| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_signed_data.h" | 5 #include "net/cert/internal/verify_signed_data.h" |
| 6 | 6 |
| 7 #include <openssl/bytestring.h> | 7 #include <openssl/bytestring.h> |
| 8 #include <openssl/digest.h> | 8 #include <openssl/digest.h> |
| 9 #include <openssl/ec.h> | 9 #include <openssl/ec.h> |
| 10 #include <openssl/ec_key.h> | 10 #include <openssl/ec_key.h> |
| 11 #include <openssl/evp.h> | 11 #include <openssl/evp.h> |
| 12 #include <openssl/rsa.h> | 12 #include <openssl/rsa.h> |
| 13 | 13 |
| 14 #include "base/compiler_specific.h" | 14 #include "base/compiler_specific.h" |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "crypto/openssl_util.h" | 16 #include "crypto/openssl_util.h" |
| 17 #include "crypto/scoped_openssl_types.h" | 17 #include "crypto/scoped_openssl_types.h" |
| 18 #include "net/cert/internal/cert_errors.h" | 18 #include "net/cert/internal/cert_errors.h" |
| 19 #include "net/cert/internal/signature_algorithm.h" | 19 #include "net/cert/internal/signature_algorithm.h" |
| 20 #include "net/cert/internal/signature_policy.h" | 20 #include "net/cert/internal/signature_policy.h" |
| 21 #include "net/der/input.h" | 21 #include "net/der/input.h" |
| 22 #include "net/der/parse_values.h" | 22 #include "net/der/parse_values.h" |
| 23 #include "net/der/parser.h" | 23 #include "net/der/parser.h" |
| 24 | 24 |
| 25 namespace net { | 25 namespace net { |
| 26 | 26 |
| 27 namespace { | 27 namespace { |
| 28 | 28 |
| 29 DEFINE_CERT_ERROR_TYPE(kUnacceptableSignatureAlgorithm, | 29 DEFINE_CERT_ERROR_ID(kUnacceptableSignatureAlgorithm, |
| 30 "Unacceptable signature algorithm"); | 30 "Unacceptable signature algorithm"); |
| 31 DEFINE_CERT_ERROR_TYPE(kUnacceptableRsaModulusLength, | 31 DEFINE_CERT_ERROR_ID(kUnacceptableRsaModulusLength, |
| 32 "Unacceptable modulus length for RSA key"); | 32 "Unacceptable modulus length for RSA key"); |
| 33 DEFINE_CERT_ERROR_TYPE(kUnacceptableEcdsaCurve, | 33 DEFINE_CERT_ERROR_ID(kUnacceptableEcdsaCurve, |
| 34 "Unacceptable curve for ECDSA key"); | 34 "Unacceptable curve for ECDSA key"); |
| 35 DEFINE_CERT_ERROR_TYPE(kSignatureVerificationFailed, | 35 DEFINE_CERT_ERROR_ID(kSignatureVerificationFailed, |
| 36 "Signature verification failed"); | 36 "Signature verification failed"); |
| 37 | 37 |
| 38 // Converts a DigestAlgorithm to an equivalent EVP_MD*. | 38 // Converts a DigestAlgorithm to an equivalent EVP_MD*. |
| 39 WARN_UNUSED_RESULT bool GetDigest(DigestAlgorithm digest, const EVP_MD** out) { | 39 WARN_UNUSED_RESULT bool GetDigest(DigestAlgorithm digest, const EVP_MD** out) { |
| 40 *out = nullptr; | 40 *out = nullptr; |
| 41 | 41 |
| 42 switch (digest) { | 42 switch (digest) { |
| 43 case DigestAlgorithm::Sha1: | 43 case DigestAlgorithm::Sha1: |
| 44 *out = EVP_sha1(); | 44 *out = EVP_sha1(); |
| 45 break; | 45 break; |
| 46 case DigestAlgorithm::Sha256: | 46 case DigestAlgorithm::Sha256: |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 314 if (!DoVerify(signature_algorithm, signed_data, signature_value, | 314 if (!DoVerify(signature_algorithm, signed_data, signature_value, |
| 315 public_key.get())) { | 315 public_key.get())) { |
| 316 errors->Add(kSignatureVerificationFailed); | 316 errors->Add(kSignatureVerificationFailed); |
| 317 return false; | 317 return false; |
| 318 } | 318 } |
| 319 | 319 |
| 320 return true; | 320 return true; |
| 321 } | 321 } |
| 322 | 322 |
| 323 } // namespace net | 323 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2329593002:
Add optional context for certificate errors. (Closed)
