Update net/third_party/nss/ssl to NSS 3.14.

net/third_party/nss/ssl/sslsecur.c

 /*
  * Various SSL functions.
  *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: sslsecur.c,v 1.58 2012/03/01 18:36:35 kaie%kuix.de Exp $ */
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* $Id: sslsecur.c,v 1.61 2012/05/24 20:34:51 wtc%google.com Exp $ */
 #include "cert.h"
 #include "secitem.h"
 #include "keyhi.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "secoid.h"     /* for SECOID_GetALgorithmTag */
 #include "pk11func.h"   /* for PK11_GenerateRandom */
 #include "nss.h"        /* for NSS_RegisterShutdown */
 #include "prinit.h"     /* for PR_CallOnceWithArg */
@@ skipping 571 matching lines @@
                  SSL_GETPID(), ss->fd, amount, available));
     PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));
 
 done:
     ssl_ReleaseRecvBufLock(ss);
     return rv;
 }
 
 /************************************************************************/
 
+/*
+** Return SSLKEAType derived from cert's Public Key algorithm info.
+*/
 SSLKEAType
-ssl_FindCertKEAType(CERTCertificate * cert)
+NSS_FindCertKEAType(CERTCertificate * cert)
 {
   SSLKEAType keaType = kt_null; 
   int tag;
   
   if (!cert) goto loser;
   
   tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
   
   switch (tag) {
   case SEC_OID_X500_RSA_ENCRYPTION:
   case SEC_OID_PKCS1_RSA_ENCRYPTION:
     keaType = kt_rsa;
     break;
-
   case SEC_OID_X942_DIFFIE_HELMAN_KEY:
     keaType = kt_dh;
     break;
 #ifdef NSS_ENABLE_ECC
   case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
     keaType = kt_ecdh;
     break;
 #endif /* NSS_ENABLE_ECC */
   default:
     keaType = kt_null;
   }
   
  loser:
   
   return keaType;
-
 }
 
 static const PRCallOnceType pristineCallOnce;
 static       PRCallOnceType setupServerCAListOnce;
 
 static SECStatus serverCAListShutdown(void* appData, void* nssData)
 {
     PORT_Assert(ssl3_server_ca_list);
     if (ssl3_server_ca_list) {
         CERT_FreeDistNames(ssl3_server_ca_list);
@@ skipping 121 matching lines @@
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     /* make sure the key exchange is recognized */
     if ((kea >= kt_kea_size) || (kea < kt_null)) {
         PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
         return SECFailure;
     }
 
-    if (kea != ssl_FindCertKEAType(cert)) {
+    if (kea != NSS_FindCertKEAType(cert)) {
         PORT_SetError(SSL_ERROR_CERT_KEA_MISMATCH);
         return SECFailure;
     }
 
     if (cert) {
         /* get the size of the cert's public key, and remember it */
         pubKey = CERT_ExtractPublicKey(cert);
         if (!pubKey) 
             return SECFailure;
     }
@@ skipping 806 matching lines @@
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook",
                  SSL_GETPID(), fd));
         return SECFailure;
     }
 
     ss->sniSocketConfig = func;
     ss->sniSocketConfigArg = arg;
     return SECSuccess;
 }