summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-11 00:15:28 +0000
committerwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-11 00:15:28 +0000
commitad37797e7831b162e88c09b093ca3b1647203065 (patch)
tree7781c65fd9e8f16c35e085f626f60530061c32e8 /net
parentb4bbe302077c4e4cbc8216ab8a3167e6f3c9c1b4 (diff)
downloadchromium_src-ad37797e7831b162e88c09b093ca3b1647203065.zip
chromium_src-ad37797e7831b162e88c09b093ca3b1647203065.tar.gz
chromium_src-ad37797e7831b162e88c09b093ca3b1647203065.tar.bz2
Fix TLS 1.2 client authentication on Mac OS X.
Since we are signing a precomputed hash, we need to pass just the encryption algorithm to CSSM_CSP_CreateSignatureContext as we did before, and pass the digest algorithm to CSSM_SignData. R=rsleevi@chromium.org BUG=248355 TEST=manual testing. Verify the connection uses TLS 1.2 rather than falling back on TLS 1.1. Review URL: https://codereview.chromium.org/15709013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205356 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/third_party/nss/ssl/sslplatf.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
index 83740ca..d2af20c 100644
--- a/net/third_party/nss/ssl/sslplatf.c
+++ b/net/third_party/nss/ssl/sslplatf.c
@@ -486,6 +486,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
CSSM_CSP_HANDLE cspHandle = 0;
const CSSM_KEY *cssmKey = NULL;
CSSM_ALGORITHMS sigAlg;
+ CSSM_ALGORITHMS digestAlg;
const CSSM_ACCESS_CREDENTIALS * cssmCreds = NULL;
CSSM_RETURN cssmRv;
CSSM_DATA hashData;
@@ -521,25 +522,26 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
goto done; /* error code was set. */
sigAlg = cssmKey->KeyHeader.AlgorithmId;
+
+ digestAlg = CSSM_ALGID_NONE;
if (keyType == rsaKey) {
- PORT_Assert(sigAlg == CSSM_ALGID_RSA);
switch (hash->hashAlg) {
case SEC_OID_UNKNOWN:
break;
case SEC_OID_SHA1:
- sigAlg = CSSM_ALGID_SHA1WithRSA;
+ digestAlg = CSSM_ALGID_SHA1;
break;
case SEC_OID_SHA224:
- sigAlg = CSSM_ALGID_SHA224WithRSA;
+ digestAlg = CSSM_ALGID_SHA224;
break;
case SEC_OID_SHA256:
- sigAlg = CSSM_ALGID_SHA256WithRSA;
+ digestAlg = CSSM_ALGID_SHA256;
break;
case SEC_OID_SHA384:
- sigAlg = CSSM_ALGID_SHA384WithRSA;
+ digestAlg = CSSM_ALGID_SHA384;
break;
case SEC_OID_SHA512:
- sigAlg = CSSM_ALGID_SHA512WithRSA;
+ digestAlg = CSSM_ALGID_SHA512;
break;
default:
PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
@@ -549,6 +551,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
switch (keyType) {
case rsaKey:
+ PORT_Assert(sigAlg == CSSM_ALGID_RSA);
hashData.Data = hash->u.raw;
hashData.Length = hash->len;
break;
@@ -610,7 +613,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
}
}
- cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, CSSM_ALGID_NONE,
+ cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, digestAlg,
&signatureData);
if (cssmRv) {
PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);