Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * SSL3 Protocol | 2 * SSL3 Protocol |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 1994 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2005 if (rv != SECSuccess) { | 2005 if (rv != SECSuccess) { |
| 2006 rv = SECFailure; | 2006 rv = SECFailure; |
| 2007 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); | 2007 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); |
| 2008 } | 2008 } |
| 2009 return rv; | 2009 return rv; |
| 2010 } | 2010 } |
| 2011 | 2011 |
| 2012 static PRBool | 2012 static PRBool |
| 2013 ssl3_ClientAuthTokenPresent(sslSessionID *sid) { | 2013 ssl3_ClientAuthTokenPresent(sslSessionID *sid) { |
| 2014 #ifdef NSS_PLATFORM_CLIENT_AUTH | 2014 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 2015 if (!sid || !sid->u.ssl3.clPlatformAuthValid) { | 2015 return PR_TRUE; |
|
wtc
2011/02/06 03:02:31
It would be nice to document the consequence of re
wtc
2011/02/06 16:29:44
rsleevi: thank you for looking up the NSS bug. It
| |
| 2016 » return PR_TRUE; | |
| 2017 } | |
| 2018 return ssl_PlatformAuthTokenPresent(&sid->u.ssl3.clPlatformAuthInfo); | |
| 2019 #else | 2016 #else |
| 2020 PK11SlotInfo *slot = NULL; | 2017 PK11SlotInfo *slot = NULL; |
| 2021 PRBool isPresent = PR_TRUE; | 2018 PRBool isPresent = PR_TRUE; |
| 2022 | 2019 |
| 2023 /* we only care if we are doing client auth */ | 2020 /* we only care if we are doing client auth */ |
| 2024 if (!sid || !sid->u.ssl3.clAuthValid) { | 2021 if (!sid || !sid->u.ssl3.clAuthValid) { |
| 2025 return PR_TRUE; | 2022 return PR_TRUE; |
| 2026 } | 2023 } |
| 2027 | 2024 |
| 2028 /* get the slot */ | 2025 /* get the slot */ |
| 2029 slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, | 2026 slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, |
| 2030 sid->u.ssl3.clAuthSlotID); | 2027 sid->u.ssl3.clAuthSlotID); |
| 2031 if (slot == NULL || | 2028 if (slot == NULL || |
| 2032 !PK11_IsPresent(slot) || | 2029 !PK11_IsPresent(slot) || |
|
wtc
2011/02/06 16:34:13
What I meant by the lib/pk11wrap layer of NSS is t
| |
| 2033 sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || | 2030 sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || |
| 2034 sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || | 2031 sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || |
| 2035 sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || | 2032 sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || |
| 2036 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { | 2033 (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { |
| 2037 isPresent = PR_FALSE; | 2034 isPresent = PR_FALSE; |
| 2038 } | 2035 } |
| 2039 if (slot) { | 2036 if (slot) { |
| 2040 PK11_FreeSlot(slot); | 2037 PK11_FreeSlot(slot); |
| 2041 } | 2038 } |
| 2042 return isPresent; | 2039 return isPresent; |
| (...skipping 2787 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4830 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0); | 4827 rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0); |
| 4831 ssl_ReleaseSpecReadLock(ss); | 4828 ssl_ReleaseSpecReadLock(ss); |
| 4832 if (rv != SECSuccess) { | 4829 if (rv != SECSuccess) { |
| 4833 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ | 4830 goto done; /* err code was set by ssl3_ComputeHandshakeHashes */ |
| 4834 } | 4831 } |
| 4835 | 4832 |
| 4836 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); | 4833 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); |
| 4837 #ifdef NSS_PLATFORM_CLIENT_AUTH | 4834 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 4838 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, | 4835 rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, |
| 4839 &buf, isTLS); | 4836 &buf, isTLS); |
| 4840 if (rv == SECSuccess) { | |
| 4841 sslSessionID * sid = ss->sec.ci.sid; | |
| 4842 ssl_GetPlatformAuthInfoForKey(ss->ssl3.platformClientKey, | |
| 4843 &sid->u.ssl3.clPlatformAuthInfo); | |
| 4844 sid->u.ssl3.clPlatformAuthValid = PR_TRUE; | |
| 4845 } | |
| 4846 ssl_FreePlatformKey(ss->ssl3.platformClientKey); | 4837 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 4847 ss->ssl3.platformClientKey = (PlatformKey)NULL; | 4838 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
| 4848 #else /* NSS_PLATFORM_CLIENT_AUTH */ | 4839 #else /* NSS_PLATFORM_CLIENT_AUTH */ |
| 4849 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); | 4840 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); |
| 4850 if (rv == SECSuccess) { | 4841 if (rv == SECSuccess) { |
| 4851 PK11SlotInfo * slot; | 4842 PK11SlotInfo * slot; |
| 4852 sslSessionID * sid = ss->sec.ci.sid; | 4843 sslSessionID * sid = ss->sec.ci.sid; |
| 4853 | 4844 |
| 4854 /* Remember the info about the slot that did the signing. | 4845 /* Remember the info about the slot that did the signing. |
| 4855 ** Later, when doing an SSL restart handshake, verify this. | 4846 ** Later, when doing an SSL restart handshake, verify this. |
| (...skipping 5031 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9887 | 9878 |
| 9888 ss->ssl3.initialized = PR_FALSE; | 9879 ss->ssl3.initialized = PR_FALSE; |
| 9889 | 9880 |
| 9890 if (ss->ssl3.nextProto.data) { | 9881 if (ss->ssl3.nextProto.data) { |
| 9891 PORT_Free(ss->ssl3.nextProto.data); | 9882 PORT_Free(ss->ssl3.nextProto.data); |
| 9892 ss->ssl3.nextProto.data = NULL; | 9883 ss->ssl3.nextProto.data = NULL; |
| 9893 } | 9884 } |
| 9894 } | 9885 } |
| 9895 | 9886 |
| 9896 /* End of ssl3con.c */ | 9887 /* End of ssl3con.c */ |
| OLD | NEW |