Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_policy.cc

Issue 2728953003: Add support for MD2, MD4, and MD5 to SignatureAlgorithm. (Closed)
Patch Set: make verify_certificate_chain_unittests pass Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/signature_algorithm_unittest.cc ('k') | net/cert/internal/verify_signed_data.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_policy.h" 5 #include "net/cert/internal/signature_policy.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/internal/cert_error_params.h" 8 #include "net/cert/internal/cert_error_params.h"
9 #include "net/cert/internal/cert_errors.h" 9 #include "net/cert/internal/cert_errors.h"
10 #include "third_party/boringssl/src/include/openssl/obj.h" 10 #include "third_party/boringssl/src/include/openssl/obj.h"
(...skipping 16 matching lines...) Expand all
27 return false; 27 return false;
28 } 28 }
29 return true; 29 return true;
30 } 30 }
31 31
32 } // namespace 32 } // namespace
33 33
34 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( 34 bool SignaturePolicy::IsAcceptableSignatureAlgorithm(
35 const SignatureAlgorithm& algorithm, 35 const SignatureAlgorithm& algorithm,
36 CertErrors* errors) const { 36 CertErrors* errors) const {
37 // Don't allow MD2, MD4, or MD5.
Ryan Sleevi 2017/03/07 20:26:34 Is this comment in the wrong place?
38 switch (algorithm.algorithm()) {
39 case SignatureAlgorithmId::Ecdsa:
40 case SignatureAlgorithmId::RsaPss:
41 case SignatureAlgorithmId::RsaPkcs1:
42 break;
43 }
Ryan Sleevi 2017/03/07 20:26:34 It's unclear the purpose of this switch (I suspect
eroman 2017/03/07 20:41:06 Thanks. I have improved the organization and code
44
45 switch (algorithm.digest()) {
46 case DigestAlgorithm::Md2:
47 case DigestAlgorithm::Md4:
48 case DigestAlgorithm::Md5:
49 return false;
50
51 case DigestAlgorithm::Sha1:
52 case DigestAlgorithm::Sha256:
53 case DigestAlgorithm::Sha384:
54 case DigestAlgorithm::Sha512:
55 break;
56 }
57
58 if (algorithm.ParamsForRsaPss()) {
59 switch (algorithm.ParamsForRsaPss()->mgf1_hash()) {
60 case DigestAlgorithm::Md2:
61 case DigestAlgorithm::Md4:
62 case DigestAlgorithm::Md5:
63 return false;
64
65 case DigestAlgorithm::Sha1:
66 case DigestAlgorithm::Sha256:
67 case DigestAlgorithm::Sha384:
68 case DigestAlgorithm::Sha512:
69 break;
70 }
71 }
72
37 return true; 73 return true;
38 } 74 }
39 75
40 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid, 76 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid,
41 CertErrors* errors) const { 77 CertErrors* errors) const {
42 switch (curve_nid) { 78 switch (curve_nid) {
43 case NID_X9_62_prime256v1: 79 case NID_X9_62_prime256v1:
44 case NID_secp384r1: 80 case NID_secp384r1:
45 case NID_secp521r1: 81 case NID_secp521r1:
46 return true; 82 return true;
(...skipping 13 matching lines...) Expand all
60 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} 96 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {}
61 97
62 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( 98 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa(
63 size_t modulus_length_bits, 99 size_t modulus_length_bits,
64 CertErrors* errors) const { 100 CertErrors* errors) const {
65 return IsModulusSizeGreaterOrEqual(modulus_length_bits, 101 return IsModulusSizeGreaterOrEqual(modulus_length_bits,
66 min_rsa_modulus_length_bits_, errors); 102 min_rsa_modulus_length_bits_, errors);
67 } 103 }
68 104
69 } // namespace net 105 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/signature_algorithm_unittest.cc ('k') | net/cert/internal/verify_signed_data.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698