1 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
2 | * All rights reserved. |
3 | * |
4 | * This package is an SSL implementation written |
5 | * by Eric Young (eay@cryptsoft.com). |
6 | * The implementation was written so as to conform with Netscapes SSL. |
7 | * |
8 | * This library is free for commercial and non-commercial use as long as |
9 | * the following conditions are aheared to. The following conditions |
10 | * apply to all code found in this distribution, be it the RC4, RSA, |
11 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
12 | * included with this distribution is covered by the same copyright terms |
13 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
14 | * |
15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | * the code are not to be removed. |
17 | * If this package is used in a product, Eric Young should be given attribution |
18 | * as the author of the parts of the library used. |
19 | * This can be in the form of a textual message at program startup or |
20 | * in documentation (online or textual) provided with the package. |
21 | * |
22 | * Redistribution and use in source and binary forms, with or without |
23 | * modification, are permitted provided that the following conditions |
24 | * are met: |
25 | * 1. Redistributions of source code must retain the copyright |
26 | * notice, this list of conditions and the following disclaimer. |
27 | * 2. Redistributions in binary form must reproduce the above copyright |
28 | * notice, this list of conditions and the following disclaimer in the |
29 | * documentation and/or other materials provided with the distribution. |
30 | * 3. All advertising materials mentioning features or use of this software |
31 | * must display the following acknowledgement: |
32 | * "This product includes cryptographic software written by |
33 | * Eric Young (eay@cryptsoft.com)" |
34 | * The word 'cryptographic' can be left out if the rouines from the library |
35 | * being used are not cryptographic related :-). |
36 | * 4. If you include any Windows specific code (or a derivative thereof) from |
37 | * the apps directory (application code) you must include an acknowledgement: |
38 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
39 | * |
40 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
43 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
44 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
45 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
46 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
48 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
49 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
50 | * SUCH DAMAGE. |
51 | * |
52 | * The licence and distribution terms for any publically available version or |
53 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
54 | * copied and put under another distribution licence |
55 | * [including the GNU Public Licence.] */ |
56 | |
57 | #include <openssl/x509.h> |
58 | |
59 | #include <stdio.h> |
60 | #include <time.h> |
61 | #include <sys/types.h> |
62 | |
63 | #include <openssl/bn.h> |
64 | #include <openssl/buf.h> |
65 | #include <openssl/digest.h> |
66 | #include <openssl/err.h> |
67 | #include <openssl/evp.h> |
68 | #include <openssl/mem.h> |
69 | #include <openssl/obj.h> |
70 | |
71 | #include "internal.h" |
72 | |
73 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, |
74 | ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) |
75 | { |
76 | EVP_MD_CTX ctx; |
77 | uint8_t *buf_in = NULL; |
78 | int ret = 0, inl = 0; |
79 | |
80 | if (!pkey) { |
81 | OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); |
82 | return 0; |
83 | } |
84 | |
85 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { |
86 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT); |
87 | return 0; |
88 | } |
89 | |
90 | EVP_MD_CTX_init(&ctx); |
91 | |
92 | if (!x509_digest_verify_init(&ctx, a, pkey)) { |
93 | goto err; |
94 | } |
95 | |
96 | inl = ASN1_item_i2d(asn, &buf_in, it); |
97 | |
98 | if (buf_in == NULL) { |
99 | OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); |
100 | goto err; |
101 | } |
102 | |
103 | if (!EVP_DigestVerify(&ctx, signature->data, (size_t)signature->length, |
104 | buf_in, inl)) { |
105 | OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); |
106 | goto err; |
107 | } |
108 | |
109 | ret = 1; |
110 | |
111 | err: |
112 | OPENSSL_free(buf_in); |
113 | EVP_MD_CTX_cleanup(&ctx); |
114 | return ret; |
115 | } |
116 | |