Detect SHA-1 when it appears in certificate chains

net/cert/cert_verify_proc_android.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc_android.h"
 
+#include <openssl/x509v3.h>
+
 #include <string>
 #include <vector>
 
 #include "base/logging.h"
 #include "base/sha1.h"
 #include "base/strings/string_piece.h"
 #include "crypto/sha2.h"
 #include "net/android/cert_verify_result_android.h"
 #include "net/android/network_library.h"
 #include "net/base/net_errors.h"
@@ skipping 47 matching lines @@
     std::vector<base::StringPiece> verified_chain_pieces(verified_chain.size());
     for (size_t i = 0; i < verified_chain.size(); i++) {
       verified_chain_pieces[i] = base::StringPiece(verified_chain[i]);
     }
     scoped_refptr<X509Certificate> verified_cert =
         X509Certificate::CreateFromDERCertChain(verified_chain_pieces);
     if (verified_cert)
       verify_result->verified_cert = verified_cert;
   }
 
+  // Extract the algorithm information from the certs
+  X509Certificate::OSCertHandles chain;
+  const X509Certificate::OSCertHandles& intermediates =
+      verify_result->verified_cert->GetIntermediateCertificates();
+  chain.push_back(verify_result->verified_cert->os_cert_handle());
+  chain.insert(chain.end(), intermediates.begin(), intermediates.end());
+
+  // If a root certificate is present, ignore its signature algorithm. If it
+  // is unclear whether or not a root is present, assume the chain is a full,
+  // but unverified, chain.

[davidben, 2014/08/28 19:42:08]

Is this comment accurate? If we were unable to build a chain,
correction_for_root will be 0 and we would check that everything not have SHA-1.
So we're assuming that it's a partial chain with the root missing.

+  size_t correction_for_root =
+      (verify_result->cert_status &
+       (CERT_STATUS_AUTHORITY_INVALID | CERT_STATUS_INVALID))
+          ? 0
+          : 1;
+  for (size_t i = 0; i < chain.size() - correction_for_root; ++i) {
+    int sig_alg = OBJ_obj2nid(chain[i]->sig_alg->algorithm);
+    if (sig_alg == NID_md2WithRSAEncryption) {
+      verify_result->has_md2 = true;
+    } else if (sig_alg == NID_md4WithRSAEncryption) {
+      verify_result->has_md4 = true;
+    } else if (sig_alg == NID_md5WithRSAEncryption ||
+               sig_alg == NID_md5WithRSA) {
+      verify_result->has_md5 = true;
+    } else if (sig_alg == NID_sha1WithRSAEncryption ||
+               sig_alg == NID_dsaWithSHA || sig_alg == NID_dsaWithSHA1 ||
+               sig_alg == NID_dsaWithSHA1_2 || sig_alg == NID_sha1WithRSA ||
+               sig_alg == NID_ecdsa_with_SHA1) {
+      verify_result->has_sha1 = true;
+    }
+  }
+
   // Extract the public key hashes.
   for (size_t i = 0; i < verified_chain.size(); i++) {
     base::StringPiece spki_bytes;
     if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes))
       continue;
 
     HashValue sha1(HASH_VALUE_SHA1);
     base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()),
                         spki_bytes.size(), sha1.data());
     verify_result->public_key_hashes.push_back(sha1);
@@ skipping 57 matching lines @@
     NOTREACHED();
     return ERR_FAILED;
   }
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
 
   return OK;
 }
 
 }  // namespace net