OLD | NEW |
1 /* crypto/asn1/a_verify.c */ | 1 /* crypto/asn1/a_verify.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 | 58 |
59 #include <stdio.h> | 59 #include <stdio.h> |
60 #include <time.h> | 60 #include <time.h> |
61 | 61 |
62 #include "cryptlib.h" | 62 #include "cryptlib.h" |
| 63 #include "asn1_locl.h" |
63 | 64 |
64 #ifndef NO_SYS_TYPES_H | 65 #ifndef NO_SYS_TYPES_H |
65 # include <sys/types.h> | 66 # include <sys/types.h> |
66 #endif | 67 #endif |
67 | 68 |
68 #include <openssl/bn.h> | 69 #include <openssl/bn.h> |
69 #include <openssl/x509.h> | 70 #include <openssl/x509.h> |
70 #include <openssl/objects.h> | 71 #include <openssl/objects.h> |
71 #include <openssl/buffer.h> | 72 #include <openssl/buffer.h> |
72 #include <openssl/evp.h> | 73 #include <openssl/evp.h> |
(...skipping 20 matching lines...) Expand all Loading... |
93 inl=i2d(data,NULL); | 94 inl=i2d(data,NULL); |
94 buf_in=OPENSSL_malloc((unsigned int)inl); | 95 buf_in=OPENSSL_malloc((unsigned int)inl); |
95 if (buf_in == NULL) | 96 if (buf_in == NULL) |
96 { | 97 { |
97 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); | 98 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); |
98 goto err; | 99 goto err; |
99 } | 100 } |
100 p=buf_in; | 101 p=buf_in; |
101 | 102 |
102 i2d(data,&p); | 103 i2d(data,&p); |
103 » if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | 104 » EVP_VerifyInit_ex(&ctx,type, NULL); |
104 » » { | |
105 » » ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | |
106 » » ret=0; | |
107 » » goto err; | |
108 » » } | |
109 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 105 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); |
110 | 106 |
111 OPENSSL_cleanse(buf_in,(unsigned int)inl); | 107 OPENSSL_cleanse(buf_in,(unsigned int)inl); |
112 OPENSSL_free(buf_in); | 108 OPENSSL_free(buf_in); |
113 | 109 |
114 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | 110 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, |
115 (unsigned int)signature->length,pkey) <= 0) | 111 (unsigned int)signature->length,pkey) <= 0) |
116 { | 112 { |
117 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | 113 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); |
118 ret=0; | 114 ret=0; |
119 goto err; | 115 goto err; |
120 } | 116 } |
121 /* we don't need to zero the 'ctx' because we just checked | 117 /* we don't need to zero the 'ctx' because we just checked |
122 * public information */ | 118 * public information */ |
123 /* memset(&ctx,0,sizeof(ctx)); */ | 119 /* memset(&ctx,0,sizeof(ctx)); */ |
124 ret=1; | 120 ret=1; |
125 err: | 121 err: |
126 EVP_MD_CTX_cleanup(&ctx); | 122 EVP_MD_CTX_cleanup(&ctx); |
127 return(ret); | 123 return(ret); |
128 } | 124 } |
129 | 125 |
130 #endif | 126 #endif |
131 | 127 |
132 | 128 |
133 int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
ure, | 129 int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
ure, |
134 void *asn, EVP_PKEY *pkey) | 130 void *asn, EVP_PKEY *pkey) |
135 { | 131 { |
136 EVP_MD_CTX ctx; | 132 EVP_MD_CTX ctx; |
137 » const EVP_MD *type; | 133 » const EVP_MD *type = NULL; |
138 unsigned char *buf_in=NULL; | 134 unsigned char *buf_in=NULL; |
139 » int ret= -1,i,inl; | 135 » int ret= -1,inl; |
| 136 |
| 137 » int mdnid, pknid; |
140 | 138 |
141 EVP_MD_CTX_init(&ctx); | 139 EVP_MD_CTX_init(&ctx); |
142 » i=OBJ_obj2nid(a->algorithm); | 140 |
143 » type=EVP_get_digestbyname(OBJ_nid2sn(i)); | 141 » /* Convert signature OID into digest and public key OIDs */ |
| 142 » if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) |
| 143 » » { |
| 144 » » ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORIT
HM); |
| 145 » » goto err; |
| 146 » » } |
| 147 » type=EVP_get_digestbynid(mdnid); |
144 if (type == NULL) | 148 if (type == NULL) |
145 { | 149 { |
146 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_AL
GORITHM); | 150 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_AL
GORITHM); |
147 goto err; | 151 goto err; |
148 } | 152 } |
149 | 153 |
| 154 /* Check public key OID matches public key type */ |
| 155 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) |
| 156 { |
| 157 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
| 158 goto err; |
| 159 } |
| 160 |
150 if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | 161 if (!EVP_VerifyInit_ex(&ctx,type, NULL)) |
151 { | 162 { |
152 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | 163 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); |
153 ret=0; | 164 ret=0; |
154 goto err; | 165 goto err; |
155 } | 166 } |
156 | 167 |
157 inl = ASN1_item_i2d(asn, &buf_in, it); | 168 inl = ASN1_item_i2d(asn, &buf_in, it); |
158 | 169 |
159 if (buf_in == NULL) | 170 if (buf_in == NULL) |
(...skipping 17 matching lines...) Expand all Loading... |
177 /* we don't need to zero the 'ctx' because we just checked | 188 /* we don't need to zero the 'ctx' because we just checked |
178 * public information */ | 189 * public information */ |
179 /* memset(&ctx,0,sizeof(ctx)); */ | 190 /* memset(&ctx,0,sizeof(ctx)); */ |
180 ret=1; | 191 ret=1; |
181 err: | 192 err: |
182 EVP_MD_CTX_cleanup(&ctx); | 193 EVP_MD_CTX_cleanup(&ctx); |
183 return(ret); | 194 return(ret); |
184 } | 195 } |
185 | 196 |
186 | 197 |
OLD | NEW |