Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(618)

Side by Side Diff: net/cert/ct_log_verifier_openssl.cc

Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Revised design, addressed some comments Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include <openssl/evp.h> 7 #include <openssl/evp.h>
8 #include <openssl/x509.h> 8 #include <openssl/x509.h>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 29 matching lines...) Expand all
40 40
41 } // namespace 41 } // namespace
42 42
43 CTLogVerifier::~CTLogVerifier() { 43 CTLogVerifier::~CTLogVerifier() {
44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
45 45
46 if (public_key_) 46 if (public_key_)
47 EVP_PKEY_free(public_key_); 47 EVP_PKEY_free(public_key_);
48 } 48 }
49 49
50 CTLogVerifier::CTLogVerifier(const CTLogVerifier& other)
51 : key_id_(other.key_id_),
52 description_(other.description_),
53 url_(url),
54 hash_algorithm_(other.hash_algorithm_),
55 signature_algorithm_(other.signature_algorithm_),
56 public_key_(NULL) {
57 // No direct function for copying EVP_PKEY: Serialize to PEM
58 // and de-serialize.
59 BIO* tbio = BIO_new(BIO_s_mem());
60
61 if (PEM_write_bio_PUBKEY(tbio, other.public_key) == 1) {
62 if (PEM_read_bio_PUBKEY(tbio, &public_key_, 0, 0) == 0) {
63 // Will fail VerifySignature later.
64 public_key_ = NULL;
65 }
66 }
67
68 BIO_free(tbio);
69 }
70
50 bool CTLogVerifier::Init(const base::StringPiece& public_key) { 71 bool CTLogVerifier::Init(const base::StringPiece& public_key) {
51 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 72 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
52 73
53 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data()); 74 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data());
54 const uint8_t* end = ptr + public_key.size(); 75 const uint8_t* end = ptr + public_key.size();
55 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size()); 76 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size());
56 if (!public_key_ || ptr != end) 77 if (!public_key_ || ptr != end)
57 return false; 78 return false;
58 79
59 key_id_ = crypto::SHA256HashString(public_key); 80 key_id_ = crypto::SHA256HashString(public_key);
(...skipping 21 matching lines...) Expand all
81 DVLOG(1) << "Too small a public key."; 102 DVLOG(1) << "Too small a public key.";
82 return false; 103 return false;
83 } 104 }
84 105
85 return true; 106 return true;
86 } 107 }
87 108
88 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, 109 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign,
89 const base::StringPiece& signature) { 110 const base::StringPiece& signature) {
90 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 111 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
112 if (public_key_ == NULL) {
Ryan Sleevi 2015/06/29 11:58:13 if (!public_key_)
113 return false;
114 }
91 115
92 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_); 116 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_);
93 if (hash_alg == NULL) 117 if (hash_alg == NULL)
94 return false; 118 return false;
95 119
96 EVP_MD_CTX ctx; 120 EVP_MD_CTX ctx;
97 EVP_MD_CTX_init(&ctx); 121 EVP_MD_CTX_init(&ctx);
98 122
99 bool ok = ( 123 bool ok = (
100 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) && 124 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) &&
101 1 == EVP_DigestVerifyUpdate( 125 1 == EVP_DigestVerifyUpdate(
102 &ctx, data_to_sign.data(), data_to_sign.size()) && 126 &ctx, data_to_sign.data(), data_to_sign.size()) &&
103 1 == EVP_DigestVerifyFinal( 127 1 == EVP_DigestVerifyFinal(
104 &ctx, 128 &ctx,
105 reinterpret_cast<const uint8_t*>(signature.data()), 129 reinterpret_cast<const uint8_t*>(signature.data()),
106 signature.size())); 130 signature.size()));
107 131
108 EVP_MD_CTX_cleanup(&ctx); 132 EVP_MD_CTX_cleanup(&ctx);
109 return ok; 133 return ok;
110 } 134 }
111 135
112 } // namespace net 136 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698