Port from stable branch.

[openssl.git] / crypto / asn1 / a_verify.c
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c

index d4aede85c37e11c6a467e21d883a9ca8349bad74..05329277a2df0da4a39d5721cdd8029d38ed6454 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -71,14 +71,17 @@
  #include <openssl/buffer.h>
  #include <openssl/evp.h>
  
-int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
-            char *data, EVP_PKEY *pkey)
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+               char *data, EVP_PKEY *pkey)
         {
         EVP_MD_CTX ctx;
         const EVP_MD *type;
         unsigned char *p,*buf_in=NULL;
         int ret= -1,i,inl;
  
+       EVP_MD_CTX_init(&ctx);
         i=OBJ_obj2nid(a->algorithm);
         type=EVP_get_digestbyname(OBJ_nid2sn(i));
         if (type == NULL)
@@ -88,7 +91,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
                 }
         
         inl=i2d(data,NULL);
-       buf_in=Malloc((unsigned int)inl);
+       buf_in=OPENSSL_malloc((unsigned int)inl);
         if (buf_in == NULL)
                 {
                 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -97,11 +100,67 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         p=buf_in;
  
         i2d(data,&p);
-       EVP_VerifyInit(&ctx,type);
+       EVP_VerifyInit_ex(&ctx,type, NULL);
+       EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
+       OPENSSL_free(buf_in);
+
+       if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                       (unsigned int)signature->length,pkey) <= 0)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
+               goto err;
+               }
+       /* we don't need to zero the 'ctx' because we just checked
+        * public information */
+       /* memset(&ctx,0,sizeof(ctx)); */
+       ret=1;
+err:
+       EVP_MD_CTX_cleanup(&ctx);
+       return(ret);
+       }
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+            void *asn, EVP_PKEY *pkey)
+       {
+       EVP_MD_CTX ctx;
+       const EVP_MD *type;
+       unsigned char *buf_in=NULL;
+       int ret= -1,i,inl;
+
+       EVP_MD_CTX_init(&ctx);
+       i=OBJ_obj2nid(a->algorithm);
+       type=EVP_get_digestbyname(OBJ_nid2sn(i));
+       if (type == NULL)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+               goto err;
+               }
+
+       if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
+               goto err;
+               }
+
+       inl = ASN1_item_i2d(asn, &buf_in, it);
+       
+       if (buf_in == NULL)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
+
         EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
  
-       memset(buf_in,0,(unsigned int)inl);
-       Free(buf_in);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
+       OPENSSL_free(buf_in);
  
         if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                         (unsigned int)signature->length,pkey) <= 0)
@@ -115,5 +174,8 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
         /* memset(&ctx,0,sizeof(ctx)); */
         ret=1;
  err:
+       EVP_MD_CTX_cleanup(&ctx);
         return(ret);
         }
+
+