net/cert/x509_util_openssl.cc - Issue 27832002: Sign self-signed certs with SHA256.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_util_openssl.cc

Issue 27832002: Sign self-signed certs with SHA256. (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/

Patch Set: Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_util_openssl.cc

===================================================================

--- net/cert/x509_util_openssl.cc (revision 229411)

+++ net/cert/x509_util_openssl.cc (working copy)

@@ -15,6 +15,20 @@

namespace net {

+namespace {

+const EVP_MD* HashAlgorithmToEVP(crypto::HMAC::HashAlgorithm alg) {

+ switch (alg) {

+ case crypto::HMAC::SHA1:

+ return EVP_sha1();

+ case crypto::HMAC::SHA256:

+ return EVP_sha256();

+ }

+ return NULL;

+} // namespace

namespace x509_util {

bool IsSupportedValidityRange(base::Time not_valid_before,

@@ -50,8 +64,9 @@

return true;

}

-bool CreateDomainBoundCertEC(

+bool CreateDomainBoundCertECInternal(

crypto::ECPrivateKey* key,

+ crypto::HMAC::HashAlgorithm alg,

const std::string& domain,

uint32 serial_number,

base::Time not_valid_before,

@@ -61,12 +76,13 @@

return false;

}

-bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,

- const std::string& common_name,

- uint32 serial_number,

- base::Time not_valid_before,

- base::Time not_valid_after,

- std::string* der_encoded) {

+bool CreateSelfSignedCertInternal(crypto::RSAPrivateKey* key,

+ crypto::HMAC::HashAlgorithm alg,

+ const std::string& common_name,

+ uint32 serial_number,

+ base::Time not_valid_before,

+ base::Time not_valid_after,

+ std::string* der_encoded) {

crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

static const char kCommonNamePrefix[] = "CN=";

const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1;

@@ -139,8 +155,15 @@

return false;

}

+ // Get the message digest algorithm

+ const EVP_MD* md = HashAlgorithmToEVP(alg);

+ if (!md) {

+ LOG(ERROR) << "Unrecognized hash algorithm.";

+ return false;

+ }

// Sign it with the private key.

- if (!X509_sign(cert.get(), key->key(), EVP_sha1())) {

+ if (!X509_sign(cert.get(), key->key(), md)) {

LOG(ERROR) << "Could not sign certificate with key.";

return false;

}

« net/cert/x509_util_nss.cc ('K') | « net/cert/x509_util_nss_unittest.cc ('k') | net/cert/x509_util_openssl_unittest.cc » ('j') | no next file with comments »