| Index: content/child/webcrypto/platform_crypto_nss.cc
|
| diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
|
| index 11c84fc87bbf17018f9c7f58fb0e8646827a4798..e8a0237a7d79088cde466e70a8f7b40935df7b7b 100644
|
| --- a/content/child/webcrypto/platform_crypto_nss.cc
|
| +++ b/content/child/webcrypto/platform_crypto_nss.cc
|
| @@ -277,6 +277,21 @@ class PrivateKey : public Key {
|
|
|
| namespace {
|
|
|
| +Status NssSupportsAesGcm() {
|
| + if (g_nss_runtime_support.Get().IsAesGcmSupported())
|
| + return Status::Success();
|
| + return Status::ErrorUnsupported(
|
| + "NSS version doesn't support AES-GCM. Try using version 3.15 or later");
|
| +}
|
| +
|
| +Status NssSupportsRsaOaep() {
|
| + if (g_nss_runtime_support.Get().IsRsaOaepSupported())
|
| + return Status::Success();
|
| + return Status::ErrorUnsupported(
|
| + "NSS version doesn't support RSA-OAEP. Try using version 3.16.2 or "
|
| + "later");
|
| +}
|
| +
|
| // Creates a SECItem for the data in |buffer|. This does NOT make a copy, so
|
| // |buffer| should outlive the SECItem.
|
| SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
|
| @@ -448,8 +463,9 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
|
| const CryptoData& additional_data,
|
| unsigned int tag_length_bits,
|
| std::vector<uint8>* buffer) {
|
| - if (!g_nss_runtime_support.Get().IsAesGcmSupported())
|
| - return Status::ErrorUnsupported();
|
| + Status status = NssSupportsAesGcm();
|
| + if (status.IsError())
|
| + return status;
|
|
|
| unsigned int tag_length_bytes = tag_length_bits / 8;
|
|
|
| @@ -597,8 +613,9 @@ Status WebCryptoAlgorithmToNssMechFlags(
|
| return Status::Success();
|
| }
|
| case blink::WebCryptoAlgorithmIdAesGcm: {
|
| - if (!g_nss_runtime_support.Get().IsAesGcmSupported())
|
| - return Status::ErrorUnsupported();
|
| + Status status = NssSupportsAesGcm();
|
| + if (status.IsError())
|
| + return status;
|
| *mechanism = CKM_AES_GCM;
|
| *flags = CKF_ENCRYPT | CKF_DECRYPT;
|
| return Status::Success();
|
| @@ -1237,8 +1254,9 @@ Status EncryptRsaOaep(PublicKey* key,
|
| const CryptoData& label,
|
| const CryptoData& data,
|
| std::vector<uint8>* buffer) {
|
| - if (!g_nss_runtime_support.Get().IsRsaOaepSupported())
|
| - return Status::ErrorUnsupported();
|
| + Status status = NssSupportsRsaOaep();
|
| + if (status.IsError())
|
| + return status;
|
|
|
| CK_RSA_PKCS_OAEP_PARAMS oaep_params = {0};
|
| if (!InitializeRsaOaepParams(hash, label, &oaep_params))
|
| @@ -1274,8 +1292,9 @@ Status DecryptRsaOaep(PrivateKey* key,
|
| const CryptoData& label,
|
| const CryptoData& data,
|
| std::vector<uint8>* buffer) {
|
| - if (!g_nss_runtime_support.Get().IsRsaOaepSupported())
|
| - return Status::ErrorUnsupported();
|
| + Status status = NssSupportsRsaOaep();
|
| + if (status.IsError())
|
| + return status;
|
|
|
| CK_RSA_PKCS_OAEP_PARAMS oaep_params = {0};
|
| if (!InitializeRsaOaepParams(hash, label, &oaep_params))
|
| @@ -1423,9 +1442,10 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
|
| unsigned long public_exponent,
|
| blink::WebCryptoKey* public_key,
|
| blink::WebCryptoKey* private_key) {
|
| - if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&
|
| - !g_nss_runtime_support.Get().IsRsaOaepSupported()) {
|
| - return Status::ErrorUnsupported();
|
| + if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep) {
|
| + Status status = NssSupportsRsaOaep();
|
| + if (status.IsError())
|
| + return status;
|
| }
|
|
|
| crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
|
|
|
Chromium Code Reviews
Issue 343473004:
[webcrypto] Give more descriptive error messages on Linux for unsupported functionality. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src