resolve conflicts, fix local changes

author: djm <> 2010-10-01 22:59:01 +0000
committer: djm <> 2010-10-01 22:59:01 +0000
commit: fe047d8b632246cb2db3234a0a4f32e5c318857b (patch)
tree: 939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/asn1/a_verify.c
parent: 2ea67f4aa254b09ded62e6e14fc893bbe6381579 (diff)
download: openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.gz
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.bz2
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.zip
1 files changed, 21 insertions, 10 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index da3efaaf8d..cecdb13c70 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
 #include <time.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
        i2d(data,&p);
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+        EVP_VerifyInit_ex(&ctx,type, NULL);
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
             void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-        const EVP_MD *type;
+        const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
-        int ret= -1,i,inl;
+        int ret= -1,inl;
+        int mdnid, pknid;
        EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        /* Convert signature OID into digest and public key OIDs */
+        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                goto err;
+                }
+        type=EVP_get_digestbynid(mdnid);
        if (type == NULL)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                goto err;
                }
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                goto err;
+                }
        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
author	djm <>	2010-10-01 22:59:01 +0000
committer	djm <>	2010-10-01 22:59:01 +0000
commit	fe047d8b632246cb2db3234a0a4f32e5c318857b (patch)
tree	939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/asn1/a_verify.c
parent	2ea67f4aa254b09ded62e6e14fc893bbe6381579 (diff)
download	openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.gz openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.bz2 openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.zip

diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index da3efaaf8d..cecdb13c70 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
60	#include <time.h>	60	#include <time.h>
61		61
62	#include "cryptlib.h"	62	#include "cryptlib.h"
		63	#include "asn1_locl.h"
63		64
64	#ifndef NO_SYS_TYPES_H	65	#ifndef NO_SYS_TYPES_H
65	# include <sys/types.h>	66	# include <sys/types.h>
@@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void i2d, X509_ALGOR a, ASN1_BIT_STRING *signature,
100	p=buf_in;	101	p=buf_in;
101		102
102	i2d(data,&p);	103	i2d(data,&p);
103	if (!EVP_VerifyInit_ex(&ctx,type, NULL))	104	EVP_VerifyInit_ex(&ctx,type, NULL);
104	{
105	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
106	ret=0;
107	goto err;
108	}
109	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	105	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
110		106
111	OPENSSL_cleanse(buf_in,(unsigned int)inl);	107	OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a, ASN1_BIT_STRING *signat
134	void asn, EVP_PKEY pkey)	130	void asn, EVP_PKEY pkey)
135	{	131	{
136	EVP_MD_CTX ctx;	132	EVP_MD_CTX ctx;
137	const EVP_MD *type;	133	const EVP_MD *type = NULL;
138	unsigned char *buf_in=NULL;	134	unsigned char *buf_in=NULL;
139	int ret= -1,i,inl;	135	int ret= -1,inl;
		136
		137	int mdnid, pknid;
140		138
141	EVP_MD_CTX_init(&ctx);	139	EVP_MD_CTX_init(&ctx);
142	i=OBJ_obj2nid(a->algorithm);	140
143	type=EVP_get_digestbyname(OBJ_nid2sn(i));	141	/* Convert signature OID into digest and public key OIDs */
		142	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
		143	{
		144	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
		145	goto err;
		146	}
		147	type=EVP_get_digestbynid(mdnid);
144	if (type == NULL)	148	if (type == NULL)
145	{	149	{
146	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);	150	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
147	goto err;	151	goto err;
148	}	152	}
149		153
		154	/* Check public key OID matches public key type */
		155	if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
		156	{
		157	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
		158	goto err;
		159	}
		160
150	if (!EVP_VerifyInit_ex(&ctx,type, NULL))	161	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
151	{	162	{
152	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);	163	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);