Update net/third_party/nss to NSS_3_15_5_BETA2.

net/third_party/nss/ssl/ssl3ext.c

 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* TLS extension code moved here from ssl3ecc.c */
 
 #include "nssrenam.h"
@@ skipping 39 matching lines @@
     PRBool append, PRUint32 maxBytes);
 static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, 
     PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
 static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append,
-                                               PRUint32 maxBytes);
+                                          PRUint32 maxBytes);
 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
                                                PRUint32 maxBytes);
 static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
 static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
     SECItem *data);
 static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
@@ skipping 205 matching lines @@
 };
 
 /* Tables of functions to format TLS hello extensions, one function per
  * extension.
  * These static tables are for the formatting of client hello extensions.
  * The server's table of hello senders is dynamic, in the socket struct,
  * and sender functions are registered there.
  */
 static const 
 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
-    { ssl_server_name_xtn,            &ssl3_SendServerNameXtn        },
-    { ssl_renegotiation_info_xtn,     &ssl3_SendRenegotiationInfoXtn },
+    { ssl_server_name_xtn,        &ssl3_SendServerNameXtn        },
+    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
 #ifdef NSS_ENABLE_ECC
-    { ssl_elliptic_curves_xtn,        &ssl3_SendSupportedCurvesXtn },
-    { ssl_ec_point_formats_xtn,       &ssl3_SendSupportedPointFormatsXtn },
+    { ssl_elliptic_curves_xtn,    &ssl3_SendSupportedCurvesXtn },
+    { ssl_ec_point_formats_xtn,   &ssl3_SendSupportedPointFormatsXtn },
 #endif
-    { ssl_session_ticket_xtn,         &ssl3_SendSessionTicketXtn },
-    { ssl_next_proto_nego_xtn,        &ssl3_ClientSendNextProtoNegoXtn },
-    { ssl_app_layer_protocol_xtn,     &ssl3_ClientSendAppProtoXtn },
-    { ssl_use_srtp_xtn,               &ssl3_SendUseSRTPXtn },
-    { ssl_channel_id_xtn,             &ssl3_ClientSendChannelIDXtn },
-    { ssl_cert_status_xtn,            &ssl3_ClientSendStatusRequestXtn },
-    { ssl_signature_algorithms_xtn,   &ssl3_ClientSendSigAlgsXtn },
+    { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
+    { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
+    { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
+    { ssl_channel_id_xtn,         &ssl3_ClientSendChannelIDXtn },
+    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn },
+    { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
     { ssl_signed_certificate_timestamp_xtn,
       &ssl3_ClientSendSignedCertTimestampXtn }
     /* any extra entries will appear as { 0, NULL }    */
 };
 
 static const 
 ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
     { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
     /* any extra entries will appear as { 0, NULL }    */
 };
@@ skipping 314 matching lines @@
 static SECStatus
 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
                                   SECItem *data)
 {
     SECStatus rv;
     unsigned char resultBuffer[255];
     SECItem result = { siBuffer, resultBuffer, 0 };
 
     PORT_Assert(!ss->firstHsDone);
 
     if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {

[wtc, 2014/02/12 15:26:24]

As an optimization, check ss->opt.enableALPN first.

+        /* If the server negotiated ALPN then it has already told us what protocol
+         * to use, so it doesn't make sense for us to try to negotiate a different
+         * one by sending the NPN handshake message. However, if we've negotiated
+         * NPN then we're required to send the NPN handshake message. Thus, these
+         * two extensions cannot both be negotiated on the same connection. */
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);

[wtc, 2014/02/12 15:26:24]

Use a different error code. This is not an NSS bug. This is a server bug.

         return SECFailure;
     }
 
     rv = ssl3_ValidateNextProtoNego(data->data, data->len);
     if (rv != SECSuccess)
         return rv;
 
     /* ss->nextProtoCallback cannot normally be NULL if we negotiated the
      * extension. However, It is possible that an application erroneously
      * cleared the callback between the time we sent the ClientHello and now.
@@ skipping 23 matching lines @@
     return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
 }
 
 static SECStatus
 ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 {
     const unsigned char* d = data->data;
     PRUint16 name_list_len;
     SECItem protocol_name;
 
     if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {

[wtc, 2014/02/12 15:26:24]

Add a comment.

As an optimization, check ss->opt.enableNPN first.

Change the error code because this is not an NSS bug. This is a server bug.

         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
 
     /* The extension data from the server has the following format:
      *   uint16 name_list_len;
      *   uint8 len;
      *   uint8 protocol_name[len]; */
     if (data->len < 4 || data->len > 2 + 1 + 255) {
         PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
         return SECFailure;
     }
 
     name_list_len = ((PRUint16) d[0]) << 8 |
                     ((PRUint16) d[1]);
-    if (name_list_len != data->len - 2 ||
-        d[2] != data->len - 3) {
+    if (name_list_len != data->len - 2 || d[2] != data->len - 3) {
         PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
         return SECFailure;
     }
 
     protocol_name.data = data->data + 3;
     protocol_name.len = data->len - 3;
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
     ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED;
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name);
 }
 
 static PRInt32
 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
                                 PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     /* Renegotiations do not send this extension. */
-    if (!ss->nextProtoCallback || ss->firstHsDone) {
+    if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
         return 0;
     }
 
     extension_length = 4;
 
     if (append && maxBytes >= extension_length) {
         SECStatus rv;
         rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
         if (rv != SECSuccess)
             goto loser;
@@ skipping 12 matching lines @@
     return -1;
 }
 
 static PRInt32
 ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
 {
     PRInt32 extension_length;
     unsigned char *alpn_protos = NULL;
 
     /* Renegotiations do not send this extension. */
-    if (!ss->opt.nextProtoNego.data || ss->firstHsDone) {
+    if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
         return 0;
     }
 
     extension_length = 2 /* extension type */ + 2 /* extension length */ +
-                       2 /* protocol name list length */ +
-                       ss->opt.nextProtoNego.len;
+                       2 /* protocol name list length */ +
+                       ss->opt.nextProtoNego.len;
 
     if (append && maxBytes >= extension_length) {
         /* NPN requires that the client's fallback protocol is first in the
          * list. However, ALPN sends protocols in preference order. So we
          * allocate a buffer and move the first protocol to the end of the
          * list. */
         SECStatus rv;
         const unsigned int len = ss->opt.nextProtoNego.len;
 
         alpn_protos = PORT_Alloc(len);
         if (alpn_protos == NULL) {
             return SECFailure;
         }
         if (len > 0) {
             /* Each protocol string is prefixed with a single byte length. */
             unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
             if (i <= len) {
                 memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
                 memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
             } else {
                 /* This seems to be invalid data so we'll send as-is. */
                 memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
             }
         }
 
         rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
-        if (rv != SECSuccess)
+        if (rv != SECSuccess) {
             goto loser;
+        }
         rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-        if (rv != SECSuccess)
+        if (rv != SECSuccess) {
             goto loser;
+        }
         rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2);
         PORT_Free(alpn_protos);
         alpn_protos = NULL;
-        if (rv != SECSuccess)
+        if (rv != SECSuccess) {
             goto loser;
+        }
         ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
                 ssl_app_layer_protocol_xtn;
     } else if (maxBytes < extension_length) {
         return 0;
     }
 
     return extension_length;
 
 loser:
-    if (alpn_protos)
+    if (alpn_protos) {
         PORT_Free(alpn_protos);
+    }
     return -1;
 }
 
 static SECStatus
 ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
                              SECItem *data)
 {
     PORT_Assert(ss->getChannelID != NULL);
 
     if (data->len) {
@@ skipping 1522 matching lines @@
     unsigned int extensionLength;
 
     /* This condition should be:
      *   if (recordLength < 256 || recordLength >= 512) {
      * It has been changed, temporarily, to test whether 512 byte ClientHellos
      * are a compatibility problem. */
     if (recordLength >= 512) {
         return 0;
     }
 
-     extensionLength = 512 - recordLength;
-     /* Extensions take at least four bytes to encode. */
-     if (extensionLength < 4) {
-         extensionLength = 4;
-     }
+    extensionLength = 512 - recordLength;
+    /* Extensions take at least four bytes to encode. */
+    if (extensionLength < 4) {
+        extensionLength = 4;
+    }
 
-     return extensionLength;
+    return extensionLength;
 }
 
 /* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
  * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
  * that we don't trigger bugs in F5 products. */
 PRInt32
 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
                             PRUint32 maxBytes)
 {
     unsigned int paddingLen = extensionLen - 4;
-    unsigned char padding[512];
+    static unsigned char padding[512];
 
     if (extensionLen == 0) {
         return 0;
     }
 
     if (extensionLen < 4 ||
         extensionLen > maxBytes ||
         paddingLen > sizeof(padding)) {
         PORT_Assert(0);
         return -1;
     }
 
     if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
         return -1;
     if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
         return -1;
-    memset(padding, 0, paddingLen);
     if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
         return -1;
 
     return extensionLen;
 }
 
 /* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
  * extension for TLS ClientHellos. */
 static PRInt32
 ssl3_ClientSendSignedCertTimestampXtn(sslSocket *ss, PRBool append,
@@ skipping 47 matching lines @@
 
     if (!data->len) {
         /* Empty extension data: RFC 6962 mandates non-empty contents. */
         return SECFailure;
     }
     *scts = *data;
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
     return SECSuccess;
 }