Chromium Code Reviews Chromium Code Reviews
Issue 8368015:
Record when certificates signed with md[2,4,5] are encountered when using OpenSSL (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
| 9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| (...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 468 X509* verified_cert = NULL; | 468 X509* verified_cert = NULL; |
| 469 std::vector<X509*> verified_chain; | 469 std::vector<X509*> verified_chain; |
| 470 for (int i = 0; i < sk_X509_num(chain); ++i) { | 470 for (int i = 0; i < sk_X509_num(chain); ++i) { |
| 471 X509* cert = sk_X509_value(chain, i); | 471 X509* cert = sk_X509_value(chain, i); |
| 472 if (i == 0) { | 472 if (i == 0) { |
| 473 verified_cert = cert; | 473 verified_cert = cert; |
| 474 } else { | 474 } else { |
| 475 verified_chain.push_back(cert); | 475 verified_chain.push_back(cert); |
| 476 } | 476 } |
| 477 | 477 |
| 478 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); | |
| 479 if (sig_alg == NID_md2WithRSAEncryption) { | |
| 480 verify_result->has_md2 = true; | |
| 481 if (i != 0) | |
| 482 verify_result->has_md2_ca = true; | |
| 483 } else if (sig_alg == NID_md4WithRSAEncryption) { | |
| 484 verify_result->has_md4 = true; | |
|
palmer
2011/10/25 19:44:48
Even if we never expect to see it, perhaps we shou
wtc
2011/10/25 20:37:31
Thank you for the suggestion. I should explain wh
| |
| 485 } else if (sig_alg == NID_md5WithRSAEncryption) { | |
| 486 verify_result->has_md5 = true; | |
| 487 if (i != 0) | |
| 488 verify_result->has_md5_ca = true; | |
| 489 } | |
| 490 | |
| 478 DERCache der_cache; | 491 DERCache der_cache; |
| 479 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) | 492 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) |
| 480 continue; | 493 continue; |
| 481 | 494 |
| 482 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), | 495 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), |
| 483 der_cache.data_length); | 496 der_cache.data_length); |
| 484 base::StringPiece spki_bytes; | 497 base::StringPiece spki_bytes; |
| 485 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) | 498 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) |
| 486 continue; | 499 continue; |
| 487 | 500 |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 553 DERCache der_cache; | 566 DERCache der_cache; |
| 554 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) | 567 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) |
| 555 return false; | 568 return false; |
| 556 | 569 |
| 557 return pickle->WriteData( | 570 return pickle->WriteData( |
| 558 reinterpret_cast<const char*>(der_cache.data), | 571 reinterpret_cast<const char*>(der_cache.data), |
| 559 der_cache.data_length); | 572 der_cache.data_length); |
| 560 } | 573 } |
| 561 | 574 |
| 562 } // namespace net | 575 } // namespace net |
| OLD | NEW |
