diff options
Diffstat (limited to 'src/lib/libssl/src/crypto/asn1/a_verify.c')
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/a_verify.c | 77 |
1 files changed, 54 insertions, 23 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c index cecdb13c70..432722e409 100644 --- a/src/lib/libssl/src/crypto/asn1/a_verify.c +++ b/src/lib/libssl/src/crypto/asn1/a_verify.c | |||
| @@ -101,8 +101,13 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, | |||
| 101 | p=buf_in; | 101 | p=buf_in; |
| 102 | 102 | ||
| 103 | i2d(data,&p); | 103 | i2d(data,&p); |
| 104 | EVP_VerifyInit_ex(&ctx,type, NULL); | 104 | if (!EVP_VerifyInit_ex(&ctx,type, NULL) |
| 105 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 105 | || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl)) |
| 106 | { | ||
| 107 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | ||
| 108 | ret=0; | ||
| 109 | goto err; | ||
| 110 | } | ||
| 106 | 111 | ||
| 107 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 112 | OPENSSL_cleanse(buf_in,(unsigned int)inl); |
| 108 | OPENSSL_free(buf_in); | 113 | OPENSSL_free(buf_in); |
| @@ -126,11 +131,10 @@ err: | |||
| 126 | #endif | 131 | #endif |
| 127 | 132 | ||
| 128 | 133 | ||
| 129 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, | 134 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, |
| 130 | void *asn, EVP_PKEY *pkey) | 135 | ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) |
| 131 | { | 136 | { |
| 132 | EVP_MD_CTX ctx; | 137 | EVP_MD_CTX ctx; |
| 133 | const EVP_MD *type = NULL; | ||
| 134 | unsigned char *buf_in=NULL; | 138 | unsigned char *buf_in=NULL; |
| 135 | int ret= -1,inl; | 139 | int ret= -1,inl; |
| 136 | 140 | ||
| @@ -144,25 +148,47 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 144 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | 148 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
| 145 | goto err; | 149 | goto err; |
| 146 | } | 150 | } |
| 147 | type=EVP_get_digestbynid(mdnid); | 151 | if (mdnid == NID_undef) |
| 148 | if (type == NULL) | ||
| 149 | { | 152 | { |
| 150 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | 153 | if (!pkey->ameth || !pkey->ameth->item_verify) |
| 151 | goto err; | 154 | { |
| 155 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | ||
| 156 | goto err; | ||
| 157 | } | ||
| 158 | ret = pkey->ameth->item_verify(&ctx, it, asn, a, | ||
| 159 | signature, pkey); | ||
| 160 | /* Return value of 2 means carry on, anything else means we | ||
| 161 | * exit straight away: either a fatal error of the underlying | ||
| 162 | * verification routine handles all verification. | ||
| 163 | */ | ||
| 164 | if (ret != 2) | ||
| 165 | goto err; | ||
| 166 | ret = -1; | ||
| 152 | } | 167 | } |
| 153 | 168 | else | |
| 154 | /* Check public key OID matches public key type */ | ||
| 155 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) | ||
| 156 | { | 169 | { |
| 157 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); | 170 | const EVP_MD *type; |
| 158 | goto err; | 171 | type=EVP_get_digestbynid(mdnid); |
| 159 | } | 172 | if (type == NULL) |
| 173 | { | ||
| 174 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | ||
| 175 | goto err; | ||
| 176 | } | ||
| 177 | |||
| 178 | /* Check public key OID matches public key type */ | ||
| 179 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) | ||
| 180 | { | ||
| 181 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); | ||
| 182 | goto err; | ||
| 183 | } | ||
| 184 | |||
| 185 | if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) | ||
| 186 | { | ||
| 187 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
| 188 | ret=0; | ||
| 189 | goto err; | ||
| 190 | } | ||
| 160 | 191 | ||
| 161 | if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | ||
| 162 | { | ||
| 163 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
| 164 | ret=0; | ||
| 165 | goto err; | ||
| 166 | } | 192 | } |
| 167 | 193 | ||
| 168 | inl = ASN1_item_i2d(asn, &buf_in, it); | 194 | inl = ASN1_item_i2d(asn, &buf_in, it); |
| @@ -173,13 +199,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 173 | goto err; | 199 | goto err; |
| 174 | } | 200 | } |
| 175 | 201 | ||
| 176 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 202 | if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) |
| 203 | { | ||
| 204 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
| 205 | ret=0; | ||
| 206 | goto err; | ||
| 207 | } | ||
| 177 | 208 | ||
| 178 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 209 | OPENSSL_cleanse(buf_in,(unsigned int)inl); |
| 179 | OPENSSL_free(buf_in); | 210 | OPENSSL_free(buf_in); |
| 180 | 211 | ||
| 181 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | 212 | if (EVP_DigestVerifyFinal(&ctx,signature->data, |
| 182 | (unsigned int)signature->length,pkey) <= 0) | 213 | (size_t)signature->length) <= 0) |
| 183 | { | 214 | { |
| 184 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | 215 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); |
| 185 | ret=0; | 216 | ret=0; |