| OLD | NEW |
|---|
| 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <CommonCrypto/CommonDigest.h> | 7 #include <CommonCrypto/CommonDigest.h> |
| 8 #include <Security/Security.h> | 8 #include <Security/Security.h> |
| 9 | 9 |
| 10 #include "base/mac/scoped_cftyperef.h" | 10 #include "base/mac/scoped_cftyperef.h" |
| (...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 351 case EVP_PKEY_EC: | 351 case EVP_PKEY_EC: |
| 352 *type = kPublicKeyTypeECDSA; | 352 *type = kPublicKeyTypeECDSA; |
| 353 break; | 353 break; |
| 354 case EVP_PKEY_DH: | 354 case EVP_PKEY_DH: |
| 355 *type = kPublicKeyTypeDH; | 355 *type = kPublicKeyTypeDH; |
| 356 break; | 356 break; |
| 357 } | 357 } |
| 358 *size_bits = EVP_PKEY_bits(key); | 358 *size_bits = EVP_PKEY_bits(key); |
| 359 } | 359 } |
| 360 | 360 |
| 361 // static | |
| 362 X509Certificate::SignatureHashAlgorithm | |
| 363 X509Certificate::GetSignatureHashAlgorithm(OSCertHandle cert_handle) { | |
| 364 bssl::UniquePtr<X509> cert = OSCertHandleToOpenSSL(cert_handle); | |
| 365 if (!cert) | |
| 366 return kSignatureHashAlgorithmOther; | |
| 367 | |
| 368 // TODO(eroman): This duplicates code with x509_certificate_openssl.cc | |
| 369 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); | |
| 370 if (sig_alg == NID_md2WithRSAEncryption) | |
| 371 return kSignatureHashAlgorithmMd2; | |
| 372 if (sig_alg == NID_md4WithRSAEncryption) | |
| 373 return kSignatureHashAlgorithmMd4; | |
| 374 if (sig_alg == NID_md5WithRSAEncryption || sig_alg == NID_md5WithRSA) | |
| 375 return kSignatureHashAlgorithmMd5; | |
| 376 if (sig_alg == NID_sha1WithRSAEncryption || sig_alg == NID_dsaWithSHA || | |
| 377 sig_alg == NID_dsaWithSHA1 || sig_alg == NID_dsaWithSHA1_2 || | |
| 378 sig_alg == NID_sha1WithRSA || sig_alg == NID_ecdsa_with_SHA1) { | |
| 379 return kSignatureHashAlgorithmSha1; | |
| 380 } | |
| 381 return kSignatureHashAlgorithmOther; | |
| 382 } | |
| 383 | |
| 384 bool X509Certificate::SupportsSSLClientAuth() const { | 361 bool X509Certificate::SupportsSSLClientAuth() const { |
| 385 return false; | 362 return false; |
| 386 } | 363 } |
| 387 | 364 |
| 388 CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const { | 365 CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const { |
| 389 CFMutableArrayRef cert_list = | 366 CFMutableArrayRef cert_list = |
| 390 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); | 367 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); |
| 391 if (!cert_list) | 368 if (!cert_list) |
| 392 return nullptr; | 369 return nullptr; |
| 393 | 370 |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 460 return false; | 437 return false; |
| 461 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert.get())); | 438 bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert.get())); |
| 462 if (!scoped_key) | 439 if (!scoped_key) |
| 463 return false; | 440 return false; |
| 464 if (!X509_verify(cert.get(), scoped_key.get())) | 441 if (!X509_verify(cert.get(), scoped_key.get())) |
| 465 return false; | 442 return false; |
| 466 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK; | 443 return X509_check_issued(cert.get(), cert.get()) == X509_V_OK; |
| 467 } | 444 } |
| 468 | 445 |
| 469 } // namespace net | 446 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2750723002:
Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
