NSS: sync with CVS version.

http://codereview.chromium.org/450021

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33383 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 40 insertions, 44 deletions

diff --git a/net/third_party/nss/README.google b/net/third_party/nss/README.google
index 63f0bb4..46a905c 100644
--- a/net/third_party/nss/README.google
+++ b/net/third_party/nss/README.google
@@ -1,7 +1,7 @@
 This directory includes a copy of NSS's libssl from the CVS repo at:
   :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
 
-The snapshot was taken at Thu Nov 12 17:19:36 PST 2009.
+The snapshot was updated at Mon Nov 30 15:41:23 PST 2009
 
 Patches:
 
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index b3be5fc..c17f7b1 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -36,7 +36,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: ssl.h,v 1.30 2009/11/06 20:11:27 nelson%bolyard.com Exp $ */
+/* $Id: ssl.h,v 1.31 2009/11/25 05:24:25 wtc%google.com Exp $ */
 
 #ifndef __ssl_h_
 #define __ssl_h_
@@ -427,7 +427,7 @@ SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
 ** Set peer information so we can correctly look up SSL session later.
 ** You only have to do this if you're tunneling through a proxy.
 */
-SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, char *peerID);
+SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
 
 /*
 ** Reveal the security information for the peer. 
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index f908382..a946d68 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -39,7 +39,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: ssl3con.c,v 1.121 2009/11/12 05:08:27 wtc%google.com Exp $ */
+/* $Id: ssl3con.c,v 1.125 2009/11/26 01:51:10 wtc%google.com Exp $ */
 
 #include "cert.h"
 #include "ssl.h"
@@ -64,10 +64,6 @@
 #include <stdio.h>
 #ifdef NSS_ENABLE_ZLIB
 #include "zlib.h"
-/* zconf.h may define compress as a macro, which interferes with our use
- * of compress as a member of the ssl3CipherSpec structure. Undo that.
- */
-#undef compress
 #endif
 
 #ifndef PK11_SETATTRS
@@ -1354,6 +1350,7 @@ ssl3_DeflateDecompress(void *void_context, unsigned char *out, int *out_len,
     context->next_out = out;
     context->avail_out = maxout;
     if (inflate(context, Z_SYNC_FLUSH) != Z_OK) {
+        PORT_SetError(SSL_ERROR_DECOMPRESSION_FAILURE);
         return SECFailure;
     }
 
@@ -1387,8 +1384,8 @@ ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
     /* Setup the compression functions */
     switch (pwSpec->compression_method) {
     case ssl_compression_null:
-	pwSpec->compress = NULL;
-	pwSpec->decompress = NULL;
+	pwSpec->compressor = NULL;
+	pwSpec->decompressor = NULL;
 	pwSpec->compressContext = NULL;
 	pwSpec->decompressContext = NULL;
 	pwSpec->destroyCompressContext = NULL;
@@ -1396,8 +1393,8 @@ ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
 	break;
 #ifdef NSS_ENABLE_ZLIB
     case ssl_compression_deflate:
-	pwSpec->compress = ssl3_DeflateCompress;
-	pwSpec->decompress = ssl3_DeflateDecompress;
+	pwSpec->compressor = ssl3_DeflateCompress;
+	pwSpec->decompressor = ssl3_DeflateDecompress;
 	pwSpec->compressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
 	pwSpec->decompressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
 	pwSpec->destroyCompressContext = ssl3_DestroyCompressContext;
@@ -2038,9 +2035,9 @@ ssl3_CompressMACEncryptRecord(sslSocket *        ss,
     cwSpec = ss->ssl3.cwSpec;
     cipher_def = cwSpec->cipher_def;
 
-    if (cwSpec->compress) {
+    if (cwSpec->compressor) {
 	int outlen;
-	rv = cwSpec->compress(
+	rv = cwSpec->compressor(
 	    cwSpec->compressContext, wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
 	    &outlen, wrBuf->space - SSL3_RECORD_HEADER_LENGTH, pIn, contentLen);
 	if (rv != SECSuccess)
@@ -6004,29 +6001,25 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 #endif
 
     /* If we already have a session for this client, be sure to pick the
-    ** same cipher suite we picked before.
+    ** same cipher suite and compression method we picked before.
     ** This is not a loop, despite appearances.
     */
     if (sid) do {
-	/* First check that the compression method in the session was
-	** advertised by the client.
-	*/
+	ssl3CipherSuiteCfg *suite;
+
+	/* Check that the cached compression method is still enabled. */
+	if (!compressionEnabled(ss, sid->u.ssl3.compression))
+	    break;
 
+	/* Check that the cached compression method is in the client's list */
 	for (i = 0; i < comps.len; i++) {
 	    if (comps.data[i] == sid->u.ssl3.compression)
 		break;
 	}
-
 	if (i == comps.len)
 	    break;
 
-#ifdef PARANOID
-	/* Check that the compression method is still enabled. */
-	if (!compressionEnabled(ss, sid->u.ssl3.compression))
-	    break;
-#endif
-
-	ssl3CipherSuiteCfg *suite = ss->cipherSuites;
+	suite = ss->cipherSuites;
 	/* Find the entry for the cipher suite used in the cached session. */
 	for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
 	    if (suite->cipher_suite == sid->u.ssl3.cipherSuite)
@@ -6055,7 +6048,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 		ss->ssl3.hs.cipher_suite = suite->cipher_suite;
 		ss->ssl3.hs.suite_def =
 		    ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
-		goto suite_found;
+
+		/* Use the cached compression method. */
+		ss->ssl3.hs.compression = sid->u.ssl3.compression;
+		goto compression_found;
 	    }
 	}
     } while (0);
@@ -8510,7 +8506,7 @@ const ssl3BulkCipherDef *cipher_def;
 
     /* If we will be decompressing the buffer we need to decrypt somewhere
      * other than into databuf */
-    if (crSpec->decompress) {
+    if (crSpec->decompressor) {
 	temp_buf.buf = NULL;
 	temp_buf.space = 0;
 	plaintext = &temp_buf;
@@ -8620,7 +8616,7 @@ const ssl3BulkCipherDef *cipher_def;
     /* possibly decompress the record. If we aren't using compression then
      * plaintext == databuf and so the uncompressed data is already in
      * databuf. */
-    if (crSpec->decompress) {
+    if (crSpec->decompressor) {
 	if (databuf->space < plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION) {
 	    rv = sslBuffer_Grow(
 	        databuf, plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION);
@@ -8635,16 +8631,15 @@ const ssl3BulkCipherDef *cipher_def;
 	    }
 	}
 
-	rv = crSpec->decompress(crSpec->decompressContext,
-				databuf->buf,
-				(int*) &databuf->len,
-				databuf->space,
-				plaintext->buf,
-				plaintext->len);
+	rv = crSpec->decompressor(crSpec->decompressContext,
+				  databuf->buf,
+				  (int*) &databuf->len,
+				  databuf->space,
+				  plaintext->buf,
+				  plaintext->len);
 	if (rv != SECSuccess) {
 	    int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE);
 	    PORT_Free(plaintext->buf);
-	    ssl_ReleaseSpecReadLock(ss);
 	    SSL3_SendAlert(ss, alert_fatal,
 			   isTLS ? decompression_failure : bad_record_mac);
 	    PORT_SetError(err);
@@ -8724,8 +8719,8 @@ ssl3_InitCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
     spec->encode                   = Null_Cipher;
     spec->decode                   = Null_Cipher;
     spec->destroy                  = NULL;
-    spec->compress                 = NULL;
-    spec->decompress               = NULL;
+    spec->compressor               = NULL;
+    spec->decompressor             = NULL;
     spec->destroyCompressContext   = NULL;
     spec->destroyDecompressContext = NULL;
     spec->mac_size                 = 0;
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index 0a7fbcf..6f2316a 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -39,7 +39,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: sslimpl.h,v 1.69 2009/11/07 18:23:06 wtc%google.com Exp $ */
+/* $Id: sslimpl.h,v 1.70 2009/11/21 03:40:49 wtc%google.com Exp $ */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ -544,8 +544,9 @@ typedef struct {
     SSLDestroy         destroy;
     void *             encodeContext;
     void *             decodeContext;
-    SSLCompressor      compress;
-    SSLCompressor      decompress;
+    SSLCompressor      compressor;    /* Don't name these fields compress */
+    SSLCompressor      decompressor;  /* and uncompress because zconf.h   */
+                                      /* may define them as macros.       */ 
     SSLDestroy         destroyCompressContext;
     void *             compressContext;
     SSLDestroy         destroyDecompressContext;
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index d0a70e5..2275800 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -40,7 +40,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: sslsock.c,v 1.59 2009/11/06 20:11:29 nelson%bolyard.com Exp $ */
+/* $Id: sslsock.c,v 1.60 2009/11/25 05:24:25 wtc%google.com Exp $ */
 #include "seccomon.h"
 #include "cert.h"
 #include "keyhi.h"
@@ -1658,8 +1658,8 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
     return (PRStatus)(*ss->ops->getsockname)(ss, name);
 }
 
-SECStatus PR_CALLBACK
-SSL_SetSockPeerID(PRFileDesc *fd, char *peerID)
+SECStatus
+SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
 {
     sslSocket *ss;