import OpenSSL-1.0.0a

1 files changed, 21 insertions, 16 deletions

diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c75e423048..226a75ff3f 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -58,27 +58,32 @@
 
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/asn1_mac.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
         return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
         }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }