Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_nss.cc

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/x509_certificate_mac.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <cryptohi.h> 6 #include <cryptohi.h>
7 #include <keyhi.h> 7 #include <keyhi.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <prtime.h> 10 #include <prtime.h>
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after
232 } 232 }
233 233
234 // static 234 // static
235 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, 235 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
236 size_t* size_bits, 236 size_t* size_bits,
237 PublicKeyType* type) { 237 PublicKeyType* type) {
238 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type); 238 x509_util::GetPublicKeyInfo(cert_handle, size_bits, type);
239 } 239 }
240 240
241 // static 241 // static
242 X509Certificate::SignatureHashAlgorithm
243 X509Certificate::GetSignatureHashAlgorithm(OSCertHandle cert_handle) {
244 SECAlgorithmID& signature = cert_handle->signature;
245 SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);
246 switch (oid_tag) {
247 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
248 return kSignatureHashAlgorithmMd5;
249 case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
250 return kSignatureHashAlgorithmMd2;
251 case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
252 return kSignatureHashAlgorithmMd4;
253 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
254 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
255 case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
256 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
257 return kSignatureHashAlgorithmSha1;
258 default:
259 return kSignatureHashAlgorithmOther;
260 }
261 }
262
263 // static
264 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { 242 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
265 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle)); 243 crypto::ScopedSECKEYPublicKey public_key(CERT_ExtractPublicKey(cert_handle));
266 if (!public_key.get()) 244 if (!public_key.get())
267 return false; 245 return false;
268 if (SECSuccess != CERT_VerifySignedDataWithPublicKey( 246 if (SECSuccess != CERT_VerifySignedDataWithPublicKey(
269 &cert_handle->signatureWrap, public_key.get(), NULL)) { 247 &cert_handle->signatureWrap, public_key.get(), NULL)) {
270 return false; 248 return false;
271 } 249 }
272 return CERT_CompareName(&cert_handle->subject, &cert_handle->issuer) == 250 return CERT_CompareName(&cert_handle->subject, &cert_handle->issuer) ==
273 SECEqual; 251 SECEqual;
274 } 252 }
275 253
276 } // namespace net 254 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_certificate_mac.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698