Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_algorithm.cc

Issue 1690123002: Reduce Certificate Parsing Strictness (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing tests. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/internal/signature_algorithm_unittest.cc » ('j') | net/cert/internal/signature_algorithm_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_algorithm.h" 5 #include "net/cert/internal/signature_algorithm.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/numerics/safe_math.h" 9 #include "base/numerics/safe_math.h"
10 #include "net/der/input.h" 10 #include "net/der/input.h"
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after
219 return !parser.HasMore(); 219 return !parser.HasMore();
220 } 220 }
221 221
222 // Parses an RSA PKCS#1 v1.5 signature algorithm given the DER-encoded 222 // Parses an RSA PKCS#1 v1.5 signature algorithm given the DER-encoded
223 // "parameters" from the parsed AlgorithmIdentifier, and the hash algorithm 223 // "parameters" from the parsed AlgorithmIdentifier, and the hash algorithm
224 // that was implied by the AlgorithmIdentifier's OID. 224 // that was implied by the AlgorithmIdentifier's OID.
225 // 225 //
226 // Returns a nullptr on failure. 226 // Returns a nullptr on failure.
227 // 227 //
228 // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be NULL 228 // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be NULL
229 // ("PARAMS TYPE NULL ARE required"): 229 // ("PARAMS TYPE NULL ARE required"), however due to some non-compliance, we
eroman 2016/02/12 21:09:44 Can this be re-phrased without using a pronoun? Se
svaldez 2016/02/12 22:00:11 Done.
230 // also accept empty parameters:
230 // 231 //
231 // sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= { 232 // sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
232 // IDENTIFIER sha1WithRSAEncryption 233 // IDENTIFIER sha1WithRSAEncryption
233 // PARAMS TYPE NULL ARE required 234 // PARAMS TYPE NULL ARE required
234 // HASHES { mda-sha1 } 235 // HASHES { mda-sha1 }
235 // PUBLIC-KEYS { pk-rsa } 236 // PUBLIC-KEYS { pk-rsa }
236 // SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption } 237 // SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
237 // } 238 // }
238 // 239 //
239 // sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= { 240 // sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= {
(...skipping 14 matching lines...) Expand all
254 // 255 //
255 // sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= { 256 // sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= {
256 // IDENTIFIER sha512WithRSAEncryption 257 // IDENTIFIER sha512WithRSAEncryption
257 // PARAMS TYPE NULL ARE required 258 // PARAMS TYPE NULL ARE required
258 // HASHES { mda-sha512 } 259 // HASHES { mda-sha512 }
259 // PUBLIC-KEYS { pk-rsa } 260 // PUBLIC-KEYS { pk-rsa }
260 // SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption } 261 // SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption }
261 // } 262 // }
262 scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest, 263 scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest,
263 const der::Input& params) { 264 const der::Input& params) {
264 if (!IsNull(params)) 265 if (!IsNull(params) && !IsEmpty(params))
265 return nullptr; 266 return nullptr;
266 267
267 return SignatureAlgorithm::CreateRsaPkcs1(digest); 268 return SignatureAlgorithm::CreateRsaPkcs1(digest);
268 } 269 }
269 270
270 // Parses an ECDSA signature algorithm given the DER-encoded "parameters" from 271 // Parses an ECDSA signature algorithm given the DER-encoded "parameters" from
271 // the parsed AlgorithmIdentifier, and the hash algorithm that was implied by 272 // the parsed AlgorithmIdentifier, and the hash algorithm that was implied by
272 // the AlgorithmIdentifier's OID. 273 // the AlgorithmIdentifier's OID.
273 // 274 //
274 // On failure returns a nullptr. 275 // On failure returns a nullptr.
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after
615 return nullptr; 616 return nullptr;
616 } 617 }
617 618
618 SignatureAlgorithm::SignatureAlgorithm( 619 SignatureAlgorithm::SignatureAlgorithm(
619 SignatureAlgorithmId algorithm, 620 SignatureAlgorithmId algorithm,
620 DigestAlgorithm digest, 621 DigestAlgorithm digest,
621 scoped_ptr<SignatureAlgorithmParameters> params) 622 scoped_ptr<SignatureAlgorithmParameters> params)
622 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {} 623 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {}
623 624
624 } // namespace net 625 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/internal/signature_algorithm_unittest.cc » ('j') | net/cert/internal/signature_algorithm_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698