Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1529)

Unified Diff: crypto/rsa_private_key_nss.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cc/trees/single_thread_proxy.cc ('k') | crypto/rsa_private_key_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/rsa_private_key_nss.cc
diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc
index 0065875005d8d87699cdc5270a1e457ee10f2b60..c51e308419d5b0b831bdf40fa1f9612980b7b820 100644
--- a/crypto/rsa_private_key_nss.cc
+++ b/crypto/rsa_private_key_nss.cc
@@ -278,29 +278,37 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ NOTREACHED();
+ return NULL;
+ }
+
+ // Excess data is illegal, but NSS silently accepts it, so first ensure that
+ // |input| consists of a single ASN.1 element.
+ SECItem input_item;
+ input_item.data = const_cast<unsigned char*>(&input.front());
+ input_item.len = input.size();
SECItem der_private_key_info;
- der_private_key_info.data = const_cast<unsigned char*>(&input.front());
- der_private_key_info.len = input.size();
+ SECStatus rv = SEC_QuickDERDecodeItem(arena.get(), &der_private_key_info,
+ SEC_ASN1_GET(SEC_AnyTemplate),
+ &input_item);
+ if (rv != SECSuccess)
+ return NULL;
+
// Allow the private key to be used for key unwrapping, data decryption,
// and signature generation.
const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT |
KU_DIGITAL_SIGNATURE;
- // TODO(davidben): PK11_ImportDERPrivateKeyInfoAndReturnKey calls NSS's
- // SEC_ASN1DecodeItem which does not enforce that there is no trailing
- // data.
- SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
slot, &der_private_key_info, NULL, NULL, permanent, sensitive,
key_usage, &result->key_, NULL);
- if (rv != SECSuccess) {
- NOTREACHED();
+ if (rv != SECSuccess)
return NULL;
- }
result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
- if (!result->public_key_) {
- NOTREACHED();
+ if (!result->public_key_)
return NULL;
- }
return result.release();
}
« no previous file with comments | « cc/trees/single_thread_proxy.cc ('k') | crypto/rsa_private_key_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698