Add DTLS support to NSS, contributed by Eric Rescorla.

net/third_party/nss/ssl/sslgathr.c

Index: net/third_party/nss/ssl/sslgathr.c
===================================================================
--- net/third_party/nss/ssl/sslgathr.c	(revision 127709)
+++ net/third_party/nss/ssl/sslgathr.c	(working copy)
@@ -434,6 +434,7 @@
     gs->state = GS_INIT;
     gs->writeOffset = 0;
     gs->readOffset  = 0;
+    gs->dtlsPacketOffset = 0;

[Ryan Sleevi, 2012/03/22 22:26:37]

What about gs->dtlsPacket.len ?

[wtc, 2012/03/23 00:21:18]

I don't fully understand this code, so I am proving by
analogy.

dtls_GatherData is analogous to ssl3_GatherData.

dtls_GatherData operates on gs->dtlsPacket.
ssl3_GatherData operates on gs->inbuf.

Since this function does not set gs->inbuf.len to 0,
I concluded that it doesn't need to set gs->dtlsPacket.len
to 0 either.

See also lines 448-449 below, where ssl_DestroyGather frees
gs->inbuf.buf and gs->dtlsPacket.buf at the same time.

[Ryan Sleevi, 2012/03/23 00:38:28]

Yes, but neither PORT_Free resets gs->inbuf.len / gs->dtlsPacket.len.

My concern was that I wasn't seeing where gs->dtlsPacketOffset.len was reset. If
you look in dtls_GatherData (which is where the GS_INIT state leads to), it only
sets ->dtlsPacket.len /after/ it checked that dtlsPacketOffset (reset here)
equals gs->dtlsPacket.len.

Note that for GS_INIT, ssl3gthr.c:82 (ssl3_GatherData) resets gs->inbuf.len to 0
for GS_INIT, but I see no such equivalent code in ssl3gthr.c:192
(dtls_GatherData). That's why I have trouble understanding where
gs->dtlsPacket.len is  properly zero initialized.

[ekr, 2012/03/23 12:46:41]

So your concern here is the initial state of gs->dtlsPacket.len?

The reason that it is initially 0 is that the sslSocket structure (containing
the gather) is PR_ZAlloc()'d, so I *think* it should be zero at the beginning
and then all future code paths should leave it correct. However, I agree it
should be explicitly zerod. I suggest that what we need is to set it to zero in
ssl_InitGather(). Does that sound right to you?

[wtc, 2012/03/23 13:48:49]

I analyzed this last night and have fixed this in my local
tree by setting gs->dtlsPacket.len to 0.

     status = sslBuffer_Grow(&gs->buf, 4096);
     return status;
 }
@@ -445,6 +446,7 @@
     if (gs) {	/* the PORT_*Free functions check for NULL pointers. */
 	PORT_ZFree(gs->buf.buf, gs->buf.space);
 	PORT_Free(gs->inbuf.buf);
+	PORT_Free(gs->dtlsPacket.buf);
     }
 }