net/base/x509_certificate_win.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.	7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.

8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.	8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.

9	9

10 #include "base/lazy_instance.h"	10 #include "base/lazy_instance.h"

(...skipping 1159 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1170 // private key.	1170 // private key.

1171 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],	1171 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],

1172 &length)) {	1172 &length)) {

1173 return false;	1173 return false;

1174 }	1174 }

1175	1175

1176 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),	1176 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),

1177 length);	1177 length);

1178 }	1178 }

1179	1179

	1180 // static

	1181 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

	1182 size_t* size_bits,

	1183 PublicKeyType* type) {

	1184 PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(

	1185 CRYPT_OID_INFO_OID_KEY,

	1186 cert_handle->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,

	1187 CRYPT_SIGN_ALG_OID_GROUP_ID);
	Ryan Sleevi 2011/12/13 05:45:35 CRYPT_PUBKEY_ALG_OID_GROUP_ID CRYPT_PUBKEY_ALG_OID_GROUP_ID
	1188 CHECK(oid_info);

	1189 CHECK(oid_info->dwGroupId == CRYPT_SIGN_ALG_OID_GROUP_ID);
	Ryan Sleevi 2011/12/13 05:45:35 CHECK_EQ(oid_info->dwGroupId, CRYPT_PUBKEY_ALG_OID CHECK_EQ(oid_info->dwGroupId, CRYPT_PUBKEY_ALG_OID_GROUP_ID)
	1190 CHECK(oid_info->ExtraInfo.cbData >= sizeof(DWORD));
	Ryan Sleevi 2011/12/13 05:45:35 Delete this CHECK (ExtraInfo.cbData may be 0 if no Delete this CHECK (ExtraInfo.cbData may be 0 if no flags)
	1191 DWORD id = reinterpret_cast<DWORD>(oid_info->ExtraInfo.pbData);
	Ryan Sleevi 2011/12/13 05:45:35 Delete this (updated below at line 1197) Delete this (updated below at line 1197)
	1192

	1193 *size_bits = CertGetPublicKeyLength(

	1194 X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,

	1195 &cert_handle->pCertInfo->SubjectPublicKeyInfo);

	1196

	1197 switch (id) {
	Ryan Sleevi 2011/12/13 05:45:35 switch (id) -> switch (oid_info->AlgId) { switch (id) -> switch (oid_info->AlgId) {
	1198 case CALG_RSA_SIGN:
	Ryan Sleevi 2011/12/13 05:45:35 add case CALG_RSA_KEYX: add case CALG_RSA_KEYX:
	1199 *type = kPublicKeyTypeRSA;

	1200 break;

	1201 case CALG_DSS_SIGN:

	1202 *type = kPublicKeyTypeDSA;

	1203 break;

	1204 case CALG_ECDSA:

	1205 *type = kPublicKeyTypeECDSA;

	1206 break;

	1207 case CALG_ECDH:

	1208 *type = kPublicKeyTypeECDH;

	1209 break;

	1210 default:

	1211 *type = kPublicKeyTypeUnknown;

	1212 }

	1213 }

	1214

1180 } // namespace net	1215 } // namespace net

OLD	NEW