Index: content/child/webcrypto/nss/rsa_key_nss.cc |
diff --git a/content/child/webcrypto/nss/rsa_key_nss.cc b/content/child/webcrypto/nss/rsa_key_nss.cc |
index 7a35593c18bdd75b2bfd5d7cd6e29704aa5f069b..7aa31f7a8ecd7c800587781e1cacfa0a9a802c34 100644 |
--- a/content/child/webcrypto/nss/rsa_key_nss.cc |
+++ b/content/child/webcrypto/nss/rsa_key_nss.cc |
@@ -588,17 +588,22 @@ Status RsaHashedAlgorithm::GenerateKey( |
Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey( |
blink::WebCryptoKeyFormat format, |
blink::WebCryptoKeyUsageMask usages) const { |
+ bool checkEmptyKeyUsage = true; |
switch (format) { |
case blink::WebCryptoKeyFormatSpki: |
- return CheckKeyCreationUsages(all_public_key_usages_, usages); |
+ return CheckKeyCreationUsages(all_public_key_usages_, usages, |
+ checkEmptyKeyUsage); |
eroman
2014/12/09 17:42:55
This is incorrect.
I am losing confidence in your
|
case blink::WebCryptoKeyFormatPkcs8: |
- return CheckKeyCreationUsages(all_private_key_usages_, usages); |
+ return CheckKeyCreationUsages(all_private_key_usages_, usages, |
+ checkEmptyKeyUsage); |
case blink::WebCryptoKeyFormatJwk: |
// The JWK could represent either a public key or private key. The usages |
// must make sense for one of the two. The usages will be checked again by |
// ImportKeyJwk() once the key type has been determined. |
- if (CheckKeyCreationUsages(all_private_key_usages_, usages).IsSuccess() || |
- CheckKeyCreationUsages(all_public_key_usages_, usages).IsSuccess()) { |
+ if (CheckKeyCreationUsages(all_private_key_usages_, usages, |
+ checkEmptyKeyUsages).IsSuccess() || |
eroman
2014/12/09 17:42:55
Incorrect for the same reason as above.
|
+ CheckKeyCreationUsages(all_public_key_usages_, usages, |
+ checkEmptyKeyUsages).IsSuccess()) { |
return Status::Success(); |
} |
return Status::ErrorCreateKeyBadUsages(); |