mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/apps
История
David Keeler 6034b39937 bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj 
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.

This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).

MozReview-Commit-ID: K3OQEpIrnUW

--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
 		2017-10-24 15:27:53 -07:00
..
AppSignatureVerification.cpp bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj 2017-10-24 15:27:53 -07:00
AppTrustDomain.cpp
AppTrustDomain.h
addons-public.crt
addons-stage.crt
gen_cert_header.py
moz.build bug 1407081 - rework signed app tests for flexibility with upcoming hash algorithm changes r=Cykesiopka,jcj 2017-10-10 16:55:09 -07:00
privileged-package-root.der