Use size_t in crypto::SignatureVerifier.
Most places were already passing in a size_t and truncating. This should fix the remainig which I found. BUG=488553 Review-Url: https://codereview.chromium.org/2768033002 Cr-Commit-Position: refs/heads/master@{#459249}
This commit is contained in:
components
crypto
extensions
@ -170,10 +170,9 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
|
||||
|
||||
// Initialize the signature verifier.
|
||||
crypto::SignatureVerifier verifier;
|
||||
if (!verifier.VerifyInit(
|
||||
crypto::SignatureVerifier::ECDSA_SHA256, &signature.front(),
|
||||
static_cast<int>(signature.size()), &public_key_.front(),
|
||||
static_cast<int>(public_key_.size()))) {
|
||||
if (!verifier.VerifyInit(crypto::SignatureVerifier::ECDSA_SHA256,
|
||||
&signature.front(), signature.size(),
|
||||
&public_key_.front(), public_key_.size())) {
|
||||
DVLOG(1) << "Couldn't init SignatureVerifier.";
|
||||
return false;
|
||||
}
|
||||
@ -184,7 +183,7 @@ bool Ecdsa::ValidateResponse(const base::StringPiece& response_body,
|
||||
// client assembled -- implying that either request body or response body
|
||||
// was modified, or a different nonce value was used.
|
||||
verifier.VerifyUpdate(&signed_message_hash.front(),
|
||||
static_cast<int>(signed_message_hash.size()));
|
||||
signed_message_hash.size());
|
||||
return verifier.VerifyFinal();
|
||||
}
|
||||
|
||||
|
@ -160,8 +160,8 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
|
||||
|
||||
crypto::SignatureVerifier verifier;
|
||||
if (!verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1,
|
||||
signature.data(), static_cast<int>(signature.size()),
|
||||
key.data(), static_cast<int>(key.size()))) {
|
||||
signature.data(), signature.size(), key.data(),
|
||||
key.size())) {
|
||||
// Signature verification initialization failed. This is most likely
|
||||
// caused by a public key in the wrong format (should encode algorithm).
|
||||
return ValidateError::CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED;
|
||||
@ -170,7 +170,7 @@ CrxFile::ValidateError CrxFile::ValidateSignature(
|
||||
uint8_t buf[1 << 12] = {};
|
||||
while ((len = ReadAndHash(buf, sizeof(buf[0]), arraysize(buf), file.get(),
|
||||
hash.get())) > 0)
|
||||
verifier.VerifyUpdate(buf, static_cast<int>(len));
|
||||
verifier.VerifyUpdate(buf, len);
|
||||
|
||||
if (!verifier.VerifyFinal())
|
||||
return ValidateError::CRX_SIGNATURE_VERIFICATION_FAILED;
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include <vector>
|
||||
|
||||
#include "base/logging.h"
|
||||
#include "base/numerics/safe_conversions.h"
|
||||
#include "crypto/openssl_util.h"
|
||||
#include "third_party/boringssl/src/include/openssl/bytestring.h"
|
||||
#include "third_party/boringssl/src/include/openssl/digest.h"
|
||||
@ -42,9 +43,9 @@ SignatureVerifier::~SignatureVerifier() {}
|
||||
|
||||
bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len) {
|
||||
size_t public_key_info_len) {
|
||||
int pkey_type = EVP_PKEY_NONE;
|
||||
const EVP_MD* digest = nullptr;
|
||||
switch (signature_algorithm) {
|
||||
@ -70,11 +71,11 @@ bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
|
||||
|
||||
bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
||||
HashAlgorithm mask_hash_alg,
|
||||
int salt_len,
|
||||
size_t salt_len,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len) {
|
||||
size_t public_key_info_len) {
|
||||
OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
||||
const EVP_MD* const digest = ToOpenSSLDigest(hash_alg);
|
||||
DCHECK(digest);
|
||||
@ -97,15 +98,16 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
||||
return false;
|
||||
}
|
||||
return EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest) &&
|
||||
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
|
||||
EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx,
|
||||
base::checked_cast<int>(salt_len));
|
||||
}
|
||||
|
||||
void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
|
||||
int data_part_len) {
|
||||
size_t data_part_len) {
|
||||
DCHECK(verify_context_);
|
||||
OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
||||
int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(),
|
||||
data_part, data_part_len);
|
||||
int rv = EVP_DigestVerifyUpdate(verify_context_->ctx.get(), data_part,
|
||||
data_part_len);
|
||||
DCHECK_EQ(rv, 1);
|
||||
}
|
||||
|
||||
@ -122,9 +124,9 @@ bool SignatureVerifier::VerifyFinal() {
|
||||
bool SignatureVerifier::CommonInit(int pkey_type,
|
||||
const EVP_MD* digest,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len,
|
||||
size_t public_key_info_len,
|
||||
EVP_PKEY_CTX** pkey_ctx) {
|
||||
if (verify_context_)
|
||||
return false;
|
||||
|
@ -54,9 +54,9 @@ class CRYPTO_EXPORT SignatureVerifier {
|
||||
// subjectPublicKey BIT STRING }
|
||||
bool VerifyInit(SignatureAlgorithm signature_algorithm,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len);
|
||||
size_t public_key_info_len);
|
||||
|
||||
// Initiates a RSA-PSS signature verification operation. This should be
|
||||
// followed by one or more VerifyUpdate calls and a VerifyFinal call.
|
||||
@ -76,14 +76,14 @@ class CRYPTO_EXPORT SignatureVerifier {
|
||||
// subjectPublicKey BIT STRING }
|
||||
bool VerifyInitRSAPSS(HashAlgorithm hash_alg,
|
||||
HashAlgorithm mask_hash_alg,
|
||||
int salt_len,
|
||||
size_t salt_len,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len);
|
||||
size_t public_key_info_len);
|
||||
|
||||
// Feeds a piece of the data to the signature verifier.
|
||||
void VerifyUpdate(const uint8_t* data_part, int data_part_len);
|
||||
void VerifyUpdate(const uint8_t* data_part, size_t data_part_len);
|
||||
|
||||
// Concludes a signature verification operation. Returns true if the
|
||||
// signature is valid. Returns false if the signature is invalid or an
|
||||
@ -94,9 +94,9 @@ class CRYPTO_EXPORT SignatureVerifier {
|
||||
bool CommonInit(int pkey_type,
|
||||
const EVP_MD* digest,
|
||||
const uint8_t* signature,
|
||||
int signature_len,
|
||||
size_t signature_len,
|
||||
const uint8_t* public_key_info,
|
||||
int public_key_info_len,
|
||||
size_t public_key_info_len,
|
||||
EVP_PKEY_CTX** pkey_ctx);
|
||||
|
||||
void Reset();
|
||||
|
@ -24,9 +24,10 @@ class Extension;
|
||||
// A pointer to the bytes of a public key, and the number of bytes.
|
||||
struct ContentVerifierKey {
|
||||
const uint8_t* data;
|
||||
int size;
|
||||
size_t size;
|
||||
|
||||
ContentVerifierKey(const uint8_t* data, int size) : data(data), size(size) {}
|
||||
ContentVerifierKey(const uint8_t* data, size_t size)
|
||||
: data(data), size(size) {}
|
||||
};
|
||||
|
||||
// This is an interface for clients that want to use a ContentVerifier.
|
||||
|
@ -62,7 +62,7 @@ DictionaryValue* FindDictionaryWithValue(const ListValue* list,
|
||||
namespace extensions {
|
||||
|
||||
VerifiedContents::VerifiedContents(const uint8_t* public_key,
|
||||
int public_key_size)
|
||||
size_t public_key_size)
|
||||
: public_key_(public_key),
|
||||
public_key_size_(public_key_size),
|
||||
valid_signature_(false), // Guilty until proven innocent.
|
||||
|
@ -24,7 +24,7 @@ namespace extensions {
|
||||
class VerifiedContents {
|
||||
public:
|
||||
// Note: the public_key must remain valid for the lifetime of this object.
|
||||
VerifiedContents(const uint8_t* public_key, int public_key_size);
|
||||
VerifiedContents(const uint8_t* public_key, size_t public_key_size);
|
||||
~VerifiedContents();
|
||||
|
||||
// Returns true if we successfully parsed the verified_contents.json file at
|
||||
@ -59,7 +59,7 @@ class VerifiedContents {
|
||||
|
||||
// The public key we should use for signature verification.
|
||||
const uint8_t* public_key_;
|
||||
const int public_key_size_;
|
||||
const size_t public_key_size_;
|
||||
|
||||
// Indicates whether the signature was successfully validated or not.
|
||||
bool valid_signature_;
|
||||
|
@ -80,7 +80,7 @@ const uint8_t kWebstoreSignaturesPublicKey[] = {
|
||||
0x58, 0x34, 0xc8, 0x22, 0x2d, 0x2a, 0x65, 0x75, 0xa7, 0xd9, 0x08, 0x62,
|
||||
0xcd, 0x02, 0x03, 0x01, 0x00, 0x01};
|
||||
|
||||
const int kWebstoreSignaturesPublicKeySize =
|
||||
const size_t kWebstoreSignaturesPublicKeySize =
|
||||
arraysize(kWebstoreSignaturesPublicKey);
|
||||
|
||||
const char kMimeTypeJpeg[] = "image/jpeg";
|
||||
|
@ -111,7 +111,7 @@ extern const char kWebStoreAppId[];
|
||||
|
||||
// The key used for signing some pieces of data from the webstore.
|
||||
extern const uint8_t kWebstoreSignaturesPublicKey[];
|
||||
extern const int kWebstoreSignaturesPublicKeySize;
|
||||
extern const size_t kWebstoreSignaturesPublicKeySize;
|
||||
|
||||
// Enumeration of possible app launch sources.
|
||||
// This should be kept in sync with LaunchSource in
|
||||
|
Reference in New Issue
Block a user