| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
| 6 | 6 |
| 7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
| 8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/stl_util.h" | 14 #include "base/stl_util.h" |
| 15 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
| 16 #include "crypto/scoped_openssl_types.h" |
| 16 | 17 |
| 17 namespace crypto { | 18 namespace crypto { |
| 18 | 19 |
| 19 namespace { | 20 namespace { |
| 20 | 21 |
| 21 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { | 22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { |
| 22 switch (hash_alg) { | 23 switch (hash_alg) { |
| 23 case SignatureVerifier::SHA1: | 24 case SignatureVerifier::SHA1: |
| 24 return EVP_sha1(); | 25 return EVP_sha1(); |
| 25 case SignatureVerifier::SHA256: | 26 case SignatureVerifier::SHA256: |
| 26 return EVP_sha256(); | 27 return EVP_sha256(); |
| 27 } | 28 } |
| 28 return EVP_md_null(); | 29 return EVP_md_null(); |
| 29 } | 30 } |
| 30 | 31 |
| 31 } // namespace | 32 } // namespace |
| 32 | 33 |
| 33 struct SignatureVerifier::VerifyContext { | 34 struct SignatureVerifier::VerifyContext { |
| 34 ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> ctx; | 35 ScopedEVP_MD_CTX ctx; |
| 35 }; | 36 }; |
| 36 | 37 |
| 37 SignatureVerifier::SignatureVerifier() | 38 SignatureVerifier::SignatureVerifier() |
| 38 : verify_context_(NULL) { | 39 : verify_context_(NULL) { |
| 39 } | 40 } |
| 40 | 41 |
| 41 SignatureVerifier::~SignatureVerifier() { | 42 SignatureVerifier::~SignatureVerifier() { |
| 42 Reset(); | 43 Reset(); |
| 43 } | 44 } |
| 44 | 45 |
| 45 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, | 46 bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, |
| 46 int signature_algorithm_len, | 47 int signature_algorithm_len, |
| 47 const uint8* signature, | 48 const uint8* signature, |
| 48 int signature_len, | 49 int signature_len, |
| 49 const uint8* public_key_info, | 50 const uint8* public_key_info, |
| 50 int public_key_info_len) { | 51 int public_key_info_len) { |
| 51 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 52 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 52 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free> algorithm( | 53 ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free>::Type algorithm( |
| 53 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); | 54 d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len)); |
| 54 if (!algorithm.get()) | 55 if (!algorithm.get()) |
| 55 return false; | 56 return false; |
| 56 int nid = OBJ_obj2nid(algorithm.get()->algorithm); | 57 int nid = OBJ_obj2nid(algorithm.get()->algorithm); |
| 57 const EVP_MD* digest; | 58 const EVP_MD* digest; |
| 58 if (nid == NID_ecdsa_with_SHA1) { | 59 if (nid == NID_ecdsa_with_SHA1) { |
| 59 digest = EVP_sha1(); | 60 digest = EVP_sha1(); |
| 60 } else if (nid == NID_ecdsa_with_SHA256) { | 61 } else if (nid == NID_ecdsa_with_SHA256) { |
| 61 digest = EVP_sha256(); | 62 digest = EVP_sha256(); |
| 62 } else { | 63 } else { |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 EVP_PKEY_CTX** pkey_ctx) { | 129 EVP_PKEY_CTX** pkey_ctx) { |
| 129 if (verify_context_) | 130 if (verify_context_) |
| 130 return false; | 131 return false; |
| 131 | 132 |
| 132 verify_context_ = new VerifyContext; | 133 verify_context_ = new VerifyContext; |
| 133 | 134 |
| 134 signature_.assign(signature, signature + signature_len); | 135 signature_.assign(signature, signature + signature_len); |
| 135 | 136 |
| 136 // BIO_new_mem_buf is not const aware, but it does not modify the buffer. | 137 // BIO_new_mem_buf is not const aware, but it does not modify the buffer. |
| 137 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); | 138 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); |
| 138 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, | 139 ScopedBIO bio(BIO_new_mem_buf(data, public_key_info_len)); |
| 139 public_key_info_len)); | |
| 140 if (!bio.get()) | 140 if (!bio.get()) |
| 141 return false; | 141 return false; |
| 142 | 142 |
| 143 ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> public_key( | 143 ScopedEVP_PKEY public_key(d2i_PUBKEY_bio(bio.get(), NULL)); |
| 144 d2i_PUBKEY_bio(bio.get(), NULL)); | |
| 145 if (!public_key.get()) | 144 if (!public_key.get()) |
| 146 return false; | 145 return false; |
| 147 | 146 |
| 148 verify_context_->ctx.reset(EVP_MD_CTX_create()); | 147 verify_context_->ctx.reset(EVP_MD_CTX_create()); |
| 149 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, | 148 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, |
| 150 digest, NULL, public_key.get()); | 149 digest, NULL, public_key.get()); |
| 151 return rv == 1; | 150 return rv == 1; |
| 152 } | 151 } |
| 153 | 152 |
| 154 void SignatureVerifier::Reset() { | 153 void SignatureVerifier::Reset() { |
| 155 delete verify_context_; | 154 delete verify_context_; |
| 156 verify_context_ = NULL; | 155 verify_context_ = NULL; |
| 157 signature_.clear(); | 156 signature_.clear(); |
| 158 } | 157 } |
| 159 | 158 |
| 160 } // namespace crypto | 159 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 361193003:
Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src