Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(479)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain.cc

Issue 1664243002: Using == instead of Equals for der::Input comparison. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing comment. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/test_helpers.cc ('k') | net/cert/internal/verify_name_match.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/internal/parse_certificate.h" 8 #include "net/cert/internal/parse_certificate.h"
9 #include "net/cert/internal/signature_algorithm.h" 9 #include "net/cert/internal/signature_algorithm.h"
10 #include "net/cert/internal/signature_policy.h" 10 #include "net/cert/internal/signature_policy.h"
(...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after
222 // In practice however there are certificates which use different encodings for 222 // In practice however there are certificates which use different encodings for
223 // specifying RSA with SHA1 (different OIDs). This is special-cased for 223 // specifying RSA with SHA1 (different OIDs). This is special-cased for
224 // compatibility sake. 224 // compatibility sake.
225 WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch( 225 WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch(
226 const FullyParsedCert& cert) { 226 const FullyParsedCert& cert) {
227 const der::Input& alg1_tlv = cert.cert.signature_algorithm_tlv; 227 const der::Input& alg1_tlv = cert.cert.signature_algorithm_tlv;
228 const der::Input& alg2_tlv = cert.tbs.signature_algorithm_tlv; 228 const der::Input& alg2_tlv = cert.tbs.signature_algorithm_tlv;
229 229
230 // Ensure that the two DER-encoded signature algorithms are byte-for-byte 230 // Ensure that the two DER-encoded signature algorithms are byte-for-byte
231 // equal, but make a compatibility concession for RSA with SHA1. 231 // equal, but make a compatibility concession for RSA with SHA1.
232 return alg1_tlv.Equals(alg2_tlv) || 232 return alg1_tlv == alg2_tlv || (IsRsaWithSha1SignatureAlgorithm(alg1_tlv) &&
233 (IsRsaWithSha1SignatureAlgorithm(alg1_tlv) && 233 IsRsaWithSha1SignatureAlgorithm(alg2_tlv));
234 IsRsaWithSha1SignatureAlgorithm(alg2_tlv));
235 } 234 }
236 235
237 // This function corresponds to RFC 5280 section 6.1.3's "Basic Certificate 236 // This function corresponds to RFC 5280 section 6.1.3's "Basic Certificate
238 // Processing" procedure. 237 // Processing" procedure.
239 WARN_UNUSED_RESULT bool BasicCertificateProcessing( 238 WARN_UNUSED_RESULT bool BasicCertificateProcessing(
240 const FullyParsedCert& cert, 239 const FullyParsedCert& cert,
241 const SignaturePolicy* signature_policy, 240 const SignaturePolicy* signature_policy,
242 const der::GeneralizedTime& time, 241 const der::GeneralizedTime& time,
243 const der::Input& working_spki, 242 const der::Input& working_spki,
244 const der::Input& working_issuer_name) { 243 const der::Input& working_issuer_name) {
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after
540 539
541 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: 540 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1:
542 // 541 //
543 // A certificate MUST NOT appear more than once in a prospective 542 // A certificate MUST NOT appear more than once in a prospective
544 // certification path. 543 // certification path.
545 544
546 return true; 545 return true;
547 } 546 }
548 547
549 } // namespace net 548 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/test_helpers.cc ('k') | net/cert/internal/verify_name_match.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698