Workaround a bug in NSS when using DHE+client authentication.

net/third_party/nss/ssl/ssl3con.c

 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 4825 matching lines @@
     isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
 #ifdef NSS_PLATFORM_CLIENT_AUTH
     rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey,
                                  &buf, isTLS);
     if (rv == SECSuccess) {
         sslSessionID * sid = ss->sec.ci.sid;
         ssl_GetPlatformAuthInfoForKey(ss->ssl3.platformClientKey,
                                       &sid->u.ssl3.clPlatformAuthInfo);
         sid->u.ssl3.clPlatformAuthValid = PR_TRUE;
     }
-    if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) {
-        ssl_FreePlatformKey(ss->ssl3.platformClientKey);
-        ss->ssl3.platformClientKey = (PlatformKey)NULL;
-    }
+    ssl_FreePlatformKey(ss->ssl3.platformClientKey);
+    ss->ssl3.platformClientKey = (PlatformKey)NULL;
 #else /* NSS_PLATFORM_CLIENT_AUTH */
     rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS);
     if (rv == SECSuccess) {
         PK11SlotInfo * slot;
         sslSessionID * sid   = ss->sec.ci.sid;
 
         /* Remember the info about the slot that did the signing.
         ** Later, when doing an SSL restart handshake, verify this.
         ** These calls are mere accessors, and can't fail.
         */
         slot = PK11_GetSlotFromPrivateKey(ss->ssl3.clientPrivateKey);
         sid->u.ssl3.clAuthSeries     = PK11_GetSlotSeries(slot);
         sid->u.ssl3.clAuthSlotID     = PK11_GetSlotID(slot);
         sid->u.ssl3.clAuthModuleID   = PK11_GetModuleID(slot);
         sid->u.ssl3.clAuthValid      = PR_TRUE;
         PK11_FreeSlot(slot);
     }
-    /* If we're doing RSA key exchange, we're all done with the private key
-     * here.  Diffie-Hellman key exchanges need the client's
-     * private key for the key exchange.
-     */
-    if (ss->ssl3.hs.kea_def->exchKeyType == kt_rsa) {
-        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-        ss->ssl3.clientPrivateKey = NULL;
-    }
+    SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+    ss->ssl3.clientPrivateKey = NULL;
 #endif /* NSS_PLATFORM_CLIENT_AUTH */
     if (rv != SECSuccess) {
         goto done;      /* err code was set by ssl3_SignHashes */
     }
 
     rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, buf.len + 2);
     if (rv != SECSuccess) {
         goto done;      /* error code set by AppendHandshake */
     }
     rv = ssl3_AppendHandshakeVariable(ss, buf.data, buf.len, 2);
@@ skipping 130 matching lines @@
     rv = ssl3_InitState(ss);
     if (rv != SECSuccess) {
         errCode = PORT_GetError(); /* ssl3_InitState has set the error code. */
         goto alert_loser;
     }
     if (ss->ssl3.hs.ws != wait_server_hello) {
         errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
         desc    = unexpected_message;
         goto alert_loser;
     }
+    
+    /* clean up anything left from previous handshake. */
+    if (ss->ssl3.clientCertChain != NULL) {
+       CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
+       ss->ssl3.clientCertChain = NULL;
+    }
+    if (ss->ssl3.clientCertificate != NULL) {
+       CERT_DestroyCertificate(ss->ssl3.clientCertificate);
+       ss->ssl3.clientCertificate = NULL;
+    }
+    if (ss->ssl3.clientPrivateKey != NULL) {
+       SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+       ss->ssl3.clientPrivateKey = NULL;
+    }
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+    if (ss->ssl3.platformClientKey) {
+       ssl_FreePlatformKey(ss->ssl3.platformClientKey);
+       ss->ssl3.platformClientKey = (PlatformKey)NULL;
+    }
+#endif  /* NSS_PLATFORM_CLIENT_AUTH */
 
     if (ss->ssl3.serverHelloPredictionData.data)
         SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
 
     /* If this allocation fails it will only stop the application from
      * recording the ServerHello information and performing future Snap
      * Starts. */
     if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length))
         memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
     /* ss->ssl3.serverHelloPredictionDataValid is still false at this
@@ skipping 477 matching lines @@
                 SSL_GETPID(), ss->fd));
     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
     if (ss->ssl3.hs.ws != wait_cert_request &&
         ss->ssl3.hs.ws != wait_server_key) {
         desc    = unexpected_message;
         errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
         goto alert_loser;
     }
-
-    /* clean up anything left from previous handshake. */
-    if (ss->ssl3.clientCertChain != NULL) {
-       CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
-       ss->ssl3.clientCertChain = NULL;
-    }
-    if (ss->ssl3.clientCertificate != NULL) {
-       CERT_DestroyCertificate(ss->ssl3.clientCertificate);
-       ss->ssl3.clientCertificate = NULL;
-    }
-    if (ss->ssl3.clientPrivateKey != NULL) {
-       SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
-       ss->ssl3.clientPrivateKey = NULL;
-    }
+    
+    PORT_Assert(ss->ssl3.clientCertChain == NULL);
+    PORT_Assert(ss->ssl3.clientCertificate == NULL);
+    PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
 #ifdef NSS_PLATFORM_CLIENT_AUTH
-    if (ss->ssl3.platformClientKey) {
-       ssl_FreePlatformKey(ss->ssl3.platformClientKey);
-       ss->ssl3.platformClientKey = (PlatformKey)NULL;
-    }
-#endif  /* NSS_PLATFORM_CLIENT_AUTH */
+    PORT_Assert(ss->ssl3.platformClientKey == NULL);

[wtc, 2010/12/08 19:24:42]

We may need a (PlatformKey) cast for NULL here.

+#endif  /* NSS_PLATFORM_CLIENT_AUTH */    
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
     rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
     if (rv != SECSuccess)
         goto loser;             /* malformed, alert has been sent */
 
     arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
         goto no_mem;
 
@@ skipping 4336 matching lines @@
 
     ss->ssl3.initialized = PR_FALSE;
 
     if (ss->ssl3.nextProto.data) {
         PORT_Free(ss->ssl3.nextProto.data);
         ss->ssl3.nextProto.data = NULL;
     }
 }
 
 /* End of ssl3con.c */