diff options
| author | beck <> | 2017-01-29 17:49:23 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-29 17:49:23 +0000 |
| commit | d1f47bd292f36094480caa49ada36b99a69c59b0 (patch) | |
| tree | 1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/asn1/a_verify.c | |
| parent | f8c627888330b75c2eea8a3c27d0efe947a4f9da (diff) | |
| download | openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2 openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip | |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/asn1/a_verify.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/a_verify.c | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index 12b76501e0..8f8e58c095 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: a_verify.c,v 1.22 2015/09/10 15:56:24 jsing Exp $ */ | 1 | /* $OpenBSD: a_verify.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -82,14 +82,13 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | |||
| 82 | int mdnid, pknid; | 82 | int mdnid, pknid; |
| 83 | 83 | ||
| 84 | if (!pkey) { | 84 | if (!pkey) { |
| 85 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | 85 | ASN1error(ERR_R_PASSED_NULL_PARAMETER); |
| 86 | return -1; | 86 | return -1; |
| 87 | } | 87 | } |
| 88 | 88 | ||
| 89 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) | 89 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) |
| 90 | { | 90 | { |
| 91 | ASN1err(ASN1_F_ASN1_VERIFY, | 91 | ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); |
| 92 | ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | ||
| 93 | return -1; | 92 | return -1; |
| 94 | } | 93 | } |
| 95 | 94 | ||
| @@ -97,14 +96,12 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | |||
| 97 | 96 | ||
| 98 | /* Convert signature OID into digest and public key OIDs */ | 97 | /* Convert signature OID into digest and public key OIDs */ |
| 99 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { | 98 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { |
| 100 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, | 99 | ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
| 101 | ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | ||
| 102 | goto err; | 100 | goto err; |
| 103 | } | 101 | } |
| 104 | if (mdnid == NID_undef) { | 102 | if (mdnid == NID_undef) { |
| 105 | if (!pkey->ameth || !pkey->ameth->item_verify) { | 103 | if (!pkey->ameth || !pkey->ameth->item_verify) { |
| 106 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, | 104 | ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
| 107 | ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | ||
| 108 | goto err; | 105 | goto err; |
| 109 | } | 106 | } |
| 110 | ret = pkey->ameth->item_verify(&ctx, it, asn, a, | 107 | ret = pkey->ameth->item_verify(&ctx, it, asn, a, |
| @@ -120,20 +117,18 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | |||
| 120 | const EVP_MD *type; | 117 | const EVP_MD *type; |
| 121 | type = EVP_get_digestbynid(mdnid); | 118 | type = EVP_get_digestbynid(mdnid); |
| 122 | if (type == NULL) { | 119 | if (type == NULL) { |
| 123 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, | 120 | ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
| 124 | ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | ||
| 125 | goto err; | 121 | goto err; |
| 126 | } | 122 | } |
| 127 | 123 | ||
| 128 | /* Check public key OID matches public key type */ | 124 | /* Check public key OID matches public key type */ |
| 129 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { | 125 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { |
| 130 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, | 126 | ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
| 131 | ASN1_R_WRONG_PUBLIC_KEY_TYPE); | ||
| 132 | goto err; | 127 | goto err; |
| 133 | } | 128 | } |
| 134 | 129 | ||
| 135 | if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { | 130 | if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { |
| 136 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); | 131 | ASN1error(ERR_R_EVP_LIB); |
| 137 | ret = 0; | 132 | ret = 0; |
| 138 | goto err; | 133 | goto err; |
| 139 | } | 134 | } |
| @@ -143,12 +138,12 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | |||
| 143 | inl = ASN1_item_i2d(asn, &buf_in, it); | 138 | inl = ASN1_item_i2d(asn, &buf_in, it); |
| 144 | 139 | ||
| 145 | if (buf_in == NULL) { | 140 | if (buf_in == NULL) { |
| 146 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); | 141 | ASN1error(ERR_R_MALLOC_FAILURE); |
| 147 | goto err; | 142 | goto err; |
| 148 | } | 143 | } |
| 149 | 144 | ||
| 150 | if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { | 145 | if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { |
| 151 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); | 146 | ASN1error(ERR_R_EVP_LIB); |
| 152 | ret = 0; | 147 | ret = 0; |
| 153 | goto err; | 148 | goto err; |
| 154 | } | 149 | } |
| @@ -158,7 +153,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | |||
| 158 | 153 | ||
| 159 | if (EVP_DigestVerifyFinal(&ctx, signature->data, | 154 | if (EVP_DigestVerifyFinal(&ctx, signature->data, |
| 160 | (size_t)signature->length) <= 0) { | 155 | (size_t)signature->length) <= 0) { |
| 161 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); | 156 | ASN1error(ERR_R_EVP_LIB); |
| 162 | ret = 0; | 157 | ret = 0; |
| 163 | goto err; | 158 | goto err; |
| 164 | } | 159 | } |