7 files changed, 76 insertions, 29 deletions

diff --git a/security/nss/cpputil/databuffer.cc b/security/nss/cpputil/databuffer.cc
index d60ebccb3..1420d76b4 100644
--- a/security/nss/cpputil/databuffer.cc
+++ b/security/nss/cpputil/databuffer.cc
@@ -18,12 +18,12 @@
 
 namespace nss_test {
 
-void DataBuffer::Assign(const uint8_t* data, size_t len) {
-  if (data) {
-    Allocate(len);
-    memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
+void DataBuffer::Assign(const uint8_t* d, size_t l) {
+  if (d) {
+    Allocate(l);
+    memcpy(static_cast<void*>(data_), static_cast<const void*>(d), l);
   } else {
-    assert(len == 0);
+    assert(l == 0);
     data_ = nullptr;
     len_ = 0;
   }
diff --git a/security/nss/cpputil/databuffer.h b/security/nss/cpputil/databuffer.h
index 58e07efe1..e981a7c22 100644
--- a/security/nss/cpputil/databuffer.h
+++ b/security/nss/cpputil/databuffer.h
@@ -17,8 +17,8 @@ namespace nss_test {
 class DataBuffer {
  public:
   DataBuffer() : data_(nullptr), len_(0) {}
-  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
-    Assign(data, len);
+  DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
+    Assign(d, l);
   }
   DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
     Assign(other);
@@ -32,17 +32,17 @@ class DataBuffer {
     return *this;
   }
 
-  void Allocate(size_t len) {
+  void Allocate(size_t l) {
     delete[] data_;
-    data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
-    len_ = len;
+    data_ = new uint8_t[l ? l : 1]();  // Don't depend on new [0].
+    len_ = l;
   }
 
-  void Truncate(size_t len) { len_ = (std::min)(len_, len); }
+  void Truncate(size_t l) { len_ = (std::min)(len_, l); }
 
   void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
 
-  void Assign(const uint8_t* data, size_t len);
+  void Assign(const uint8_t* d, size_t l);
 
   // Write will do a new allocation and expand the size of the buffer if needed.
   // Returns the offset of the end of the write.
diff --git a/security/nss/cpputil/dummy_io.h b/security/nss/cpputil/dummy_io.h
index 797ac6113..e10ee1eee 100644
--- a/security/nss/cpputil/dummy_io.h
+++ b/security/nss/cpputil/dummy_io.h
@@ -8,7 +8,7 @@
 #include "prerror.h"
 #include "prio.h"
 
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 class DummyIOLayerMethods {
  public:
diff --git a/security/nss/cpputil/scoped_ptrs.h b/security/nss/cpputil/nss_scoped_ptrs.h
index 8a0b4f5ab..03979f2c5 100644
--- a/security/nss/cpputil/scoped_ptrs.h
+++ b/security/nss/cpputil/nss_scoped_ptrs.h
@@ -4,8 +4,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef scoped_ptrs_h__
-#define scoped_ptrs_h__
+#ifndef nss_scoped_ptrs_h__
+#define nss_scoped_ptrs_h__
 
 #include <memory>
 #include "cert.h"
@@ -13,7 +13,6 @@
 #include "p12.h"
 #include "pk11pub.h"
 #include "pkcs11uri.h"
-#include "sslexp.h"
 
 struct ScopedDelete {
   void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
@@ -29,6 +28,9 @@ struct ScopedDelete {
   void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
   void operator()(PRFileDesc* fd) { PR_Close(fd); }
   void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
+  void operator()(SECKEYEncryptedPrivateKeyInfo* e) {
+    SECKEY_DestroyEncryptedPrivateKeyInfo(e, true);
+  }
   void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
   void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
   void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
@@ -39,12 +41,10 @@ struct ScopedDelete {
   void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
   void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
   void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
-  void operator()(SSLResumptionTokenInfo* token) {
-    SSL_DestroyResumptionTokenInfo(token);
-  }
   void operator()(SEC_PKCS12DecoderContext* dcx) {
     SEC_PKCS12DecoderFinish(dcx);
   }
+  void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); }
 };
 
 template <class T>
@@ -68,6 +68,7 @@ SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
 SCOPED(PRFileDesc);
 SCOPED(SECAlgorithmID);
+SCOPED(SECKEYEncryptedPrivateKeyInfo);
 SCOPED(SECItem);
 SCOPED(SECKEYPublicKey);
 SCOPED(SECKEYPrivateKey);
@@ -76,9 +77,9 @@ SCOPED(PK11URI);
 SCOPED(PLArenaPool);
 SCOPED(PK11Context);
 SCOPED(PK11GenericObject);
-SCOPED(SSLResumptionTokenInfo);
 SCOPED(SEC_PKCS12DecoderContext);
+SCOPED(CERTDistNames);
 
 #undef SCOPED
 
-#endif  // scoped_ptrs_h__
+#endif  // nss_scoped_ptrs_h__
diff --git a/security/nss/cpputil/scoped_ptrs_ssl.h b/security/nss/cpputil/scoped_ptrs_ssl.h
new file mode 100644
index 000000000..7eeae8f8f
--- /dev/null
+++ b/security/nss/cpputil/scoped_ptrs_ssl.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef scoped_ptrs_ssl_h__
+#define scoped_ptrs_ssl_h__
+
+#include <memory>
+#include "sslexp.h"
+
+struct ScopedDeleteSSL {
+  void operator()(SSLResumptionTokenInfo* token) {
+    SSL_DestroyResumptionTokenInfo(token);
+  }
+};
+
+template <class T>
+struct ScopedMaybeDeleteSSL {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDeleteSSL del;
+      del(ptr);
+    }
+  }
+};
+
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDeleteSSL<x> > Scoped##x
+
+SCOPED(SSLResumptionTokenInfo);
+
+#undef SCOPED
+
+#endif  // scoped_ptrs_ssl_h__
diff --git a/security/nss/cpputil/tls_parser.cc b/security/nss/cpputil/tls_parser.cc
index e4c06aa91..efedd7a65 100644
--- a/security/nss/cpputil/tls_parser.cc
+++ b/security/nss/cpputil/tls_parser.cc
@@ -46,6 +46,21 @@ bool TlsParser::Read(DataBuffer* val, size_t len) {
   return true;
 }
 
+bool TlsParser::ReadFromMark(DataBuffer* val, size_t len, size_t mark) {
+  auto saved = offset_;
+  offset_ = mark;
+
+  if (remaining() < len) {
+    offset_ = saved;
+    return false;
+  }
+
+  val->Assign(ptr(), len);
+
+  offset_ = saved;
+  return true;
+}
+
 bool TlsParser::ReadVariable(DataBuffer* val, size_t len_size) {
   uint32_t len;
   if (!Read(&len, len_size)) {
diff --git a/security/nss/cpputil/tls_parser.h b/security/nss/cpputil/tls_parser.h
index 436c11e76..cd9e28fc3 100644
--- a/security/nss/cpputil/tls_parser.h
+++ b/security/nss/cpputil/tls_parser.h
@@ -20,13 +20,6 @@
 
 namespace nss_test {
 
-const uint8_t kTlsChangeCipherSpecType = 20;
-const uint8_t kTlsAlertType = 21;
-const uint8_t kTlsHandshakeType = 22;
-const uint8_t kTlsApplicationDataType = 23;
-const uint8_t kTlsAltHandshakeType = 24;
-const uint8_t kTlsAckType = 25;
-
 const uint8_t kTlsHandshakeClientHello = 1;
 const uint8_t kTlsHandshakeServerHello = 2;
 const uint8_t kTlsHandshakeNewSessionTicket = 4;
@@ -48,6 +41,8 @@ const uint8_t kTlsAlertBadRecordMac = 20;
 const uint8_t kTlsAlertRecordOverflow = 22;
 const uint8_t kTlsAlertHandshakeFailure = 40;
 const uint8_t kTlsAlertBadCertificate = 42;
+const uint8_t kTlsAlertCertificateRevoked = 44;
+const uint8_t kTlsAlertCertificateExpired = 45;
 const uint8_t kTlsAlertIllegalParameter = 47;
 const uint8_t kTlsAlertDecodeError = 50;
 const uint8_t kTlsAlertDecryptError = 51;
@@ -60,7 +55,7 @@ const uint8_t kTlsAlertUnrecognizedName = 112;
 const uint8_t kTlsAlertNoApplicationProtocol = 120;
 
 const uint8_t kTlsFakeChangeCipherSpec[] = {
-    kTlsChangeCipherSpecType,  // Type
+    ssl_ct_change_cipher_spec,  // Type
     0xfe,
     0xff,  // Version
     0x00,
@@ -123,6 +118,7 @@ class TlsParser {
   bool Read(uint32_t* val, size_t size);
   // Reads len bytes into dest buffer, overwriting it.
   bool Read(DataBuffer* dest, size_t len);
+  bool ReadFromMark(DataBuffer* val, size_t len, size_t mark);
   // Reads bytes into dest buffer, overwriting it.  The number of bytes is
   // determined by reading from len_size bytes from the stream first.
   bool ReadVariable(DataBuffer* dest, size_t len_size);