summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/a_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/a_verify.c')
-rw-r--r--src/lib/libcrypto/asn1/a_verify.c68
1 files changed, 36 insertions, 32 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 8df0b038d1..3b7bf0580d 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -72,12 +72,13 @@
72#include <openssl/buffer.h> 72#include <openssl/buffer.h>
73#include <openssl/evp.h> 73#include <openssl/evp.h>
74 74
75int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, 75int
76 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) 76ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
77 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
77{ 78{
78 EVP_MD_CTX ctx; 79 EVP_MD_CTX ctx;
79 unsigned char *buf_in=NULL; 80 unsigned char *buf_in = NULL;
80 int ret= -1,inl; 81 int ret = -1, inl;
81 82
82 int mdnid, pknid; 83 int mdnid, pknid;
83 84
@@ -90,16 +91,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
90 91
91 /* Convert signature OID into digest and public key OIDs */ 92 /* Convert signature OID into digest and public key OIDs */
92 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { 93 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
93 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); 94 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
95 ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
94 goto err; 96 goto err;
95 } 97 }
96 if (mdnid == NID_undef) { 98 if (mdnid == NID_undef) {
97 if (!pkey->ameth || !pkey->ameth->item_verify) { 99 if (!pkey->ameth || !pkey->ameth->item_verify) {
98 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); 100 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
101 ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
99 goto err; 102 goto err;
100 } 103 }
101 ret = pkey->ameth->item_verify(&ctx, it, asn, a, 104 ret = pkey->ameth->item_verify(&ctx, it, asn, a,
102 signature, pkey); 105 signature, pkey);
103 /* Return value of 2 means carry on, anything else means we 106 /* Return value of 2 means carry on, anything else means we
104 * exit straight away: either a fatal error of the underlying 107 * exit straight away: either a fatal error of the underlying
105 * verification routine handles all verification. 108 * verification routine handles all verification.
@@ -109,55 +112,56 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
109 ret = -1; 112 ret = -1;
110 } else { 113 } else {
111 const EVP_MD *type; 114 const EVP_MD *type;
112 type=EVP_get_digestbynid(mdnid); 115 type = EVP_get_digestbynid(mdnid);
113 if (type == NULL) { 116 if (type == NULL) {
114 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); 117 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
118 ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
115 goto err; 119 goto err;
116 } 120 }
117 121
118 /* Check public key OID matches public key type */ 122 /* Check public key OID matches public key type */
119 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { 123 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
120 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); 124 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
125 ASN1_R_WRONG_PUBLIC_KEY_TYPE);
121 goto err; 126 goto err;
122 } 127 }
123 128
124 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { 129 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
125 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 130 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
126 ret=0; 131 ret = 0;
127 goto err; 132 goto err;
128 } 133 }
129 134
130 } 135 }
131 136
132 inl = ASN1_item_i2d(asn, &buf_in, it); 137 inl = ASN1_item_i2d(asn, &buf_in, it);
133 138
134 if (buf_in == NULL) { 139 if (buf_in == NULL) {
135 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); 140 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
136 goto err; 141 goto err;
137 } 142 }
138 143
139 if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) { 144 if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
140 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 145 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
141 ret=0; 146 ret = 0;
142 goto err; 147 goto err;
143 } 148 }
144 149
145 OPENSSL_cleanse(buf_in,(unsigned int)inl); 150 OPENSSL_cleanse(buf_in, (unsigned int)inl);
146 free(buf_in); 151 free(buf_in);
147 152
148 if (EVP_DigestVerifyFinal(&ctx,signature->data, 153 if (EVP_DigestVerifyFinal(&ctx, signature->data,
149 (size_t)signature->length) <= 0) { 154 (size_t)signature->length) <= 0) {
150 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 155 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
151 ret=0; 156 ret = 0;
152 goto err; 157 goto err;
153 } 158 }
154 /* we don't need to zero the 'ctx' because we just checked 159 /* we don't need to zero the 'ctx' because we just checked
155 * public information */ 160 * public information */
156 /* memset(&ctx,0,sizeof(ctx)); */ 161 /* memset(&ctx,0,sizeof(ctx)); */
157 ret=1; 162 ret = 1;
163
158err: 164err:
159 EVP_MD_CTX_cleanup(&ctx); 165 EVP_MD_CTX_cleanup(&ctx);
160 return(ret); 166 return (ret);
161} 167}
162
163
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 06:59:33 +0000