Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(203)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_mac.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_win.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 #include <time.h> 10 #include <time.h>
(...skipping 715 matching lines...) Expand 10 before | Expand all | Expand 10 after
726 sint32 estTime; 726 sint32 estTime;
727 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL, 727 CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest(tp_handle, NULL,
728 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext, 728 CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, &reqSet, &callerAuthContext,
729 &estTime, &refId); 729 &estTime, &refId);
730 if (crtn) { 730 if (crtn) {
731 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn; 731 DLOG(ERROR) << "CSSM_TP_SubmitCredRequest failed " << crtn;
732 return NULL; 732 return NULL;
733 } 733 }
734 734
735 CSSM_BOOL confirmRequired; 735 CSSM_BOOL confirmRequired;
736 CSSM_TP_RESULT_SET *resultSet = NULL; 736 CSSM_TP_RESULT_SET* resultSet = NULL;
737 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime, 737 crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,
738 &confirmRequired, &resultSet); 738 &confirmRequired, &resultSet);
739 ScopedEncodedCertResults scopedResults(resultSet); 739 ScopedEncodedCertResults scopedResults(resultSet);
740 crypto::CSSMFree(refId.Data); 740 crypto::CSSMFree(refId.Data);
741 if (crtn) { 741 if (crtn) {
742 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn; 742 DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn;
743 return NULL; 743 return NULL;
744 } 744 }
745 745
746 if (confirmRequired) { 746 if (confirmRequired) {
(...skipping 683 matching lines...) Expand 10 before | Expand all | Expand 10 after
1430 Pickle* pickle) { 1430 Pickle* pickle) {
1431 CSSM_DATA cert_data; 1431 CSSM_DATA cert_data;
1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data); 1432 OSStatus status = SecCertificateGetData(cert_handle, &cert_data);
1433 if (status) 1433 if (status)
1434 return false; 1434 return false;
1435 1435
1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data), 1436 return pickle->WriteData(reinterpret_cast<char*>(cert_data.Data),
1437 cert_data.Length); 1437 cert_data.Length);
1438 } 1438 }
1439 1439
1440 // static
1441 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
1442 size_t* size_bits,
1443 PublicKeyType* type) {
1444 SecKeyRef key;
1445 OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key);
1446 if (status) {
1447 CFRelease(key);
1448 NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status;
1449 return;
1450 }
1451
1452 CSSM_KEY* cssm_key;
1453 status = SecKeyGetCSSMKey(key, &cssm_key);
1454 if (status) {
1455 CFRelease(key);
1456 NOTREACHED() << "SecKeyGetCSSMKey failed: " << status;
1457 return;
1458 }
1459
1460 *size_bits = cssm_key->Header.LogicalKeySizeInBits;
1461
1462 switch (cssm_key->KeyHeader.AlgorithmId) {
1463 case CSSM_ALGID_RSA:
1464 *type = kPublicKeyTypeRSA;
1465 break;
1466 case CSSM_ALGID_DSA:
1467 *type = kPublicKeyTypeDSA;
1468 break;
1469 case CSSM_ALGID_ECDSA:
1470 *type = kPublicKeyTypeECDSA;
1471 break;
1472 case CSSM_ALGID_DH:
1473 *type = kPublicKeyTypeDH;
1474 break;
1475 default:
1476 *type = kPublicKeyTypeUnknown;
1477 }
1478
1479 CFRelease(key);
1480 }
1481
1440 } // namespace net 1482 } // namespace net
OLDNEW
« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_nss.cc » ('j') | net/base/x509_certificate_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698