RSA PSS verification support including certificates and certificate

 Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]

 Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]

  *) Add new algorithm specific ASN1 verification initialisation function

     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1

     handling will be the same no matter what EVP_PKEY_METHOD is used.

     Add a PSS handler to support verification of PSS signatures: checked

     against a number of sample certificates.

     [Steve Henson]

  *) Add signature printing for PSS. Add PSS OIDs.

  *) Add signature printing for PSS. Add PSS OIDs.

     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]

     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]

#endif

#endif

int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,

int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,

	     void *asn, EVP_PKEY *pkey)

		ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)

	{

	{

	EVP_MD_CTX ctx;

	EVP_MD_CTX ctx;

	const EVP_MD *type = NULL;

	unsigned char *buf_in=NULL;

	unsigned char *buf_in=NULL;

	int ret= -1,inl;

	int ret= -1,inl;

		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);

		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);

		goto err;

		goto err;

		}

		}

	if (mdnid == NID_undef)

		{

		if (!pkey->ameth || !pkey->ameth->item_verify)

			{

			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);

			goto err;

			}

		ret = pkey->ameth->item_verify(&ctx, it, asn, a,

							signature, pkey);

		/* Return value of 2 means carry on, anything else means we

		 * exit straight away: either a fatal error of the underlying

		 * verification routine handles all verification.

		 */

		if (ret != 2)

			goto err;

		ret = -1;

		}

	else

		{

		const EVP_MD *type;

		type=EVP_get_digestbynid(mdnid);

		type=EVP_get_digestbynid(mdnid);

		if (type == NULL)

		if (type == NULL)

			{

			{

			goto err;

			goto err;

			}

			}

		}

	inl = ASN1_item_i2d(asn, &buf_in, it);

	inl = ASN1_item_i2d(asn, &buf_in, it);

	if (buf_in == NULL)

	if (buf_in == NULL)

 * see asn1t.h

 * see asn1t.h

 */

 */

typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;

typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;

typedef struct ASN1_ITEM_st ASN1_ITEM;

typedef struct ASN1_TLC_st ASN1_TLC;

typedef struct ASN1_TLC_st ASN1_TLC;

/* This is just an opaque pointer */

/* This is just an opaque pointer */

typedef struct ASN1_VALUE_st ASN1_VALUE;

typedef struct ASN1_VALUE_st ASN1_VALUE;

			 const X509_ALGOR *sigalg, const ASN1_STRING *sig,

			 const X509_ALGOR *sigalg, const ASN1_STRING *sig,

					 int indent, ASN1_PCTX *pctx);

					 int indent, ASN1_PCTX *pctx);

	void (*pkey_free)(EVP_PKEY *pkey);

	void (*pkey_free)(EVP_PKEY *pkey);

	int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);

	int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);

	int (*old_priv_decode)(EVP_PKEY *pkey,

	int (*old_priv_decode)(EVP_PKEY *pkey,

				const unsigned char **pder, int derlen);

				const unsigned char **pder, int derlen);

	int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);

	int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);

	/* Custom ASN1 signature verification */

	int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,

				X509_ALGOR *a, ASN1_BIT_STRING *sig,

				EVP_PKEY *pkey);

	} /* EVP_PKEY_ASN1_METHOD */;

	} /* EVP_PKEY_ASN1_METHOD */;

typedef int ASN1_NULL;

typedef int ASN1_NULL;

#endif

#endif

typedef struct ASN1_ITEM_st ASN1_ITEM;

typedef struct asn1_pctx_st ASN1_PCTX;

typedef struct asn1_pctx_st ASN1_PCTX;

#ifdef OPENSSL_SYS_WIN32

#ifdef OPENSSL_SYS_WIN32