| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
| 6 | 6 |
| 7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
| 8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/stl_util.h" | 14 #include "base/stl_util.h" |
| 15 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
| 16 #include "crypto/scoped_openssl_types.h" | 16 #include "crypto/scoped_openssl_types.h" |
| 17 | 17 |
| 18 namespace crypto { | 18 namespace crypto { |
| 19 | 19 |
| 20 namespace { | 20 namespace { |
| 21 | 21 |
| 22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { | 22 const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { |
| 23 switch (hash_alg) { | 23 switch (hash_alg) { |
| 24 case SignatureVerifier::SHA1: | 24 case SignatureVerifier::SHA1: |
| 25 return EVP_sha1(); | 25 return EVP_sha1(); |
| 26 case SignatureVerifier::SHA256: | 26 case SignatureVerifier::SHA256: |
| 27 return EVP_sha256(); | 27 return EVP_sha256(); |
| 28 } | 28 } |
| 29 return NULL; | 29 return EVP_md_null(); |
| 30 } | 30 } |
| 31 | 31 |
| 32 } // namespace | 32 } // namespace |
| 33 | 33 |
| 34 struct SignatureVerifier::VerifyContext { | 34 struct SignatureVerifier::VerifyContext { |
| 35 ScopedEVP_MD_CTX ctx; | 35 ScopedEVP_MD_CTX ctx; |
| 36 }; | 36 }; |
| 37 | 37 |
| 38 SignatureVerifier::SignatureVerifier() | 38 SignatureVerifier::SignatureVerifier() |
| 39 : verify_context_(NULL) { | 39 : verify_context_(NULL) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 } | 73 } |
| 74 | 74 |
| 75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, | 75 bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, |
| 76 HashAlgorithm mask_hash_alg, | 76 HashAlgorithm mask_hash_alg, |
| 77 int salt_len, | 77 int salt_len, |
| 78 const uint8* signature, | 78 const uint8* signature, |
| 79 int signature_len, | 79 int signature_len, |
| 80 const uint8* public_key_info, | 80 const uint8* public_key_info, |
| 81 int public_key_info_len) { | 81 int public_key_info_len) { |
| 82 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 82 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 83 const EVP_MD* const digest = ToOpenSSLDigest(hash_alg); | 83 const EVP_MD* digest = ToOpenSSLDigest(hash_alg); |
| 84 DCHECK(digest); | 84 DCHECK(digest); |
| 85 if (!digest) { | |
| 86 return false; | |
| 87 } | |
| 88 | 85 |
| 89 EVP_PKEY_CTX* pkey_ctx; | 86 EVP_PKEY_CTX* pkey_ctx; |
| 90 if (!CommonInit(digest, signature, signature_len, public_key_info, | 87 if (!CommonInit(digest, signature, signature_len, public_key_info, |
| 91 public_key_info_len, &pkey_ctx)) { | 88 public_key_info_len, &pkey_ctx)) { |
| 92 return false; | 89 return false; |
| 93 } | 90 } |
| 94 | 91 |
| 95 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); | 92 int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); |
| 96 if (rv != 1) | 93 if (rv != 1) |
| 97 return false; | 94 return false; |
| 98 const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg); | 95 rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, |
| 99 DCHECK(mgf_digest); | 96 ToOpenSSLDigest(mask_hash_alg)); |
| 100 if (!mgf_digest) { | |
| 101 return false; | |
| 102 } | |
| 103 rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest); | |
| 104 if (rv != 1) | 97 if (rv != 1) |
| 105 return false; | 98 return false; |
| 106 rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); | 99 rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); |
| 107 return rv == 1; | 100 return rv == 1; |
| 108 } | 101 } |
| 109 | 102 |
| 110 void SignatureVerifier::VerifyUpdate(const uint8* data_part, | 103 void SignatureVerifier::VerifyUpdate(const uint8* data_part, |
| 111 int data_part_len) { | 104 int data_part_len) { |
| 112 DCHECK(verify_context_); | 105 DCHECK(verify_context_); |
| 113 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 106 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 157 return rv == 1; | 150 return rv == 1; |
| 158 } | 151 } |
| 159 | 152 |
| 160 void SignatureVerifier::Reset() { | 153 void SignatureVerifier::Reset() { |
| 161 delete verify_context_; | 154 delete verify_context_; |
| 162 verify_context_ = NULL; | 155 verify_context_ = NULL; |
| 163 signature_.clear(); | 156 signature_.clear(); |
| 164 } | 157 } |
| 165 | 158 |
| 166 } // namespace crypto | 159 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 405503002:
Revert 283813 "Switch to BoringSSL." (Closed)
Base URL: svn://svn.chromium.org/chrome/