tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sslreveal.c (3026B)

      1 /*
      2 * Accessor functions for SSLSocket private members.
      3 *
      4 * This Source Code Form is subject to the terms of the Mozilla Public
      5 * License, v. 2.0. If a copy of the MPL was not distributed with this
      6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      7 
      8 #include "cert.h"
      9 #include "ssl.h"
     10 #include "certt.h"
     11 #include "sslimpl.h"
     12 
     13 /* given PRFileDesc, returns a copy of certificate associated with the socket
     14 * the caller should delete the cert when done with SSL_DestroyCertificate
     15 */
     16 CERTCertificate *
     17 SSL_RevealCert(PRFileDesc *fd)
     18 {
     19    CERTCertificate *cert = NULL;
     20    sslSocket *sslsocket = NULL;
     21 
     22    sslsocket = ssl_FindSocket(fd);
     23 
     24    /* CERT_DupCertificate increases reference count and returns pointer to
     25     * the same cert
     26     */
     27    if (sslsocket && sslsocket->sec.peerCert)
     28        cert = CERT_DupCertificate(sslsocket->sec.peerCert);
     29 
     30    return cert;
     31 }
     32 
     33 /* given PRFileDesc, returns a pointer to PinArg associated with the socket
     34 */
     35 void *
     36 SSL_RevealPinArg(PRFileDesc *fd)
     37 {
     38    sslSocket *sslsocket = NULL;
     39    void *PinArg = NULL;
     40 
     41    sslsocket = ssl_FindSocket(fd);
     42 
     43    /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
     44    if (sslsocket)
     45        PinArg = sslsocket->pkcs11PinArg;
     46 
     47    return PinArg;
     48 }
     49 
     50 /* given PRFileDesc, returns a pointer to the URL associated with the socket
     51 * the caller should free url when done
     52 */
     53 char *
     54 SSL_RevealURL(PRFileDesc *fd)
     55 {
     56    sslSocket *sslsocket = NULL;
     57    char *url = NULL;
     58 
     59    sslsocket = ssl_FindSocket(fd);
     60 
     61    if (sslsocket && sslsocket->url)
     62        url = PL_strdup(sslsocket->url);
     63 
     64    return url;
     65 }
     66 
     67 /* given PRFileDesc, returns status information related to extensions
     68 * negotiated with peer during the handshake.
     69 */
     70 
     71 SECStatus
     72 SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
     73                                 SSLExtensionType extId,
     74                                 PRBool *pYes)
     75 {
     76    /* some decisions derived from SSL_GetChannelInfo */
     77    sslSocket *sslsocket = NULL;
     78 
     79    if (!pYes) {
     80        PORT_SetError(SEC_ERROR_INVALID_ARGS);
     81        return SECFailure;
     82    }
     83 
     84    sslsocket = ssl_FindSocket(socket);
     85    if (!sslsocket) {
     86        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
     87                 SSL_GETPID(), socket));
     88        return SECFailure;
     89    }
     90 
     91    *pYes = PR_FALSE;
     92 
     93    /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
     94    if (sslsocket->opt.useSecurity) {
     95        /* now we know this socket went through ssl3_InitState() and
     96         * ss->xtnData got initialized, which is the only member accessed by
     97         * ssl3_ExtensionNegotiated();
     98         * Member xtnData appears to get accessed in functions that handle
     99         * the handshake (hello messages and extension sending),
    100         * therefore the handshake lock should be sufficient.
    101         */
    102        ssl_GetSSL3HandshakeLock(sslsocket);
    103        *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
    104        ssl_ReleaseSSL3HandshakeLock(sslsocket);
    105    }
    106 
    107    return SECSuccess;
    108 }