Index: net/third_party/nss/ssl/sslsecur.c |
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c |
index 00ab455b56cdba5a512ced839c81722b6e2a38d8..b4b8e9558b1ed194b514a0818f3f856885bcf8a3 100644 |
--- a/net/third_party/nss/ssl/sslsecur.c |
+++ b/net/third_party/nss/ssl/sslsecur.c |
@@ -138,6 +138,9 @@ ssl_FinishHandshake(sslSocket *ss) |
ss->gs.readOffset = 0; |
if (ss->handshakeCallback) { |
+ PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 || |
+ (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == |
+ ssl_preinfo_all); |
(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
} |
} |
@@ -654,6 +657,16 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) |
SSL_GETPID(), ss->fd, available)); |
} |
+ if (IS_DTLS(ss) && (len < available)) { |
+ /* DTLS does not allow you to do partial reads */ |
+ SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d", |
+ SSL_GETPID(), ss->fd, len, available)); |
+ ss->gs.readOffset += available; |
+ PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ); |
+ rv = SECFailure; |
+ goto done; |
+ } |
+ |
/* Dole out clear data to reader */ |
amount = PR_MIN(len, available); |
PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); |
@@ -693,6 +706,7 @@ NSS_FindCertKEAType(CERTCertificate * cert) |
case SEC_OID_PKCS1_RSA_ENCRYPTION: |
keaType = kt_rsa; |
break; |
+ case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */ |
case SEC_OID_X942_DIFFIE_HELMAN_KEY: |
keaType = kt_dh; |
break; |
@@ -789,6 +803,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, |
goto loser; |
} |
} |
+ if (kea == ssl_kea_dh || kea == ssl_kea_rsa) { |
+ if (ssl3_SelectDHParams(ss) != SECSuccess) { |
+ goto loser; |
+ } |
+ } |
return SECSuccess; |
loser: |
@@ -1177,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) |
int |
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) |
{ |
- sslSecurityInfo *sec; |
int rv = 0; |
- sec = &ss->sec; |
- |
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { |
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); |
return PR_FAILURE; |