diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-05 02:02:08 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-05 02:02:08 +0000 |
| commit | a1cb2cdefd0aabd32581017079fc56eafe369756 (patch) | |
| tree | da2ccb1d07a8fd44226182c147a0f8bfe7e89685 /net/third_party | |
| parent | 08397d5343ddaba1a32a5ac7e0bf3bc03bd3bdf8 (diff) | |
| download | chromium_src-a1cb2cdefd0aabd32581017079fc56eafe369756.zip chromium_src-a1cb2cdefd0aabd32581017079fc56eafe369756.tar.gz chromium_src-a1cb2cdefd0aabd32581017079fc56eafe369756.tar.bz2 | |
Return more specific error messages when performing a SSL client auth handshake and an error signing with the certificate private key is encountered, rather than using ERR_FAILED/ERR_SSL_PROTOCOL_ERROR.
BUG=69609
TEST=none
Review URL: http://codereview.chromium.org/6371014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73891 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
| -rw-r--r-- | net/third_party/nss/ssl/sslplatf.c | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c index 2b006bd..3b2ffb48 100644 --- a/net/third_party/nss/ssl/sslplatf.c +++ b/net/third_party/nss/ssl/sslplatf.c @@ -203,7 +203,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, buf->data = NULL; if (!CryptGetUserKey(key, keySpec, &hKey)) { - PORT_SetError(SEC_ERROR_INVALID_KEY); + if (GetLastError() == NTE_NO_KEY) { + PORT_SetError(SEC_ERROR_NO_KEY); + } else { + PORT_SetError(SEC_ERROR_INVALID_KEY); + } goto done; } @@ -233,31 +237,31 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, hashItem.len = sizeof(hash->sha); break; default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + PORT_SetError(SEC_ERROR_INVALID_KEY); goto done; } PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); if (!CryptCreateHash(key, hashAlg, 0, 0, &hHash)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } argLen = sizeof(hashLen); if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&hashLen, &argLen, 0)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (hashLen != hashItem.len) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (!CryptSetHashParam(hHash, HP_HASHVAL, (BYTE*)hashItem.data, 0)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, NULL, &signatureLen) || signatureLen == 0) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->data = (unsigned char *)PORT_Alloc(signatureLen); @@ -266,7 +270,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, (BYTE*)buf->data, &signatureLen)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->len = signatureLen; @@ -288,10 +292,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, } else if (derSig.data) { PORT_Free(derSig.data); } + } else { + rv = SECSuccess; } PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len)); - rv = SECSuccess; done: if (hHash) CryptDestroyHash(hHash); @@ -410,7 +415,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, status = SecKeyGetCSSMKey(key, &cssmKey); if (status != noErr || !cssmKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); + PORT_SetError(SEC_ERROR_NO_KEY); goto done; } @@ -457,7 +462,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, status = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault, &cssmCreds); if (status != noErr) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } @@ -467,7 +472,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds, cssmKey, &cssmSignature); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } @@ -480,7 +485,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, blindingAttr.Attribute.Uint32 = 1; cssmRv = CSSM_UpdateContextAttributes(cssmSignature, 1, &blindingAttr); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } } @@ -488,7 +493,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, CSSM_ALGID_NONE, &signatureData); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->len = signatureData.Length; @@ -504,10 +509,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, } else if (derSig.data) { PORT_Free(derSig.data); } + } else { + rv = SECSuccess; } PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len)); - rv = SECSuccess; done: /* cspHandle, cssmKey, and cssmCreds are owned by the SecKeyRef and * should not be freed. When the PlatformKey is freed, they will be |