Add m-esr52 at 52.6.0

1 files changed, 110 insertions, 0 deletions

diff --git a/security/nss/lib/ssl/sslreveal.c b/security/nss/lib/ssl/sslreveal.c
new file mode 100644
index 000000000..4c124a1dc
--- /dev/null
+++ b/security/nss/lib/ssl/sslreveal.c
@@ -0,0 +1,110 @@
+/*
+ * Accessor functions for SSLSocket private members.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "certt.h"
+#include "sslimpl.h"
+
+/* given PRFileDesc, returns a copy of certificate associated with the socket
+ * the caller should delete the cert when done with SSL_DestroyCertificate
+ */
+CERTCertificate *
+SSL_RevealCert(PRFileDesc *fd)
+{
+    CERTCertificate *cert = NULL;
+    sslSocket *sslsocket = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    /* CERT_DupCertificate increases reference count and returns pointer to
+     * the same cert
+     */
+    if (sslsocket && sslsocket->sec.peerCert)
+        cert = CERT_DupCertificate(sslsocket->sec.peerCert);
+
+    return cert;
+}
+
+/* given PRFileDesc, returns a pointer to PinArg associated with the socket
+ */
+void *
+SSL_RevealPinArg(PRFileDesc *fd)
+{
+    sslSocket *sslsocket = NULL;
+    void *PinArg = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
+    if (sslsocket)
+        PinArg = sslsocket->pkcs11PinArg;
+
+    return PinArg;
+}
+
+/* given PRFileDesc, returns a pointer to the URL associated with the socket
+ * the caller should free url when done
+ */
+char *
+SSL_RevealURL(PRFileDesc *fd)
+{
+    sslSocket *sslsocket = NULL;
+    char *url = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    if (sslsocket && sslsocket->url)
+        url = PL_strdup(sslsocket->url);
+
+    return url;
+}
+
+/* given PRFileDesc, returns status information related to extensions
+ * negotiated with peer during the handshake.
+ */
+
+SECStatus
+SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
+                                 SSLExtensionType extId,
+                                 PRBool *pYes)
+{
+    /* some decisions derived from SSL_GetChannelInfo */
+    sslSocket *sslsocket = NULL;
+
+    if (!pYes) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    sslsocket = ssl_FindSocket(socket);
+    if (!sslsocket) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
+                 SSL_GETPID(), socket));
+        return SECFailure;
+    }
+
+    *pYes = PR_FALSE;
+
+    /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
+    if (sslsocket->opt.useSecurity) {
+        if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
+            /* now we know this socket went through ssl3_InitState() and
+             * ss->xtnData got initialized, which is the only member accessed by
+             * ssl3_ExtensionNegotiated();
+             * Member xtnData appears to get accessed in functions that handle
+             * the handshake (hello messages and extension sending),
+             * therefore the handshake lock should be sufficient.
+             */
+            ssl_GetSSL3HandshakeLock(sslsocket);
+            *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
+            ssl_ReleaseSSL3HandshakeLock(sslsocket);
+        }
+    }
+
+    return SECSuccess;
+}