| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
| 6 | 6 |
| 7 #include <openssl/bytestring.h> | 7 #include <openssl/bytestring.h> |
| 8 #include <openssl/digest.h> | 8 #include <openssl/digest.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 #include <openssl/rsa.h> |
| 10 #include <stdint.h> | 11 #include <stdint.h> |
| 11 | 12 |
| 12 #include <memory> | 13 #include <memory> |
| 13 #include <vector> | 14 #include <vector> |
| 14 | 15 |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
| 17 #include "crypto/scoped_openssl_types.h" | |
| 18 | 18 |
| 19 namespace crypto { | 19 namespace crypto { |
| 20 | 20 |
| 21 namespace { | 21 namespace { |
| 22 | 22 |
| 23 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { | 23 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { |
| 24 switch (hash_alg) { | 24 switch (hash_alg) { |
| 25 case SignatureVerifier::SHA1: | 25 case SignatureVerifier::SHA1: |
| 26 return EVP_sha1(); | 26 return EVP_sha1(); |
| 27 case SignatureVerifier::SHA256: | 27 case SignatureVerifier::SHA256: |
| 28 return EVP_sha256(); | 28 return EVP_sha256(); |
| 29 } | 29 } |
| 30 return nullptr; | 30 return nullptr; |
| 31 } | 31 } |
| 32 | 32 |
| 33 } // namespace | 33 } // namespace |
| 34 | 34 |
| 35 struct SignatureVerifier::VerifyContext { | 35 struct SignatureVerifier::VerifyContext { |
| 36 ScopedEVP_MD_CTX ctx; | 36 bssl::ScopedEVP_MD_CTX ctx; |
| 37 }; | 37 }; |
| 38 | 38 |
| 39 SignatureVerifier::SignatureVerifier() : verify_context_(nullptr) {} | 39 SignatureVerifier::SignatureVerifier() {} |
| 40 | 40 |
| 41 SignatureVerifier::~SignatureVerifier() { | 41 SignatureVerifier::~SignatureVerifier() {} |
| 42 Reset(); | |
| 43 } | |
| 44 | 42 |
| 45 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm, | 43 bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm, |
| 46 const uint8_t* signature, | 44 const uint8_t* signature, |
| 47 int signature_len, | 45 int signature_len, |
| 48 const uint8_t* public_key_info, | 46 const uint8_t* public_key_info, |
| 49 int public_key_info_len) { | 47 int public_key_info_len) { |
| 50 int pkey_type = EVP_PKEY_NONE; | 48 int pkey_type = EVP_PKEY_NONE; |
| 51 const EVP_MD* digest = nullptr; | 49 const EVP_MD* digest = nullptr; |
| 52 switch (signature_algorithm) { | 50 switch (signature_algorithm) { |
| 53 case RSA_PKCS1_SHA1: | 51 case RSA_PKCS1_SHA1: |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 124 bool SignatureVerifier::CommonInit(int pkey_type, | 122 bool SignatureVerifier::CommonInit(int pkey_type, |
| 125 const EVP_MD* digest, | 123 const EVP_MD* digest, |
| 126 const uint8_t* signature, | 124 const uint8_t* signature, |
| 127 int signature_len, | 125 int signature_len, |
| 128 const uint8_t* public_key_info, | 126 const uint8_t* public_key_info, |
| 129 int public_key_info_len, | 127 int public_key_info_len, |
| 130 EVP_PKEY_CTX** pkey_ctx) { | 128 EVP_PKEY_CTX** pkey_ctx) { |
| 131 if (verify_context_) | 129 if (verify_context_) |
| 132 return false; | 130 return false; |
| 133 | 131 |
| 134 verify_context_ = new VerifyContext; | 132 verify_context_.reset(new VerifyContext); |
| 135 | 133 |
| 136 signature_.assign(signature, signature + signature_len); | 134 signature_.assign(signature, signature + signature_len); |
| 137 | 135 |
| 138 CBS cbs; | 136 CBS cbs; |
| 139 CBS_init(&cbs, public_key_info, public_key_info_len); | 137 CBS_init(&cbs, public_key_info, public_key_info_len); |
| 140 ScopedEVP_PKEY public_key(EVP_parse_public_key(&cbs)); | 138 bssl::UniquePtr<EVP_PKEY> public_key(EVP_parse_public_key(&cbs)); |
| 141 if (!public_key || CBS_len(&cbs) != 0 || | 139 if (!public_key || CBS_len(&cbs) != 0 || |
| 142 EVP_PKEY_id(public_key.get()) != pkey_type) { | 140 EVP_PKEY_id(public_key.get()) != pkey_type) { |
| 143 return false; | 141 return false; |
| 144 } | 142 } |
| 145 | 143 |
| 146 verify_context_->ctx.reset(EVP_MD_CTX_create()); | |
| 147 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, | 144 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, |
| 148 digest, nullptr, public_key.get()); | 145 digest, nullptr, public_key.get()); |
| 149 return rv == 1; | 146 return rv == 1; |
| 150 } | 147 } |
| 151 | 148 |
| 152 void SignatureVerifier::Reset() { | 149 void SignatureVerifier::Reset() { |
| 153 delete verify_context_; | 150 verify_context_.reset(); |
| 154 verify_context_ = nullptr; | |
| 155 signature_.clear(); | 151 signature_.clear(); |
| 156 } | 152 } |
| 157 | 153 |
| 158 } // namespace crypto | 154 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2332473002:
Use new BoringSSL scopers in //crypto (Closed)
