X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fa_verify.c;h=1f2458311307fcc977f26a3536f28f674c6340d3;hp=00ab136f022347a6293b750a1579d6e2f0af26c7;hb=da84249be6492ccfc5ecad32ac367fd06e9bdbef;hpb=2039c421b0e5b75ffcf6a88e39cc09089b4303dc

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 00ab136f02..1f24583113 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
@@ -9,13 +9,10 @@
 
 #include <stdio.h>
 #include <time.h>
+#include <sys/types.h>
 
 #include "internal/cryptlib.h"
 
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
 #include <openssl/bn.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
@@ -51,6 +48,10 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     }
 
     inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     buf_in = OPENSSL_malloc((unsigned int)inl);
     if (buf_in == NULL) {
         ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
@@ -79,7 +80,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
     ret = 1;
  err:
     EVP_MD_CTX_free(ctx);
-    return (ret);
+    return ret;
 }
 
 #endif
@@ -89,9 +90,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 {
     EVP_MD_CTX *ctx = NULL;
     unsigned char *buf_in = NULL;
-    int ret = -1, inl;
-
+    int ret = -1, inl = 0;
     int mdnid, pknid;
+    size_t inll = 0;
 
     if (!pkey) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
@@ -130,8 +131,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
             goto err;
         ret = -1;
     } else {
-        const EVP_MD *type;
-        type = EVP_get_digestbynid(mdnid);
+        const EVP_MD *type = EVP_get_digestbynid(mdnid);
+
         if (type == NULL) {
             ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
                     ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
@@ -153,30 +154,25 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
     }
 
     inl = ASN1_item_i2d(asn, &buf_in, it);
-
-    if (buf_in == NULL) {
-        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR);
         goto err;
     }
-
-    ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
-
-    OPENSSL_clear_free(buf_in, (unsigned int)inl);
-
-    if (!ret) {
-        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    ret = -1;
+    inll = inl;
 
-    if (EVP_DigestVerifyFinal(ctx, signature->data,
-                              (size_t)signature->length) <= 0) {
+    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
+                           buf_in, inl);
+    if (ret <= 0) {
         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
-        ret = 0;
         goto err;
     }
     ret = 1;
  err:
+    OPENSSL_clear_free(buf_in, inll);
     EVP_MD_CTX_free(ctx);
-    return (ret);
+    return ret;
 }