Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1581 Commits
59 Branches
16 Tags
480 MiB
Tag: Branch: Tree: 257bfaa329
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '257bfaa329'
${ noResults }
boringssl/pki/verify_signed_data.h

54 lines
1.6 KiB
Raw Normal View History Unescape

Bring in the core of chromium certificate verifier as libpki Initially this leaves the canonical source in chrome, Additions and fillins are committed directly, the chrome files are coverted using the IMPORT script run from the pki directory for the moment. The intention here is to continue frequent automatic conversion (and avoid wholesale cosmetic changes in here for now) until chrome converts to use these files in place of it's versions. At that point these will become the definiative files, and the IMPORT script can be tossed out. A middle step along the way will be to change google3's verify.cc in third_party/chromium_certificate_verifier to use this instead of it's own extracted copy. Status (and what is not done yet) being roughly tracked in README.md Bug: chromium:1322914 Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285 Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Adam Langley <agl@google.com>
2 years ago
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BSSL_PKI_VERIFY_SIGNED_DATA_H_
#define BSSL_PKI_VERIFY_SIGNED_DATA_H_
#include "fillins/openssl_util.h"
#include "fillins/openssl_util.h"
#include "signature_algorithm.h"
#include "signature_verify_cache.h"
#include <openssl/evp.h>
namespace bssl {
namespace der {
class BitString;
class Input;
} // namespace der
// Verifies that |signature_value| is a valid signature of |signed_data| using
// the algorithm |algorithm| and the public key |public_key|.
//
// |algorithm| - The parsed AlgorithmIdentifier
// |signed_data| - The blob of data to verify
// |signature_value| - The BIT STRING for the signature's value
// |public_key| - The parsed (non-null) public key.
//
// Returns true if verification was successful.
[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
SignatureAlgorithm algorithm,
const der::Input& signed_data,
const der::BitString& signature_value,
EVP_PKEY* public_key,
SignatureVerifyCache* cache);
// Same as above overload, only the public key is inputted as an SPKI and will
// be parsed internally.
[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
SignatureAlgorithm algorithm,
const der::Input& signed_data,
const der::BitString& signature_value,
const der::Input& public_key_spki,
SignatureVerifyCache* cache);
[[nodiscard]] OPENSSL_EXPORT bool ParsePublicKey(
const der::Input& public_key_spki,
bssl::UniquePtr<EVP_PKEY>* public_key);
} // namespace net
#endif // BSSL_PKI_VERIFY_SIGNED_DATA_H_