Bug 945349 - CertVerifier should check early for bad usages. r=briansmith
authorCamilo Viecco <cviecco@mozilla.com>
Fri, 06 Dec 2013 13:42:44 -0800
changeset 174985 5fda7fbcc45b718b312486ea948e3faa0a70c90d
parent 174984 6cc28fece8bfb6595c022ba995f92fc543b8d924
child 174986 9d2035e2155bc7bb67ca608709f541261e19b04d
push id445
push userffxbld
push dateMon, 10 Mar 2014 22:05:19 +0000
treeherdermozilla-release@dc38b741b04e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbriansmith
bugs945349
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 945349 - CertVerifier should check early for bad usages. r=briansmith
security/manager/ssl/src/CertVerifier.cpp
security/manager/ssl/src/CertVerifier.h
--- a/security/manager/ssl/src/CertVerifier.cpp
+++ b/security/manager/ssl/src/CertVerifier.cpp
@@ -133,16 +133,31 @@ CertVerifier::VerifyCert(CERTCertificate
   }
   if (validationChain) {
     *validationChain = nullptr;
   }
   if (evOidPolicy) {
     *evOidPolicy = SEC_OID_UNKNOWN;
   }
 
+  switch(usage){
+    case certificateUsageSSLClient:
+    case certificateUsageSSLServer:
+    case certificateUsageSSLCA:
+    case certificateUsageEmailSigner:
+    case certificateUsageEmailRecipient:
+    case certificateUsageObjectSigner:
+    case certificateUsageStatusResponder:
+      break;
+    default:
+      NS_WARNING("Calling VerifyCert with invalid usage");
+      PORT_SetError(SEC_ERROR_INVALID_ARGS);
+      return SECFailure;
+  }
+
   ScopedCERTCertList trustAnchors;
   SECStatus rv;
   SECOidTag evPolicy = SEC_OID_UNKNOWN;
 
 #ifdef NSS_NO_LIBPKIX
   return ClassicVerifyCert(cert, usage, time, pinArg, validationChain,
                            verifyLog);
 #else
--- a/security/manager/ssl/src/CertVerifier.h
+++ b/security/manager/ssl/src/CertVerifier.h
@@ -20,16 +20,17 @@ class CertVerifier
 public:
   NS_INLINE_DECL_THREADSAFE_REFCOUNTING(CertVerifier)
 
   typedef unsigned int Flags;
   static const Flags FLAG_LOCAL_ONLY;
   // XXX: The localonly flag is ignored in the classic verification case
 
   // *evOidPolicy == SEC_OID_UNKNOWN means the cert is NOT EV
+  // Only one usage per verification is supported.
   SECStatus VerifyCert(CERTCertificate * cert,
                        const SECCertificateUsage usage,
                        const PRTime time,
                        nsIInterfaceRequestor * pinArg,
                        const Flags flags = 0,
                        /*optional out*/ CERTCertList **validationChain = nullptr,
                        /*optional out*/ SECOidTag *evOidPolicy = nullptr ,
                        /*optional out*/ CERTVerifyLog *verifyLog = nullptr);