net/base/x509_certificate_win.cc - Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_win.cc

Issue 8568040: Refuse to accept certificate chains containing any RSA public key smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_win.cc

===================================================================

--- net/base/x509_certificate_win.cc (revision 110129)

+++ net/base/x509_certificate_win.cc (working copy)

@@ -1153,4 +1153,35 @@

length);

}

+//static

+void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,

+ size_t* size_bits,

+ PublicKeyType* type) {

+ *size_bits = CertGetPublicKeyLength(

+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,

+ cert_handle->pCertInfo->SubjectPublicKeyInfo);

+ PCCRYPT_OID_INFO oid_info = CryptFindOIDInfo(

+ CRYPT_OID_INFO_OID_KEY,

+ cert_handle->pCertInfo->SubjectPublicKeyInfo->Algorithm->pszObjId,

+ CRYPT_SIGN_ALG_OID_GROUP_ID);

+ CHECK(CRYPT_OID_INFO.dwGroupId == CRYPT_SIGN_ALG_OID_GROUP_ID);

Ryan Sleevi 2011/11/16 03:46:11 nit: oid_info->dwGroupId (and the next two lines)

+ CHECK(CRYPT_OID_INFO.ExtraInfo.cbData >= sizeof(DWORD));

+ DWORD id = *reinterpret_cast<DWORD*>(CRYPT_OID_INFO.ExtraInfo.pbData);

+ switch (id) {

+ case CALG_RSA_SIGN:

+ *type = PublicKeyType::RSA;

+ break;

+ case CALG_DSS_SIGN:

+ *type = PublicKeyType::DSA;

+ break;

+ case CALG_ECDSA:

+ *type = PublicKeyType::ECDSA;

+ break;

+ default:

+ *type = PublicKeyType::None;

+ }

} // namespace net

« net/base/x509_certificate_mac.cc ('K') | « net/base/x509_certificate_openssl.cc ('k') | no next file » | no next file with comments »