summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/a_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/a_verify.c')
-rw-r--r--src/lib/libcrypto/asn1/a_verify.c48
1 files changed, 24 insertions, 24 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 8eca970be3..59c5b876b5 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -74,7 +74,7 @@
74 74
75int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, 75int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
76 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) 76 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
77 { 77{
78 EVP_MD_CTX ctx; 78 EVP_MD_CTX ctx;
79 unsigned char *buf_in=NULL; 79 unsigned char *buf_in=NULL;
80 int ret= -1,inl; 80 int ret= -1,inl;
@@ -82,26 +82,26 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
82 int mdnid, pknid; 82 int mdnid, pknid;
83 83
84 if (!pkey) 84 if (!pkey)
85 { 85 {
86 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); 86 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
87 return -1; 87 return -1;
88 } 88 }
89 89
90 EVP_MD_CTX_init(&ctx); 90 EVP_MD_CTX_init(&ctx);
91 91
92 /* Convert signature OID into digest and public key OIDs */ 92 /* Convert signature OID into digest and public key OIDs */
93 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) 93 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
94 { 94 {
95 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); 95 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
96 goto err; 96 goto err;
97 } 97 }
98 if (mdnid == NID_undef) 98 if (mdnid == NID_undef)
99 { 99 {
100 if (!pkey->ameth || !pkey->ameth->item_verify) 100 if (!pkey->ameth || !pkey->ameth->item_verify)
101 { 101 {
102 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); 102 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
103 goto err; 103 goto err;
104 } 104 }
105 ret = pkey->ameth->item_verify(&ctx, it, asn, a, 105 ret = pkey->ameth->item_verify(&ctx, it, asn, a,
106 signature, pkey); 106 signature, pkey);
107 /* Return value of 2 means carry on, anything else means we 107 /* Return value of 2 means carry on, anything else means we
@@ -111,58 +111,58 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
111 if (ret != 2) 111 if (ret != 2)
112 goto err; 112 goto err;
113 ret = -1; 113 ret = -1;
114 } 114 }
115 else 115 else
116 { 116 {
117 const EVP_MD *type; 117 const EVP_MD *type;
118 type=EVP_get_digestbynid(mdnid); 118 type=EVP_get_digestbynid(mdnid);
119 if (type == NULL) 119 if (type == NULL)
120 { 120 {
121 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); 121 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
122 goto err; 122 goto err;
123 } 123 }
124 124
125 /* Check public key OID matches public key type */ 125 /* Check public key OID matches public key type */
126 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) 126 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
127 { 127 {
128 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); 128 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
129 goto err; 129 goto err;
130 } 130 }
131 131
132 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) 132 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
133 { 133 {
134 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 134 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
135 ret=0; 135 ret=0;
136 goto err; 136 goto err;
137 }
138
139 } 137 }
140 138
139 }
140
141 inl = ASN1_item_i2d(asn, &buf_in, it); 141 inl = ASN1_item_i2d(asn, &buf_in, it);
142 142
143 if (buf_in == NULL) 143 if (buf_in == NULL)
144 { 144 {
145 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); 145 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
146 goto err; 146 goto err;
147 } 147 }
148 148
149 if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) 149 if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
150 { 150 {
151 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 151 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
152 ret=0; 152 ret=0;
153 goto err; 153 goto err;
154 } 154 }
155 155
156 OPENSSL_cleanse(buf_in,(unsigned int)inl); 156 OPENSSL_cleanse(buf_in,(unsigned int)inl);
157 free(buf_in); 157 free(buf_in);
158 158
159 if (EVP_DigestVerifyFinal(&ctx,signature->data, 159 if (EVP_DigestVerifyFinal(&ctx,signature->data,
160 (size_t)signature->length) <= 0) 160 (size_t)signature->length) <= 0)
161 { 161 {
162 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 162 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
163 ret=0; 163 ret=0;
164 goto err; 164 goto err;
165 } 165 }
166 /* we don't need to zero the 'ctx' because we just checked 166 /* we don't need to zero the 'ctx' because we just checked
167 * public information */ 167 * public information */
168 /* memset(&ctx,0,sizeof(ctx)); */ 168 /* memset(&ctx,0,sizeof(ctx)); */
@@ -170,6 +170,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
170err: 170err:
171 EVP_MD_CTX_cleanup(&ctx); 171 EVP_MD_CTX_cleanup(&ctx);
172 return(ret); 172 return(ret);
173 } 173}
174 174
175 175
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 11:44:27 +0000