1 files changed, 23 insertions, 54 deletions
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index 432722e409..cecdb13c70 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -101,13 +101,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
        i2d(data,&p);
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL)
+        EVP_VerifyInit_ex(&ctx,type, NULL);
-                || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
@@ -131,10 +126,11 @@ err:
 #endif
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-                ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+             void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
+        const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
        int ret= -1,inl;
@@ -148,47 +144,25 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
                goto err;
                }
-        if (mdnid == NID_undef)
+        type=EVP_get_digestbynid(mdnid);
+        if (type == NULL)
                {
-                if (!pkey->ameth || !pkey->ameth->item_verify)
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-                        {
+                goto err;
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
-                        goto err;
-                        }
-                ret = pkey->ameth->item_verify(&ctx, it, asn, a,
-                                                        signature, pkey);
-                /* Return value of 2 means carry on, anything else means we
-                 * exit straight away: either a fatal error of the underlying
-                 * verification routine handles all verification.
-                 */
-                if (ret != 2)
-                        goto err;
-                ret = -1;
                }
-        else
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
                {
-                const EVP_MD *type;
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
-                type=EVP_get_digestbynid(mdnid);
+                goto err;
-                if (type == NULL)
+                }
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-                        goto err;
-                        }
-                /* Check public key OID matches public key type */
-                if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
-                        goto err;
-                        }
-                if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-                        ret=0;
-                        goto err;
-                        }
+        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
                }
        inl = ASN1_item_i2d(asn, &buf_in, it);
@@ -199,18 +173,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                goto err;
                }
-        if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-                {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
-        if (EVP_DigestVerifyFinal(&ctx,signature->data,
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-                        (size_t)signature->length) <= 0)
+                        (unsigned int)signature->length,pkey) <= 0)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
                ret=0;

diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index 432722e409..cecdb13c70 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -101,13 +101,8 @@ int ASN1_verify(i2d_of_void i2d, X509_ALGOR a, ASN1_BIT_STRING *signature,
101	p=buf_in;	101	p=buf_in;
102		102
103	i2d(data,&p);	103	i2d(data,&p);
104	if (!EVP_VerifyInit_ex(&ctx,type, NULL)	104	EVP_VerifyInit_ex(&ctx,type, NULL);
105	\|\| !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))	105	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
106	{
107	ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
108	ret=0;
109	goto err;
110	}
111		106
112	OPENSSL_cleanse(buf_in,(unsigned int)inl);	107	OPENSSL_cleanse(buf_in,(unsigned int)inl);
113	OPENSSL_free(buf_in);	108	OPENSSL_free(buf_in);
@@ -131,10 +126,11 @@ err:
131	#endif	126	#endif
132		127
133		128
134	int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,	129	int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a, ASN1_BIT_STRING *signature,
135	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey)	130	void asn, EVP_PKEY pkey)
136	{	131	{
137	EVP_MD_CTX ctx;	132	EVP_MD_CTX ctx;
		133	const EVP_MD *type = NULL;
138	unsigned char *buf_in=NULL;	134	unsigned char *buf_in=NULL;
139	int ret= -1,inl;	135	int ret= -1,inl;
140		136
@@ -148,47 +144,25 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,
148	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);	144	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
149	goto err;	145	goto err;
150	}	146	}
151	if (mdnid == NID_undef)	147	type=EVP_get_digestbynid(mdnid);
		148	if (type == NULL)
152	{	149	{
153	if (!pkey->ameth \|\| !pkey->ameth->item_verify)	150	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
154	{	151	goto err;
155	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
156	goto err;
157	}
158	ret = pkey->ameth->item_verify(&ctx, it, asn, a,
159	signature, pkey);
160	/* Return value of 2 means carry on, anything else means we
161	* exit straight away: either a fatal error of the underlying
162	* verification routine handles all verification.
163	*/
164	if (ret != 2)
165	goto err;
166	ret = -1;
167	}	152	}
168	else	153
		154	/* Check public key OID matches public key type */
		155	if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
169	{	156	{
170	const EVP_MD *type;	157	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
171	type=EVP_get_digestbynid(mdnid);	158	goto err;
172	if (type == NULL)	159	}
173	{
174	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
175	goto err;
176	}
177
178	/* Check public key OID matches public key type */
179	if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
180	{
181	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
182	goto err;
183	}
184
185	if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
186	{
187	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
188	ret=0;
189	goto err;
190	}
191		160
		161	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
		162	{
		163	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
		164	ret=0;
		165	goto err;
192	}	166	}
193		167
194	inl = ASN1_item_i2d(asn, &buf_in, it);	168	inl = ASN1_item_i2d(asn, &buf_in, it);
@@ -199,18 +173,13 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,
199	goto err;	173	goto err;
200	}	174	}
201		175
202	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))	176	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
203	{
204	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
205	ret=0;
206	goto err;
207	}
208		177
209	OPENSSL_cleanse(buf_in,(unsigned int)inl);	178	OPENSSL_cleanse(buf_in,(unsigned int)inl);
210	OPENSSL_free(buf_in);	179	OPENSSL_free(buf_in);
211		180
212	if (EVP_DigestVerifyFinal(&ctx,signature->data,	181	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
213	(size_t)signature->length) <= 0)	182	(unsigned int)signature->length,pkey) <= 0)
214	{	183	{
215	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);	184	ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
216	ret=0;	185	ret=0;