fix ssl2 bugs

6 files changed, 20 insertions, 21 deletions

diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 8f5103e61..9eb08fd53 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -312,13 +312,14 @@ int main(int argc, char **argv)
     PRStatus prStatus;
     NSSCallback *pwcb;
     NSSTrustDomain *td = NULL;
+    PRFileDesc *infile = NULL;
 
     progName = strrchr(argv[0], '/');
     if (!progName)
 	progName = strrchr(argv[0], '\\');
     progName = progName ? progName+1 : argv[0];
 
-    optstate = PL_CreateOptState(argc, argv, "23Tfc:h:p:d:m:n:oqvw:x");
+    optstate = PL_CreateOptState(argc, argv, "23Tfc:h:i:p:d:m:n:oqvw:x");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
@@ -339,6 +340,8 @@ int main(int argc, char **argv)
 	  case 'f': break;
 #endif
 
+	  case 'i': infile = PR_Open(optstate->value, PR_RDONLY, 0); break;
+
 	  case 'd':
 	    certDir = strdup(optstate->value);
 	    break;
@@ -607,7 +610,7 @@ int main(int argc, char **argv)
 
     pollset[0].fd        = s;
     pollset[0].in_flags  = PR_POLL_READ;
-    pollset[1].fd        = PR_GetSpecialFD(PR_StandardInput);
+    pollset[1].fd        = infile ? infile : PR_GetSpecialFD(PR_StandardInput);
     pollset[1].in_flags  = PR_POLL_READ;
     npds                 = 2;
     std_out              = PR_GetSpecialFD(PR_StandardOutput);
@@ -730,6 +733,6 @@ int main(int argc, char **argv)
     PR_Close(s);
     SSL_ClearSessionCache();
     NSS_Shutdown();
-    PR_Cleanup();
+    /* XXX idm PR_Cleanup(); */
     return error;
 }
diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c
index d3159c013..065bb340f 100644
--- a/security/nss/lib/pki/cryptocontext.c
+++ b/security/nss/lib/pki/cryptocontext.c
@@ -162,10 +162,10 @@ nssCryptoContext_Destroy (
 {
     PRStatus status = PR_SUCCESS;
     switch (cc->which) {
-    case a_cert: nssCert_Destroy(cc->u.cert); break;
-    case a_pubkey: nssPublicKey_Destroy(cc->u.bkey); break;
+    case a_cert:    nssCert_Destroy(cc->u.cert);       break;
+    case a_pubkey:  nssPublicKey_Destroy(cc->u.bkey);  break;
     case a_privkey: nssPrivateKey_Destroy(cc->u.vkey); break;
-    case a_symkey: nssSymKey_Destroy(cc->u.mkey); break;
+    case a_symkey:  nssSymKey_Destroy(cc->u.mkey);     break;
     default: break;
     }
     if (cc->key) {
diff --git a/security/nss/lib/pki/volatiledomain.c b/security/nss/lib/pki/volatiledomain.c
index 59ffa082f..29a67d0d4 100644
--- a/security/nss/lib/pki/volatiledomain.c
+++ b/security/nss/lib/pki/volatiledomain.c
@@ -620,8 +620,7 @@ nssVolatileDomain_FindBestCertByNickname (
                                                          NULL, 0, NULL);
     if (certs) {
 	/* find the best one */
-	rvCert = nssCertArray_FindBestCert(certs, time, 
-	                                                 usages, policiesOpt);
+	rvCert = nssCertArray_FindBestCert(certs, time, usages, policiesOpt);
 	nssCertArray_Destroy(certs);
     }
     return rvCert;
@@ -637,8 +636,8 @@ NSSVolatileDomain_FindBestCertByNickname (
 )
 {
     return nssVolatileDomain_FindBestCertByNickname(vd, name,
-                                                           time, usages,
-                                                           policiesOpt);
+                                                    time, usages,
+                                                    policiesOpt);
 }
 
 NSS_IMPLEMENT NSSCert *
@@ -681,8 +680,7 @@ NSSVolatileDomain_FindCertByIssuerAndSerialNumber (
 )
 {
     return nssVolatileDomain_FindCertByIssuerAndSerialNumber(vd,
-                                                                    issuer,
-                                                                    serial);
+                                                             issuer, serial);
 }
 
 NSS_IMPLEMENT NSSCert **
@@ -748,8 +746,7 @@ nssVolatileDomain_FindBestCertBySubject (
     NSSCert *rvCert = NULL;
 
     /* search the volatile (and trust) domain by subject */
-    certs = nssVolatileDomain_FindCertsBySubject(vd, subject, 
-                                                          NULL, 0, NULL);
+    certs = nssVolatileDomain_FindCertsBySubject(vd, subject, NULL, 0, NULL);
     if (certs) {
 	/* find the best one */
 	rvCert = nssCertArray_FindBestCert(certs, time, usages, policiesOpt);
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 237f17404..d750eb132 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -88,9 +88,7 @@ static NSSSymKey *ssl3_GenerateRSAPMS(sslSocket *ss,
 static PRStatus  ssl3_GenerateSessionKeys(   sslSocket *ss, NSSSymKey *pmsOpt);
 static SECStatus ssl3_HandshakeFailure(      sslSocket *ss);
 static SECStatus ssl3_InitState(             sslSocket *ss);
-#ifdef IMPLEMENT_SESSION_ID_CACHE
 static sslSessionID *ssl3_NewSessionID(      sslSocket *ss, PRBool is_server);
-#endif /* IMPLEMENT_SESSION_ID_CACHE */
 static SECStatus ssl3_SendCertificate(       sslSocket *ss);
 static SECStatus ssl3_SendEmptyCertificate(  sslSocket *ss);
 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
@@ -2921,12 +2919,10 @@ ssl3_SendClientHello(sslSocket *ss)
 	if (rv != SECSuccess)
 	    return rv;	/* error code was set */
 
-#ifdef IMPLEMENT_SSL_SESSION_ID_CACHE
 	sid = ssl3_NewSessionID(ss, PR_FALSE);
 	if (!sid) {
 	    return SECFailure;	/* memory error is set */
         }
-#endif /* IMPLEMENT_SSL_SESSION_ID_CACHE */
     }
 
     ssl_GetSpecWriteLock(ss);
@@ -5470,6 +5466,7 @@ compression_found:
 	sid = NULL;
     }
     ++ssl3stats.hch_sid_cache_misses;
+#endif /* IMPLEMENT_SESSION_ID_CACHE */
 
     sid = ssl3_NewSessionID(ss, PR_TRUE);
     if (sid == NULL) {
@@ -5477,7 +5474,6 @@ compression_found:
 	goto loser;	/* memory error is set. */
     }
     ss->sec.ci.sid = sid;
-#endif /* IMPLEMENT_SESSION_ID_CACHE */
 
     ssl3->hs.isResuming = PR_FALSE;
     ssl_GetXmitBufLock(ss);
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c
index e04064879..18f81826a 100644
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@@ -1556,6 +1556,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
     writecx = NSSSymKey_CreateCryptoContext(symKey, ap, NULL);
     if (writecx == NULL)
 	goto loser;
+    NSSSymKey_Destroy(symKey); symKey = NULL;
 
     status = NSSCryptoContext_BeginEncrypt(writecx, NULL, NULL);
     if (status == PR_FAILURE)
@@ -3107,6 +3108,8 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 	ss->sec.localCert     = CERT_DupCertificate(sid->localCert);
 	break;  /* this isn't really a loop */
     } 
+#else
+    sid = NULL;
 #endif /* IMPLEMENT_SESSION_ID_CACHE */
     if (!sid) {
 	sidLen = 0;
diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt
index e04bc84a0..c960eade1 100644
--- a/security/nss/tests/ssl/sslcov.txt
+++ b/security/nss/tests/ssl/sslcov.txt
@@ -9,10 +9,10 @@
 #
   noTLS   A    SSL2 RC4 128 WITH MD5
 #   TLS    B    SSL2 RC4 128 EXPORT40 WITH MD5
-   TLS    C    SSL2 RC2 128 CBC WITH MD5
+#   TLS    C    SSL2 RC2 128 CBC WITH MD5
 #  noTLS   D    SSL2 RC2 128 CBC EXPORT40 WITH MD5
    TLS    E    SSL2 DES 64 CBC WITH MD5
-  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
+#  noTLS   F    SSL2 DES 192 EDE3 CBC WITH MD5
 #
 # noTLS   a    SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA
 # noTLS   b    SSL3 FORTEZZA DMS WITH RC4 128 SHA