVE_GETENV )
     static int firsttime = 1;
 
     if (firsttime) {
         char * ev;
         firsttime = 0;
 #ifdef DEBUG
         ev = getenv("SSLDEBUGFILE");
         if (ev && ev[0]) {
             ssl_trace_iob = fopen(ev, "w");
@@ skipping 48 matching lines @@
                 ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
             SSL_TRACE(("SSL: enableRenegotiation set to %d", 
                        ssl_defaults.enableRenegotiation));
         }
         ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
         if (ev && ev[0] == '1') {
             ssl_defaults.requireSafeNegotiation = PR_TRUE;
             SSL_TRACE(("SSL: requireSafeNegotiation set to %d", 
                         PR_TRUE));
         }
+        ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+        if (ev && ev[0] == '0') {
+            ssl_defaults.cbcRandomIV = PR_FALSE;
+            SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+        }
     }
 #endif /* NSS_HAVE_GETENV */
+}
+
+/*
+** Create a newsocket structure for a file descriptor.
+*/
+static sslSocket *
+ssl_NewSocket(PRBool makeLocks)
+{
+    sslSocket *ss;
+
+    ssl_SetDefaultsFromEnvironment();
+
     if (ssl_force_locks)
         makeLocks = PR_TRUE;
 
     /* Make a new socket and get it ready */
     ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket));
     if (ss) {
         /* This should be of type SSLKEAType, but CC on IRIX
          * complains during the for loop.
          */
         int i;
@@ skipping 53 matching lines @@
         if (status != SECSuccess) {
 loser:
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
     }
     return ss;
 }
+