Do not treat weak keys (<1024 bits || MD5) as fatal errors

Do not treat weak keys (<1024 bits || MD5) as fatal errors

A pending system update from Microsoft, detailed at
http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
will change the behaviour of CertGetCertificateChain such that it will
appropriately flag weak keys in the CERT_TRUST_STATUS.dwError field.

To avoid mapping this to CERT_STATUS_INVALID, handle the new error code and
map it to CERT_STATUS_WEAK_KEY.

BUG=none
TEST=net_unittests continue passing on Win when this change is released.


Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=142008

[Ryan Sleevi, 2012-06-13 21:08:36]

agl: PTAL, since you clued me in to it.

Trying to avoid a situation like OS X where we had a period of bustage.

[agl, 2012-06-13 21:15:12]

LGTM

http://codereview.chromium.org/10537153/diff/1/net/base/cert_verify_proc_win.cc
File net/base/cert_verify_proc_win.cc (right):

http://codereview.chromium.org/10537153/diff/1/net/base/cert_verify_proc_win....
net/base/cert_verify_proc_win.cc:150: // Check for a 'non-strong-signed'
signature. Depending on OS
You have 'non-strong-signed' in quotes, so maybe it's taken from somewhere else.
But it doesn't make a lot of sense to me :)

[Ryan Sleevi, 2012-06-13 21:22:37]

http://codereview.chromium.org/10537153/diff/1/net/base/cert_verify_proc_win.cc
File net/base/cert_verify_proc_win.cc (right):

http://codereview.chromium.org/10537153/diff/1/net/base/cert_verify_proc_win....
net/base/cert_verify_proc_win.cc:150: // Check for a 'non-strong-signed'
signature. Depending on OS
On 2012/06/13 21:15:13, agl wrote:
> You have 'non-strong-signed' in quotes, so maybe it's taken from somewhere
else.
> But it doesn't make a lot of sense to me :)

Yeah, MSFT document. They don't call it a 'weak' signature, they call the
assertions 'strong' signatures (
http://msdn.microsoft.com/en-us/library/windows/desktop/hh870262(v=vs.85).aspx )

All signatures we consider weak, Microsoft considers to not be strong signed.
However, signatures that we may consider acceptable (eg: non-weak) Microsoft
considers not to be strong signed. eg: SHA-1, RSA < 2048.

I've tweaked the wording a little to reflect this.

[commit-bot: I haz the power, 2012-06-13 21:23:14]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/rsleevi@chromium.org/10537153/4

[commit-bot: I haz the power, 2012-06-13 22:43:50]

Change committed as 142008

[wtc, 2012-06-14 00:33:16]

Patch set 2 LGTM.

http://codereview.chromium.org/10537153/diff/4/net/base/cert_verify_proc_win.cc
File net/base/cert_verify_proc_win.cc (right):

http://codereview.chromium.org/10537153/diff/4/net/base/cert_verify_proc_win....
net/base/cert_verify_proc_win.cc:154: // excluding RSA keys < 2048 bits.
However, if the user has configured

This comment is a little confusing because it's not clear
whether "such as excluding SHA-1 ..." is modifying
"These checks" or "the current weak key criteria implemented
within CertVerifier".

In my first reading I thought it was talking about our current
weak key criteria.

http://codereview.chromium.org/10537153/diff/4/net/base/cert_verify_proc_win....
net/base/cert_verify_proc_win.cc:158: cert_status |= CERT_STATUS_WEAK_KEY;

Could also be CERT_STATUS_WEAK_SIGNATURE_ALGORITHM...
Not sure which is the better cert status bit to set here.