net/base/x509_certificate_unittest.cc - Issue 8374020: Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5

Side by Side Diff: net/base/x509_certificate_unittest.cc

Issue 8374020: Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Add extra check Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/file_path.h"	5 #include "base/file_path.h"

6 #include "base/file_util.h"	6 #include "base/file_util.h"

7 #include "base/path_service.h"	7 #include "base/path_service.h"

8 #include "base/pickle.h"	8 #include "base/pickle.h"

9 #include "base/sha1.h"	9 #include "base/sha1.h"

10 #include "base/string_number_conversions.h"	10 #include "base/string_number_conversions.h"

(...skipping 1545 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1556 X509Certificate::OSCertHandles intermediates;	1556 X509Certificate::OSCertHandles intermediates;

1557 intermediates.push_back(intermediate_cert->os_cert_handle());	1557 intermediates.push_back(intermediate_cert->os_cert_handle());

1558	1558

1559 scoped_refptr<X509Certificate> ee_chain =	1559 scoped_refptr<X509Certificate> ee_chain =

1560 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),	1560 X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(),

1561 intermediates);	1561 intermediates);

1562 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain);	1562 ASSERT_NE(static_cast<X509Certificate*>(NULL), ee_chain);

1563	1563

1564 int flags = 0;	1564 int flags = 0;

1565 CertVerifyResult verify_result;	1565 CertVerifyResult verify_result;

1566 ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result);	1566 int rv = ee_chain->Verify("127.0.0.1", flags, NULL, &verify_result);

1567 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);	1567 EXPECT_EQ(data.expected_has_md5, verify_result.has_md5);

1568 EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);	1568 EXPECT_EQ(data.expected_has_md4, verify_result.has_md4);

1569 EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);	1569 EXPECT_EQ(data.expected_has_md2, verify_result.has_md2);

1570 EXPECT_EQ(data.expected_has_md5_ca, verify_result.has_md5_ca);	1570 EXPECT_EQ(data.expected_has_md5_ca, verify_result.has_md5_ca);

1571 EXPECT_EQ(data.expected_has_md2_ca, verify_result.has_md2_ca);	1571 EXPECT_EQ(data.expected_has_md2_ca, verify_result.has_md2_ca);

	1572

	1573 // Ensure that MD4 and MD2 are tagged as invalid.

	1574 if (data.expected_has_md4 \|\| data.expected_has_md2) {

	1575 EXPECT_EQ(CERT_STATUS_INVALID,

	1576 verify_result.cert_status & CERT_STATUS_INVALID);

	1577 }

	1578

	1579 // Ensure that MD5 is flagged as weak.

	1580 if (data.expected_has_md5) {

	1581 EXPECT_EQ(

	1582 CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,

	1583 verify_result.cert_status & CERT_STATUS_WEAK_SIGNATURE_ALGORITHM);

	1584 }

	1585

	1586 // If a root cert is present, then check that the chain was rejected if any

	1587 // weak algorithms are present. This is only checked when a root cert is

	1588 // present, as the error reported for incomplete chains with weak algorithms

	1589 // varies between implementations, dependent on the algorithm, although all

	1590 // variations are fatal.
	wtc 2011/12/02 23:04:59 The second sentence is hard to understand. One po The second sentence is hard to understand. One possible interpretation is as follows: If a root cert is present, then check that the chain was rejected if any weak algorithms are present. The error code is dependent on the algorithm, although all variations are fatal. This is only checked when a root cert is present, as the error reported for incomplete chains with weak algorithms varies between implementations. Another possible interpretation is as follows: If a root cert is present, then check that the chain was rejected if any weak algorithms are present. This is only checked when a root cert is present, as the error reported for incomplete chains with weak algorithms varies between implementations and depends on the algorithm, although all variations are fatal. Ryan Sleevi 2011/12/02 23:54:28 The latter. I blame serial commas - http://en.wiki Show quoted text On 2011/12/02 23:04:59, wtc wrote: > > The second sentence is hard to understand. > > One possible interpretation is as follows: > If a root cert is present, then check that the chain was > rejected if any weak algorithms are present. The error > code is dependent on the algorithm, although all > variations are fatal. This is only checked when a root > cert is present, as the error reported for incomplete > chains with weak algorithms varies between implementations. > > Another possible interpretation is as follows: > If a root cert is present, then check that the chain was rejected if any > weak algorithms are present. This is only checked when a root cert is > present, as the error reported for incomplete chains with weak algorithms > varies between implementations and depends on the algorithm, although all > variations are fatal. > The latter. I blame serial commas - http://en.wikipedia.org/wiki/Serial_comma#Creating_ambiguity - and will update accordingly.
	1591 if (data.root_cert_filename) {

	1592 if (data.expected_has_md4 \|\| data.expected_has_md2) {

	1593 EXPECT_EQ(ERR_CERT_INVALID, rv);

	1594 } else if (data.expected_has_md5) {

	1595 EXPECT_EQ(ERR_CERT_WEAK_SIGNATURE_ALGORITHM, rv);

	1596 } else {

	1597 EXPECT_EQ(OK, rv);

	1598 }

	1599 }

1572 }	1600 }

1573	1601

1574 // Unlike TEST/TEST_F, which are macros that expand to further macros,	1602 // Unlike TEST/TEST_F, which are macros that expand to further macros,

1575 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that	1603 // INSTANTIATE_TEST_CASE_P is a macro that expands directly to code that

1576 // stringizes the arguments. As a result, macros passed as parameters (such as	1604 // stringizes the arguments. As a result, macros passed as parameters (such as

1577 // prefix or test_case_name) will not be expanded by the preprocessor. To work	1605 // prefix or test_case_name) will not be expanded by the preprocessor. To work

1578 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the	1606 // around this, indirect the macro for INSTANTIATE_TEST_CASE_P, so that the

1579 // pre-processor will expand macros such as MAYBE_test_name before	1607 // pre-processor will expand macros such as MAYBE_test_name before

1580 // instantiating the test.	1608 // instantiating the test.

1581 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \	1609 #define WRAPPED_INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1701 #define MAYBE_VerifyMixed DISABLED_VerifyMixed	1729 #define MAYBE_VerifyMixed DISABLED_VerifyMixed

1702 #else	1730 #else

1703 #define MAYBE_VerifyMixed VerifyMixed	1731 #define MAYBE_VerifyMixed VerifyMixed

1704 #endif	1732 #endif

1705 WRAPPED_INSTANTIATE_TEST_CASE_P(	1733 WRAPPED_INSTANTIATE_TEST_CASE_P(

1706 MAYBE_VerifyMixed,	1734 MAYBE_VerifyMixed,

1707 X509CertificateWeakDigestTest,	1735 X509CertificateWeakDigestTest,

1708 testing::ValuesIn(kVerifyMixedTestData));	1736 testing::ValuesIn(kVerifyMixedTestData));

1709	1737

1710 } // namespace net	1738 } // namespace net

OLD	NEW

« net/base/x509_certificate.cc ('K') | « net/base/x509_certificate.cc ('k') | net/base/x509_certificate_win.cc » ('j') | no next file with comments »