Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_mac.cc

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 #include <CoreServices/CoreServices.h> 8 #include <CoreServices/CoreServices.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 10
(...skipping 500 matching lines...) Expand 10 before | Expand all | Expand 10 after
511 case CSSM_ALGID_DH: 511 case CSSM_ALGID_DH:
512 *type = kPublicKeyTypeDH; 512 *type = kPublicKeyTypeDH;
513 break; 513 break;
514 default: 514 default:
515 *type = kPublicKeyTypeUnknown; 515 *type = kPublicKeyTypeUnknown;
516 *size_bits = 0; 516 *size_bits = 0;
517 break; 517 break;
518 } 518 }
519 } 519 }
520 520
521 X509Certificate::SignatureHashAlgorithm
522 X509Certificate::GetSignatureHashAlgorithm(OSCertHandle cert_handle) {
523 x509_util::CSSMCachedCertificate cached_cert;
524 OSStatus status = cached_cert.Init(cert_handle);
525 if (status)
526 return kSignatureHashAlgorithmOther;
527
528 x509_util::CSSMFieldValue signature_field;
529 status =
530 cached_cert.GetField(&CSSMOID_X509V1SignatureAlgorithm, &signature_field);
531 if (status || !signature_field.field())
532 return kSignatureHashAlgorithmOther;
533
534 const CSSM_X509_ALGORITHM_IDENTIFIER* sig_algorithm =
535 signature_field.GetAs<CSSM_X509_ALGORITHM_IDENTIFIER>();
536 if (!sig_algorithm)
537 return kSignatureHashAlgorithmOther;
538
539 const CSSM_OID* alg_oid = &sig_algorithm->algorithm;
540 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD2WithRSA))
541 return kSignatureHashAlgorithmMd2;
542 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD4WithRSA))
543 return kSignatureHashAlgorithmMd4;
544 if (CSSMOIDEqual(alg_oid, &CSSMOID_MD5WithRSA))
545 return kSignatureHashAlgorithmMd5;
546 if (CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA) ||
547 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithRSA_OIW) ||
548 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA) ||
549 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_CMS) ||
550 CSSMOIDEqual(alg_oid, &CSSMOID_SHA1WithDSA_JDK) ||
551 CSSMOIDEqual(alg_oid, &CSSMOID_ECDSA_WithSHA1)) {
552 return kSignatureHashAlgorithmSha1;
553 }
554
555 return kSignatureHashAlgorithmOther;
556 }
557
558 // static 521 // static
559 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { 522 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
560 x509_util::CSSMCachedCertificate cached_cert; 523 x509_util::CSSMCachedCertificate cached_cert;
561 OSStatus status = cached_cert.Init(cert_handle); 524 OSStatus status = cached_cert.Init(cert_handle);
562 if (status != noErr) 525 if (status != noErr)
563 return false; 526 return false;
564 527
565 x509_util::CSSMFieldValue subject; 528 x509_util::CSSMFieldValue subject;
566 status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject); 529 status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject);
567 if (status != CSSM_OK || !subject.field()) 530 if (status != CSSM_OK || !subject.field())
(...skipping 20 matching lines...) Expand all
588 return false; 551 return false;
589 552
590 if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0)) 553 if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0))
591 return false; 554 return false;
592 return true; 555 return true;
593 } 556 }
594 557
595 #pragma clang diagnostic pop // "-Wdeprecated-declarations" 558 #pragma clang diagnostic pop // "-Wdeprecated-declarations"
596 559
597 } // namespace net 560 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_certificate_ios.cc ('k') | net/cert/x509_certificate_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698