|
Switch SignatureVerifier to taking an algorithm enum.
The existing API and implementation were problematic for several reasons.
- It is very unclear what algorithms were supported.
- Everyone was using it as an enum anyway, but it required copy-and-pasting
giant strings all over the codebase.
- The API is dangerous. Anyone not using it as an enum (i.e. taking an
AlgorithmIdentifier from another source) opens themselves up to accepting any
random algorithm and parameters the underlying implementation knew how to
parse.
- It relies on EVP_get_digestbyobj extracting the hash for RSA-PKCS1-FOO
signature OIDs. This is weird and, for EVP_get_digestbyobj, Chromium appears
to be one of the only two consumers still relying on this. This is a
remnant of OpenSSL's old EVP_Sign* APIs.
- The old EVP_get_digestbyobj implementation failed to check that ECDSA
public keys weren't used for an RSA algorithm, etc.
- The old EVP_get_digestbyobj implementation happily accepted OIDs for hashes
as signature algorithm OIDs.
This removes a use of openssl/x509.h from //crypto.
BUG= 499653
Committed: https://crrev.com/9c97a36e56031b246276e28f2f22f9f13d9a005a
Cr-Commit-Position: refs/heads/master@{#379014}
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+109 lines, -288 lines) |
Patch |
|
M |
chrome/browser/extensions/install_signer.cc
|
View
|
1
2
|
2 chunks |
+1 line, -2 lines |
0 comments
|
Download
|
|
M |
components/crx_file.gypi
|
View
|
|
1 chunk |
+0 lines, -1 line |
0 comments
|
Download
|
|
M |
components/crx_file/BUILD.gn
|
View
|
|
1 chunk |
+0 lines, -1 line |
0 comments
|
Download
|
|
D |
components/crx_file/constants.h
|
View
|
|
1 chunk |
+0 lines, -21 lines |
0 comments
|
Download
|
|
M |
components/crx_file/crx_file.cc
|
View
|
1
2
|
2 chunks |
+3 lines, -5 lines |
0 comments
|
Download
|
|
M |
components/policy/core/common/cloud/cloud_policy_validator.cc
|
View
|
|
3 chunks |
+6 lines, -24 lines |
0 comments
|
Download
|
|
M |
components/update_client/client_update_protocol_ecdsa.cc
|
View
|
1
2
3
|
2 chunks |
+3 lines, -19 lines |
0 comments
|
Download
|
|
M |
components/update_client/component_unpacker.cc
|
View
|
|
1 chunk |
+0 lines, -1 line |
0 comments
|
Download
|
|
M |
components/variations/variations_seed_store.cc
|
View
|
|
2 chunks |
+4 lines, -20 lines |
0 comments
|
Download
|
|
M |
crypto/ec_signature_creator_unittest.cc
|
View
|
|
1 chunk |
+1 line, -17 lines |
0 comments
|
Download
|
|
M |
crypto/signature_creator_unittest.cc
|
View
|
|
4 chunks |
+6 lines, -22 lines |
0 comments
|
Download
|
|
M |
crypto/signature_verifier.h
|
View
|
1
|
4 chunks |
+11 lines, -23 lines |
0 comments
|
Download
|
|
M |
crypto/signature_verifier_nss.cc
|
View
|
1
2
3
4
5
|
4 chunks |
+16 lines, -30 lines |
0 comments
|
Download
|
|
M |
crypto/signature_verifier_openssl.cc
|
View
|
1
2
3
4
|
6 chunks |
+30 lines, -31 lines |
0 comments
|
Download
|
|
M |
crypto/signature_verifier_unittest.cc
|
View
|
|
8 chunks |
+22 lines, -41 lines |
0 comments
|
Download
|
|
M |
extensions/browser/verified_contents.cc
|
View
|
|
2 chunks |
+1 line, -9 lines |
0 comments
|
Download
|
|
M |
net/quic/crypto/proof_verifier_chromium.cc
|
View
|
1
2
3
|
1 chunk |
+5 lines, -21 lines |
0 comments
|
Download
|
Depends on Patchset:
Total messages: 28 (13 generated)
|