Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate_openssl.cc ('K') | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/strong-key-weak-signer.pem » ('j') | net/data/ssl/certificates/strong-key-weak-signer.pem » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #define PRArenaPool PLArenaPool // Required by <blapi.h>. 7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.
8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS. 8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.
9 9
10 #include "base/lazy_instance.h" 10 #include "base/lazy_instance.h"
(...skipping 1135 matching lines...) Expand 10 before | Expand all | Expand 10 after
1146 // private key. 1146 // private key.
1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0], 1147 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],
1148 &length)) { 1148 &length)) {
1149 return false; 1149 return false;
1150 } 1150 }
1151 1151
1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]), 1152 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),
1153 length); 1153 length);
1154 } 1154 }
1155 1155
1156 // static
1157 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
1158 size_t* size_bits,
1159 PublicKeyType* type) {
1160 PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(
1161 CRYPT_OID_INFO_OID_KEY,
1162 cert_handle->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,
1163 CRYPT_SIGN_ALG_OID_GROUP_ID);
1164 CHECK(oid_info);
1165 CHECK(oid_info->dwGroupId == CRYPT_SIGN_ALG_OID_GROUP_ID);
1166 CHECK(oid_info->ExtraInfo.cbData >= sizeof(DWORD));
1167 DWORD id = *reinterpret_cast<DWORD*>(oid_info->ExtraInfo.pbData);
1168
1169 *size_bits = CertGetPublicKeyLength(
1170 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
1171 &cert_handle->pCertInfo->SubjectPublicKeyInfo);
1172
1173 switch (id) {
1174 case CALG_RSA_SIGN:
1175 *type = kPublicKeyTypeRSA;
1176 break;
1177 case CALG_DSS_SIGN:
1178 *type = kPublicKeyTypeDSA;
1179 break;
1180 case CALG_ECDSA:
1181 *type = kPublicKeyTypeECDSA;
1182 break;
1183 case CALG_ECDH:
1184 *type = kPublicKeyTypeECDH;
1185 break;
1186 default:
1187 *type = kPublicKeyTypeUnknown;
1188 }
1189 }
1190
1156 } // namespace net 1191 } // namespace net
OLDNEW
« net/base/x509_certificate_openssl.cc ('K') | « net/base/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/strong-key-weak-signer.pem » ('j') | net/data/ssl/certificates/strong-key-weak-signer.pem » ('J')

Powered by Google App Engine
This is Rietveld 408576698