From a1cb2cdefd0aabd32581017079fc56eafe369756 Mon Sep 17 00:00:00 2001 From: "rsleevi@chromium.org" Date: Sat, 5 Feb 2011 02:02:08 +0000 Subject: Return more specific error messages when performing a SSL client auth handshake and an error signing with the certificate private key is encountered, rather than using ERR_FAILED/ERR_SSL_PROTOCOL_ERROR. BUG=69609 TEST=none Review URL: http://codereview.chromium.org/6371014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73891 0039d316-1c4b-4281-b951-d872f2087c98 --- net/third_party/nss/ssl/sslplatf.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) (limited to 'net/third_party') diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c index 2b006bd..3b2ffb48 100644 --- a/net/third_party/nss/ssl/sslplatf.c +++ b/net/third_party/nss/ssl/sslplatf.c @@ -203,7 +203,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, buf->data = NULL; if (!CryptGetUserKey(key, keySpec, &hKey)) { - PORT_SetError(SEC_ERROR_INVALID_KEY); + if (GetLastError() == NTE_NO_KEY) { + PORT_SetError(SEC_ERROR_NO_KEY); + } else { + PORT_SetError(SEC_ERROR_INVALID_KEY); + } goto done; } @@ -233,31 +237,31 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, hashItem.len = sizeof(hash->sha); break; default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + PORT_SetError(SEC_ERROR_INVALID_KEY); goto done; } PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); if (!CryptCreateHash(key, hashAlg, 0, 0, &hHash)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } argLen = sizeof(hashLen); if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&hashLen, &argLen, 0)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (hashLen != hashItem.len) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (!CryptSetHashParam(hHash, HP_HASHVAL, (BYTE*)hashItem.data, 0)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, NULL, &signatureLen) || signatureLen == 0) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->data = (unsigned char *)PORT_Alloc(signatureLen); @@ -266,7 +270,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, (BYTE*)buf->data, &signatureLen)) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->len = signatureLen; @@ -288,10 +292,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, } else if (derSig.data) { PORT_Free(derSig.data); } + } else { + rv = SECSuccess; } PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len)); - rv = SECSuccess; done: if (hHash) CryptDestroyHash(hHash); @@ -410,7 +415,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, status = SecKeyGetCSSMKey(key, &cssmKey); if (status != noErr || !cssmKey) { - PORT_SetError(SEC_ERROR_INVALID_KEY); + PORT_SetError(SEC_ERROR_NO_KEY); goto done; } @@ -457,7 +462,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, status = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault, &cssmCreds); if (status != noErr) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } @@ -467,7 +472,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds, cssmKey, &cssmSignature); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } @@ -480,7 +485,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, blindingAttr.Attribute.Uint32 = 1; cssmRv = CSSM_UpdateContextAttributes(cssmSignature, 1, &blindingAttr); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } } @@ -488,7 +493,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, CSSM_ALGID_NONE, &signatureData); if (cssmRv) { - ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); + PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); goto done; } buf->len = signatureData.Length; @@ -504,10 +509,11 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, } else if (derSig.data) { PORT_Free(derSig.data); } + } else { + rv = SECSuccess; } PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len)); - rv = SECSuccess; done: /* cspHandle, cssmKey, and cssmCreds are owned by the SecKeyRef and * should not be freed. When the PlatformKey is freed, they will be -- cgit v1.1