| Index: crypto/signature_verifier_openssl.cc
|
| diff --git a/crypto/signature_verifier_openssl.cc b/crypto/signature_verifier_openssl.cc
|
| deleted file mode 100644
|
| index 93ce9ba4fafb9bc8975bd886194ec18491a0a640..0000000000000000000000000000000000000000
|
| --- a/crypto/signature_verifier_openssl.cc
|
| +++ /dev/null
|
| @@ -1,160 +0,0 @@
|
| -// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "crypto/signature_verifier.h"
|
| -
|
| -#include <openssl/evp.h>
|
| -#include <openssl/x509.h>
|
| -
|
| -#include <vector>
|
| -
|
| -#include "base/logging.h"
|
| -#include "base/memory/scoped_ptr.h"
|
| -#include "base/stl_util.h"
|
| -#include "crypto/openssl_util.h"
|
| -#include "crypto/scoped_openssl_types.h"
|
| -
|
| -namespace crypto {
|
| -
|
| -namespace {
|
| -
|
| -const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) {
|
| - switch (hash_alg) {
|
| - case SignatureVerifier::SHA1:
|
| - return EVP_sha1();
|
| - case SignatureVerifier::SHA256:
|
| - return EVP_sha256();
|
| - }
|
| - return NULL;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -struct SignatureVerifier::VerifyContext {
|
| - ScopedEVP_MD_CTX ctx;
|
| -};
|
| -
|
| -SignatureVerifier::SignatureVerifier()
|
| - : verify_context_(NULL) {
|
| -}
|
| -
|
| -SignatureVerifier::~SignatureVerifier() {
|
| - Reset();
|
| -}
|
| -
|
| -bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm,
|
| - int signature_algorithm_len,
|
| - const uint8* signature,
|
| - int signature_len,
|
| - const uint8* public_key_info,
|
| - int public_key_info_len) {
|
| - OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| - ScopedOpenSSL<X509_ALGOR, X509_ALGOR_free>::Type algorithm(
|
| - d2i_X509_ALGOR(NULL, &signature_algorithm, signature_algorithm_len));
|
| - if (!algorithm.get())
|
| - return false;
|
| - int nid = OBJ_obj2nid(algorithm.get()->algorithm);
|
| - const EVP_MD* digest;
|
| - if (nid == NID_ecdsa_with_SHA1) {
|
| - digest = EVP_sha1();
|
| - } else if (nid == NID_ecdsa_with_SHA256) {
|
| - digest = EVP_sha256();
|
| - } else {
|
| - // This works for PKCS #1 v1.5 RSA signatures, but not for ECDSA
|
| - // signatures.
|
| - digest = EVP_get_digestbyobj(algorithm.get()->algorithm);
|
| - }
|
| - if (!digest)
|
| - return false;
|
| -
|
| - return CommonInit(digest, signature, signature_len, public_key_info,
|
| - public_key_info_len, NULL);
|
| -}
|
| -
|
| -bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
| - HashAlgorithm mask_hash_alg,
|
| - int salt_len,
|
| - const uint8* signature,
|
| - int signature_len,
|
| - const uint8* public_key_info,
|
| - int public_key_info_len) {
|
| - OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| - const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
|
| - DCHECK(digest);
|
| - if (!digest) {
|
| - return false;
|
| - }
|
| -
|
| - EVP_PKEY_CTX* pkey_ctx;
|
| - if (!CommonInit(digest, signature, signature_len, public_key_info,
|
| - public_key_info_len, &pkey_ctx)) {
|
| - return false;
|
| - }
|
| -
|
| - int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
|
| - if (rv != 1)
|
| - return false;
|
| - const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg);
|
| - DCHECK(mgf_digest);
|
| - if (!mgf_digest) {
|
| - return false;
|
| - }
|
| - rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest);
|
| - if (rv != 1)
|
| - return false;
|
| - rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
|
| - return rv == 1;
|
| -}
|
| -
|
| -void SignatureVerifier::VerifyUpdate(const uint8* data_part,
|
| - int data_part_len) {
|
| - DCHECK(verify_context_);
|
| - OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| - int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
|
| - data_part, data_part_len);
|
| - DCHECK_EQ(rv, 1);
|
| -}
|
| -
|
| -bool SignatureVerifier::VerifyFinal() {
|
| - DCHECK(verify_context_);
|
| - OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| - int rv = EVP_DigestVerifyFinal(verify_context_->ctx.get(),
|
| - vector_as_array(&signature_),
|
| - signature_.size());
|
| - DCHECK_EQ(static_cast<int>(!!rv), rv);
|
| - Reset();
|
| - return rv == 1;
|
| -}
|
| -
|
| -bool SignatureVerifier::CommonInit(const EVP_MD* digest,
|
| - const uint8* signature,
|
| - int signature_len,
|
| - const uint8* public_key_info,
|
| - int public_key_info_len,
|
| - EVP_PKEY_CTX** pkey_ctx) {
|
| - if (verify_context_)
|
| - return false;
|
| -
|
| - verify_context_ = new VerifyContext;
|
| -
|
| - signature_.assign(signature, signature + signature_len);
|
| -
|
| - const uint8_t* ptr = public_key_info;
|
| - ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len));
|
| - if (!public_key.get() || ptr != public_key_info + public_key_info_len)
|
| - return false;
|
| -
|
| - verify_context_->ctx.reset(EVP_MD_CTX_create());
|
| - int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
|
| - digest, nullptr, public_key.get());
|
| - return rv == 1;
|
| -}
|
| -
|
| -void SignatureVerifier::Reset() {
|
| - delete verify_context_;
|
| - verify_context_ = NULL;
|
| - signature_.clear();
|
| -}
|
| -
|
| -} // namespace crypto
|
|
|
Chromium Code Reviews
Issue 956613002:
Reland "Cut down /crypto and switch what is left of it to boringssl". (Closed)
Base URL: git@github.com:domokit/mojo.git@master