Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/rsa_private_key_nss.cc

Issue 713523004: Don't allow trailing data when creating an RSAPrivateKey. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@nss-bah
Patch Set: rebase Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | crypto/rsa_private_key_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/rsa_private_key.h" 5 #include "crypto/rsa_private_key.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <secmod.h> 10 #include <secmod.h>
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after
271 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( 271 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
272 PK11SlotInfo* slot, 272 PK11SlotInfo* slot,
273 const std::vector<uint8>& input, 273 const std::vector<uint8>& input,
274 bool permanent, 274 bool permanent,
275 bool sensitive) { 275 bool sensitive) {
276 if (!slot) 276 if (!slot)
277 return NULL; 277 return NULL;
278 278
279 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); 279 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
280 280
281 SECItem der_private_key_info; 281 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
282 der_private_key_info.data = const_cast<unsigned char*>(&input.front()); 282 if (!arena) {
283 der_private_key_info.len = input.size(); 283 NOTREACHED();
284 return NULL;
285 }
286
287 // Excess data is illegal, but NSS silently accepts it, so first ensure that
288 // |input| consists of a single ASN.1 element.
289 SECItem input_item, der_private_key_info;
Ryan Sleevi 2014/11/22 01:13:57 nit: I tend to prefer we don't use this style in /
davidben 2014/11/24 20:23:59 Done.
290 input_item.data = const_cast<unsigned char*>(&input.front());
291 input_item.len = input.size();
292 SECStatus rv = SEC_QuickDERDecodeItem(arena.get(), &der_private_key_info,
293 SEC_ASN1_GET(SEC_AnyTemplate),
294 &input_item);
295 if (rv != SECSuccess)
296 return NULL;
297
284 // Allow the private key to be used for key unwrapping, data decryption, 298 // Allow the private key to be used for key unwrapping, data decryption,
285 // and signature generation. 299 // and signature generation.
286 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | 300 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT |
287 KU_DIGITAL_SIGNATURE; 301 KU_DIGITAL_SIGNATURE;
288 // TODO(davidben): PK11_ImportDERPrivateKeyInfoAndReturnKey calls NSS's 302 rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
289 // SEC_ASN1DecodeItem which does not enforce that there is no trailing
290 // data.
291 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
292 slot, &der_private_key_info, NULL, NULL, permanent, sensitive, 303 slot, &der_private_key_info, NULL, NULL, permanent, sensitive,
293 key_usage, &result->key_, NULL); 304 key_usage, &result->key_, NULL);
294 if (rv != SECSuccess) { 305 if (rv != SECSuccess)
295 NOTREACHED();
296 return NULL; 306 return NULL;
297 }
298 307
299 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_); 308 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
300 if (!result->public_key_) { 309 if (!result->public_key_)
301 NOTREACHED();
302 return NULL; 310 return NULL;
303 }
304 311
305 return result.release(); 312 return result.release();
306 } 313 }
307 314
308 #if defined(USE_NSS) 315 #if defined(USE_NSS)
309 // static 316 // static
310 RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) { 317 RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) {
311 EnsureNSSInit(); 318 EnsureNSSInit();
312 319
313 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey()); 320 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
314 result->public_key_ = GetRSAPublicKey(input).release(); 321 result->public_key_ = GetRSAPublicKey(input).release();
315 if (!result->public_key_) { 322 if (!result->public_key_) {
316 NOTREACHED(); 323 NOTREACHED();
317 return NULL; 324 return NULL;
318 } 325 }
319 326
320 return result.release(); 327 return result.release();
321 } 328 }
322 #endif // defined(USE_NSS) 329 #endif // defined(USE_NSS)
323 330
324 } // namespace crypto 331 } // namespace crypto
OLDNEW
« no previous file with comments | « no previous file | crypto/rsa_private_key_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698