net/cert/x509_certificate_win.cc - Issue 1988993002: Check self-signed certificate names and signatures

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate_win.cc

Issue 1988993002: Check self-signed certificate names and signatures (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: More Windows bugfixes Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate_win.cc

diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc

index 7d8e531b1bd839e59727984690ce248ad2eb5c70..5fa6f477ff64b680ac3b897f4de932a9f5071f71 100644

--- a/net/cert/x509_certificate_win.cc

+++ b/net/cert/x509_certificate_win.cc

@@ -464,15 +464,36 @@ bool X509Certificate::IsIssuedByEncoded(

// static

bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {

- return !!CryptVerifyCertificateSignatureEx(

- NULL,

- X509_ASN_ENCODING,

- CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,

+ bool valid_signature = !!CryptVerifyCertificateSignatureEx(

+ NULL, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,

reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),

CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,

- reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),

- 0,

- NULL);

+ reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL);

+ if (!valid_signature) {

+ return false;

+ }

+ DWORD subject_size =

svaldez 2016/05/20 17:54:52 Don't know whether its worth it, though it might b

dadrian 2016/05/20 19:01:21 The CertPrincipal::Matches() function is explicitl

+ CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,

+ CERT_X500_NAME_STR, NULL, 0);

+ DWORD issuer_size =

+ CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,

+ CERT_X500_NAME_STR, NULL, 0);

+ if (subject_size < 1 || issuer_size < 1) {

+ return false;

+ }

+ std::unique_ptr<WCHAR[]> subject(new WCHAR[subject_size]);

+ std::unique_ptr<WCHAR[]> issuer(new WCHAR[issuer_size]);

+ DWORD subject_written =

+ CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,

+ CERT_X500_NAME_STR, subject.get(), subject_size);

+ DWORD issuer_written =

+ CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,

+ CERT_X500_NAME_STR, issuer.get(), issuer_size);

+ if (subject_written != issuer_written) {

+ return false;

+ }

+ return memcmp(subject.get(), issuer.get(), subject_written * sizeof(WCHAR)) ==

+ 0;

}

} // namespace net

« net/cert/x509_certificate_openssl.cc ('K') | « net/cert/x509_certificate_unittest.cc ('k') | net/data/ssl/certificates/README » ('j') | net/data/ssl/scripts/ee.cnf » ('J')