net/base/x509_certificate_win.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.	7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.

8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.	8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.

9	9

10 #include "base/lazy_instance.h"	10 #include "base/lazy_instance.h"

(...skipping 1159 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1170 // private key.	1170 // private key.

1171 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],	1171 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],

1172 &length)) {	1172 &length)) {

1173 return false;	1173 return false;

1174 }	1174 }

1175	1175

1176 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),	1176 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),

1177 length);	1177 length);

1178 }	1178 }

1179	1179

	1180 // static

	1181 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

	1182 size_t* size_bits,

	1183 PublicKeyType* type) {

	1184 PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(

	1185 CRYPT_OID_INFO_OID_KEY,

	1186 cert_handle->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,

	1187 CRYPT_PUBKEY_ALG_OID_GROUP_ID);

	1188 PCHECK(oid_info);

	1189 CHECK(oid_info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID);

	1190

	1191 *size_bits = CertGetPublicKeyLength(

	1192 X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,

	1193 &cert_handle->pCertInfo->SubjectPublicKeyInfo);

	1194

	1195 switch (oid_info->Algid) {

	1196 case CALG_RSA_SIGN:

	1197 case CALG_RSA_KEYX:

	1198 *type = kPublicKeyTypeRSA;

	1199 break;

	1200 case CALG_DSS_SIGN:

	1201 *type = kPublicKeyTypeDSA;

	1202 break;

	1203 case CALG_ECDSA:

	1204 *type = kPublicKeyTypeECDSA;

	1205 break;

	1206 case CALG_ECDH:

	1207 *type = kPublicKeyTypeECDH;

	1208 break;

	1209 default:

	1210 *type = kPublicKeyTypeUnknown;

	1211 *size_bits = 0;

	1212 break;

	1213 }

	1214 }

	1215

1180 } // namespace net	1216 } // namespace net

OLD	NEW