| Index: base/crypto/signature_verifier_openssl.cc
|
| diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc
|
| index 49b5e073d1171bd9dffe0295047bee329bf1215b..9f5a2ca75162fb166ddb2b05300800154f3a9bbd 100644
|
| --- a/base/crypto/signature_verifier_openssl.cc
|
| +++ b/base/crypto/signature_verifier_openssl.cc
|
| @@ -4,14 +4,28 @@
|
|
|
| #include "base/crypto/signature_verifier.h"
|
|
|
| +#include <openssl/evp.h>
|
| +#include <openssl/x509.h>
|
| +
|
| +#include <vector>
|
| +
|
| #include "base/logging.h"
|
| +#include "base/openssl_util.h"
|
| +#include "base/scoped_ptr.h"
|
|
|
| namespace base {
|
|
|
| -SignatureVerifier::SignatureVerifier() {
|
| +struct SignatureVerifier::VerifyContext {
|
| + ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key;
|
| + ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx;
|
| +};
|
| +
|
| +SignatureVerifier::SignatureVerifier()
|
| + : verify_context_(NULL) {
|
| }
|
|
|
| SignatureVerifier::~SignatureVerifier() {
|
| + Reset();
|
| }
|
|
|
| bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
|
| @@ -20,22 +34,61 @@ bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
|
| int signature_len,
|
| const uint8* public_key_info,
|
| int public_key_info_len) {
|
| - NOTIMPLEMENTED();
|
| - return false;
|
| + DCHECK(!verify_context_);
|
| + verify_context_ = new VerifyContext;
|
| + EnsureOpenSSLInit();
|
| + OpenSSLErrStackTracer err_tracer("SignatureVerifier::VerifyInit");
|
| +
|
| + ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm(
|
| + d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
|
| + if (!algorithm.get())
|
| + return false;
|
| +
|
| + const EVP_MD* digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
|
| + DCHECK(digest);
|
| +
|
| + signature_.assign(signature, signature + signature_len);
|
| +
|
| + // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
|
| + char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
|
| + ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data,
|
| + public_key_info_len));
|
| + if (!bio.get())
|
| + return false;
|
| +
|
| + verify_context_->public_key.reset(d2i_PUBKEY_bio(bio.get(), NULL));
|
| + if (!verify_context_->public_key.get())
|
| + return false;
|
| +
|
| + verify_context_->ctx.reset(EVP_MD_CTX_create());
|
| + int rv = EVP_VerifyInit_ex(verify_context_->ctx.get(), digest, NULL);
|
| + return rv == 1;
|
| }
|
|
|
| void SignatureVerifier::VerifyUpdate(const uint8* data_part,
|
| int data_part_len) {
|
| - NOTIMPLEMENTED();
|
| + DCHECK(verify_context_);
|
| + OpenSSLErrStackTracer err_tracer("SignatureVerifier::VerifyUpdate");
|
| + int rv = EVP_VerifyUpdate(verify_context_->ctx.get(),
|
| + data_part, data_part_len);
|
| + DCHECK_EQ(rv, 1);
|
| }
|
|
|
| bool SignatureVerifier::VerifyFinal() {
|
| - NOTIMPLEMENTED();
|
| - return false;
|
| + DCHECK(verify_context_);
|
| + OpenSSLErrStackTracer err_tracer("SignatureVerifier::VerifyFinal");
|
| + int rv = EVP_VerifyFinal(verify_context_->ctx.get(),
|
| + signature_.data(), signature_.size(),
|
| + verify_context_->public_key.get());
|
| + DCHECK_GE(rv, 0);
|
| + Reset();
|
| + return rv == 1;
|
| }
|
|
|
| void SignatureVerifier::Reset() {
|
| - NOTIMPLEMENTED();
|
| + delete verify_context_;
|
| + verify_context_ = NULL;
|
| + signature_.clear();
|
| }
|
|
|
| } // namespace base
|
|
|
Chromium Code Reviews
Issue 5105003:
Implements Signature Creator & Verifier for openssl (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src