diff options
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 11 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslimpl.h | 22 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslnonce.c | 5 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslplatf.c | 172 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslsnce.c | 5 |
5 files changed, 1 insertions, 214 deletions
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index f5c0880..6aaa88c 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -2012,10 +2012,7 @@ ssl3_ComputeRecordMAC( static PRBool ssl3_ClientAuthTokenPresent(sslSessionID *sid) { #ifdef NSS_PLATFORM_CLIENT_AUTH - if (!sid || !sid->u.ssl3.clPlatformAuthValid) { - return PR_TRUE; - } - return ssl_PlatformAuthTokenPresent(&sid->u.ssl3.clPlatformAuthInfo); + return PR_TRUE; #else PK11SlotInfo *slot = NULL; PRBool isPresent = PR_TRUE; @@ -4837,12 +4834,6 @@ ssl3_SendCertificateVerify(sslSocket *ss) #ifdef NSS_PLATFORM_CLIENT_AUTH rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey, &buf, isTLS); - if (rv == SECSuccess) { - sslSessionID * sid = ss->sec.ci.sid; - ssl_GetPlatformAuthInfoForKey(ss->ssl3.platformClientKey, - &sid->u.ssl3.clPlatformAuthInfo); - sid->u.ssl3.clPlatformAuthValid = PR_TRUE; - } ssl_FreePlatformKey(ss->ssl3.platformClientKey); ss->ssl3.platformClientKey = (PlatformKey)NULL; #else /* NSS_PLATFORM_CLIENT_AUTH */ diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h index 1ea82da..357c1b9 100644 --- a/net/third_party/nss/ssl/sslimpl.h +++ b/net/third_party/nss/ssl/sslimpl.h @@ -680,11 +680,6 @@ struct sslSessionIDStr { char masterValid; char clAuthValid; -#ifdef NSS_PLATFORM_CLIENT_AUTH - PlatformAuthInfo clPlatformAuthInfo; - char clPlatformAuthValid; -#endif /* NSS_PLATFORM_CLIENT_AUTH */ - /* Session ticket if we have one, is sent as an extension in the * ClientHello message. This field is used by clients. */ @@ -1753,23 +1748,6 @@ extern SECStatus ssl_FreeSessionCacheLocks(void); // Releases the platform key. extern void ssl_FreePlatformKey(PlatformKey key); -// Frees any memory allocated to store a persistent reference to the -// platform key. -extern void ssl_FreePlatformAuthInfo(PlatformAuthInfo* info); - -// Initializes the PlatformAuthInfo to empty/invalid values. -extern void ssl_InitPlatformAuthInfo(PlatformAuthInfo* info); - -// Determine if the given key is still present in the system. This is used -// to check for things like smart cards being ejected after handshaking, -// since no further operations on the key will happen which would detect this. -extern PRBool ssl_PlatformAuthTokenPresent(PlatformAuthInfo* info); - -// Obtain a persistent reference to a key, sufficient for -// ssl_PlatformAuthTokenPresent to determine if the key is still present. -extern void ssl_GetPlatformAuthInfoForKey(PlatformKey key, - PlatformAuthInfo* info); - // Implement the client CertificateVerify message for SSL3/TLS1.0 extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, diff --git a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c index 345f041..64adc1f 100644 --- a/net/third_party/nss/ssl/sslnonce.c +++ b/net/third_party/nss/ssl/sslnonce.c @@ -226,11 +226,6 @@ ssl_DestroySID(sslSessionID *sid) if (sid->u.ssl3.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE); } -#ifdef NSS_PLATFORM_CLIENT_AUTH - if (sid->u.ssl3.clPlatformAuthValid) { - ssl_FreePlatformAuthInfo(&sid->u.ssl3.clPlatformAuthInfo); - } -#endif /* NSS_PLATFORM_CLIENT_AUTH */ PORT_ZFree(sid, sizeof(sslSessionID)); } diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c index 9ab6172..208956f8 100644 --- a/net/third_party/nss/ssl/sslplatf.c +++ b/net/third_party/nss/ssl/sslplatf.c @@ -109,87 +109,6 @@ ssl_FreePlatformKey(PlatformKey key) } } -void -ssl_FreePlatformAuthInfo(PlatformAuthInfo* info) -{ - if (info->provider != NULL) { - PORT_Free(info->provider); - info->provider = NULL; - } - if (info->container != NULL) { - PORT_Free(info->container); - info->container = NULL; - } - info->provType = 0; -} - -void -ssl_InitPlatformAuthInfo(PlatformAuthInfo* info) -{ - info->provider = NULL; - info->container = NULL; - info->provType = 0; -} - -PRBool -ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info) -{ - HCRYPTPROV prov = 0; - - if (!info || !info->provider || !info->container) - return PR_FALSE; - - if (!CryptAcquireContextA(&prov, info->container, info->provider, - info->provType, 0)) - return PR_FALSE; - - CryptReleaseContext(prov, 0); - return PR_TRUE; -} - -void -ssl_GetPlatformAuthInfoForKey(PlatformKey key, - PlatformAuthInfo *info) -{ - DWORD bytesNeeded = 0; - ssl_InitPlatformAuthInfo(info); - if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) - goto error; - - bytesNeeded = sizeof(info->provType); - if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE, - (BYTE*)&info->provType, &bytesNeeded, 0)) - goto error; - - bytesNeeded = 0; - if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded, - 0)) - goto error; - info->container = (char*)PORT_Alloc(bytesNeeded); - if (info->container == NULL) - goto error; - if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, - (BYTE*)info->container, &bytesNeeded, 0)) - goto error; - - bytesNeeded = 0; - if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0)) - goto error; - info->provider = (char*)PORT_Alloc(bytesNeeded); - if (info->provider == NULL) - goto error; - if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider, - &bytesNeeded, 0)) - goto error; - - goto done; -error: - ssl_FreePlatformAuthInfo(info); - -done: - return; -} - SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, PRBool isTLS) @@ -316,82 +235,12 @@ done: #elif defined(XP_MACOSX) #include <Security/cssm.h> -/* - * In Mac OS X 10.5, these two functions are private but implemented, and - * in Mac OS X 10.6, these are exposed publicly. To compile with the 10.5 - * SDK, we declare them here. - */ -OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CFDataRef *persistentItemRef); -OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, SecKeychainItemRef *itemRef); - void ssl_FreePlatformKey(PlatformKey key) { CFRelease(key); } -void -ssl_FreePlatformAuthInfo(PlatformAuthInfo* info) -{ - if (info->keychain != NULL) { - CFRelease(info->keychain); - info->keychain = NULL; - } - if (info->persistentKey != NULL) { - CFRelease(info->persistentKey); - info->persistentKey = NULL; - } -} - -void -ssl_InitPlatformAuthInfo(PlatformAuthInfo* info) -{ - info->keychain = NULL; - info->persistentKey = NULL; -} - -PRBool -ssl_PlatformAuthTokenPresent(PlatformAuthInfo* info) -{ - if (!info || !info->keychain || !info->persistentKey) - return PR_FALSE; - - // Not actually interested in the status, but it can be used to make sure - // that the keychain still exists (as smart card ejection will remove - // the keychain) - SecKeychainStatus keychainStatus; - OSStatus rv = SecKeychainGetStatus(info->keychain, &keychainStatus); - if (rv != noErr) - return PR_FALSE; - - // Make sure the individual key still exists within the keychain, if - // the keychain is present - SecKeychainItemRef keychainItem; - rv = SecKeychainItemCopyFromPersistentReference(info->persistentKey, - &keychainItem); - if (rv != noErr) - return PR_FALSE; - - CFRelease(keychainItem); - return PR_TRUE; -} - -void -ssl_GetPlatformAuthInfoForKey(PlatformKey key, - PlatformAuthInfo *info) -{ - SecKeychainItemRef keychainItem = (SecKeychainItemRef)key; - OSStatus rv = SecKeychainItemCopyKeychain(keychainItem, &info->keychain); - if (rv == noErr) { - rv = SecKeychainItemCreatePersistentReference(keychainItem, - &info->persistentKey); - } - if (rv != noErr) { - ssl_FreePlatformAuthInfo(info); - } - return; -} - SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, PRBool isTLS) @@ -538,27 +387,6 @@ ssl_FreePlatformKey(PlatformKey key) { } -void -ssl_FreePlatformAuthInfo(PlatformAuthInfo *info) -{ -} - -void -ssl_InitPlatformAuthInfo(PlatformAuthInfo *info) -{ -} - -PRBool -ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info) -{ - return PR_FALSE; -} - -void -ssl_GetPlatformAuthInfoForKey(PlatformKey key, PlatformAuthInfo *info) -{ -} - SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, PRBool isTLS) diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c index 4176ac8..6c73f25 100644 --- a/net/third_party/nss/ssl/sslsnce.c +++ b/net/third_party/nss/ssl/sslsnce.c @@ -638,11 +638,6 @@ ConvertToSID(sidCacheEntry * from, to->u.ssl3.clAuthSeries = 0; to->u.ssl3.clAuthValid = PR_FALSE; -#ifdef NSS_PLATFORM_CLIENT_AUTH - ssl_InitPlatformAuthInfo(&to->u.ssl3.clPlatformAuthInfo); - to->u.ssl3.clPlatformAuthValid = PR_FALSE; -#endif /* NSS_PLATFORM_CLIENT_AUTH */ - if (from->u.ssl3.certIndex != -1 && pcce) { SECItem derCert; |