1 files changed, 73 insertions, 19 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 03fc63dbef..bf41de5146 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -58,29 +58,30 @@
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "x509.h"
+#ifndef NO_SYS_TYPES_H
-#include "objects.h"
+# include <sys/types.h>
-#include "buffer.h"
+#endif
-#include "evp.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
-int ASN1_verify(i2d,a,signature,data,pkey)
+#include <openssl/objects.h>
-int (*i2d)();
+#include <openssl/buffer.h>
-X509_ALGOR *a;
+#include <openssl/evp.h>
-ASN1_BIT_STRING *signature;
-char *data;
+#ifndef NO_ASN1_OLD
-EVP_PKEY *pkey;
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             char *data, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-        EVP_MD *type;
+        const EVP_MD *type;
        unsigned char *p,*buf_in=NULL;
        int ret= -1,i,inl;
+        EVP_MD_CTX_init(&ctx);
        i=OBJ_obj2nid(a->algorithm);
        type=EVP_get_digestbyname(OBJ_nid2sn(i));
        if (type == NULL)
@@ -90,7 +91,7 @@ EVP_PKEY *pkey;
                }
        
        inl=i2d(data,NULL);
-        buf_in=(unsigned char *)Malloc((unsigned int)inl);
+        buf_in=OPENSSL_malloc((unsigned int)inl);
        if (buf_in == NULL)
                {
                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -99,11 +100,61 @@ EVP_PKEY *pkey;
        p=buf_in;
        i2d(data,&p);
-        EVP_VerifyInit(&ctx,type);
+        EVP_VerifyInit_ex(&ctx,type, NULL);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+        memset(buf_in,0,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+#endif
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             void *asn, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *buf_in=NULL;
+        int ret= -1,i,inl;
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
        memset(buf_in,0,(unsigned int)inl);
-        Free((char *)buf_in);
+        OPENSSL_free(buf_in);
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                        (unsigned int)signature->length,pkey) <= 0)
@@ -117,5 +168,8 @@ EVP_PKEY *pkey;
        /* memset(&ctx,0,sizeof(ctx)); */
        ret=1;
 err:
+        EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }

diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index 03fc63dbef..bf41de5146 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -58,29 +58,30 @@
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include <time.h>	60	#include <time.h>
61	#include <sys/types.h>
62	#include <sys/stat.h>
63		61
64	#include "cryptlib.h"	62	#include "cryptlib.h"
65	#include "bn.h"	63
66	#include "x509.h"	64	#ifndef NO_SYS_TYPES_H
67	#include "objects.h"	65	# include <sys/types.h>
68	#include "buffer.h"	66	#endif
69	#include "evp.h"	67
70	#include "pem.h"	68	#include <openssl/bn.h>
71		69	#include <openssl/x509.h>
72	int ASN1_verify(i2d,a,signature,data,pkey)	70	#include <openssl/objects.h>
73	int (*i2d)();	71	#include <openssl/buffer.h>
74	X509_ALGOR *a;	72	#include <openssl/evp.h>
75	ASN1_BIT_STRING *signature;	73
76	char *data;	74	#ifndef NO_ASN1_OLD
77	EVP_PKEY *pkey;	75
		76	int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,
		77	char data, EVP_PKEY pkey)
78	{	78	{
79	EVP_MD_CTX ctx;	79	EVP_MD_CTX ctx;
80	EVP_MD *type;	80	const EVP_MD *type;
81	unsigned char p,buf_in=NULL;	81	unsigned char p,buf_in=NULL;
82	int ret= -1,i,inl;	82	int ret= -1,i,inl;
83		83
		84	EVP_MD_CTX_init(&ctx);
84	i=OBJ_obj2nid(a->algorithm);	85	i=OBJ_obj2nid(a->algorithm);
85	type=EVP_get_digestbyname(OBJ_nid2sn(i));	86	type=EVP_get_digestbyname(OBJ_nid2sn(i));
86	if (type == NULL)	87	if (type == NULL)
@@ -90,7 +91,7 @@ EVP_PKEY *pkey;
90	}	91	}
91		92
92	inl=i2d(data,NULL);	93	inl=i2d(data,NULL);
93	buf_in=(unsigned char *)Malloc((unsigned int)inl);	94	buf_in=OPENSSL_malloc((unsigned int)inl);
94	if (buf_in == NULL)	95	if (buf_in == NULL)
95	{	96	{
96	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);	97	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -99,11 +100,61 @@ EVP_PKEY *pkey;
99	p=buf_in;	100	p=buf_in;
100		101
101	i2d(data,&p);	102	i2d(data,&p);
102	EVP_VerifyInit(&ctx,type);	103	EVP_VerifyInit_ex(&ctx,type, NULL);
		104	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
		105
		106	memset(buf_in,0,(unsigned int)inl);
		107	OPENSSL_free(buf_in);
		108
		109	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
		110	(unsigned int)signature->length,pkey) <= 0)
		111	{
		112	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
		113	ret=0;
		114	goto err;
		115	}
		116	/* we don't need to zero the 'ctx' because we just checked
		117	* public information */
		118	/* memset(&ctx,0,sizeof(ctx)); */
		119	ret=1;
		120	err:
		121	EVP_MD_CTX_cleanup(&ctx);
		122	return(ret);
		123	}
		124
		125	#endif
		126
		127
		128	int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a, ASN1_BIT_STRING *signature,
		129	void asn, EVP_PKEY pkey)
		130	{
		131	EVP_MD_CTX ctx;
		132	const EVP_MD *type;
		133	unsigned char *buf_in=NULL;
		134	int ret= -1,i,inl;
		135
		136	EVP_MD_CTX_init(&ctx);
		137	i=OBJ_obj2nid(a->algorithm);
		138	type=EVP_get_digestbyname(OBJ_nid2sn(i));
		139	if (type == NULL)
		140	{
		141	ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
		142	goto err;
		143	}
		144
		145	inl = ASN1_item_i2d(asn, &buf_in, it);
		146
		147	if (buf_in == NULL)
		148	{
		149	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
		150	goto err;
		151	}
		152
		153	EVP_VerifyInit_ex(&ctx,type, NULL);
103	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	154	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
104		155
105	memset(buf_in,0,(unsigned int)inl);	156	memset(buf_in,0,(unsigned int)inl);
106	Free((char *)buf_in);	157	OPENSSL_free(buf_in);
107		158
108	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,	159	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
109	(unsigned int)signature->length,pkey) <= 0)	160	(unsigned int)signature->length,pkey) <= 0)
@@ -117,5 +168,8 @@ EVP_PKEY *pkey;
117	/* memset(&ctx,0,sizeof(ctx)); */	168	/* memset(&ctx,0,sizeof(ctx)); */
118	ret=1;	169	ret=1;
119	err:	170	err:
		171	EVP_MD_CTX_cleanup(&ctx);
120	return(ret);	172	return(ret);
121	}	173	}
		174
		175