Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_signed_data.cc

Issue 1742873002: Switch //net to the new SPKI and PKCS#8 APIs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@spki-crypto
Patch Set: tweak keygen_handler_openssl.cc Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_log_verifier_openssl.cc ('k') | net/cert/internal/verify_signed_data_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_signed_data.h" 5 #include "net/cert/internal/verify_signed_data.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/der/parse_values.h" 8 #include "net/der/parse_values.h"
9 9
10 // TODO(eroman): There is no intention to implement this for non-OpenSSL. Remove 10 // TODO(eroman): There is no intention to implement this for non-OpenSSL. Remove
(...skipping 11 matching lines...) Expand all
22 const der::Input& public_key, 22 const der::Input& public_key,
23 const SignaturePolicy* policy) { 23 const SignaturePolicy* policy) {
24 NOTIMPLEMENTED(); 24 NOTIMPLEMENTED();
25 return false; 25 return false;
26 } 26 }
27 27
28 } // namespace net 28 } // namespace net
29 29
30 #else 30 #else
31 31
32 #include <openssl/bytestring.h>
32 #include <openssl/digest.h> 33 #include <openssl/digest.h>
33 #include <openssl/ec.h> 34 #include <openssl/ec.h>
34 #include <openssl/ec_key.h> 35 #include <openssl/ec_key.h>
35 #include <openssl/evp.h> 36 #include <openssl/evp.h>
36 #include <openssl/rsa.h> 37 #include <openssl/rsa.h>
37 #include <openssl/x509.h>
38 38
39 #include "base/compiler_specific.h" 39 #include "base/compiler_specific.h"
40 #include "crypto/openssl_util.h" 40 #include "crypto/openssl_util.h"
41 #include "crypto/scoped_openssl_types.h" 41 #include "crypto/scoped_openssl_types.h"
42 #include "net/cert/internal/signature_algorithm.h" 42 #include "net/cert/internal/signature_algorithm.h"
43 #include "net/cert/internal/signature_policy.h" 43 #include "net/cert/internal/signature_policy.h"
44 #include "net/der/input.h" 44 #include "net/der/input.h"
45 #include "net/der/parser.h" 45 #include "net/der/parser.h"
46 46
47 namespace net { 47 namespace net {
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 } 90 }
91 91
92 // TODO(eroman): This function is not strict enough. It accepts BER, other RSA 92 // TODO(eroman): This function is not strict enough. It accepts BER, other RSA
93 // OIDs, and does not check id-rsaEncryption parameters. 93 // OIDs, and does not check id-rsaEncryption parameters.
94 // See https://crbug.com/522228 and https://crbug.com/522232 94 // See https://crbug.com/522228 and https://crbug.com/522232
95 WARN_UNUSED_RESULT bool ImportPkeyFromSpki(const der::Input& spki, 95 WARN_UNUSED_RESULT bool ImportPkeyFromSpki(const der::Input& spki,
96 int expected_pkey_id, 96 int expected_pkey_id,
97 crypto::ScopedEVP_PKEY* pkey) { 97 crypto::ScopedEVP_PKEY* pkey) {
98 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 98 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
99 99
100 const uint8_t* ptr = spki.UnsafeData(); 100 CBS cbs;
101 pkey->reset(d2i_PUBKEY(nullptr, &ptr, spki.Length())); 101 CBS_init(&cbs, spki.UnsafeData(), spki.Length());
102 if (!pkey->get() || ptr != spki.UnsafeData() + spki.Length() || 102 pkey->reset(EVP_parse_public_key(&cbs));
103 if (!*pkey || CBS_len(&cbs) != 0 ||
103 EVP_PKEY_id(pkey->get()) != expected_pkey_id) { 104 EVP_PKEY_id(pkey->get()) != expected_pkey_id) {
104 pkey->reset(); 105 pkey->reset();
105 return false; 106 return false;
106 } 107 }
107 108
108 return true; 109 return true;
109 } 110 }
110 111
111 // Parses an RSA public key from SPKI to an EVP_PKEY. 112 // Parses an RSA public key from SPKI to an EVP_PKEY.
112 // 113 //
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 break; 307 break;
307 } 308 }
308 309
309 return DoVerify(signature_algorithm, signed_data, signature_value, 310 return DoVerify(signature_algorithm, signed_data, signature_value,
310 public_key.get()); 311 public_key.get());
311 } 312 }
312 313
313 } // namespace net 314 } // namespace net
314 315
315 #endif 316 #endif
OLDNEW
« no previous file with comments | « net/cert/ct_log_verifier_openssl.cc ('k') | net/cert/internal/verify_signed_data_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698