1 files changed, 57 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 2a11927e5c..bf41de5146 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
+#ifndef NO_ASN1_OLD
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
             char *data, EVP_PKEY *pkey)
        {
@@ -79,6 +81,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        unsigned char *p,*buf_in=NULL;
        int ret= -1,i,inl;
+        EVP_MD_CTX_init(&ctx);
        i=OBJ_obj2nid(a->algorithm);
        type=EVP_get_digestbyname(OBJ_nid2sn(i));
        if (type == NULL)
@@ -97,7 +100,57 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
        i2d(data,&p);
-        EVP_VerifyInit(&ctx,type);
+        EVP_VerifyInit_ex(&ctx,type, NULL);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+        memset(buf_in,0,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+#endif
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             void *asn, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *buf_in=NULL;
+        int ret= -1,i,inl;
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
        memset(buf_in,0,(unsigned int)inl);
@@ -115,5 +168,8 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        /* memset(&ctx,0,sizeof(ctx)); */
        ret=1;
 err:
+        EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }

diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index 2a11927e5c..bf41de5146 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
71	#include <openssl/buffer.h>	71	#include <openssl/buffer.h>
72	#include <openssl/evp.h>	72	#include <openssl/evp.h>
73		73
		74	#ifndef NO_ASN1_OLD
		75
74	int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,	76	int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,
75	char data, EVP_PKEY pkey)	77	char data, EVP_PKEY pkey)
76	{	78	{
@@ -79,6 +81,7 @@ int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,
79	unsigned char p,buf_in=NULL;	81	unsigned char p,buf_in=NULL;
80	int ret= -1,i,inl;	82	int ret= -1,i,inl;
81		83
		84	EVP_MD_CTX_init(&ctx);
82	i=OBJ_obj2nid(a->algorithm);	85	i=OBJ_obj2nid(a->algorithm);
83	type=EVP_get_digestbyname(OBJ_nid2sn(i));	86	type=EVP_get_digestbyname(OBJ_nid2sn(i));
84	if (type == NULL)	87	if (type == NULL)
@@ -97,7 +100,57 @@ int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,
97	p=buf_in;	100	p=buf_in;
98		101
99	i2d(data,&p);	102	i2d(data,&p);
100	EVP_VerifyInit(&ctx,type);	103	EVP_VerifyInit_ex(&ctx,type, NULL);
		104	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
		105
		106	memset(buf_in,0,(unsigned int)inl);
		107	OPENSSL_free(buf_in);
		108
		109	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
		110	(unsigned int)signature->length,pkey) <= 0)
		111	{
		112	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
		113	ret=0;
		114	goto err;
		115	}
		116	/* we don't need to zero the 'ctx' because we just checked
		117	* public information */
		118	/* memset(&ctx,0,sizeof(ctx)); */
		119	ret=1;
		120	err:
		121	EVP_MD_CTX_cleanup(&ctx);
		122	return(ret);
		123	}
		124
		125	#endif
		126
		127
		128	int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a, ASN1_BIT_STRING *signature,
		129	void asn, EVP_PKEY pkey)
		130	{
		131	EVP_MD_CTX ctx;
		132	const EVP_MD *type;
		133	unsigned char *buf_in=NULL;
		134	int ret= -1,i,inl;
		135
		136	EVP_MD_CTX_init(&ctx);
		137	i=OBJ_obj2nid(a->algorithm);
		138	type=EVP_get_digestbyname(OBJ_nid2sn(i));
		139	if (type == NULL)
		140	{
		141	ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
		142	goto err;
		143	}
		144
		145	inl = ASN1_item_i2d(asn, &buf_in, it);
		146
		147	if (buf_in == NULL)
		148	{
		149	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
		150	goto err;
		151	}
		152
		153	EVP_VerifyInit_ex(&ctx,type, NULL);
101	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	154	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
102		155
103	memset(buf_in,0,(unsigned int)inl);	156	memset(buf_in,0,(unsigned int)inl);
@@ -115,5 +168,8 @@ int ASN1_verify(int (i2d)(), X509_ALGOR a, ASN1_BIT_STRING *signature,
115	/* memset(&ctx,0,sizeof(ctx)); */	168	/* memset(&ctx,0,sizeof(ctx)); */
116	ret=1;	169	ret=1;
117	err:	170	err:
		171	EVP_MD_CTX_cleanup(&ctx);
118	return(ret);	172	return(ret);
119	}	173	}
		174
		175