Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(235)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 #include <time.h> 10 #include <time.h>
(...skipping 794 matching lines...) Expand 10 before | Expand all | Expand 10 after
805 sint32 estTime; 805 sint32 estTime;
806 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL, 806 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL,
807 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext, 807 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext,
808 &estTime, &refId); 808 &estTime, &refId);
809 if (crtn) { 809 if (crtn) {
810 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn; 810 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn;
811 return NULL; 811 return NULL;
812 } 812 }
813 813
814 CSSM_BOOL confirmRequired; 814 CSSM_BOOL confirmRequired;
815 CSSM_TP_RESULT_SET *resultSet = NULL; 815 CSSM_TP_RESULT_SET* resultSet = NULL;
816 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime, 816 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,
817 &confirmRequired, &resultSet); 817 &confirmRequired, &resultSet);
818 ScopedEncodedCertResults scopedResults(resultSet); 818 ScopedEncodedCertResults scopedResults(resultSet);
819 crypto::CSSMFree(refId.Data); 819 crypto::CSSMFree(refId.Data);
820 if (crtn) { 820 if (crtn) {
821 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn; 821 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn;
822 return NULL; 822 return NULL;
823 } 823 }
824 824
825 if (confirmRequired) { 825 if (confirmRequired) {
(...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after
1507 Pickle* pickle) { 1507 Pickle* pickle) {
1508 CSSM_DATA cert_data; 1508 CSSM_DATA cert_data;
1509 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); 1509 OSStatus status = SecCertificateGetData(cert_handle, &cert_data);
1510 if (status) 1510 if (status)
1511 return false; 1511 return false;
1512 1512
1513 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), 1513 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data),
1514 cert_data.Length); 1514 cert_data.Length);
1515 } 1515 }
1516 1516
1517 // static
1518 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
1519 size_t* size_bits,
1520 PublicKeyType* type) {
1521 SecKeyRef key;
1522 OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key);
1523 if (status) {
1524 NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status;
1525 return;
1526 }
1527 ScopedCFTypeRef<SecKeyRef> scoped_key;
1528
1529 const CSSM_KEY* cssm_key;
1530 status = SecKeyGetCSSMKey(key, &cssm_key);
1531 if (status) {
1532 NOTREACHED() << "SecKeyGetCSSMKey failed: " << status;
1533 return;
1534 }
1535
1536 *size_bits = cssm_key->KeyHeader.LogicalKeySizeInBits;
1537
1538 switch (cssm_key->KeyHeader.AlgorithmId) {
1539 case CSSM_ALGID_RSA:
1540 *type = kPublicKeyTypeRSA;
1541 break;
1542 case CSSM_ALGID_DSA:
1543 *type = kPublicKeyTypeDSA;
1544 break;
1545 case CSSM_ALGID_ECDSA:
1546 *type = kPublicKeyTypeECDSA;
1547 break;
1548 case CSSM_ALGID_DH:
1549 *type = kPublicKeyTypeDH;
1550 break;
1551 default:
1552 *type = kPublicKeyTypeUnknown;
1553 }
1554 }
1555
1517 } // namespace net 1556 } // namespace net
OLDNEW
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698