a_verify.c 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. /* crypto/asn1/a_verify.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <time.h>
  60. #include "cryptlib.h"
  61. #ifndef NO_SYS_TYPES_H
  62. # include <sys/types.h>
  63. #endif
  64. #include <openssl/bn.h>
  65. #include <openssl/x509.h>
  66. #include <openssl/objects.h>
  67. #include <openssl/buffer.h>
  68. #include <openssl/evp.h>
  69. #ifndef NO_ASN1_OLD
  70. int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
  71. char *data, EVP_PKEY *pkey)
  72. {
  73. EVP_MD_CTX ctx;
  74. const EVP_MD *type;
  75. unsigned char *p,*buf_in=NULL;
  76. int ret= -1,i,inl;
  77. EVP_MD_CTX_init(&ctx);
  78. i=OBJ_obj2nid(a->algorithm);
  79. type=EVP_get_digestbyname(OBJ_nid2sn(i));
  80. if (type == NULL)
  81. {
  82. ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
  83. goto err;
  84. }
  85. inl=i2d(data,NULL);
  86. buf_in=OPENSSL_malloc((unsigned int)inl);
  87. if (buf_in == NULL)
  88. {
  89. ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
  90. goto err;
  91. }
  92. p=buf_in;
  93. i2d(data,&p);
  94. EVP_VerifyInit_ex(&ctx,type, NULL);
  95. EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
  96. OPENSSL_cleanse(buf_in,(unsigned int)inl);
  97. OPENSSL_free(buf_in);
  98. if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
  99. (unsigned int)signature->length,pkey) <= 0)
  100. {
  101. ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
  102. ret=0;
  103. goto err;
  104. }
  105. /* we don't need to zero the 'ctx' because we just checked
  106. * public information */
  107. /* memset(&ctx,0,sizeof(ctx)); */
  108. ret=1;
  109. err:
  110. EVP_MD_CTX_cleanup(&ctx);
  111. return(ret);
  112. }
  113. #endif
  114. int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
  115. void *asn, EVP_PKEY *pkey)
  116. {
  117. EVP_MD_CTX ctx;
  118. const EVP_MD *type;
  119. unsigned char *buf_in=NULL;
  120. int ret= -1,i,inl;
  121. EVP_MD_CTX_init(&ctx);
  122. i=OBJ_obj2nid(a->algorithm);
  123. type=EVP_get_digestbyname(OBJ_nid2sn(i));
  124. if (type == NULL)
  125. {
  126. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
  127. goto err;
  128. }
  129. if (!EVP_VerifyInit_ex(&ctx,type, NULL))
  130. {
  131. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
  132. ret=0;
  133. goto err;
  134. }
  135. inl = ASN1_item_i2d(asn, &buf_in, it);
  136. if (buf_in == NULL)
  137. {
  138. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
  139. goto err;
  140. }
  141. EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
  142. OPENSSL_cleanse(buf_in,(unsigned int)inl);
  143. OPENSSL_free(buf_in);
  144. if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
  145. (unsigned int)signature->length,pkey) <= 0)
  146. {
  147. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
  148. ret=0;
  149. goto err;
  150. }
  151. /* we don't need to zero the 'ctx' because we just checked
  152. * public information */
  153. /* memset(&ctx,0,sizeof(ctx)); */
  154. ret=1;
  155. err:
  156. EVP_MD_CTX_cleanup(&ctx);
  157. return(ret);
  158. }