diff options
Diffstat (limited to 'chromium/net/cert/pki/signature_algorithm.cc')
-rw-r--r-- | chromium/net/cert/pki/signature_algorithm.cc | 65 |
1 files changed, 2 insertions, 63 deletions
diff --git a/chromium/net/cert/pki/signature_algorithm.cc b/chromium/net/cert/pki/signature_algorithm.cc index a7ff1852587..0b913bb72b4 100644 --- a/chromium/net/cert/pki/signature_algorithm.cc +++ b/chromium/net/cert/pki/signature_algorithm.cc @@ -1,10 +1,9 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. +// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/pki/signature_algorithm.h" -#include "base/check.h" #include "net/cert/pki/cert_error_params.h" #include "net/cert/pki/cert_errors.h" #include "net/der/input.h" @@ -17,21 +16,6 @@ namespace net { namespace { -// md2WithRSAEncryption -// In dotted notation: 1.2.840.113549.1.1.2 -const uint8_t kOidMd2WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x02}; - -// md4WithRSAEncryption -// In dotted notation: 1.2.840.113549.1.1.3 -const uint8_t kOidMd4WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x03}; - -// md5WithRSAEncryption -// In dotted notation: 1.2.840.113549.1.1.4 -const uint8_t kOidMd5WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x04}; - // From RFC 5912: // // sha1WithRSAEncryption OBJECT IDENTIFIER ::= { @@ -134,24 +118,6 @@ const uint8_t kOidRsaSsaPss[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, // From RFC 5912: // -// dsa-with-sha1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 } -// -// In dotted notation: 1.2.840.10040.4.3 -const uint8_t kOidDsaWithSha1[] = {0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03}; - -// From RFC 5912: -// -// dsa-with-sha256 OBJECT IDENTIFIER ::= { -// joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) -// csor(3) algorithms(4) id-dsa-with-sha2(3) 2 } -// -// In dotted notation: 2.16.840.1.101.3.4.3.2 -const uint8_t kOidDsaWithSha256[] = {0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x03, 0x02}; - -// From RFC 5912: -// // id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } // // In dotted notation: 1.2.840.113549.1.1.8 @@ -391,15 +357,6 @@ absl::optional<SignatureAlgorithm> ParseSignatureAlgorithm( if (oid == der::Input(kOidSha1WithRsaSignature) && IsNullOrEmpty(params)) { return SignatureAlgorithm::kRsaPkcs1Sha1; } - if (oid == der::Input(kOidMd2WithRsaEncryption) && IsNullOrEmpty(params)) { - return SignatureAlgorithm::kRsaPkcs1Md2; - } - if (oid == der::Input(kOidMd4WithRsaEncryption) && IsNullOrEmpty(params)) { - return SignatureAlgorithm::kRsaPkcs1Md4; - } - if (oid == der::Input(kOidMd5WithRsaEncryption) && IsNullOrEmpty(params)) { - return SignatureAlgorithm::kRsaPkcs1Md5; - } // RFC 5912 requires that the parameters for ECDSA algorithms be absent // ("PARAMS TYPE NULL ARE absent"): @@ -420,16 +377,6 @@ absl::optional<SignatureAlgorithm> ParseSignatureAlgorithm( return ParseRsaPss(params); } - // RFC 5912 requires that the parameters for DSA algorithms be absent. - // - // TODO(svaldez): Add warning about non-strict parsing. - if (oid == der::Input(kOidDsaWithSha1) && IsNullOrEmpty(params)) { - return SignatureAlgorithm::kDsaSha1; - } - if (oid == der::Input(kOidDsaWithSha256) && IsNullOrEmpty(params)) { - return SignatureAlgorithm::kDsaSha256; - } - // Unknown signature algorithm. if (errors) { errors->AddError(kUnknownSignatureAlgorithm, @@ -446,8 +393,7 @@ absl::optional<DigestAlgorithm> GetTlsServerEndpointDigestAlgorithm( // implement this within the library, so callers do not need to condition over // all algorithms. switch (alg) { - // If the single digest algorithm is MD5 or SHA-1, use SHA-256. - case SignatureAlgorithm::kRsaPkcs1Md5: + // If the single digest algorithm is SHA-1, use SHA-256. case SignatureAlgorithm::kRsaPkcs1Sha1: case SignatureAlgorithm::kEcdsaSha1: return DigestAlgorithm::Sha256; @@ -473,13 +419,6 @@ absl::optional<DigestAlgorithm> GetTlsServerEndpointDigestAlgorithm( return DigestAlgorithm::Sha384; case SignatureAlgorithm::kRsaPssSha512: return DigestAlgorithm::Sha512; - - // Do not return anything for these legacy algorithms. - case SignatureAlgorithm::kDsaSha1: - case SignatureAlgorithm::kDsaSha256: - case SignatureAlgorithm::kRsaPkcs1Md2: - case SignatureAlgorithm::kRsaPkcs1Md4: - return absl::nullopt; } return absl::nullopt; } |