Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(381)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_ios.cc

Issue 2951343002: Remove residual support for SHA-1 public key pins. (Closed)
Patch Set: Remove the rest of HASH_VALUE_SHA1; respond to comments. Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/data/ssl/name_constrained/README.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_ios.h" 5 #include "net/cert/cert_verify_proc_ios.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/mac/scoped_cftyperef.h" 10 #include "base/mac/scoped_cftyperef.h"
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 base::StringPiece spki_bytes; 127 base::StringPiece spki_bytes;
128 if (!asn1::ExtractSPKIFromDERCert( 128 if (!asn1::ExtractSPKIFromDERCert(
129 base::StringPiece( 129 base::StringPiece(
130 reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)), 130 reinterpret_cast<const char*>(CFDataGetBytePtr(der_data)),
131 CFDataGetLength(der_data)), 131 CFDataGetLength(der_data)),
132 &spki_bytes)) { 132 &spki_bytes)) {
133 verify_result->cert_status |= CERT_STATUS_INVALID; 133 verify_result->cert_status |= CERT_STATUS_INVALID;
134 return; 134 return;
135 } 135 }
136 136
137 HashValue sha1(HASH_VALUE_SHA1);
138 CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data());
139 verify_result->public_key_hashes.push_back(sha1);
140
141 HashValue sha256(HASH_VALUE_SHA256); 137 HashValue sha256(HASH_VALUE_SHA256);
142 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data()); 138 CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data());
143 verify_result->public_key_hashes.push_back(sha256); 139 verify_result->public_key_hashes.push_back(sha256);
144 140
145 // Ignore the signature algorithm for the trust anchor. 141 // Ignore the signature algorithm for the trust anchor.
146 if ((verify_result->cert_status & CERT_STATUS_AUTHORITY_INVALID) == 0 && 142 if ((verify_result->cert_status & CERT_STATUS_AUTHORITY_INVALID) == 0 &&
147 i == count - 1) { 143 i == count - 1) {
148 continue; 144 continue;
149 } 145 }
150 } 146 }
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after
292 // roots. 288 // roots.
293 verify_result->is_issued_by_known_root = false; 289 verify_result->is_issued_by_known_root = false;
294 290
295 if (IsCertStatusError(verify_result->cert_status)) 291 if (IsCertStatusError(verify_result->cert_status))
296 return MapCertStatusToNetError(verify_result->cert_status); 292 return MapCertStatusToNetError(verify_result->cert_status);
297 293
298 return OK; 294 return OK;
299 } 295 }
300 296
301 } // namespace net 297 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/data/ssl/name_constrained/README.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698