diff options
author | Cykesiopka <cykesiopka.bmo@gmail.com> | 2015-01-21 17:20:16 -0800 |
---|---|---|
committer | Cykesiopka <cykesiopka.bmo@gmail.com> | 2015-01-21 17:20:16 -0800 |
commit | ed8375380651de9c1dc08753f2afd2dc9811f67c (patch) | |
tree | 6f57afbf49731fda1d8e40ec1a467be6ff3ee235 /lib/mozpkix/lib/pkixnss.cpp | |
parent | 614b15e0dfd60638a83006c7a9a4a4d0d9a30169 (diff) | |
download | nss-hg-ed8375380651de9c1dc08753f2afd2dc9811f67c.tar.gz |
Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith
Diffstat (limited to 'lib/mozpkix/lib/pkixnss.cpp')
-rw-r--r-- | lib/mozpkix/lib/pkixnss.cpp | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/lib/mozpkix/lib/pkixnss.cpp b/lib/mozpkix/lib/pkixnss.cpp index a3e355334..0e407ce4c 100644 --- a/lib/mozpkix/lib/pkixnss.cpp +++ b/lib/mozpkix/lib/pkixnss.cpp @@ -32,6 +32,7 @@ #include "pk11pub.h" #include "pkix/pkix.h" #include "pkix/ScopedPtr.h" +#include "pkixder.h" #include "secerr.h" #include "sslerr.h" @@ -57,8 +58,41 @@ CheckPublicKeySize(Input subjectPublicKeyInfo, unsigned int minimumNonECCBits, switch (publicKey.get()->keyType) { case ecKey: - // TODO(bug 1077790): We should check which curve. + { + SECKEYECParams* encodedParams = &publicKey.get()->u.ec.DEREncodedParams; + if (!encodedParams) { + return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + } + + Input input; + Result rv = input.Init(encodedParams->data, encodedParams->len); + if (rv != Success) { + return rv; + } + + Reader reader(input); + NamedCurve namedCurve; + rv = der::NamedCurveOID(reader, namedCurve); + if (rv != Success) { + return rv; + } + + rv = der::End(reader); + if (rv != Success) { + return rv; + } + + switch (namedCurve) { + case NamedCurve::secp256r1: // fall through + case NamedCurve::secp384r1: // fall through + case NamedCurve::secp521r1: + break; + default: + return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + } + return Success; + } case rsaKey: if (SECKEY_PublicKeyStrengthInBits(publicKey.get()) < minimumNonECCBits) { return Result::ERROR_INADEQUATE_KEY_SIZE; |