Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(479)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/parse_certificate.cc

Issue 2093223002: Allow Cast certificates to have serial numbers greater than 20 bytes, as well as non-minimal INTEGE… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2743
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/parse_certificate.h" 5 #include "net/cert/internal/parse_certificate.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "net/der/input.h" 9 #include "net/der/input.h"
10 #include "net/der/parse_values.h" 10 #include "net/der/parse_values.h"
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after
211 // validity Validity, 211 // validity Validity,
212 // subject Name, 212 // subject Name,
213 // subjectPublicKeyInfo SubjectPublicKeyInfo, 213 // subjectPublicKeyInfo SubjectPublicKeyInfo,
214 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 214 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
215 // -- If present, version MUST be v2 or v3 215 // -- If present, version MUST be v2 or v3
216 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 216 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
217 // -- If present, version MUST be v2 or v3 217 // -- If present, version MUST be v2 or v3
218 // extensions [3] EXPLICIT Extensions OPTIONAL 218 // extensions [3] EXPLICIT Extensions OPTIONAL
219 // -- If present, version MUST be v3 219 // -- If present, version MUST be v3
220 // } 220 // }
221 bool ParseTbsCertificate(const der::Input& tbs_tlv, ParsedTbsCertificate* out) { 221 bool ParseTbsCertificate(const der::Input& tbs_tlv,
222 const ParseCertificateOptions& options,
223 ParsedTbsCertificate* out) {
222 der::Parser parser(tbs_tlv); 224 der::Parser parser(tbs_tlv);
223 225
224 // Certificate ::= SEQUENCE { 226 // Certificate ::= SEQUENCE {
225 der::Parser tbs_parser; 227 der::Parser tbs_parser;
226 if (!parser.ReadSequence(&tbs_parser)) 228 if (!parser.ReadSequence(&tbs_parser))
227 return false; 229 return false;
228 230
229 // version [0] EXPLICIT Version DEFAULT v1, 231 // version [0] EXPLICIT Version DEFAULT v1,
230 der::Input version; 232 der::Input version;
231 bool has_version; 233 bool has_version;
232 if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &version, 234 if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), &version,
233 &has_version)) { 235 &has_version)) {
234 return false; 236 return false;
235 } 237 }
236 if (has_version) { 238 if (has_version) {
237 if (!ParseVersion(version, &out->version)) 239 if (!ParseVersion(version, &out->version))
238 return false; 240 return false;
239 if (out->version == CertificateVersion::V1) { 241 if (out->version == CertificateVersion::V1) {
240 // The correct way to specify v1 is to omit the version field since v1 is 242 // The correct way to specify v1 is to omit the version field since v1 is
241 // the DEFAULT. 243 // the DEFAULT.
242 return false; 244 return false;
243 } 245 }
244 } else { 246 } else {
245 out->version = CertificateVersion::V1; 247 out->version = CertificateVersion::V1;
246 } 248 }
247 249
248 // serialNumber CertificateSerialNumber, 250 // serialNumber CertificateSerialNumber,
249 if (!tbs_parser.ReadTag(der::kInteger, &out->serial_number)) 251 if (!tbs_parser.ReadTag(der::kInteger, &out->serial_number))
250 return false; 252 return false;
251 if (!VerifySerialNumber(out->serial_number)) 253 if (!options.allow_invalid_serial_numbers &&
254 !VerifySerialNumber(out->serial_number)) {
252 return false; 255 return false;
256 }
253 257
254 // signature AlgorithmIdentifier, 258 // signature AlgorithmIdentifier,
255 if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv)) 259 if (!ReadSequenceTLV(&tbs_parser, &out->signature_algorithm_tlv))
256 return false; 260 return false;
257 261
258 // issuer Name, 262 // issuer Name,
259 if (!ReadSequenceTLV(&tbs_parser, &out->issuer_tlv)) 263 if (!ReadSequenceTLV(&tbs_parser, &out->issuer_tlv))
260 return false; 264 return false;
261 265
262 // validity Validity, 266 // validity Validity,
(...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after
571 // 575 //
572 // When the keyUsage extension appears in a certificate, at least 576 // When the keyUsage extension appears in a certificate, at least
573 // one of the bits MUST be set to 1. 577 // one of the bits MUST be set to 1.
574 if (BitStringIsAllZeros(*key_usage)) 578 if (BitStringIsAllZeros(*key_usage))
575 return false; 579 return false;
576 580
577 return true; 581 return true;
578 } 582 }
579 583
580 } // namespace net 584 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_fuzzer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698