a_verify.c 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
  1. /* crypto/asn1/a_verify.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <time.h>
  60. #include "cryptlib.h"
  61. #include "asn1_locl.h"
  62. #ifndef NO_SYS_TYPES_H
  63. # include <sys/types.h>
  64. #endif
  65. #include <openssl/bn.h>
  66. #include <openssl/x509.h>
  67. #include <openssl/objects.h>
  68. #include <openssl/buffer.h>
  69. #include <openssl/evp.h>
  70. #ifndef NO_ASN1_OLD
  71. int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
  72. char *data, EVP_PKEY *pkey)
  73. {
  74. EVP_MD_CTX ctx;
  75. const EVP_MD *type;
  76. unsigned char *p, *buf_in = NULL;
  77. int ret = -1, i, inl;
  78. EVP_MD_CTX_init(&ctx);
  79. i = OBJ_obj2nid(a->algorithm);
  80. type = EVP_get_digestbyname(OBJ_nid2sn(i));
  81. if (type == NULL) {
  82. ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
  83. goto err;
  84. }
  85. if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
  86. ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
  87. goto err;
  88. }
  89. inl = i2d(data, NULL);
  90. buf_in = OPENSSL_malloc((unsigned int)inl);
  91. if (buf_in == NULL) {
  92. ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
  93. goto err;
  94. }
  95. p = buf_in;
  96. i2d(data, &p);
  97. if (!EVP_VerifyInit_ex(&ctx, type, NULL)
  98. || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) {
  99. ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
  100. ret = 0;
  101. goto err;
  102. }
  103. OPENSSL_cleanse(buf_in, (unsigned int)inl);
  104. OPENSSL_free(buf_in);
  105. if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
  106. (unsigned int)signature->length, pkey) <= 0) {
  107. ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
  108. ret = 0;
  109. goto err;
  110. }
  111. /*
  112. * we don't need to zero the 'ctx' because we just checked public
  113. * information
  114. */
  115. /* memset(&ctx,0,sizeof(ctx)); */
  116. ret = 1;
  117. err:
  118. EVP_MD_CTX_cleanup(&ctx);
  119. return (ret);
  120. }
  121. #endif
  122. int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
  123. ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
  124. {
  125. EVP_MD_CTX ctx;
  126. unsigned char *buf_in = NULL;
  127. int ret = -1, inl;
  128. int mdnid, pknid;
  129. if (!pkey) {
  130. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
  131. return -1;
  132. }
  133. if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
  134. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
  135. return -1;
  136. }
  137. EVP_MD_CTX_init(&ctx);
  138. /* Convert signature OID into digest and public key OIDs */
  139. if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
  140. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
  141. goto err;
  142. }
  143. if (mdnid == NID_undef) {
  144. if (!pkey->ameth || !pkey->ameth->item_verify) {
  145. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
  146. ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
  147. goto err;
  148. }
  149. ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey);
  150. /*
  151. * Return value of 2 means carry on, anything else means we exit
  152. * straight away: either a fatal error of the underlying verification
  153. * routine handles all verification.
  154. */
  155. if (ret != 2)
  156. goto err;
  157. ret = -1;
  158. } else {
  159. const EVP_MD *type;
  160. type = EVP_get_digestbynid(mdnid);
  161. if (type == NULL) {
  162. ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
  163. ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
  164. goto err;
  165. }
  166. /* Check public key OID matches public key type */
  167. if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
  168. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
  169. goto err;
  170. }
  171. if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
  172. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
  173. ret = 0;
  174. goto err;
  175. }
  176. }
  177. inl = ASN1_item_i2d(asn, &buf_in, it);
  178. if (buf_in == NULL) {
  179. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
  180. goto err;
  181. }
  182. if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
  183. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
  184. ret = 0;
  185. goto err;
  186. }
  187. OPENSSL_cleanse(buf_in, (unsigned int)inl);
  188. OPENSSL_free(buf_in);
  189. if (EVP_DigestVerifyFinal(&ctx, signature->data,
  190. (size_t)signature->length) <= 0) {
  191. ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
  192. ret = 0;
  193. goto err;
  194. }
  195. /*
  196. * we don't need to zero the 'ctx' because we just checked public
  197. * information
  198. */
  199. /* memset(&ctx,0,sizeof(ctx)); */
  200. ret = 1;
  201. err:
  202. EVP_MD_CTX_cleanup(&ctx);
  203. return (ret);
  204. }