OLD | NEW |
1 /* crypto/asn1/a_sign.c */ | 1 /* crypto/asn1/a_sign.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 | 116 |
117 #ifndef NO_SYS_TYPES_H | 117 #ifndef NO_SYS_TYPES_H |
118 # include <sys/types.h> | 118 # include <sys/types.h> |
119 #endif | 119 #endif |
120 | 120 |
121 #include <openssl/bn.h> | 121 #include <openssl/bn.h> |
122 #include <openssl/evp.h> | 122 #include <openssl/evp.h> |
123 #include <openssl/x509.h> | 123 #include <openssl/x509.h> |
124 #include <openssl/objects.h> | 124 #include <openssl/objects.h> |
125 #include <openssl/buffer.h> | 125 #include <openssl/buffer.h> |
| 126 #include "asn1_locl.h" |
126 | 127 |
127 #ifndef NO_ASN1_OLD | 128 #ifndef NO_ASN1_OLD |
128 | 129 |
129 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, | 130 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, |
130 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, | 131 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, |
131 const EVP_MD *type) | 132 const EVP_MD *type) |
132 { | 133 { |
133 EVP_MD_CTX ctx; | 134 EVP_MD_CTX ctx; |
134 unsigned char *p,*buf_in=NULL,*buf_out=NULL; | 135 unsigned char *p,*buf_in=NULL,*buf_out=NULL; |
135 int i,inl=0,outl=0,outll=0; | 136 int i,inl=0,outl=0,outll=0; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 } | 212 } |
212 | 213 |
213 #endif | 214 #endif |
214 | 215 |
215 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | 216 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, |
216 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, | 217 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, |
217 const EVP_MD *type) | 218 const EVP_MD *type) |
218 { | 219 { |
219 EVP_MD_CTX ctx; | 220 EVP_MD_CTX ctx; |
220 unsigned char *buf_in=NULL,*buf_out=NULL; | 221 unsigned char *buf_in=NULL,*buf_out=NULL; |
221 » int i,inl=0,outl=0,outll=0; | 222 » int inl=0,outl=0,outll=0; |
222 » X509_ALGOR *a; | 223 » int signid, paramtype; |
| 224 |
| 225 » if (type == NULL) |
| 226 » » { |
| 227 » » int def_nid; |
| 228 » » if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) |
| 229 » » » type = EVP_get_digestbynid(def_nid); |
| 230 » » } |
| 231 |
| 232 » if (type == NULL) |
| 233 » » { |
| 234 » » ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST); |
| 235 » » return 0; |
| 236 » » } |
| 237 |
| 238 » if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) |
| 239 » » { |
| 240 » » if (!pkey->ameth || |
| 241 » » » !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), |
| 242 » » » » » » pkey->ameth->pkey_id)) |
| 243 » » » { |
| 244 » » » ASN1err(ASN1_F_ASN1_ITEM_SIGN, |
| 245 » » » » ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); |
| 246 » » » return 0; |
| 247 » » » } |
| 248 » » } |
| 249 » else |
| 250 » » signid = type->pkey_type; |
| 251 |
| 252 » if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) |
| 253 » » paramtype = V_ASN1_NULL; |
| 254 » else |
| 255 » » paramtype = V_ASN1_UNDEF; |
| 256 |
| 257 » if (algor1) |
| 258 » » X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); |
| 259 » if (algor2) |
| 260 » » X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); |
223 | 261 |
224 EVP_MD_CTX_init(&ctx); | 262 EVP_MD_CTX_init(&ctx); |
225 for (i=0; i<2; i++) | |
226 { | |
227 if (i == 0) | |
228 a=algor1; | |
229 else | |
230 a=algor2; | |
231 if (a == NULL) continue; | |
232 if (type->pkey_type == NID_dsaWithSHA1 || | |
233 type->pkey_type == NID_ecdsa_with_SHA1) | |
234 { | |
235 /* special case: RFC 3279 tells us to omit 'parameters' | |
236 * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ | |
237 ASN1_TYPE_free(a->parameter); | |
238 a->parameter = NULL; | |
239 } | |
240 else if ((a->parameter == NULL) || | |
241 (a->parameter->type != V_ASN1_NULL)) | |
242 { | |
243 ASN1_TYPE_free(a->parameter); | |
244 if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; | |
245 a->parameter->type=V_ASN1_NULL; | |
246 } | |
247 ASN1_OBJECT_free(a->algorithm); | |
248 a->algorithm=OBJ_nid2obj(type->pkey_type); | |
249 if (a->algorithm == NULL) | |
250 { | |
251 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE
); | |
252 goto err; | |
253 } | |
254 if (a->algorithm->length == 0) | |
255 { | |
256 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDE
NTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); | |
257 goto err; | |
258 } | |
259 } | |
260 inl=ASN1_item_i2d(asn,&buf_in, it); | 263 inl=ASN1_item_i2d(asn,&buf_in, it); |
261 outll=outl=EVP_PKEY_size(pkey); | 264 outll=outl=EVP_PKEY_size(pkey); |
262 buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); | 265 buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); |
263 if ((buf_in == NULL) || (buf_out == NULL)) | 266 if ((buf_in == NULL) || (buf_out == NULL)) |
264 { | 267 { |
265 outl=0; | 268 outl=0; |
266 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); | 269 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); |
267 goto err; | 270 goto err; |
268 } | 271 } |
269 | 272 |
270 » if (!EVP_SignInit_ex(&ctx,type, NULL)) | 273 » EVP_SignInit_ex(&ctx,type, NULL); |
271 » » { | |
272 » » outl=0; | |
273 » » ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); | |
274 » » goto err; | |
275 » » } | |
276 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); | 274 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); |
277 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, | 275 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, |
278 (unsigned int *)&outl,pkey)) | 276 (unsigned int *)&outl,pkey)) |
279 { | 277 { |
280 outl=0; | 278 outl=0; |
281 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); | 279 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); |
282 goto err; | 280 goto err; |
283 } | 281 } |
284 if (signature->data != NULL) OPENSSL_free(signature->data); | 282 if (signature->data != NULL) OPENSSL_free(signature->data); |
285 signature->data=buf_out; | 283 signature->data=buf_out; |
286 buf_out=NULL; | 284 buf_out=NULL; |
287 signature->length=outl; | 285 signature->length=outl; |
288 /* In the interests of compatibility, I'll make sure that | 286 /* In the interests of compatibility, I'll make sure that |
289 * the bit string has a 'not-used bits' value of 0 | 287 * the bit string has a 'not-used bits' value of 0 |
290 */ | 288 */ |
291 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | 289 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); |
292 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; | 290 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; |
293 err: | 291 err: |
294 EVP_MD_CTX_cleanup(&ctx); | 292 EVP_MD_CTX_cleanup(&ctx); |
295 if (buf_in != NULL) | 293 if (buf_in != NULL) |
296 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_fre
e(buf_in); } | 294 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_fre
e(buf_in); } |
297 if (buf_out != NULL) | 295 if (buf_out != NULL) |
298 { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out);
} | 296 { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out);
} |
299 return(outl); | 297 return(outl); |
300 } | 298 } |
OLD | NEW |