OpenSSL 0.9.7 stable 2002 05 08 merge

author: beck <> 2002-05-15 02:29:21 +0000
committer: beck <> 2002-05-15 02:29:21 +0000
commit: b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree: fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libcrypto/asn1/a_sign.c
parent: e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download: openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip
1 files changed, 149 insertions, 3 deletions
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 4c651706d2..de53b44144 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include <time.h>
@@ -71,6 +124,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#ifndef NO_ASN1_OLD
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
             ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
             const EVP_MD *type)
@@ -80,6 +135,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
        int i,inl=0,outl=0,outll=0;
        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
        for (i=0; i<2; i++)
                {
                if (i == 0)
@@ -87,7 +143,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
                else
                        a=algor2;
                if (a == NULL) continue;
-                if (    (a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
                        (a->parameter->type != V_ASN1_NULL))
                        {
                        ASN1_TYPE_free(a->parameter);
@@ -120,7 +183,90 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
        p=buf_in;
        i2d(data,&p);
-        EVP_SignInit(&ctx,type);
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+#endif
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_SignInit_ex(&ctx,type, NULL);
        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))
@@ -139,7 +285,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-        memset(&ctx,0,sizeof(ctx));
+        EVP_MD_CTX_cleanup(&ctx);
        if (buf_in != NULL)
                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
        if (buf_out != NULL)
author	beck <>	2002-05-15 02:29:21 +0000
committer	beck <>	2002-05-15 02:29:21 +0000
commit	b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree	fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libcrypto/asn1/a_sign.c
parent	e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download	openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2 openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip

diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index 4c651706d2..de53b44144 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* openssl-core@openssl.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	* ====================================================================
		105	*
		106	* This product includes cryptographic software written by Eric Young
		107	* (eay@cryptsoft.com). This product includes software written by Tim
		108	* Hudson (tjh@cryptsoft.com).
		109	*
		110	*/
58		111
59	#include <stdio.h>	112	#include <stdio.h>
60	#include <time.h>	113	#include <time.h>
@@ -71,6 +124,8 @@
71	#include <openssl/objects.h>	124	#include <openssl/objects.h>
72	#include <openssl/buffer.h>	125	#include <openssl/buffer.h>
73		126
		127	#ifndef NO_ASN1_OLD
		128
74	int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,	129	int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
75	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,	130	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
76	const EVP_MD *type)	131	const EVP_MD *type)
@@ -80,6 +135,7 @@ int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
80	int i,inl=0,outl=0,outll=0;	135	int i,inl=0,outl=0,outll=0;
81	X509_ALGOR *a;	136	X509_ALGOR *a;
82		137
		138	EVP_MD_CTX_init(&ctx);
83	for (i=0; i<2; i++)	139	for (i=0; i<2; i++)
84	{	140	{
85	if (i == 0)	141	if (i == 0)
@@ -87,7 +143,14 @@ int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
87	else	143	else
88	a=algor2;	144	a=algor2;
89	if (a == NULL) continue;	145	if (a == NULL) continue;
90	if ( (a->parameter == NULL) \|\|	146	if (type->pkey_type == NID_dsaWithSHA1)
		147	{
		148	/* special case: RFC 2459 tells us to omit 'parameters'
		149	* with id-dsa-with-sha1 */
		150	ASN1_TYPE_free(a->parameter);
		151	a->parameter = NULL;
		152	}
		153	else if ((a->parameter == NULL) \|\|
91	(a->parameter->type != V_ASN1_NULL))	154	(a->parameter->type != V_ASN1_NULL))
92	{	155	{
93	ASN1_TYPE_free(a->parameter);	156	ASN1_TYPE_free(a->parameter);
@@ -120,7 +183,90 @@ int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
120	p=buf_in;	183	p=buf_in;
121		184
122	i2d(data,&p);	185	i2d(data,&p);
123	EVP_SignInit(&ctx,type);	186	EVP_SignInit_ex(&ctx,type, NULL);
		187	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
		188	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
		189	(unsigned int *)&outl,pkey))
		190	{
		191	outl=0;
		192	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
		193	goto err;
		194	}
		195	if (signature->data != NULL) OPENSSL_free(signature->data);
		196	signature->data=buf_out;
		197	buf_out=NULL;
		198	signature->length=outl;
		199	/* In the interests of compatibility, I'll make sure that
		200	* the bit string has a 'not-used bits' value of 0
		201	*/
		202	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
		203	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
		204	err:
		205	EVP_MD_CTX_cleanup(&ctx);
		206	if (buf_in != NULL)
		207	{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
		208	if (buf_out != NULL)
		209	{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
		210	return(outl);
		211	}
		212
		213	#endif
		214
		215	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
		216	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,
		217	const EVP_MD *type)
		218	{
		219	EVP_MD_CTX ctx;
		220	unsigned char buf_in=NULL,buf_out=NULL;
		221	int i,inl=0,outl=0,outll=0;
		222	X509_ALGOR *a;
		223
		224	EVP_MD_CTX_init(&ctx);
		225	for (i=0; i<2; i++)
		226	{
		227	if (i == 0)
		228	a=algor1;
		229	else
		230	a=algor2;
		231	if (a == NULL) continue;
		232	if (type->pkey_type == NID_dsaWithSHA1)
		233	{
		234	/* special case: RFC 2459 tells us to omit 'parameters'
		235	* with id-dsa-with-sha1 */
		236	ASN1_TYPE_free(a->parameter);
		237	a->parameter = NULL;
		238	}
		239	else if ((a->parameter == NULL) \|\|
		240	(a->parameter->type != V_ASN1_NULL))
		241	{
		242	ASN1_TYPE_free(a->parameter);
		243	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
		244	a->parameter->type=V_ASN1_NULL;
		245	}
		246	ASN1_OBJECT_free(a->algorithm);
		247	a->algorithm=OBJ_nid2obj(type->pkey_type);
		248	if (a->algorithm == NULL)
		249	{
		250	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
		251	goto err;
		252	}
		253	if (a->algorithm->length == 0)
		254	{
		255	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
		256	goto err;
		257	}
		258	}
		259	inl=ASN1_item_i2d(asn,&buf_in, it);
		260	outll=outl=EVP_PKEY_size(pkey);
		261	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
		262	if ((buf_in == NULL) \|\| (buf_out == NULL))
		263	{
		264	outl=0;
		265	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
		266	goto err;
		267	}
		268
		269	EVP_SignInit_ex(&ctx,type, NULL);
124	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);	270	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
125	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,	271	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
126	(unsigned int *)&outl,pkey))	272	(unsigned int *)&outl,pkey))
@@ -139,7 +285,7 @@ int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
139	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);	285	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
140	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;	286	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
141	err:	287	err:
142	memset(&ctx,0,sizeof(ctx));	288	EVP_MD_CTX_cleanup(&ctx);
143	if (buf_in != NULL)	289	if (buf_in != NULL)
144	{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }	290	{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
145	if (buf_out != NULL)	291	if (buf_out != NULL)