Refuse to accept certificate chains containing any RSA public key smaller

net/base/x509_certificate.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <map>
@@ skipping 206 matching lines @@
       CERT_STORE_ADD_USE_EXISTING, &cert_handle);
   return ok ? cert_handle : NULL;
 }
 #else
 X509Certificate::OSCertHandle CreateOSCert(base::StringPiece der_cert) {
   return X509Certificate::CreateOSCertHandleFromBytes(
       const_cast<char*>(der_cert.data()), der_cert.size());
 }
 #endif
 
+// Returns true if |type| is |kPublicKeyTypeRSA| or |kPublicKeyTypeDSA|, and
+// if |size_bits| is < 1024. Note that this means there may be false
+// negatives: keys for other algorithms and which are weak will pass this
+// test.
+bool IsWeakKey(X509Certificate::PublicKeyType type, size_t size_bits) {
+  switch (type) {
+    case X509Certificate::kPublicKeyTypeRSA:
+    case X509Certificate::kPublicKeyTypeDSA:
+      return size_bits < 1024;
+    default:
+      return false;
+  }
+}
+
 }  // namespace
 
 bool X509Certificate::LessThan::operator()(X509Certificate* lhs,
                                            X509Certificate* rhs) const {
   if (lhs == rhs)
     return false;
 
   int rv = memcmp(lhs->fingerprint_.data, rhs->fingerprint_.data,
                   sizeof(lhs->fingerprint_.data));
   if (rv != 0)
@@ skipping 353 matching lines @@
 
   int rv = VerifyInternal(hostname, flags, crl_set, verify_result);
 
   // This check is done after VerifyInternal so that VerifyInternal can fill in
   // the list of public key hashes.
   if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {
     verify_result->cert_status |= CERT_STATUS_REVOKED;
     rv = MapCertStatusToNetError(verify_result->cert_status);
   }
 
+  // Check for weak keys in the entire verified chain.
+  size_t size_bits = 0;
+  PublicKeyType type = kPublicKeyTypeUnknown;
+  bool weak_key = false;
+
+  GetPublicKeyInfo(verify_result->verified_cert->os_cert_handle(), &size_bits,
+                   &type);
+  if (IsWeakKey(type, size_bits)) {
+    weak_key = true;
+  } else {
+    const OSCertHandles& intermediates =
+        verify_result->verified_cert->GetIntermediateCertificates();
+    for (OSCertHandles::const_iterator i = intermediates.begin();
+         i != intermediates.end(); ++i) {
+      GetPublicKeyInfo(*i, &size_bits, &type);
+      if (IsWeakKey(type, size_bits))
+        weak_key = true;
+    }
+  }
+
+  if (weak_key) {
+    verify_result->cert_status |= CERT_STATUS_WEAK_KEY;
+    return MapCertStatusToNetError(verify_result->cert_status);
+  }
+
   // Treat certificates signed using broken signature algorithms as invalid.
   if (verify_result->has_md2 || verify_result->has_md4) {
     verify_result->cert_status |= CERT_STATUS_INVALID;
     rv = MapCertStatusToNetError(verify_result->cert_status);
   }
 
   // Flag certificates using weak signature algorithms.
   if (verify_result->has_md5) {
     verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM;
     // Avoid replacing a more serious error, such as an OS/library failure,
@@ skipping 204 matching lines @@
 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash,
                                               const uint8* array,
                                               size_t array_byte_len) {
   DCHECK_EQ(0u, array_byte_len % base::kSHA1Length);
   const size_t arraylen = array_byte_len / base::kSHA1Length;
   return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length,
                          CompareSHA1Hashes);
 }
 
 }  // namespace net