Add DTLS support to NSS, contributed by Eric Rescorla.

net/third_party/nss/ssl/sslgathr.c

 /*
  * Gather (Read) entire SSL2 records from socket into buffer.  
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 416 matching lines @@
 
 /* Caller should hold RecvBufLock. */
 SECStatus
 ssl_InitGather(sslGather *gs)
 {
     SECStatus status;
 
     gs->state = GS_INIT;
     gs->writeOffset = 0;
     gs->readOffset  = 0;
+    gs->dtlsPacketOffset = 0;

[Ryan Sleevi, 2012/03/22 22:26:37]

What about gs->dtlsPacket.len ?

[wtc, 2012/03/23 00:21:18]

I don't fully understand this code, so I am proving by
analogy.

dtls_GatherData is analogous to ssl3_GatherData.

dtls_GatherData operates on gs->dtlsPacket.
ssl3_GatherData operates on gs->inbuf.

Since this function does not set gs->inbuf.len to 0,
I concluded that it doesn't need to set gs->dtlsPacket.len
to 0 either.

See also lines 448-449 below, where ssl_DestroyGather frees
gs->inbuf.buf and gs->dtlsPacket.buf at the same time.

[Ryan Sleevi, 2012/03/23 00:38:28]

Yes, but neither PORT_Free resets gs->inbuf.len / gs->dtlsPacket.len.

My concern was that I wasn't seeing where gs->dtlsPacketOffset.len was reset. If
you look in dtls_GatherData (which is where the GS_INIT state leads to), it only
sets ->dtlsPacket.len /after/ it checked that dtlsPacketOffset (reset here)
equals gs->dtlsPacket.len.

Note that for GS_INIT, ssl3gthr.c:82 (ssl3_GatherData) resets gs->inbuf.len to 0
for GS_INIT, but I see no such equivalent code in ssl3gthr.c:192
(dtls_GatherData). That's why I have trouble understanding where
gs->dtlsPacket.len is  properly zero initialized.

[ekr, 2012/03/23 12:46:41]

So your concern here is the initial state of gs->dtlsPacket.len?

The reason that it is initially 0 is that the sslSocket structure (containing
the gather) is PR_ZAlloc()'d, so I *think* it should be zero at the beginning
and then all future code paths should leave it correct. However, I agree it
should be explicitly zerod. I suggest that what we need is to set it to zero in
ssl_InitGather(). Does that sound right to you?

[wtc, 2012/03/23 13:48:49]

I analyzed this last night and have fixed this in my local
tree by setting gs->dtlsPacket.len to 0.

     status = sslBuffer_Grow(&gs->buf, 4096);
     return status;
 }
 
 /* Caller must hold RecvBufLock. */
 void 
 ssl_DestroyGather(sslGather *gs)
 {
     if (gs) {   /* the PORT_*Free functions check for NULL pointers. */
         PORT_ZFree(gs->buf.buf, gs->buf.space);
         PORT_Free(gs->inbuf.buf);
+        PORT_Free(gs->dtlsPacket.buf);
     }
 }
 
 /* Caller must hold RecvBufLock. */
 static SECStatus
 ssl2_HandleV3HandshakeRecord(sslSocket *ss)
 {
     SECStatus           rv;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
@@ skipping 16 matching lines @@
     rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED,
                                PR_TRUE);
     if (rv != SECSuccess) {
         return rv;
     }
 
     ss->sec.send         = ssl3_SendApplicationData;
 
     return SECSuccess;
 }