Uprev NSS (in libssl) to NSS 3.21

net/third_party/nss/ssl/dtlscon.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * DTLS Protocol
  */
 
 #include "ssl.h"
 #include "sslimpl.h"
@@ skipping 86 matching lines @@
     return SSL_LIBRARY_VERSION_TLS_1_2 + 1;
 }
 
 /* On this socket, Disable non-DTLS cipher suites in the argument's list */
 SECStatus
 ssl3_DisableNonDTLSSuites(sslSocket * ss)
 {
     const ssl3CipherSuite * suite;
 
     for (suite = nonDTLSSuites; *suite; ++suite) {
-        SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
-
-        PORT_Assert(rv == SECSuccess); /* else is coding error */
+        PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
     }
     return SECSuccess;
 }
 
 /* Allocate a DTLSQueuedMessage.
  *
  * Called from dtls_QueueMessage()
  */
 static DTLSQueuedMessage *
 dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type,
@@ skipping 102 matching lines @@
         /* Parse the header */
         type = buf.buf[0];
         message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
         message_seq = (buf.buf[4] << 8) | buf.buf[5];
         fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
         fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
 
 #define MAX_HANDSHAKE_MSG_LEN 0x1ffff   /* 128k - 1 */
         if (message_length > MAX_HANDSHAKE_MSG_LEN) {
             (void)ssl3_DecodeError(ss);
-            PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
             return SECFailure;
         }
 #undef MAX_HANDSHAKE_MSG_LEN
 
         buf.buf += 12;
         buf.len -= 12;
 
         /* This fragment must be complete */
         if (buf.len < fragment_length) {
             PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
@@ skipping 146 matching lines @@
                  * reassembly state:
                  *
                  * - recvdHighWater contains the highest contiguous number of
                  *   bytes received
                  * - recvdFragments contains a bitmask of packets received
                  *   above recvdHighWater
                  *
                  * This avoids having to fill in the bitmask in the common
                  * case of adjacent fragments received in sequence
                  */
-                if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
+                if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
                     /* Either this is the adjacent fragment or an overlapping
                      * fragment */
                     ss->ssl3.hs.recvdHighWater = fragment_offset +
                                                  fragment_length;
                 } else {
                     for (offset = fragment_offset;
                          offset < fragment_offset + fragment_length;
                          offset++) {
                         ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |=
                             OFFSET_MASK(offset);
@@ skipping 259 matching lines @@
              */
             PORT_Assert(msg->len >= 12);
 
             while ((fragment_offset + 12) < msg->len) {
                 PRUint32 fragment_len;
                 const unsigned char *content = msg->data + 12;
                 PRUint32 content_len = msg->len - 12;
 
                 /* The reason we use 8 here is that that's the length of
                  * the new DTLS data that we add to the header */
-                fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
+                fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
                                       content_len - fragment_offset);
                 PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
                 /* Make totally sure that we are within the buffer.
                  * Note that the only way that fragment len could get
                  * adjusted here is if
                  *
                  * (a) we are in release mode so the PORT_Assert is compiled out
                  * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
                  * or ss->ssl3.mtu has become corrupt.
                  */
@@ skipping 449 matching lines @@
     desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs);
     if (elapsed > desired) {
         /* Timer expired */
         *timeout = PR_INTERVAL_NO_WAIT;
     } else {
         *timeout = desired - elapsed;
     }
 
     return SECSuccess;
 }