SSL_ForceHandshake should send the saved write data in the SSL socket.

R=agl@chromium.org
BUG=91458
TEST=none

Review URL: http://codereview.chromium.org/7572043

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95627 0039d316-1c4b-4281-b951-d872f2087c98

net/third_party/nss/README.chromium

@@ -56,7 +56,8 @@ Patches:
     record in order to randomize the IV in a backwards compatible manner.
     patches/cbcrandomiv.patch
 
-  * Support origin bound certificates (http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt)
+  * Support origin bound certificates.
+    http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.txt
     patches/origin_bound_certs.patch
 
   * Add a function to implement RFC 5705: Keying Material Exporters for TLS
@@ -64,6 +65,10 @@ Patches:
     https://bugzilla.mozilla.org/show_bug.cgi?id=507359
     patches/secret_exporter.patch
 
+  * Send saved write data in the SSL socket in SSL_ForceHandshake.
+    patches/handshakeshortwrite.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=676729
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 

net/third_party/nss/patches/applypatches.sh

@@ -28,3 +28,5 @@ patch -p6 < $patches_dir/cbcrandomiv.patch
 patch -p6 < $patches_dir/origin_bound_certs.patch
 
 patch -p6 < $patches_dir/secret_exporter.patch
+
+patch -p5 < $patches_dir/handshakeshortwrite.patch

net/third_party/nss/patches/handshakeshortwrite.patch

+Index: mozilla/security/nss/lib/ssl/sslsecur.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v
+retrieving revision 1.43.2.4
+diff -p -u -8 -r1.43.2.4 sslsecur.c
+--- mozilla/security/nss/lib/ssl/sslsecur.c	8 Apr 2011 05:25:21 -0000	1.43.2.4
++++ mozilla/security/nss/lib/ssl/sslsecur.c	4 Aug 2011 23:33:46 -0000
+@@ -383,16 +383,28 @@ SSL_ForceHandshake(PRFileDesc *fd)
+ 		 SSL_GETPID(), fd));
+ 	return rv;
+     }
+ 
+     /* Don't waste my time */
+     if (!ss->opt.useSecurity) 
+     	return SECSuccess;
+ 
++    if (!ssl_SocketIsBlocking(ss)) {
++	ssl_GetXmitBufLock(ss);
++	if (ss->pendingBuf.len != 0) {
++	    rv = ssl_SendSavedWriteData(ss);
++	    if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
++		ssl_ReleaseXmitBufLock(ss);
++		return SECFailure;
++	    }
++	}
++	ssl_ReleaseXmitBufLock(ss);
++    }
++
+     ssl_Get1stHandshakeLock(ss);
+ 
+     if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
+ 	int gatherResult;
+ 
+     	ssl_GetRecvBufLock(ss);
+ 	gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
+ 	ssl_ReleaseRecvBufLock(ss);
+@@ -1132,17 +1144,16 @@ ssl_SecureRecv(sslSocket *ss, unsigned c
+     if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
+ 	ssl_GetXmitBufLock(ss);
+ 	if (ss->pendingBuf.len != 0) {
+ 	    rv = ssl_SendSavedWriteData(ss);
+ 	    if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
+ 		ssl_ReleaseXmitBufLock(ss);
+ 		return SECFailure;
+ 	    }
+-	    /* XXX short write? */
+ 	}
+ 	ssl_ReleaseXmitBufLock(ss);
+     }
+     
+     rv = 0;
+     /* If any of these is non-zero, the initial handshake is not done. */
+     if (!ss->firstHsDone) {
+ 	ssl_Get1stHandshakeLock(ss);

net/third_party/nss/ssl/sslsecur.c

@@ -388,6 +388,18 @@ SSL_ForceHandshake(PRFileDesc *fd)
     if (!ss->opt.useSecurity) 
     	return SECSuccess;
 
+    if (!ssl_SocketIsBlocking(ss)) {
+	ssl_GetXmitBufLock(ss);
+	if (ss->pendingBuf.len != 0) {
+	    rv = ssl_SendSavedWriteData(ss);
+	    if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
+		ssl_ReleaseXmitBufLock(ss);
+		return SECFailure;
+	    }
+	}
+	ssl_ReleaseXmitBufLock(ss);
+    }
+
     ssl_Get1stHandshakeLock(ss);
 
     if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
@@ -1128,7 +1140,6 @@ ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
 		ssl_ReleaseXmitBufLock(ss);
 		return SECFailure;
 	    }
-	    /* XXX short write? */
 	}
 	ssl_ReleaseXmitBufLock(ss);
     }