kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5667 Commits
12 Branches
38 MiB
Tree: 9978f0a865
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9978f0a865'
${ noResults }
boringssl/crypto/x509/a_verify.c

a_verify.c 4.4 KiB
Raw Normal View History

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Move all signature algorithm code to crypto/x509. All the signature algorithm logic depends on X509_ALGOR. This also removes the X509_ALGOR-based EVP functions which are no longer used externally. I think those APIs were a mistake on my part. The use in Chromium was unnecessary (and has since been removed anyway). The new X.509 stack will want to process the signatureAlgorithm itself to be able to enforce policies on it. This also moves the RSA_PSS_PARAMS bits to crypto/x509 from crypto/rsa. That struct is also tied to crypto/x509. Any new RSA-PSS code would have to use something else anyway. BUG=499653 Change-Id: I6c4b4573b2800a2e0f863d35df94d048864b7c41 Reviewed-on: https://boringssl-review.googlesource.com/7025 Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Align EVP_PKEY Ed25519 API with upstream. Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie single-shot signing to EVP_MD_CTX, adding functions which combine EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly complicating things. But it means APIs like X509_sign_ctx can work without modification. Align with upstream's APIs. This required a bit of fiddling around evp_test.cc. For consistency and to avoid baking details of parameter input order, I made it eagerly read all inputs before calling SetupContext. Otherwise which attributes are present depend a lot on the shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA switch to failing before consuming an input, which is odd. (This only matters because we have some tests which expect the operation to abort the operation early with parameter errors and match against Error. Those probably should not use FileTest to begin with, but I'll tease that apart a later time.) Upstream also named NID_Ed25519 as NID_ED25519, even though the algorithm is normally stylized as "Ed25519". Switch it to match. Change-Id: Id6c8f5715930038e754de50338924d044e908045 Reviewed-on: https://boringssl-review.googlesource.com/17044 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Teach crypto/x509 how to verify an Ed25519 signature. BUG=187 Change-Id: I5775ce0886041b0c12174a7d665f3af1e8bce511 Reviewed-on: https://boringssl-review.googlesource.com/14505 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. (Imported from upstream's e9b4b8afbd129adc18d3fe71ca2ab34fe61d8640)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 (Imported from upstream's 85cfc188c06bd046420ae70dd6e302f9efe022a9 and 4c52816d35681c0533c25fdd3abb4b7c6962302d) Change-Id: Ic901aea8ea6457df27dc542a11c30464561e322b Reviewed-on: https://boringssl-review.googlesource.com/2783 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Align EVP_PKEY Ed25519 API with upstream. Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie single-shot signing to EVP_MD_CTX, adding functions which combine EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly complicating things. But it means APIs like X509_sign_ctx can work without modification. Align with upstream's APIs. This required a bit of fiddling around evp_test.cc. For consistency and to avoid baking details of parameter input order, I made it eagerly read all inputs before calling SetupContext. Otherwise which attributes are present depend a lot on the shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA switch to failing before consuming an input, which is odd. (This only matters because we have some tests which expect the operation to abort the operation early with parameter errors and match against Error. Those probably should not use FileTest to begin with, but I'll tease that apart a later time.) Upstream also named NID_Ed25519 as NID_ED25519, even though the algorithm is normally stylized as "Ed25519". Switch it to match. Change-Id: Id6c8f5715930038e754de50338924d044e908045 Reviewed-on: https://boringssl-review.googlesource.com/17044 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Align EVP_PKEY Ed25519 API with upstream. Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie single-shot signing to EVP_MD_CTX, adding functions which combine EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly complicating things. But it means APIs like X509_sign_ctx can work without modification. Align with upstream's APIs. This required a bit of fiddling around evp_test.cc. For consistency and to avoid baking details of parameter input order, I made it eagerly read all inputs before calling SetupContext. Otherwise which attributes are present depend a lot on the shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA switch to failing before consuming an input, which is odd. (This only matters because we have some tests which expect the operation to abort the operation early with parameter errors and match against Error. Those probably should not use FileTest to begin with, but I'll tease that apart a later time.) Upstream also named NID_Ed25519 as NID_ED25519, even though the algorithm is normally stylized as "Ed25519". Switch it to match. Change-Id: Id6c8f5715930038e754de50338924d044e908045 Reviewed-on: https://boringssl-review.googlesource.com/17044 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Teach crypto/x509 how to verify an Ed25519 signature. BUG=187 Change-Id: I5775ce0886041b0c12174a7d665f3af1e8bce511 Reviewed-on: https://boringssl-review.googlesource.com/14505 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 years ago
Align EVP_PKEY Ed25519 API with upstream. Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie single-shot signing to EVP_MD_CTX, adding functions which combine EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly complicating things. But it means APIs like X509_sign_ctx can work without modification. Align with upstream's APIs. This required a bit of fiddling around evp_test.cc. For consistency and to avoid baking details of parameter input order, I made it eagerly read all inputs before calling SetupContext. Otherwise which attributes are present depend a lot on the shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA switch to failing before consuming an input, which is odd. (This only matters because we have some tests which expect the operation to abort the operation early with parameter errors and match against Error. Those probably should not use FileTest to begin with, but I'll tease that apart a later time.) Upstream also named NID_Ed25519 as NID_ED25519, even though the algorithm is normally stylized as "Ed25519". Switch it to match. Change-Id: Id6c8f5715930038e754de50338924d044e908045 Reviewed-on: https://boringssl-review.googlesource.com/17044 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. Change-Id: I5c85c4d072ec157b37ed95b284a26ab32c0c42d9 Reviewed-on: https://boringssl-review.googlesource.com/19824 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Align EVP_PKEY Ed25519 API with upstream. Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie single-shot signing to EVP_MD_CTX, adding functions which combine EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly complicating things. But it means APIs like X509_sign_ctx can work without modification. Align with upstream's APIs. This required a bit of fiddling around evp_test.cc. For consistency and to avoid baking details of parameter input order, I made it eagerly read all inputs before calling SetupContext. Otherwise which attributes are present depend a lot on the shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA switch to failing before consuming an input, which is odd. (This only matters because we have some tests which expect the operation to abort the operation early with parameter errors and match against Error. Those probably should not use FileTest to begin with, but I'll tease that apart a later time.) Upstream also named NID_Ed25519 as NID_ED25519, even though the algorithm is normally stylized as "Ed25519". Switch it to match. Change-Id: Id6c8f5715930038e754de50338924d044e908045 Reviewed-on: https://boringssl-review.googlesource.com/17044 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <stdio.h>

  60. #include <time.h>

  61. #include <sys/types.h>

  62. 

  63. #include <openssl/bn.h>

  64. #include <openssl/buf.h>

  65. #include <openssl/digest.h>

  66. #include <openssl/err.h>

  67. #include <openssl/evp.h>

  68. #include <openssl/mem.h>

  69. #include <openssl/obj.h>

  70. 

  71. #include "internal.h"

  72. 

  73. int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,

  74.                      ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)

  75. {

  76.     EVP_MD_CTX ctx;

  77.     uint8_t *buf_in = NULL;

  78.     int ret = 0, inl = 0;

  79. 

  80.     if (!pkey) {

  81.         OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);

  82.         return 0;

  83.     }

  84. 

  85.     if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {

  86.         OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT);

  87.         return 0;

  88.     }

  89. 

  90.     EVP_MD_CTX_init(&ctx);

  91. 

  92.     if (!x509_digest_verify_init(&ctx, a, pkey)) {

  93.         goto err;

  94.     }

  95. 

  96.     inl = ASN1_item_i2d(asn, &buf_in, it);

  97. 

  98.     if (buf_in == NULL) {

  99.         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);

  100.         goto err;

  101.     }

  102. 

  103.     if (!EVP_DigestVerify(&ctx, signature->data, (size_t)signature->length,

  104.                           buf_in, inl)) {

  105.         OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);

  106.         goto err;

  107.     }

  108. 

  109.     ret = 1;

  110. 

  111. err:

  112.     OPENSSL_free(buf_in);

  113.     EVP_MD_CTX_cleanup(&ctx);

  114.     return ret;

  115. }