x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules.

[openssl.git] / crypto / asn1 / a_verify.c

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 4b4a240f50b4af4ac06e0080cfa314217a0f4b00..cecdb13c70901ab77367c563a1000dcaecaf0cff 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
 #include <time.h>
 
 #include "cryptlib.h"
+#include "asn1_locl.h"
 
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -73,14 +74,15 @@
 
 #ifndef NO_ASN1_OLD
 
-int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
-            char *data, EVP_PKEY *pkey)
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+               char *data, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
        const EVP_MD *type;
        unsigned char *p,*buf_in=NULL;
        int ret= -1,i,inl;
 
+       EVP_MD_CTX_init(&ctx);
        i=OBJ_obj2nid(a->algorithm);
        type=EVP_get_digestbyname(OBJ_nid2sn(i));
        if (type == NULL)
@@ -99,10 +101,10 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
 
        i2d(data,&p);
-       EVP_VerifyInit(&ctx,type);
+       EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -117,6 +119,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        /* memset(&ctx,0,sizeof(ctx)); */
        ret=1;
 err:
+       EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }
 
@@ -127,15 +130,38 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
             void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-       const EVP_MD *type;
+       const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
-       int ret= -1,i,inl;
+       int ret= -1,inl;
 
-       i=OBJ_obj2nid(a->algorithm);
-       type=EVP_get_digestbyname(OBJ_nid2sn(i));
+       int mdnid, pknid;
+
+       EVP_MD_CTX_init(&ctx);
+
+       /* Convert signature OID into digest and public key OIDs */
+       if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+               goto err;
+               }
+       type=EVP_get_digestbynid(mdnid);
        if (type == NULL)
                {
-               ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+               goto err;
+               }
+
+       /* Check public key OID matches public key type */
+       if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+               goto err;
+               }
+
+       if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
                goto err;
                }
 
@@ -143,20 +169,19 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        
        if (buf_in == NULL)
                {
-               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
-       EVP_VerifyInit(&ctx,type);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                        (unsigned int)signature->length,pkey) <= 0)
                {
-               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
                ret=0;
                goto err;
                }
@@ -165,6 +190,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        /* memset(&ctx,0,sizeof(ctx)); */
        ret=1;
 err:
+       EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }