Chromium Code Reviews Chromium Code Reviews
Issue 8568040:
Refuse to accept certificate chains containing any RSA public key smaller (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <CoreServices/CoreServices.h> | 8 #include <CoreServices/CoreServices.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 #include <time.h> | 10 #include <time.h> |
| (...skipping 1419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1430 Pickle* pickle) { | 1430 Pickle* pickle) { |
| 1431 CSSM_DATA cert_data; | 1431 CSSM_DATA cert_data; |
| 1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); | 1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); |
| 1433 if (status) | 1433 if (status) |
| 1434 return false; | 1434 return false; |
| 1435 | 1435 |
| 1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), | 1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), |
| 1437 cert_data.Length); | 1437 cert_data.Length); |
| 1438 } | 1438 } |
| 1439 | 1439 |
| 1440 //static | |
| 1441 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, | |
| 1442 size_t* size_bits, | |
| 1443 PublicKeyType* type) { | |
| 1444 SecKeyRef key; | |
|
Ryan Sleevi
2011/11/16 03:46:11
base::mac::ScopedCFTypeRef<SecKeyRef> works handy
| |
| 1445 OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key); | |
| 1446 if (status) { | |
| 1447 CFRelease(key); | |
| 1448 NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status; | |
| 1449 return 0; | |
| 1450 } | |
| 1451 | |
| 1452 CSSM_KEY* cssm_key; | |
| 1453 status = SecKeyGetCSSMKey(key, &cssm_key); | |
| 1454 if (status) { | |
| 1455 CFRelease(key); | |
| 1456 NOTREACHED() << "SecKeyGetCSSMKey failed: " << status; | |
| 1457 return 0; | |
| 1458 } | |
| 1459 | |
| 1460 CSSM_KEY_SIZE key_size; | |
| 1461 status = CSSM_QueryKeySizeInBits(crypto::GetSharedCSPHandle(), NULL, cssm_key, | |
|
Ryan Sleevi
2011/11/16 03:46:11
CSSM_KEY.Header has a LogicalKeySizeInBits member.
Ryan Sleevi
2011/11/16 03:47:03
s/said/set/. Makes more sense now.
| |
| 1462 &key_size); | |
| 1463 if (status) { | |
| 1464 CFRelease(key); | |
| 1465 NOTREACHED() << "CSSM_QueryKeySizeInBits failed: " << status; | |
| 1466 return 0; | |
| 1467 } | |
| 1468 | |
| 1469 *size_bits = key_size.LogicalKeySizeInBits; | |
| 1470 | |
| 1471 switch (cssm_key->KeyHeader.AlgorithmId) { | |
| 1472 case CSSM_ALGID_RSA: | |
| 1473 *type = PublicKeyType::RSA; | |
| 1474 break; | |
| 1475 case CSSM_ALGID_DSA: | |
| 1476 *type = PublicKeyType::DSA; | |
| 1477 break; | |
| 1478 case CSSM_ALGID_ECDSA: | |
| 1479 *type = PublicKeyType::ECDSA; | |
| 1480 break; | |
| 1481 case CSSM_ALGID_DH: | |
| 1482 *type = PublicKeyType::DH; | |
| 1483 break; | |
| 1484 default: | |
| 1485 *type = PublicKeyType::NONE; | |
| 1486 } | |
| 1487 | |
| 1488 CFRelease(key); | |
| 1489 } | |
| 1490 | |
| 1440 } // namespace net | 1491 } // namespace net |
| OLD | NEW |
