1 files changed, 42 insertions, 3 deletions
diff --git a/xs_openssl.h b/xs_openssl.h
index fd57c86..9dd538d 100644
--- a/xs_openssl.h
+++ b/xs_openssl.h
@@ -12,6 +12,7 @@ d_char *xs_rsa_genkey(int bits);
 d_char *xs_rsa_sign(char *secret, char *mem, int size);
 int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig);
 d_char *xs_evp_sign(char *secret, char *mem, int size);
+int xs_evp_verify(char *pubkey, char *mem, int size, char *b64sig);
 #ifdef XS_IMPLEMENTATION
@@ -157,7 +158,7 @@ int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig)
    rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);
    if (rsa != NULL) {
-        d_char *sig = NULL;
+        xs *sig = NULL;
        int s_size;
        /* de-base64 */
@@ -166,8 +167,6 @@ int xs_rsa_verify(char *pubkey, char *mem, int size, char *b64sig)
        if (sig != NULL)
            r = RSA_verify(NID_sha256, (unsigned char *)mem, size,
                           (unsigned char *)sig, s_size, rsa);
-        free(sig);
    }
    BIO_free(b);
@@ -210,6 +209,7 @@ d_char *xs_evp_sign(char *secret, char *mem, int size)
        signature = xs_base64_enc((char *)sig, sig_len);
    EVP_MD_CTX_free(mdctx);
+    EVP_PKEY_free(pkey);
    BIO_free(b);
    free(sig);
@@ -217,6 +217,45 @@ d_char *xs_evp_sign(char *secret, char *mem, int size)
 }
+int xs_evp_verify(char *pubkey, char *mem, int size, char *b64sig)
+/* verifies a base64 block, returns non-zero on ok */
+{
+    int r = 0;
+    BIO *b;
+    EVP_PKEY *pkey;
+    EVP_MD_CTX *mdctx;
+    const EVP_MD *md;
+    /* un-PEM the key */
+    b = BIO_new_mem_buf(pubkey, strlen(pubkey));
+    pkey = PEM_read_bio_PUBKEY(b, NULL, NULL, NULL);
+    md = EVP_get_digestbyname("sha256");
+    mdctx = EVP_MD_CTX_new();
+    if (pkey != NULL) {
+        xs *sig = NULL;
+        int s_size;
+        /* de-base64 */
+        sig = xs_base64_dec(b64sig,  &s_size);
+        if (sig != NULL) {
+            EVP_VerifyInit(mdctx, md);
+            EVP_VerifyUpdate(mdctx, mem, size);
+            r = EVP_VerifyFinal(mdctx, (unsigned char *)sig, s_size, pkey);
+        }
+    }
+    EVP_MD_CTX_free(mdctx);
+    EVP_PKEY_free(pkey);
+    BIO_free(b);
+    return r;
+}
 #endif /* XS_IMPLEMENTATION */
 #endif /* _XS_OPENSSL_H */

diff --git a/xs_openssl.h b/xs_openssl.h index fd57c86..9dd538d 100644 --- a/xs_openssl.h +++ b/xs_openssl.h
@@ -12,6 +12,7 @@ d_char *xs_rsa_genkey(int bits);
12	d_char xs_rsa_sign(char secret, char *mem, int size);	12	d_char xs_rsa_sign(char secret, char *mem, int size);
13	int xs_rsa_verify(char pubkey, char mem, int size, char *b64sig);	13	int xs_rsa_verify(char pubkey, char mem, int size, char *b64sig);
14	d_char xs_evp_sign(char secret, char *mem, int size);	14	d_char xs_evp_sign(char secret, char *mem, int size);
		15	int xs_evp_verify(char pubkey, char mem, int size, char *b64sig);
15		16
16		17
17	#ifdef XS_IMPLEMENTATION	18	#ifdef XS_IMPLEMENTATION
@@ -157,7 +158,7 @@ int xs_rsa_verify(char pubkey, char mem, int size, char *b64sig)
157	rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);	158	rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);
158		159
159	if (rsa != NULL) {	160	if (rsa != NULL) {
160	d_char *sig = NULL;	161	xs *sig = NULL;
161	int s_size;	162	int s_size;
162		163
163	/* de-base64 */	164	/* de-base64 */
@@ -166,8 +167,6 @@ int xs_rsa_verify(char pubkey, char mem, int size, char *b64sig)
166	if (sig != NULL)	167	if (sig != NULL)
167	r = RSA_verify(NID_sha256, (unsigned char *)mem, size,	168	r = RSA_verify(NID_sha256, (unsigned char *)mem, size,
168	(unsigned char *)sig, s_size, rsa);	169	(unsigned char *)sig, s_size, rsa);
169
170	free(sig);
171	}	170	}
172		171
173	BIO_free(b);	172	BIO_free(b);
@@ -210,6 +209,7 @@ d_char xs_evp_sign(char secret, char *mem, int size)
210	signature = xs_base64_enc((char *)sig, sig_len);	209	signature = xs_base64_enc((char *)sig, sig_len);
211		210
212	EVP_MD_CTX_free(mdctx);	211	EVP_MD_CTX_free(mdctx);
		212	EVP_PKEY_free(pkey);
213	BIO_free(b);	213	BIO_free(b);
214	free(sig);	214	free(sig);
215		215
@@ -217,6 +217,45 @@ d_char xs_evp_sign(char secret, char *mem, int size)
217	}	217	}
218		218
219		219
		220	int xs_evp_verify(char pubkey, char mem, int size, char *b64sig)
		221	/* verifies a base64 block, returns non-zero on ok */
		222	{
		223	int r = 0;
		224	BIO *b;
		225	EVP_PKEY *pkey;
		226	EVP_MD_CTX *mdctx;
		227	const EVP_MD *md;
		228
		229	/* un-PEM the key */
		230	b = BIO_new_mem_buf(pubkey, strlen(pubkey));
		231	pkey = PEM_read_bio_PUBKEY(b, NULL, NULL, NULL);
		232
		233	md = EVP_get_digestbyname("sha256");
		234	mdctx = EVP_MD_CTX_new();
		235
		236	if (pkey != NULL) {
		237	xs *sig = NULL;
		238	int s_size;
		239
		240	/* de-base64 */
		241	sig = xs_base64_dec(b64sig, &s_size);
		242
		243	if (sig != NULL) {
		244	EVP_VerifyInit(mdctx, md);
		245	EVP_VerifyUpdate(mdctx, mem, size);
		246
		247	r = EVP_VerifyFinal(mdctx, (unsigned char *)sig, s_size, pkey);
		248	}
		249	}
		250
		251	EVP_MD_CTX_free(mdctx);
		252	EVP_PKEY_free(pkey);
		253	BIO_free(b);
		254
		255	return r;
		256	}
		257
		258
220	#endif /* XS_IMPLEMENTATION */	259	#endif /* XS_IMPLEMENTATION */
221		260
222	#endif /* _XS_OPENSSL_H */	261	#endif /* _XS_OPENSSL_H */