net/base/cert_verify_proc_unittest.cc - Issue 10883012: net: don't crash when processing a certificate with an unknown public key.

Side by Side Diff: net/base/cert_verify_proc_unittest.cc

Issue 10883012: net: don't crash when processing a certificate with an unknown public key. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: g try Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_verify_proc.h"	5 #include "net/base/cert_verify_proc.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/file_path.h"	9 #include "base/file_path.h"

10 #include "base/string_number_conversions.h"	10 #include "base/string_number_conversions.h"

(...skipping 205 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
216 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED \|	216 int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED \|

217 CertVerifier::VERIFY_EV_CERT;	217 CertVerifier::VERIFY_EV_CERT;

218 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL,	218 int error = Verify(cert_chain, "2029.globalsign.com", flags, NULL,

219 &verify_result);	219 &verify_result);

220 if (error == OK)	220 if (error == OK)

221 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);	221 EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV);

222 else	222 else

223 EXPECT_EQ(ERR_CERT_DATE_INVALID, error);	223 EXPECT_EQ(ERR_CERT_DATE_INVALID, error);

224 }	224 }

225	225

	226 TEST_F(CertVerifyProcTest, ECDSA_RSA) {

	227 FilePath certs_dir = GetTestCertsDirectory();

	228

	229 scoped_refptr<X509Certificate> cert =

	230 ImportCertFromFile(certs_dir, "ecdsa_rsa_test.pem");

	231

	232 CertVerifyResult verify_result;

	233 Verify(cert, "test2.imperialviolet.org", 0, NULL, &verify_result);
	Ryan Sleevi 2012/08/23 20:48:59 You should be able to use one of the existing auto You should be able to use one of the existing auto-generated ECDSA certs - eg: 2048-rsa-ee-by-prime256v1-ecdsa We disable these checks on Win XP (line 272 below), but you can still re-use the data files. agl 2012/08/24 13:46:17 Thanks for pointing them out. Done. Show quoted text On 2012/08/23 20:48:59, Ryan Sleevi wrote: > You should be able to use one of the existing auto-generated ECDSA certs - eg: > 2048-rsa-ee-by-prime256v1-ecdsa Thanks for pointing them out. Done.
	234

	235 // We don't check verify_result because the certificate is signed by an

	236 // unknown CA and will be considered invalid on XP because of the ECDSA

	237 // public key. However, this test ensures that we don't crash (see

	238 // crbug.com/144466).
	Ryan Sleevi 2012/08/23 20:48:59 Per the rest of the file, move the description of Per the rest of the file, move the description of the test to right before the TEST_F line (line 225) agl 2012/08/24 13:46:17 Done. Show quoted text On 2012/08/23 20:48:59, Ryan Sleevi wrote: > Per the rest of the file, move the description of the test to right before the > TEST_F line (line 225) Done.
	239 }

	240

226 // Currently, only RSA and DSA keys are checked for weakness, and our example	241 // Currently, only RSA and DSA keys are checked for weakness, and our example

227 // weak size is 768. These could change in the future.	242 // weak size is 768. These could change in the future.

228 //	243 //

229 // Note that this means there may be false negatives: keys for other	244 // Note that this means there may be false negatives: keys for other

230 // algorithms and which are weak will pass this test.	245 // algorithms and which are weak will pass this test.

231 static bool IsWeakKeyType(const std::string& key_type) {	246 static bool IsWeakKeyType(const std::string& key_type) {

232 size_t pos = key_type.find("-");	247 size_t pos = key_type.find("-");

233 std::string size = key_type.substr(0, pos);	248 std::string size = key_type.substr(0, pos);

234 std::string type = key_type.substr(pos + 1);	249 std::string type = key_type.substr(pos + 1);

235	250

(...skipping 729 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
965 #define MAYBE_VerifyMixed DISABLED_VerifyMixed	980 #define MAYBE_VerifyMixed DISABLED_VerifyMixed

966 #else	981 #else

967 #define MAYBE_VerifyMixed VerifyMixed	982 #define MAYBE_VerifyMixed VerifyMixed

968 #endif	983 #endif

969 WRAPPED_INSTANTIATE_TEST_CASE_P(	984 WRAPPED_INSTANTIATE_TEST_CASE_P(

970 MAYBE_VerifyMixed,	985 MAYBE_VerifyMixed,

971 CertVerifyProcWeakDigestTest,	986 CertVerifyProcWeakDigestTest,

972 testing::ValuesIn(kVerifyMixedTestData));	987 testing::ValuesIn(kVerifyMixedTestData));

973	988

974 } // namespace net	989 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/base/x509_certificate_openssl.cc » ('j') | net/base/x509_certificate_win.cc » ('J')