Add net::ERR_BAD_PEER_PUBLIC_KEY, and map several NSS error codes

that may occur when using the server's public key in NSS's
ssl3_HandleServerKeyExchange and ssl3_SendClientKeyExchange functions.

R=agl@chromium.org
BUG=88044
TEST=none

Review URL: http://codereview.chromium.org/7495006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94231 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 13 insertions, 0 deletions

diff --git a/net/socket/nss_ssl_util.cc b/net/socket/nss_ssl_util.cc
index 16a1d8b..30cbcbf 100644
--- a/net/socket/nss_ssl_util.cc
+++ b/net/socket/nss_ssl_util.cc
@@ -161,6 +161,8 @@ int MapNSSError(PRErrorCode err) {
 
     case SEC_ERROR_INVALID_ARGS:
       return ERR_INVALID_ARGUMENT;
+    case SEC_ERROR_NO_MEMORY:
+      return ERR_OUT_OF_MEMORY;
     case SEC_ERROR_NO_KEY:
       return ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY;
     case SEC_ERROR_INVALID_KEY:
@@ -191,6 +193,17 @@ int MapNSSError(PRErrorCode err) {
       return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY;
     case SSL_ERROR_HANDSHAKE_NOT_COMPLETED:
       return ERR_SSL_HANDSHAKE_NOT_COMPLETED;
+    case SEC_ERROR_BAD_KEY:
+    case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE:
+    // TODO(wtc): the following errors may also occur in contexts unrelated
+    // to the peer's public key.  We should add new error codes for them, or
+    // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context.
+    // General unsupported/unknown key algorithm error.
+    case SEC_ERROR_UNSUPPORTED_KEYALG:
+    // General DER decoding errors.
+    case SEC_ERROR_BAD_DER:
+    case SEC_ERROR_EXTRA_INPUT:
+      return ERR_SSL_BAD_PEER_PUBLIC_KEY;
 
     default: {
       if (IS_SSL_ERROR(err)) {