| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/signature_verifier.h" | 5 #include "crypto/signature_verifier.h" |
| 6 | 6 |
| 7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
| 8 #include <openssl/x509.h> | 8 #include <openssl/x509.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 data_part, data_part_len); | 115 data_part, data_part_len); |
| 116 DCHECK_EQ(rv, 1); | 116 DCHECK_EQ(rv, 1); |
| 117 } | 117 } |
| 118 | 118 |
| 119 bool SignatureVerifier::VerifyFinal() { | 119 bool SignatureVerifier::VerifyFinal() { |
| 120 DCHECK(verify_context_); | 120 DCHECK(verify_context_); |
| 121 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 121 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 122 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), | 122 int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(), |
| 123 vector_as_array(&signature_), | 123 vector_as_array(&signature_), |
| 124 signature_.size()); | 124 signature_.size()); |
| 125 // rv is -1 if a DER-encoded ECDSA signature cannot be decoded correctly. | 125 DCHECK_EQ(static_cast<int>(!!rv), rv); |
| 126 DCHECK_GE(rv, -1); | |
| 127 Reset(); | 126 Reset(); |
| 128 return rv == 1; | 127 return rv == 1; |
| 129 } | 128 } |
| 130 | 129 |
| 131 bool SignatureVerifier::CommonInit(const EVP_MD* digest, | 130 bool SignatureVerifier::CommonInit(const EVP_MD* digest, |
| 132 const uint8* signature, | 131 const uint8* signature, |
| 133 int signature_len, | 132 int signature_len, |
| 134 const uint8* public_key_info, | 133 const uint8* public_key_info, |
| 135 int public_key_info_len, | 134 int public_key_info_len, |
| 136 EVP_PKEY_CTX** pkey_ctx) { | 135 EVP_PKEY_CTX** pkey_ctx) { |
| 137 if (verify_context_) | 136 if (verify_context_) |
| 138 return false; | 137 return false; |
| 139 | 138 |
| 140 verify_context_ = new VerifyContext; | 139 verify_context_ = new VerifyContext; |
| 141 | 140 |
| 142 signature_.assign(signature, signature + signature_len); | 141 signature_.assign(signature, signature + signature_len); |
| 143 | 142 |
| 144 // BIO_new_mem_buf is not const aware, but it does not modify the buffer. | 143 const uint8_t* ptr = public_key_info; |
| 145 char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info)); | 144 ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len)); |
| 146 ScopedBIO bio(BIO_new_mem_buf(data, public_key_info_len)); | 145 if (!public_key.get() || ptr != public_key_info + public_key_info_len) |
| 147 if (!bio.get()) | |
| 148 return false; | |
| 149 | |
| 150 ScopedEVP_PKEY public_key(d2i_PUBKEY_bio(bio.get(), NULL)); | |
| 151 if (!public_key.get()) | |
| 152 return false; | 146 return false; |
| 153 | 147 |
| 154 verify_context_->ctx.reset(EVP_MD_CTX_create()); | 148 verify_context_->ctx.reset(EVP_MD_CTX_create()); |
| 155 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, | 149 int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx, |
| 156 digest, NULL, public_key.get()); | 150 digest, nullptr, public_key.get()); |
| 157 return rv == 1; | 151 return rv == 1; |
| 158 } | 152 } |
| 159 | 153 |
| 160 void SignatureVerifier::Reset() { | 154 void SignatureVerifier::Reset() { |
| 161 delete verify_context_; | 155 delete verify_context_; |
| 162 verify_context_ = NULL; | 156 verify_context_ = NULL; |
| 163 signature_.clear(); | 157 signature_.clear(); |
| 164 } | 158 } |
| 165 | 159 |
| 166 } // namespace crypto | 160 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 723343002:
Update from https://crrev.com/304121 (Closed)
Base URL: git@github.com:domokit/mojo.git@master