diff options
author | relyea%netscape.com <devnull@localhost> | 2002-10-10 20:30:19 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-10-10 20:30:19 +0000 |
commit | 81052034d5bc881990f2f45d8cab653d0025e280 (patch) | |
tree | 22b4613eb3c7f356c95575cfb0713bb5626e44d2 /security | |
parent | 24bf8d17600cbedfa81d4badf57ad3cee350ea14 (diff) | |
download | nss-hg-81052034d5bc881990f2f45d8cab653d0025e280.tar.gz |
Bug 164501. Return a proper error code from PK11_FindCrlByName() so the CRL
code can decide if there is a hw or system failure preventing the reading of a
CRL or if the CRL is just not there.
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/lib/base/errorval.c | 1 | ||||
-rw-r--r-- | security/nss/lib/certdb/crl.c | 8 | ||||
-rw-r--r-- | security/nss/lib/dev/ckhelper.c | 6 | ||||
-rw-r--r-- | security/nss/lib/dev/devtoken.c | 1 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 10 | ||||
-rw-r--r-- | security/nss/lib/pki/pkibase.c | 7 | ||||
-rw-r--r-- | security/nss/lib/util/secerr.h | 3 |
7 files changed, 32 insertions, 4 deletions
diff --git a/security/nss/lib/base/errorval.c b/security/nss/lib/base/errorval.c index 2f2bfcce7..7a4017dff 100644 --- a/security/nss/lib/base/errorval.c +++ b/security/nss/lib/base/errorval.c @@ -86,4 +86,5 @@ const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND = 31; const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE = 32; const NSSError NSS_ERROR_HASH_COLLISION = 33; +const NSSError NSS_ERROR_DEVICE_ERROR = 34; diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index a64c96373..1f54b764d 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -567,6 +567,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type, SECItem *derCrl = NULL; CK_OBJECT_HANDLE crlHandle = 0; char *url = NULL; + int nsserror; PORT_Assert(decoded); if (!decoded) { @@ -580,8 +581,15 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type, /* XXX it would be really useful to be able to fetch the CRL directly into an arena. This would avoid a copy later on in the decode step */ + PORT_SetError(0); derCrl = PK11_FindCrlByName(&slot, &crlHandle, crlKey, type, &url); if (derCrl == NULL) { + /* if we had a problem other than the CRL just didn't exist, return + * a failure to the upper level */ + nsserror = PORT_GetError(); + if ((nsserror != 0) && (nsserror != SEC_ERROR_CRL_NOT_FOUND)) { + rv = SECFailure; + } goto loser; } PORT_Assert(crlHandle != CK_INVALID_HANDLE); diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index c615cf693..d36083305 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -47,6 +47,8 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #include "ckhelper.h" #endif /* CKHELPER_H */ +extern const NSSError NSS_ERROR_DEVICE_ERROR; + static const CK_BBOOL s_true = CK_TRUE; NSS_IMPLEMENT_DATA const NSSItem g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) }; @@ -124,7 +126,7 @@ nssCKObject_GetAttributes ckrv != CKR_ATTRIBUTE_SENSITIVE) { nssSession_ExitMonitor(session); - /* set an error here */ + nss_SetError(NSS_ERROR_DEVICE_ERROR); goto loser; } /* Allocate memory for each attribute. */ @@ -154,7 +156,7 @@ nssCKObject_GetAttributes ckrv != CKR_ATTRIBUTE_TYPE_INVALID && ckrv != CKR_ATTRIBUTE_SENSITIVE) { - /* set an error here */ + nss_SetError(NSS_ERROR_DEVICE_ERROR); goto loser; } if (alloced && arenaOpt) { diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 077658969..264744872 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -469,6 +469,7 @@ find_objects objects = create_objects_from_handles(tok, session, objectHandles, numHandles); } else { + nss_SetError(NSS_ERROR_NOT_FOUND); objects = NULL; } if (objectHandles && objectHandles != staticObjects) { diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 5745c1f11..e48186f47 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -70,6 +70,8 @@ #define PK11_SEARCH_CHUNKSIZE 10 +extern const NSSError NSS_ERROR_NOT_FOUND; + CK_OBJECT_HANDLE pk11_FindPubKeyByAnyCert(CERTCertificate *cert, PK11SlotInfo **slot, void *wincx); @@ -3722,6 +3724,9 @@ loser: crls = nssTrustDomain_FindCRLsBySubject(td, &subject); } if (!crls) { + if (NSS_GetError() == NSS_ERROR_NOT_FOUND) { + PORT_SetError(SEC_ERROR_CRL_NOT_FOUND); + } return NULL; } crl = NULL; @@ -3734,7 +3739,10 @@ loser: } } nssCRLArray_Destroy(crls); - if (!crl) { + if (!crl) { + /* CRL collection was found, but no interesting CRL's were on it. + * Not an error */ + PORT_SetError(SEC_ERROR_CRL_NOT_FOUND); return NULL; } *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot); diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 162a247c4..6f76699e5 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -47,6 +47,8 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #include "pki3hack.h" #endif +extern const NSSError NSS_ERROR_NOT_FOUND; + NSS_IMPLEMENT nssPKIObject * nssPKIObject_Create ( NSSArena *arenaOpt, @@ -840,6 +842,7 @@ nssPKIObjectCollection_GetObjects ( PRUint32 i = 0; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; + int error=0; while ((i < rvSize) && (link != &collection->head)) { node = (pkiObjectCollectionNode *)link; if (!node->haveObject) { @@ -849,6 +852,7 @@ nssPKIObjectCollection_GetObjects ( link = PR_NEXT_LINK(link); /*remove bogus object from list*/ nssPKIObjectCollection_RemoveNode(collection,node); + error++; continue; } node->haveObject = PR_TRUE; @@ -856,6 +860,9 @@ nssPKIObjectCollection_GetObjects ( rvObjects[i++] = nssPKIObject_AddRef(node->object); link = PR_NEXT_LINK(link); } + if (!error && *rvObjects == NULL) { + nss_SetError(NSS_ERROR_NOT_FOUND); + } return PR_SUCCESS; } diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 613635e74..829dcf708 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -181,7 +181,8 @@ SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), -SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136) +SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), +SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137) } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ |