net/cert/x509_util_nss.cc - Issue 27832002: Sign self-signed certs with SHA256.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_util_nss.cc

Issue 27832002: Sign self-signed certs with SHA256. (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/

Patch Set: Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_util_nss.cc

===================================================================

--- net/cert/x509_util_nss.cc (revision 231602)

+++ net/cert/x509_util_nss.cc (working copy)

@@ -134,6 +134,16 @@

return cert;

}

+SECOidTag ToSECOid(x509_util::DigestAlgorithm alg) {

+ switch (alg) {

+ case x509_util::DIGEST_SHA1:

+ return SEC_OID_SHA1;

+ case x509_util::DIGEST_SHA256:

+ return SEC_OID_SHA256;

+ }

+ return SEC_OID_UNKNOWN;

// Signs a certificate object, with |key| generating a new X509Certificate

// and destroying the passed certificate object (even when NULL is returned).

// The logic of this method references SignCert() in NSS utility certutil:

@@ -142,11 +152,12 @@

// certificate signing process.

bool SignCertificate(

CERTCertificate* cert,

- SECKEYPrivateKey* key) {

+ SECKEYPrivateKey* key,

+ SECOidTag hash_algorithm) {

// |arena| is used to encode the cert.

PLArenaPool* arena = cert->arena;

SECOidTag algo_id = SEC_GetSignatureAlgorithmOidTag(key->keyType,

- SEC_OID_SHA1);

+ hash_algorithm);

if (algo_id == SEC_OID_UNKNOWN)

return false;

@@ -240,6 +251,7 @@

namespace x509_util {

bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,

+ DigestAlgorithm alg,

const std::string& subject,

uint32 serial_number,

base::Time not_valid_before,

@@ -255,7 +267,7 @@

if (!cert)

return false;

- if (!SignCertificate(cert, key->key())) {

+ if (!SignCertificate(cert, key->key(), ToSECOid(alg))) {

CERT_DestroyCertificate(cert);

return false;

}

@@ -280,6 +292,7 @@

}

bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,

+ DigestAlgorithm alg,

const std::string& domain,

uint32 serial_number,

base::Time not_valid_before,

@@ -341,7 +354,7 @@

return false;

}

- if (!SignCertificate(cert, key->key())) {

+ if (!SignCertificate(cert, key->key(), ToSECOid(alg))) {

CERT_DestroyCertificate(cert);

return false;

}

« content/browser/media/webrtc_identity_store.cc ('K') | « net/cert/x509_util.cc ('k') | net/cert/x509_util_nss_unittest.cc » ('j') | remoting/base/rsa_key_pair.cc » ('J')