net/base/x509_certificate_win.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.	7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.

8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.	8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.

9	9

10 #include "base/lazy_instance.h"	10 #include "base/lazy_instance.h"

(...skipping 1135 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1146 // private key.	1146 // private key.

1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],	1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],

1148 &length)) {	1148 &length)) {

1149 return false;	1149 return false;

1150 }	1150 }

1151	1151

1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),	1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),

1153 length);	1153 length);

1154 }	1154 }

1155	1155

	1156 //static

	1157 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

	1158 size_t* size_bits,

	1159 PublicKeyType* type) {

	1160 *size_bits = CertGetPublicKeyLength(

	1161 X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,

	1162 cert_handle->pCertInfo->SubjectPublicKeyInfo);

	1163

	1164 PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(

	1165 CRYPT_OID_INFO_OID_KEY,

	1166 cert_handle->pCertInfo->SubjectPublicKeyInfo->Algorithm->pszObjId,

	1167 CRYPT_SIGN_ALG_OID_GROUP_ID);

	1168 CHECK(CRYPT_OID_INFO.dwGroupId == CRYPT_SIGN_ALG_OID_GROUP_ID);
	Ryan Sleevi 2011/11/16 03:46:11 nit: oid_info->dwGroupId (and the next two lines) nit: oid_info->dwGroupId (and the next two lines)
	1169 CHECK(CRYPT_OID_INFO.ExtraInfo.cbData >= sizeof(DWORD));

	1170 DWORD id = reinterpret_cast<DWORD>(CRYPT_OID_INFO.ExtraInfo.pbData);

	1171

	1172 switch (id) {

	1173 case CALG_RSA_SIGN:

	1174 *type = PublicKeyType::RSA;

	1175 break;

	1176 case CALG_DSS_SIGN:

	1177 *type = PublicKeyType::DSA;

	1178 break;

	1179 case CALG_ECDSA:

	1180 *type = PublicKeyType::ECDSA;

	1181 break;

	1182 default:

	1183 *type = PublicKeyType::None;

	1184 }

	1185 }

	1186

1156 } // namespace net	1187 } // namespace net

OLD	NEW

« net/base/x509_certificate_mac.cc ('K') | « net/base/x509_certificate_openssl.cc ('k') | no next file » | no next file with comments »