VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.0g/crypto/asn1/a_verify.c@ 69881

Last change on this file since 69881 was 69881, checked in by vboxsync, 7 years ago

Update OpenSSL to 1.1.0g.
bugref:8070: src/libs maintenance
  • Property svn:eol-style set to native
File size: 4.9 KB
Line 
1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <time.h>
12#include <sys/types.h>
13
14#include "internal/cryptlib.h"
15
16#include <openssl/bn.h>
17#include <openssl/x509.h>
18#include <openssl/objects.h>
19#include <openssl/buffer.h>
20#include <openssl/evp.h>
21#include "internal/asn1_int.h"
22#include "internal/evp_int.h"
23
24#ifndef NO_ASN1_OLD
25
26int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
27 char *data, EVP_PKEY *pkey)
28{
29 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
30 const EVP_MD *type;
31 unsigned char *p, *buf_in = NULL;
32 int ret = -1, i, inl;
33
34 if (ctx == NULL) {
35 ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
36 goto err;
37 }
38 i = OBJ_obj2nid(a->algorithm);
39 type = EVP_get_digestbyname(OBJ_nid2sn(i));
40 if (type == NULL) {
41 ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
42 goto err;
43 }
44
45 if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
46 ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
47 goto err;
48 }
49
50 inl = i2d(data, NULL);
51 buf_in = OPENSSL_malloc((unsigned int)inl);
52 if (buf_in == NULL) {
53 ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
54 goto err;
55 }
56 p = buf_in;
57
58 i2d(data, &p);
59 ret = EVP_VerifyInit_ex(ctx, type, NULL)
60 && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
61
62 OPENSSL_clear_free(buf_in, (unsigned int)inl);
63
64 if (!ret) {
65 ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
66 goto err;
67 }
68 ret = -1;
69
70 if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
71 (unsigned int)signature->length, pkey) <= 0) {
72 ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
73 ret = 0;
74 goto err;
75 }
76 ret = 1;
77 err:
78 EVP_MD_CTX_free(ctx);
79 return (ret);
80}
81
82#endif
83
84int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
85 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
86{
87 EVP_MD_CTX *ctx = NULL;
88 unsigned char *buf_in = NULL;
89 int ret = -1, inl;
90
91 int mdnid, pknid;
92
93 if (!pkey) {
94 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
95 return -1;
96 }
97
98 if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
99 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
100 return -1;
101 }
102
103 ctx = EVP_MD_CTX_new();
104 if (ctx == NULL) {
105 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
106 goto err;
107 }
108
109 /* Convert signature OID into digest and public key OIDs */
110 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
111 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
112 goto err;
113 }
114 if (mdnid == NID_undef) {
115 if (!pkey->ameth || !pkey->ameth->item_verify) {
116 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
117 ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
118 goto err;
119 }
120 ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
121 /*
122 * Return value of 2 means carry on, anything else means we exit
123 * straight away: either a fatal error of the underlying verification
124 * routine handles all verification.
125 */
126 if (ret != 2)
127 goto err;
128 ret = -1;
129 } else {
130 const EVP_MD *type;
131 type = EVP_get_digestbynid(mdnid);
132 if (type == NULL) {
133 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
134 ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
135 goto err;
136 }
137
138 /* Check public key OID matches public key type */
139 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
140 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
141 goto err;
142 }
143
144 if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
145 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
146 ret = 0;
147 goto err;
148 }
149
150 }
151
152 inl = ASN1_item_i2d(asn, &buf_in, it);
153
154 if (buf_in == NULL) {
155 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
156 goto err;
157 }
158
159 ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl);
160
161 OPENSSL_clear_free(buf_in, (unsigned int)inl);
162
163 if (!ret) {
164 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
165 goto err;
166 }
167 ret = -1;
168
169 if (EVP_DigestVerifyFinal(ctx, signature->data,
170 (size_t)signature->length) <= 0) {
171 ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
172 ret = 0;
173 goto err;
174 }
175 ret = 1;
176 err:
177 EVP_MD_CTX_free(ctx);
178 return (ret);
179}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette