net/base/x509_certificate_win.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.	7 #define PRArenaPool PLArenaPool // Required by <blapi.h>.

8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.	8 #include <blapi.h> // Implement CalculateChainFingerprint() with NSS.

9	9

10 #include "base/lazy_instance.h"	10 #include "base/lazy_instance.h"

(...skipping 1153 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1164 // private key.	1164 // private key.

1165 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],	1165 if (!CertSerializeCertificateStoreElement(cert_handle, 0, &buffer[0],

1166 &length)) {	1166 &length)) {

1167 return false;	1167 return false;

1168 }	1168 }

1169	1169

1170 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),	1170 return pickle->WriteData(reinterpret_cast<const char*>(&buffer[0]),

1171 length);	1171 length);

1172 }	1172 }

1173	1173

	1174 // static

	1175 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

	1176 size_t* size_bits,

	1177 PublicKeyType* type) {

	1178 PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(

	1179 CRYPT_OID_INFO_OID_KEY,

	1180 cert_handle->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,

	1181 CRYPT_PUBKEY_ALG_OID_GROUP_ID);

	1182 PCHECK(oid_info);

	1183 CHECK(oid_info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID);

	1184

	1185 *size_bits = CertGetPublicKeyLength(

	1186 X509_ASN_ENCODING \| PKCS_7_ASN_ENCODING,

	1187 &cert_handle->pCertInfo->SubjectPublicKeyInfo);

	1188

	1189 switch (oid_info->Algid) {

	1190 case CALG_RSA_SIGN:

	1191 case CALG_RSA_KEYX:

	1192 *type = kPublicKeyTypeRSA;

	1193 break;

	1194 case CALG_DSS_SIGN:

	1195 *type = kPublicKeyTypeDSA;

	1196 break;

	1197 case CALG_ECDSA:

	1198 *type = kPublicKeyTypeECDSA;

	1199 break;

	1200 case CALG_ECDH:

	1201 *type = kPublicKeyTypeECDH;

	1202 break;

	1203 default:

	1204 *type = kPublicKeyTypeUnknown;

	1205 *size_bits = 0;

	1206 break;

	1207 }

	1208 }

	1209

1174 } // namespace net	1210 } // namespace net

OLD	NEW