diff options
| author | davidben <davidben@chromium.org> | 2016-03-03 08:18:26 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-03 16:19:20 +0000 |
| commit | 9c97a36e56031b246276e28f2f22f9f13d9a005a (patch) | |
| tree | 03a68e47d22c20753e0b8d7e6fbdca8178a25ef1 /LICENSE | |
| parent | 1499f38b48041e4dad05ed20f20ed4d6414bb9d6 (diff) | |
| download | chromium_src-9c97a36e56031b246276e28f2f22f9f13d9a005a.zip chromium_src-9c97a36e56031b246276e28f2f22f9f13d9a005a.tar.gz chromium_src-9c97a36e56031b246276e28f2f22f9f13d9a005a.tar.bz2 | |
Switch SignatureVerifier to taking an algorithm enum.
The existing API and implementation were problematic for several reasons.
- It is very unclear what algorithms were supported.
- Everyone was using it as an enum anyway, but it required copy-and-pasting
giant strings all over the codebase.
- The API is dangerous. Anyone not using it as an enum (i.e. taking an
AlgorithmIdentifier from another source) opens themselves up to accepting any
random algorithm and parameters the underlying implementation knew how to
parse.
- It relies on EVP_get_digestbyobj extracting the hash for RSA-PKCS1-FOO
signature OIDs. This is weird and, for EVP_get_digestbyobj, Chromium appears
to be one of the only two consumers still relying on this. This is a
remnant of OpenSSL's old EVP_Sign* APIs.
- The old EVP_get_digestbyobj implementation failed to check that ECDSA
public keys weren't used for an RSA algorithm, etc.
- The old EVP_get_digestbyobj implementation happily accepted OIDs for hashes
as signature algorithm OIDs.
This removes a use of openssl/x509.h from //crypto.
BUG=499653
Review URL: https://codereview.chromium.org/1679873005
Cr-Commit-Position: refs/heads/master@{#379014}
Diffstat (limited to 'LICENSE')
0 files changed, 0 insertions, 0 deletions