From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- security/nss/lib/ssl/sslreveal.c | 110 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 security/nss/lib/ssl/sslreveal.c (limited to 'security/nss/lib/ssl/sslreveal.c') diff --git a/security/nss/lib/ssl/sslreveal.c b/security/nss/lib/ssl/sslreveal.c new file mode 100644 index 000000000..4c124a1dc --- /dev/null +++ b/security/nss/lib/ssl/sslreveal.c @@ -0,0 +1,110 @@ +/* + * Accessor functions for SSLSocket private members. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "cert.h" +#include "ssl.h" +#include "certt.h" +#include "sslimpl.h" + +/* given PRFileDesc, returns a copy of certificate associated with the socket + * the caller should delete the cert when done with SSL_DestroyCertificate + */ +CERTCertificate * +SSL_RevealCert(PRFileDesc *fd) +{ + CERTCertificate *cert = NULL; + sslSocket *sslsocket = NULL; + + sslsocket = ssl_FindSocket(fd); + + /* CERT_DupCertificate increases reference count and returns pointer to + * the same cert + */ + if (sslsocket && sslsocket->sec.peerCert) + cert = CERT_DupCertificate(sslsocket->sec.peerCert); + + return cert; +} + +/* given PRFileDesc, returns a pointer to PinArg associated with the socket + */ +void * +SSL_RevealPinArg(PRFileDesc *fd) +{ + sslSocket *sslsocket = NULL; + void *PinArg = NULL; + + sslsocket = ssl_FindSocket(fd); + + /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */ + if (sslsocket) + PinArg = sslsocket->pkcs11PinArg; + + return PinArg; +} + +/* given PRFileDesc, returns a pointer to the URL associated with the socket + * the caller should free url when done + */ +char * +SSL_RevealURL(PRFileDesc *fd) +{ + sslSocket *sslsocket = NULL; + char *url = NULL; + + sslsocket = ssl_FindSocket(fd); + + if (sslsocket && sslsocket->url) + url = PL_strdup(sslsocket->url); + + return url; +} + +/* given PRFileDesc, returns status information related to extensions + * negotiated with peer during the handshake. + */ + +SECStatus +SSL_HandshakeNegotiatedExtension(PRFileDesc *socket, + SSLExtensionType extId, + PRBool *pYes) +{ + /* some decisions derived from SSL_GetChannelInfo */ + sslSocket *sslsocket = NULL; + + if (!pYes) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + sslsocket = ssl_FindSocket(socket); + if (!sslsocket) { + SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension", + SSL_GETPID(), socket)); + return SECFailure; + } + + *pYes = PR_FALSE; + + /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ + if (sslsocket->opt.useSecurity) { + if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ + /* now we know this socket went through ssl3_InitState() and + * ss->xtnData got initialized, which is the only member accessed by + * ssl3_ExtensionNegotiated(); + * Member xtnData appears to get accessed in functions that handle + * the handshake (hello messages and extension sending), + * therefore the handshake lock should be sufficient. + */ + ssl_GetSSL3HandshakeLock(sslsocket); + *pYes = ssl3_ExtensionNegotiated(sslsocket, extId); + ssl_ReleaseSSL3HandshakeLock(sslsocket); + } + } + + return SECSuccess; +} -- cgit v1.2.3