net/base/x509_certificate_mac.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #include <CommonCrypto/CommonDigest.h>	7 #include <CommonCrypto/CommonDigest.h>

8 #include <CoreServices/CoreServices.h>	8 #include <CoreServices/CoreServices.h>

9 #include <Security/Security.h>	9 #include <Security/Security.h>

10 #include <time.h>	10 #include <time.h>

(...skipping 715 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
726 sint32 estTime;	726 sint32 estTime;

727 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL,	727 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL,

728 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext,	728 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext,

729 &estTime, &refId);	729 &estTime, &refId);

730 if (crtn) {	730 if (crtn) {

731 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn;	731 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn;

732 return NULL;	732 return NULL;

733 }	733 }

734	734

735 CSSM_BOOL confirmRequired;	735 CSSM_BOOL confirmRequired;

736 CSSM_TP_RESULT_SET *resultSet = NULL;	736 CSSM_TP_RESULT_SET* resultSet = NULL;

737 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,	737 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,

738 &confirmRequired, &resultSet);	738 &confirmRequired, &resultSet);

739 ScopedEncodedCertResults scopedResults(resultSet);	739 ScopedEncodedCertResults scopedResults(resultSet);

740 crypto::CSSMFree(refId.Data);	740 crypto::CSSMFree(refId.Data);

741 if (crtn) {	741 if (crtn) {

742 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn;	742 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn;

743 return NULL;	743 return NULL;

744 }	744 }

745	745

746 if (confirmRequired) {	746 if (confirmRequired) {

(...skipping 683 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1430 Pickle* pickle) {	1430 Pickle* pickle) {

1431 CSSM_DATA cert_data;	1431 CSSM_DATA cert_data;

1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data);	1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data);

1433 if (status)	1433 if (status)

1434 return false;	1434 return false;

1435	1435

1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data),	1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data),

1437 cert_data.Length);	1437 cert_data.Length);

1438 }	1438 }

1439	1439

	1440 // static

	1441 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

	1442 size_t* size_bits,

	1443 PublicKeyType* type) {

	1444 SecKeyRef key;

	1445 OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key);

	1446 if (status) {

	1447 NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status;

	1448 return;
	wtc 2011/11/17 02:52:18 Since this function returns void, it should always Since this function returns void, it should always store some values in the output arguments.
	1449 }

	1450 ScopedCFTypeRef<SecKeyRef> scoped_key;
	Ryan Sleevi 2011/11/17 03:20:33 ScopedCFTypeRef<SecKeyRef> scoped_key(key); ScopedCFTypeRef<SecKeyRef> scoped_key(key);
	1451

	1452 const CSSM_KEY* cssm_key;

	1453 status = SecKeyGetCSSMKey(key, &cssm_key);

	1454 if (status) {

	1455 NOTREACHED() << "SecKeyGetCSSMKey failed: " << status;

	1456 return;

	1457 }

	1458

	1459 *size_bits = cssm_key->KeyHeader.LogicalKeySizeInBits;

	1460

	1461 switch (cssm_key->KeyHeader.AlgorithmId) {

	1462 case CSSM_ALGID_RSA:

	1463 *type = kPublicKeyTypeRSA;

	1464 break;

	1465 case CSSM_ALGID_DSA:

	1466 *type = kPublicKeyTypeDSA;

	1467 break;

	1468 case CSSM_ALGID_ECDSA:

	1469 *type = kPublicKeyTypeECDSA;

	1470 break;

	1471 case CSSM_ALGID_DH:

	1472 *type = kPublicKeyTypeDH;

	1473 break;

	1474 default:

	1475 *type = kPublicKeyTypeUnknown;
	wtc 2011/11/17 02:52:18 Nit: add a break statement. Make the same change Nit: add a break statement. Make the same change to other implementations of the X509Certificate::GetPublicKeyInfo method.
	1476 }

	1477 }

	1478

1440 } // namespace net	1479 } // namespace net

OLD	NEW

« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_openssl.cc » ('J')