X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fasn1%2Fa_verify.c;h=59ba322839956d61d6f69b5d28c8c32245809205;hb=d66ace9da50de58a17e7ca7eeec8ca6f5a6be189;hp=03fc63dbef3fde4ce96af867ea515f568b16c36c;hpb=58964a492275ca9a59a0cd9c8155cb2491b4b909;p=oweals%2Fopenssl.git

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 03fc63dbef..59ba322839 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -58,29 +58,30 @@
 
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "bn.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "evp.h"
-#include "pem.h"
-
-int ASN1_verify(i2d,a,signature,data,pkey)
-int (*i2d)();
-X509_ALGOR *a;
-ASN1_BIT_STRING *signature;
-char *data;
-EVP_PKEY *pkey;
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     char *data, EVP_PKEY *pkey)
 	{
 	EVP_MD_CTX ctx;
-	EVP_MD *type;
+	const EVP_MD *type;
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
+	EVP_MD_CTX_init(&ctx);
 	i=OBJ_obj2nid(a->algorithm);
 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
 	if (type == NULL)
@@ -90,7 +91,7 @@ EVP_PKEY *pkey;
 		}
 	
 	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	buf_in=OPENSSL_malloc((unsigned int)inl);
 	if (buf_in == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -103,7 +104,7 @@ EVP_PKEY *pkey;
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	memset(buf_in,0,(unsigned int)inl);
-	Free((char *)buf_in);
+	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
 			(unsigned int)signature->length,pkey) <= 0)
@@ -117,5 +118,58 @@ EVP_PKEY *pkey;
 	/* memset(&ctx,0,sizeof(ctx)); */
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     void *asn, EVP_PKEY *pkey)
+	{
+	EVP_MD_CTX ctx;
+	const EVP_MD *type;
+	unsigned char *buf_in=NULL;
+	int ret= -1,i,inl;
+
+	EVP_MD_CTX_init(&ctx);
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+
+	inl = ASN1_item_i2d(asn, &buf_in, it);
+	
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	return(ret);
+	}
+
+