1 files changed, 135 insertions, 156 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 4642775964..239435fe91 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.17 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -67,233 +67,212 @@
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+int
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-        {
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
        X509_SIG sig;
        ASN1_TYPE parameter;
-        int i,j,ret=1;
+        int i, j, ret = 1;
        unsigned char *p, *tmps = NULL;
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-                {
+        if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-                return rsa->meth->rsa_sign(type, m, m_len,
+                return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
-                        sigret, siglen, rsa);
-                }
        /* Special case: SSL signature, just check the length */
-        if(type == NID_md5_sha1) {
+        if (type == NID_md5_sha1) {
-                if(m_len != SSL_SIG_LENGTH) {
+                if (m_len != SSL_SIG_LENGTH) {
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
+                        RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
-                        return(0);
+                        return 0;
                }
                i = SSL_SIG_LENGTH;
                s = m;
        } else {
-                sig.algor= &algor;
+                sig.algor = &algor;
-                sig.algor->algorithm=OBJ_nid2obj(type);
+                sig.algor->algorithm = OBJ_nid2obj(type);
-                if (sig.algor->algorithm == NULL)
+                if (sig.algor->algorithm == NULL) {
-                        {
+                        RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
-                        return(0);
+                }
-                        }
+                if (sig.algor->algorithm->length == 0) {
-                if (sig.algor->algorithm->length == 0)
+                        RSAerr(RSA_F_RSA_SIGN,
-                        {
+                            RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                        RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        return 0;
-                        return(0);
+                }
-                        }
+                parameter.type = V_ASN1_NULL;
-                parameter.type=V_ASN1_NULL;
+                parameter.value.ptr = NULL;
-                parameter.value.ptr=NULL;
+                sig.algor->parameter = &parameter;
-                sig.algor->parameter= &parameter;
-                sig.digest= &digest;
+                sig.digest = &digest;
-                sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
+                sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
-                sig.digest->length=m_len;
+                sig.digest->length = m_len;
-                i=i2d_X509_SIG(&sig,NULL);
+                i = i2d_X509_SIG(&sig, NULL);
+        }
+        j = RSA_size(rsa);
+        if (i > j - RSA_PKCS1_PADDING_SIZE) {
+                RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                return 0;
        }
-        j=RSA_size(rsa);
+        if (type != NID_md5_sha1) {
-        if (i > (j-RSA_PKCS1_PADDING_SIZE))
+                tmps = malloc((unsigned int)j + 1);
-                {
+                if (tmps == NULL) {
-                RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                        RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
-                return(0);
+                        return 0;
                }
-        if(type != NID_md5_sha1) {
+                p = tmps;
-                tmps = malloc((unsigned int)j+1);
+                i2d_X509_SIG(&sig, &p);
-                if (tmps == NULL)
+                s = tmps;
-                        {
-                        RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                p=tmps;
-                i2d_X509_SIG(&sig,&p);
-                s=tmps;
        }
-        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+        i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
        if (i <= 0)
-                ret=0;
+                ret = 0;
        else
-                *siglen=i;
+                *siglen = i;
-        if(type != NID_md5_sha1) {
+        if (type != NID_md5_sha1) {
-                OPENSSL_cleanse(tmps,(unsigned int)j+1);
+                OPENSSL_cleanse(tmps, (unsigned int)j + 1);
                free(tmps);
        }
        return(ret);
-        }
+}
-int int_rsa_verify(int dtype, const unsigned char *m,
+int
-                          unsigned int m_len,
+int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-                          unsigned char *rm, size_t *prm_len,
+    unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf,
-                          const unsigned char *sigbuf, size_t siglen,
+    size_t siglen, RSA *rsa)
-                          RSA *rsa)
+{
-        {
+        int i, ret = 0, sigtype;
-        int i,ret=0,sigtype;
        unsigned char *s;
-        X509_SIG *sig=NULL;
+        X509_SIG *sig = NULL;
-        if (siglen != (unsigned int)RSA_size(rsa))
+        if (siglen != (unsigned int)RSA_size(rsa)) {
-                {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
-                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return 0;
-                return(0);
+        }
-                }
-        if((dtype == NID_md5_sha1) && rm)
+        if ((dtype == NID_md5_sha1) && rm) {
-                {
+                i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
-                i = RSA_public_decrypt((int)siglen,
+                    RSA_PKCS1_PADDING);
-                                        sigbuf,rm,rsa,RSA_PKCS1_PADDING);
                if (i <= 0)
                        return 0;
                *prm_len = i;
                return 1;
-                }
+        }
        s = malloc((unsigned int)siglen);
-        if (s == NULL)
+        if (s == NULL) {
-                {
+                RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
-                RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
                goto err;
-                }
-        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-                        goto err;
        }
-        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+        i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
-        if (i <= 0) goto err;
+        if (i <= 0)
-        /* Oddball MDC2 case: signature can be OCTET STRING.
+                goto err;
+        /*
+         * Oddball MDC2 case: signature can be OCTET STRING.
         * check for correct tag and length octets.
         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
+        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
-                {
+                if (rm) {
-                if (rm)
-                        {
                        memcpy(rm, s + 2, 16);
                        *prm_len = 16;
                        ret = 1;
-                        }
+                } else if (memcmp(m, s + 2, 16))
-                else if(memcmp(m, s + 2, 16))
+                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                else
                        ret = 1;
-                }
+        }
        /* Special case: SSL signature */
-        if(dtype == NID_md5_sha1) {
+        if (dtype == NID_md5_sha1) {
-                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+                if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
-                                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                else ret = 1;
+                else
+                        ret = 1;
        } else {
                const unsigned char *p=s;
-                sig=d2i_X509_SIG(NULL,&p,(long)i);
-                if (sig == NULL) goto err;
+                sig = d2i_X509_SIG(NULL, &p, (long)i);
+                if (sig == NULL)
+                        goto err;
                /* Excess data can be used to create forgeries */
-                if(p != s+i)
+                if (p != s + i) {
-                        {
+                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
-                        }
+                }
                /* Parameters to the signature algorithm can also be used to
                   create forgeries */
-                if(sig->algor->parameter
+                if (sig->algor->parameter &&
-                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
+                    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
-                        {
+                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
-                        }
+                }
-                sigtype=OBJ_obj2nid(sig->algor->algorithm);
+                sigtype = OBJ_obj2nid(sig->algor->algorithm);
-        #ifdef RSA_DEBUG
+                if (sigtype != dtype) {
-                /* put a backward compatibility flag in EAY */
+                        if ((dtype == NID_md5 &&
-                fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
+                             sigtype == NID_md5WithRSAEncryption) ||
-                        OBJ_nid2ln(dtype));
+                            (dtype == NID_md2 &&
-        #endif
+                             sigtype == NID_md2WithRSAEncryption)) {
-                if (sigtype != dtype)
-                        {
-                        if (((dtype == NID_md5) &&
-                                (sigtype == NID_md5WithRSAEncryption)) ||
-                                ((dtype == NID_md2) &&
-                                (sigtype == NID_md2WithRSAEncryption)))
-                                {
                                /* ok, we will let it through */
-                                fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+                                fprintf(stderr,
-                                }
+                                    "signature has problems, "
-                        else
+                                    "re-make with post SSLeay045\n");
-                                {
+                        } else {
                                RSAerr(RSA_F_INT_RSA_VERIFY,
-                                                RSA_R_ALGORITHM_MISMATCH);
+                                    RSA_R_ALGORITHM_MISMATCH);
                                goto err;
-                                }
                        }
-                if (rm)
+                }
-                        {
+                if (rm) {
                        const EVP_MD *md;
                        md = EVP_get_digestbynid(dtype);
                        if (md && (EVP_MD_size(md) != sig->digest->length))
                                RSAerr(RSA_F_INT_RSA_VERIFY,
-                                                RSA_R_INVALID_DIGEST_LENGTH);
+                                    RSA_R_INVALID_DIGEST_LENGTH);
-                        else
+                        else {
-                                {
                                memcpy(rm, sig->digest->data,
-                                                        sig->digest->length);
+                                    sig->digest->length);
                                *prm_len = sig->digest->length;
                                ret = 1;
-                                }
                        }
-                else if (((unsigned int)sig->digest->length != m_len) ||
+                } else if ((unsigned int)sig->digest->length != m_len ||
-                        (memcmp(m,sig->digest->data,m_len) != 0))
+                    memcmp(m,sig->digest->data,m_len) != 0) {
-                        {
+                        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                } else
-                        }
+                        ret = 1;
-                else
-                        ret=1;
        }
 err:
-        if (sig != NULL) X509_SIG_free(sig);
+        if (sig != NULL)
-        if (s != NULL)
+                X509_SIG_free(sig);
-                {
+        if (s != NULL) {
-                OPENSSL_cleanse(s,(unsigned int)siglen);
+                OPENSSL_cleanse(s, (unsigned int)siglen);
                free(s);
-                }
-        return(ret);
        }
+        return ret;
+}
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+int
-                const unsigned char *sigbuf, unsigned int siglen,
+RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-                RSA *rsa)
+    const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-        {
+{
+        if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen,
-                {
+                    rsa);
-                return rsa->meth->rsa_verify(dtype, m, m_len,
-                        sigbuf, siglen, rsa);
-                }
        return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
-        }
+}

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 4642775964..239435fe91 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_sign.c,v 1.17 2014/06/12 15:49:30 deraadt Exp $ */	1	/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -67,233 +67,212 @@
67	/* Size of an SSL signature: MD5+SHA1 */	67	/* Size of an SSL signature: MD5+SHA1 */
68	#define SSL_SIG_LENGTH 36	68	#define SSL_SIG_LENGTH 36
69		69
70	int RSA_sign(int type, const unsigned char *m, unsigned int m_len,	70	int
71	unsigned char sigret, unsigned int siglen, RSA *rsa)	71	RSA_sign(int type, const unsigned char *m, unsigned int m_len,
72	{	72	unsigned char sigret, unsigned int siglen, RSA *rsa)
		73	{
73	X509_SIG sig;	74	X509_SIG sig;
74	ASN1_TYPE parameter;	75	ASN1_TYPE parameter;
75	int i,j,ret=1;	76	int i, j, ret = 1;
76	unsigned char p, tmps = NULL;	77	unsigned char p, tmps = NULL;
77	const unsigned char *s = NULL;	78	const unsigned char *s = NULL;
78	X509_ALGOR algor;	79	X509_ALGOR algor;
79	ASN1_OCTET_STRING digest;	80	ASN1_OCTET_STRING digest;
80	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)	81
81	{	82	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
82	return rsa->meth->rsa_sign(type, m, m_len,	83	return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
83	sigret, siglen, rsa);	84
84	}
85	/* Special case: SSL signature, just check the length */	85	/* Special case: SSL signature, just check the length */
86	if(type == NID_md5_sha1) {	86	if (type == NID_md5_sha1) {
87	if(m_len != SSL_SIG_LENGTH) {	87	if (m_len != SSL_SIG_LENGTH) {
88	RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);	88	RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
89	return(0);	89	return 0;
90	}	90	}
91	i = SSL_SIG_LENGTH;	91	i = SSL_SIG_LENGTH;
92	s = m;	92	s = m;
93	} else {	93	} else {
94	sig.algor= &algor;	94	sig.algor = &algor;
95	sig.algor->algorithm=OBJ_nid2obj(type);	95	sig.algor->algorithm = OBJ_nid2obj(type);
96	if (sig.algor->algorithm == NULL)	96	if (sig.algor->algorithm == NULL) {
97	{	97	RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
98	RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);	98	return 0;
99	return(0);	99	}
100	}	100	if (sig.algor->algorithm->length == 0) {
101	if (sig.algor->algorithm->length == 0)	101	RSAerr(RSA_F_RSA_SIGN,
102	{	102	RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
103	RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);	103	return 0;
104	return(0);	104	}
105	}	105	parameter.type = V_ASN1_NULL;
106	parameter.type=V_ASN1_NULL;	106	parameter.value.ptr = NULL;
107	parameter.value.ptr=NULL;	107	sig.algor->parameter = &parameter;
108	sig.algor->parameter= &parameter;
109		108
110	sig.digest= &digest;	109	sig.digest = &digest;
111	sig.digest->data=(unsigned char )m; / TMP UGLY CAST */	110	sig.digest->data = (unsigned char )m; / TMP UGLY CAST */
112	sig.digest->length=m_len;	111	sig.digest->length = m_len;
113		112
114	i=i2d_X509_SIG(&sig,NULL);	113	i = i2d_X509_SIG(&sig, NULL);
		114	}
		115	j = RSA_size(rsa);
		116	if (i > j - RSA_PKCS1_PADDING_SIZE) {
		117	RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
		118	return 0;
115	}	119	}
116	j=RSA_size(rsa);	120	if (type != NID_md5_sha1) {
117	if (i > (j-RSA_PKCS1_PADDING_SIZE))	121	tmps = malloc((unsigned int)j + 1);
118	{	122	if (tmps == NULL) {
119	RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);	123	RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
120	return(0);	124	return 0;
121	}	125	}
122	if(type != NID_md5_sha1) {	126	p = tmps;
123	tmps = malloc((unsigned int)j+1);	127	i2d_X509_SIG(&sig, &p);
124	if (tmps == NULL)	128	s = tmps;
125	{
126	RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
127	return(0);
128	}
129	p=tmps;
130	i2d_X509_SIG(&sig,&p);
131	s=tmps;
132	}	129	}
133	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);	130	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
134	if (i <= 0)	131	if (i <= 0)
135	ret=0;	132	ret = 0;
136	else	133	else
137	*siglen=i;	134	*siglen = i;
138		135
139	if(type != NID_md5_sha1) {	136	if (type != NID_md5_sha1) {
140	OPENSSL_cleanse(tmps,(unsigned int)j+1);	137	OPENSSL_cleanse(tmps, (unsigned int)j + 1);
141	free(tmps);	138	free(tmps);
142	}	139	}
143	return(ret);	140	return(ret);
144	}	141	}
145		142
146	int int_rsa_verify(int dtype, const unsigned char *m,	143	int
147	unsigned int m_len,	144	int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
148	unsigned char rm, size_t prm_len,	145	unsigned char rm, size_t prm_len, const unsigned char *sigbuf,
149	const unsigned char *sigbuf, size_t siglen,	146	size_t siglen, RSA *rsa)
150	RSA *rsa)	147	{
151	{	148	int i, ret = 0, sigtype;
152	int i,ret=0,sigtype;
153	unsigned char *s;	149	unsigned char *s;
154	X509_SIG *sig=NULL;	150	X509_SIG *sig = NULL;
155		151
156	if (siglen != (unsigned int)RSA_size(rsa))	152	if (siglen != (unsigned int)RSA_size(rsa)) {
157	{	153	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
158	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);	154	return 0;
159	return(0);	155	}
160	}
161		156
162	if((dtype == NID_md5_sha1) && rm)	157	if ((dtype == NID_md5_sha1) && rm) {
163	{	158	i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
164	i = RSA_public_decrypt((int)siglen,	159	RSA_PKCS1_PADDING);
165	sigbuf,rm,rsa,RSA_PKCS1_PADDING);
166	if (i <= 0)	160	if (i <= 0)
167	return 0;	161	return 0;
168	*prm_len = i;	162	*prm_len = i;
169	return 1;	163	return 1;
170	}	164	}
171		165
172	s = malloc((unsigned int)siglen);	166	s = malloc((unsigned int)siglen);
173	if (s == NULL)	167	if (s == NULL) {
174	{	168	RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
175	RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);	169	goto err;
		170	}
		171	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
		172	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
176	goto err;	173	goto err;
177	}
178	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
179	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
180	goto err;
181	}	174	}
182	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);	175	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
183		176
184	if (i <= 0) goto err;	177	if (i <= 0)
185	/* Oddball MDC2 case: signature can be OCTET STRING.	178	goto err;
		179
		180	/*
		181	* Oddball MDC2 case: signature can be OCTET STRING.
186	* check for correct tag and length octets.	182	* check for correct tag and length octets.
187	*/	183	*/
188	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)	184	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
189	{	185	if (rm) {
190	if (rm)
191	{
192	memcpy(rm, s + 2, 16);	186	memcpy(rm, s + 2, 16);
193	*prm_len = 16;	187	*prm_len = 16;
194	ret = 1;	188	ret = 1;
195	}	189	} else if (memcmp(m, s + 2, 16))
196	else if(memcmp(m, s + 2, 16))	190	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
197	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
198	else	191	else
199	ret = 1;	192	ret = 1;
200	}	193	}
201		194
202	/* Special case: SSL signature */	195	/* Special case: SSL signature */
203	if(dtype == NID_md5_sha1) {	196	if (dtype == NID_md5_sha1) {
204	if((i != SSL_SIG_LENGTH) \|\| memcmp(s, m, SSL_SIG_LENGTH))	197	if (i != SSL_SIG_LENGTH \|\| memcmp(s, m, SSL_SIG_LENGTH))
205	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);	198	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
206	else ret = 1;	199	else
		200	ret = 1;
207	} else {	201	} else {
208	const unsigned char *p=s;	202	const unsigned char *p=s;
209	sig=d2i_X509_SIG(NULL,&p,(long)i);
210		203
211	if (sig == NULL) goto err;	204	sig = d2i_X509_SIG(NULL, &p, (long)i);
		205
		206	if (sig == NULL)
		207	goto err;
212		208
213	/* Excess data can be used to create forgeries */	209	/* Excess data can be used to create forgeries */
214	if(p != s+i)	210	if (p != s + i) {
215	{	211	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
216	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
217	goto err;	212	goto err;
218	}	213	}
219		214
220	/* Parameters to the signature algorithm can also be used to	215	/* Parameters to the signature algorithm can also be used to
221	create forgeries */	216	create forgeries */
222	if(sig->algor->parameter	217	if (sig->algor->parameter &&
223	&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)	218	ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
224	{	219	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
225	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
226	goto err;	220	goto err;
227	}	221	}
228
229	sigtype=OBJ_obj2nid(sig->algor->algorithm);
230		222
		223	sigtype = OBJ_obj2nid(sig->algor->algorithm);
231		224
232	#ifdef RSA_DEBUG	225	if (sigtype != dtype) {
233	/* put a backward compatibility flag in EAY */	226	if ((dtype == NID_md5 &&
234	fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),	227	sigtype == NID_md5WithRSAEncryption) \|\|
235	OBJ_nid2ln(dtype));	228	(dtype == NID_md2 &&
236	#endif	229	sigtype == NID_md2WithRSAEncryption)) {
237	if (sigtype != dtype)
238	{
239	if (((dtype == NID_md5) &&
240	(sigtype == NID_md5WithRSAEncryption)) \|\|
241	((dtype == NID_md2) &&
242	(sigtype == NID_md2WithRSAEncryption)))
243	{
244	/* ok, we will let it through */	230	/* ok, we will let it through */
245	fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");	231	fprintf(stderr,
246	}	232	"signature has problems, "
247	else	233	"re-make with post SSLeay045\n");
248	{	234	} else {
249	RSAerr(RSA_F_INT_RSA_VERIFY,	235	RSAerr(RSA_F_INT_RSA_VERIFY,
250	RSA_R_ALGORITHM_MISMATCH);	236	RSA_R_ALGORITHM_MISMATCH);
251	goto err;	237	goto err;
252	}
253	}	238	}
254	if (rm)	239	}
255	{	240	if (rm) {
256	const EVP_MD *md;	241	const EVP_MD *md;
		242
257	md = EVP_get_digestbynid(dtype);	243	md = EVP_get_digestbynid(dtype);
258	if (md && (EVP_MD_size(md) != sig->digest->length))	244	if (md && (EVP_MD_size(md) != sig->digest->length))
259	RSAerr(RSA_F_INT_RSA_VERIFY,	245	RSAerr(RSA_F_INT_RSA_VERIFY,
260	RSA_R_INVALID_DIGEST_LENGTH);	246	RSA_R_INVALID_DIGEST_LENGTH);
261	else	247	else {
262	{
263	memcpy(rm, sig->digest->data,	248	memcpy(rm, sig->digest->data,
264	sig->digest->length);	249	sig->digest->length);
265	*prm_len = sig->digest->length;	250	*prm_len = sig->digest->length;
266	ret = 1;	251	ret = 1;
267	}
268	}	252	}
269	else if (((unsigned int)sig->digest->length != m_len) \|\|	253	} else if ((unsigned int)sig->digest->length != m_len \|\|
270	(memcmp(m,sig->digest->data,m_len) != 0))	254	memcmp(m,sig->digest->data,m_len) != 0) {
271	{	255	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
272	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);	256	} else
273	}	257	ret = 1;
274	else
275	ret=1;
276	}	258	}
277	err:	259	err:
278	if (sig != NULL) X509_SIG_free(sig);	260	if (sig != NULL)
279	if (s != NULL)	261	X509_SIG_free(sig);
280	{	262	if (s != NULL) {
281	OPENSSL_cleanse(s,(unsigned int)siglen);	263	OPENSSL_cleanse(s, (unsigned int)siglen);
282	free(s);	264	free(s);
283	}
284	return(ret);
285	}	265	}
		266	return ret;
		267	}
286		268
287	int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,	269	int
288	const unsigned char *sigbuf, unsigned int siglen,	270	RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
289	RSA *rsa)	271	const unsigned char sigbuf, unsigned int siglen, RSA rsa)
290	{	272	{
291		273	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
292	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)	274	return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen,
293	{	275	rsa);
294	return rsa->meth->rsa_verify(dtype, m, m_len,
295	sigbuf, siglen, rsa);
296	}
297		276
298	return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);	277	return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
299	}	278	}