Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs

net/third_party/nss/patches/nssrwlock.patch

Index: net/third_party/nss/patches/nssrwlock.patch
===================================================================
--- net/third_party/nss/patches/nssrwlock.patch	(revision 0)
+++ net/third_party/nss/patches/nssrwlock.patch	(revision 0)
@@ -0,0 +1,235 @@
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2014-01-07 14:31:44.537621503 -0800
++++ b/nss/lib/ssl/ssl3con.c	2014-01-08 15:00:02.814706742 -0800
+@@ -5211,7 +5211,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+      * the lock across the calls to ssl3_CallHelloExtensionSenders.
+      */
+     if (sid->u.ssl3.lock) {
+-        PR_RWLock_Rlock(sid->u.ssl3.lock);
++        NSSRWLock_LockRead(sid->u.ssl3.lock);
+     }
+ 
+     if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
+@@ -5220,7 +5220,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 
+ 	extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
+ 	if (extLen < 0) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return SECFailure;
+ 	}
+ 	maxBytes        -= extLen;
+@@ -5248,7 +5248,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+     /* how many suites are permitted by policy and user preference? */
+     num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
+     if (!num_suites) {
+-    	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++    	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+     	return SECFailure;	/* count_cipher_suites has set error code. */
+     }
+ 
+@@ -5293,7 +5293,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 
+     rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+ 
+@@ -5312,21 +5312,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
+     }
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+ 
+     if (!resending) { /* Don't re-generate if we are in DTLS re-sending mode */
+ 	rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by GetNewRandom. */
+ 	}
+     }
+     rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
+                               SSL3_RANDOM_LENGTH);
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+ 
+@@ -5336,7 +5336,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+     else
+ 	rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1);
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+ 
+@@ -5344,14 +5344,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	rv = ssl3_AppendHandshakeVariable(
+ 	    ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by ssl3_AppendHandshake* */
+ 	}
+     }
+ 
+     rv = ssl3_AppendHandshakeNumber(ss, num_suites*sizeof(ssl3CipherSuite), 2);
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+ 
+@@ -5360,7 +5360,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+ 					sizeof(ssl3CipherSuite));
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by ssl3_AppendHandshake* */
+ 	}
+ 	actual_count++;
+@@ -5369,7 +5369,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
+ 					sizeof(ssl3CipherSuite));
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by ssl3_AppendHandshake* */
+ 	}
+ 	actual_count++;
+@@ -5379,7 +5379,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
+ 	    actual_count++;
+ 	    if (actual_count > num_suites) {
+-		if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++		if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 		/* set error card removal/insertion error */
+ 		PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+ 		return SECFailure;
+@@ -5387,7 +5387,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	    rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
+ 					    sizeof(ssl3CipherSuite));
+ 	    if (rv != SECSuccess) {
+-		if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++		if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 		return rv;	/* err set by ssl3_AppendHandshake* */
+ 	    }
+ 	}
+@@ -5398,14 +5398,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+      * the server.. */
+     if (actual_count != num_suites) {
+ 	/* Card removal/insertion error */
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+ 	return SECFailure;
+     }
+ 
+     rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1);
+     if (rv != SECSuccess) {
+-	if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	return rv;	/* err set by ssl3_AppendHandshake* */
+     }
+     for (i = 0; i < compressionMethodsCount; i++) {
+@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 	    continue;
+ 	rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by ssl3_AppendHandshake* */
+ 	}
+     }
+@@ -5424,20 +5424,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+ 
+ 	rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
+ 	if (rv != SECSuccess) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return rv;	/* err set by AppendHandshake. */
+ 	}
+ 
+ 	extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
+ 	if (extLen < 0) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return SECFailure;
+ 	}
+ 	maxBytes -= extLen;
+ 
+ 	extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
+ 	if (extLen < 0) {
+-	    if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
++	    if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
+ 	    return SECFailure;
+ 	}
+ 	maxBytes -= extLen;
+@@ -5446,7 +5446,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+     } 
+ 
+     if (sid->u.ssl3.lock) {
+-        PR_RWLock_Unlock(sid->u.ssl3.lock);
++        NSSRWLock_UnlockRead(sid->u.ssl3.lock);
+     }
+ 
+     if (ss->xtnData.sentSessionTicketInClientHello) {
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2014-01-07 14:31:44.537621503 -0800
++++ b/nss/lib/ssl/sslimpl.h	2014-01-08 15:00:02.804706578 -0800
+@@ -728,7 +728,7 @@ struct sslSessionIDStr {
+ 	     * cached. Before then, there is no need to lock anything because
+ 	     * the sid isn't being shared by anything.
+ 	     */
+-	    PRRWLock *lock;
++	    NSSRWLock *lock;
+ 
+ 	    /* The lock must be held while reading or writing these members
+ 	     * because they change while the sid is cached.
+diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
+--- a/nss/lib/ssl/sslnonce.c	2014-01-07 14:31:44.547621666 -0800
++++ b/nss/lib/ssl/sslnonce.c	2014-01-08 15:00:02.814706742 -0800
+@@ -138,7 +138,7 @@ ssl_DestroySID(sslSessionID *sid)
+         }
+ 
+         if (sid->u.ssl3.lock) {
+-            PR_DestroyRWLock(sid->u.ssl3.lock);
++            NSSRWLock_Destroy(sid->u.ssl3.lock);
+         }
+     }
+ 
+@@ -314,7 +314,7 @@ CacheSID(sslSessionID *sid)
+ 	PRINT_BUF(8, (0, "sessionID:",
+ 		      sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
+ 
+-	sid->u.ssl3.lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, NULL);
++	sid->u.ssl3.lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
+ 	if (!sid->u.ssl3.lock) {
+ 	    return;
+ 	}
+@@ -454,7 +454,7 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+      * yet, so no locking is needed.
+      */
+     if (sid->u.ssl3.lock) {
+-	PR_RWLock_Wlock(sid->u.ssl3.lock);
++	NSSRWLock_LockWrite(sid->u.ssl3.lock);
+ 
+ 	/* A server might have sent us an empty ticket, which has the
+ 	 * effect of clearing the previously known ticket.
+@@ -473,6 +473,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *s
+     newSessionTicket->ticket.len = 0;
+ 
+     if (sid->u.ssl3.lock) {
+-	PR_RWLock_Unlock(sid->u.ssl3.lock);
++	NSSRWLock_UnlockWrite(sid->u.ssl3.lock);
+     }
+ }