From cf7d99db0e2b7d5409e7dfd729b8c62a7bfaf92a Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 6 Sep 2011 16:20:51 -0400 Subject: [PATCH 133/150] - check the error code rather than status - don't dump the DH secret in debug mode --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 11 ++--------- 1 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 12cf099..58caadf 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -1571,9 +1571,6 @@ client_process_dh(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } -#ifdef DEBUG - hexdump(bits->data, bits->len); -#endif PK11_FreeSymKey(sym); PK11_FreeSlot(slot); SECKEY_DestroyPublicKey(pub); @@ -1746,9 +1743,6 @@ server_process_dh(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } -#ifdef DEBUG - hexdump(bits->data, bits->len); -#endif PK11_FreeSymKey(sym); SECKEY_DestroyPrivateKey(priv); SECKEY_DestroyPublicKey(pub); @@ -4710,7 +4704,7 @@ crypto_signeddata_common_verify(krb5_context context, switch (cms_msg_type) { case CMS_SIGN_DRAFT9: case CMS_SIGN_CLIENT: - switch (status) { + switch (PORT_GetError()) { case SEC_ERROR_REVOKED_CERTIFICATE: return KRB5KDC_ERR_REVOKED_CERTIFICATE; case SEC_ERROR_UNKNOWN_ISSUER: @@ -4721,7 +4715,7 @@ crypto_signeddata_common_verify(krb5_context context, break; case CMS_SIGN_SERVER: case CMS_ENVEL_SERVER: - switch (status) { + switch (PORT_GetError()) { case SEC_ERROR_REVOKED_CERTIFICATE: return KRB5KDC_ERR_REVOKED_CERTIFICATE; case SEC_ERROR_UNKNOWN_ISSUER: @@ -4894,7 +4888,6 @@ cms_envelopeddata_verify(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ret ? ret : ENOMEM; } - /* Export the payload. */ if (secitem_to_buf_len(plain, signed_data, signed_data_len) != 0) { NSS_CMSMessage_Destroy(msg); -- 1.7.6.4