OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_log_verifier.h" | 5 #include "net/cert/ct_log_verifier.h" |
6 | 6 |
7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 29 matching lines...) Expand all Loading... | |
40 | 40 |
41 } // namespace | 41 } // namespace |
42 | 42 |
43 CTLogVerifier::~CTLogVerifier() { | 43 CTLogVerifier::~CTLogVerifier() { |
44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
45 | 45 |
46 if (public_key_) | 46 if (public_key_) |
47 EVP_PKEY_free(public_key_); | 47 EVP_PKEY_free(public_key_); |
48 } | 48 } |
49 | 49 |
50 CTLogVerifier::CTLogVerifier(const CTLogVerifier& other) | |
51 : key_id_(other.key_id_), | |
52 description_(other.description_), | |
53 url_(url), | |
54 hash_algorithm_(other.hash_algorithm_), | |
55 signature_algorithm_(other.signature_algorithm_), | |
56 public_key_(NULL) { | |
57 // No direct function for copying EVP_PKEY: Serialize to PEM | |
58 // and de-serialize. | |
59 BIO* tbio = BIO_new(BIO_s_mem()); | |
60 | |
61 if (PEM_write_bio_PUBKEY(tbio, other.public_key) == 1) { | |
62 if (PEM_read_bio_PUBKEY(tbio, &public_key_, 0, 0) == 0) { | |
63 // Will fail VerifySignature later. | |
64 public_key_ = NULL; | |
65 } | |
66 } | |
67 | |
68 BIO_free(tbio); | |
69 } | |
70 | |
50 bool CTLogVerifier::Init(const base::StringPiece& public_key) { | 71 bool CTLogVerifier::Init(const base::StringPiece& public_key) { |
51 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 72 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
52 | 73 |
53 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data()); | 74 const uint8_t* ptr = reinterpret_cast<const uint8_t*>(public_key.data()); |
54 const uint8_t* end = ptr + public_key.size(); | 75 const uint8_t* end = ptr + public_key.size(); |
55 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size()); | 76 public_key_ = d2i_PUBKEY(nullptr, &ptr, public_key.size()); |
56 if (!public_key_ || ptr != end) | 77 if (!public_key_ || ptr != end) |
57 return false; | 78 return false; |
58 | 79 |
59 key_id_ = crypto::SHA256HashString(public_key); | 80 key_id_ = crypto::SHA256HashString(public_key); |
(...skipping 21 matching lines...) Expand all Loading... | |
81 DVLOG(1) << "Too small a public key."; | 102 DVLOG(1) << "Too small a public key."; |
82 return false; | 103 return false; |
83 } | 104 } |
84 | 105 |
85 return true; | 106 return true; |
86 } | 107 } |
87 | 108 |
88 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, | 109 bool CTLogVerifier::VerifySignature(const base::StringPiece& data_to_sign, |
89 const base::StringPiece& signature) { | 110 const base::StringPiece& signature) { |
90 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 111 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
112 if (public_key_ == NULL) { | |
Ryan Sleevi
2015/06/29 11:58:13
if (!public_key_)
| |
113 return false; | |
114 } | |
91 | 115 |
92 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_); | 116 const EVP_MD* hash_alg = GetEvpAlg(hash_algorithm_); |
93 if (hash_alg == NULL) | 117 if (hash_alg == NULL) |
94 return false; | 118 return false; |
95 | 119 |
96 EVP_MD_CTX ctx; | 120 EVP_MD_CTX ctx; |
97 EVP_MD_CTX_init(&ctx); | 121 EVP_MD_CTX_init(&ctx); |
98 | 122 |
99 bool ok = ( | 123 bool ok = ( |
100 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) && | 124 1 == EVP_DigestVerifyInit(&ctx, NULL, hash_alg, NULL, public_key_) && |
101 1 == EVP_DigestVerifyUpdate( | 125 1 == EVP_DigestVerifyUpdate( |
102 &ctx, data_to_sign.data(), data_to_sign.size()) && | 126 &ctx, data_to_sign.data(), data_to_sign.size()) && |
103 1 == EVP_DigestVerifyFinal( | 127 1 == EVP_DigestVerifyFinal( |
104 &ctx, | 128 &ctx, |
105 reinterpret_cast<const uint8_t*>(signature.data()), | 129 reinterpret_cast<const uint8_t*>(signature.data()), |
106 signature.size())); | 130 signature.size())); |
107 | 131 |
108 EVP_MD_CTX_cleanup(&ctx); | 132 EVP_MD_CTX_cleanup(&ctx); |
109 return ok; | 133 return ok; |
110 } | 134 } |
111 | 135 |
112 } // namespace net | 136 } // namespace net |
OLD | NEW |