diff options
| author | default <nobody@localhost> | 2022-09-29 14:16:20 +0200 |
|---|---|---|
| committer | default <nobody@localhost> | 2022-09-29 14:16:20 +0200 |
| commit | c680f15d4ea418b1b5e9c494be9bf4daa0eb6d49 (patch) | |
| tree | 10b4aed04c80cd94359fec217ace64e1fcacdc59 | |
| parent | f124d7accb912b365df2f03c1e1cba12b9d0f055 (diff) | |
Backport from xs.
| -rw-r--r-- | xs_openssl.h | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/xs_openssl.h b/xs_openssl.h index fd57c86..9dd538d 100644 --- a/xs_openssl.h +++ b/xs_openssl.h @@ -12,6 +12,7 @@ d_char *xs_rsa_genkey(int bits); d_char *xs_rsa_sign(char *secret, char *mem, int size); int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig); d_char *xs_evp_sign(char *secret, char *mem, int size); +int xs_evp_verify(char *pubkey, char *mem, int size, char *b64sig); #ifdef XS_IMPLEMENTATION @@ -157,7 +158,7 @@ int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig) rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL); if (rsa != NULL) { - d_char *sig = NULL; + xs *sig = NULL; int s_size; /* de-base64 */ @@ -166,8 +167,6 @@ int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig) if (sig != NULL) r = RSA_verify(NID_sha256, (unsigned char *)mem, size, (unsigned char *)sig, s_size, rsa); - - free(sig); } BIO_free(b); @@ -210,6 +209,7 @@ d_char *xs_evp_sign(char *secret, char *mem, int size) signature = xs_base64_enc((char *)sig, sig_len); EVP_MD_CTX_free(mdctx); + EVP_PKEY_free(pkey); BIO_free(b); free(sig); @@ -217,6 +217,45 @@ d_char *xs_evp_sign(char *secret, char *mem, int size) } +int xs_evp_verify(char *pubkey, char *mem, int size, char *b64sig) +/* verifies a base64 block, returns non-zero on ok */ +{ + int r = 0; + BIO *b; + EVP_PKEY *pkey; + EVP_MD_CTX *mdctx; + const EVP_MD *md; + + /* un-PEM the key */ + b = BIO_new_mem_buf(pubkey, strlen(pubkey)); + pkey = PEM_read_bio_PUBKEY(b, NULL, NULL, NULL); + + md = EVP_get_digestbyname("sha256"); + mdctx = EVP_MD_CTX_new(); + + if (pkey != NULL) { + xs *sig = NULL; + int s_size; + + /* de-base64 */ + sig = xs_base64_dec(b64sig, &s_size); + + if (sig != NULL) { + EVP_VerifyInit(mdctx, md); + EVP_VerifyUpdate(mdctx, mem, size); + + r = EVP_VerifyFinal(mdctx, (unsigned char *)sig, s_size, pkey); + } + } + + EVP_MD_CTX_free(mdctx); + EVP_PKEY_free(pkey); + BIO_free(b); + + return r; +} + + #endif /* XS_IMPLEMENTATION */ #endif /* _XS_OPENSSL_H */ |