content/child/webcrypto/platform_crypto_nss.cc - Issue 329673002: [webcrypto] Restrict public exponent for RSA key generation to 3 or 65537.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/child/webcrypto/platform_crypto_nss.cc

Issue 329673002: [webcrypto] Restrict public exponent for RSA key generation to 3 or 65537. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/child/webcrypto/platform_crypto.h ('k') | content/child/webcrypto/platform_crypto_openssl.cc » ('j') | content/child/webcrypto/shared_crypto.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/child/webcrypto/platform_crypto_nss.cc

diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc

index dab8582753cf2329dedec349bba9e40e92c160f3..7c3c10b91dcdde04c58b13f9bdc1f00f06214ad9 100644

--- a/content/child/webcrypto/platform_crypto_nss.cc

+++ b/content/child/webcrypto/platform_crypto_nss.cc

@@ -531,28 +531,6 @@ CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism(

}

-// Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,

-// to unsigned long.

-bool BigIntegerToLong(const uint8* data,

- unsigned int data_size,

- unsigned long* result) {

- // TODO(padolph): Is it correct to say that empty data is an error, or does it

- // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655

- if (data_size == 0)

- return false;

- *result = 0;

- for (size_t i = 0; i < data_size; ++i) {

- size_t reverse_i = data_size - i - 1;

- if (reverse_i >= sizeof(unsigned long) && data[i])

- return false; // Too large for a long.

- *result |= data[i] << 8 * reverse_i;

- }

- return true;

bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,

SECKEYPublicKey* key,

blink::WebCryptoKeyAlgorithm* key_algorithm) {

@@ -1443,7 +1421,7 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,

blink::WebCryptoKeyUsageMask public_key_usage_mask,

blink::WebCryptoKeyUsageMask private_key_usage_mask,

unsigned int modulus_length_bits,

- const CryptoData& public_exponent,

+ unsigned long public_exponent,

blink::WebCryptoKey* public_key,

blink::WebCryptoKey* private_key) {

if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&

@@ -1455,17 +1433,9 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,

if (!slot)

return Status::OperationError();

- unsigned long public_exponent_long;

- if (!BigIntegerToLong(public_exponent.bytes(),

- public_exponent.byte_length(),

- &public_exponent_long) ||

- !public_exponent_long) {

- return Status::ErrorGenerateKeyPublicExponent();

- }

PK11RSAGenParams rsa_gen_params;

rsa_gen_params.keySizeInBits = modulus_length_bits;

- rsa_gen_params.pe = public_exponent_long;

+ rsa_gen_params.pe = public_exponent;

// Flags are verified at the Blink layer; here the flags are set to all

// possible operations for the given key type.