1 files changed, 50 insertions, 46 deletions
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 046f3b4a99..40c6809669 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -125,9 +125,9 @@
 #include <openssl/buffer.h>
 #include "asn1_locl.h"
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+int
-             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-             const EVP_MD *type)
+    ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type)
 {
        EVP_MD_CTX ctx;
        EVP_MD_CTX_init(&ctx);
@@ -137,16 +137,16 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        }
        return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
 }
-                
-int ASN1_item_sign_ctx(const ASN1_ITEM *it,
-                X509_ALGOR *algor1, X509_ALGOR *algor2,
+int
-                ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+    ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
 {
        const EVP_MD *type;
        EVP_PKEY *pkey;
-        unsigned char *buf_in=NULL,*buf_out=NULL;
+        unsigned char *buf_in = NULL, *buf_out = NULL;
-        size_t inl=0,outl=0,outll=0;
+        size_t inl = 0, outl = 0, outll = 0;
        int signid, paramtype;
        int rv;
@@ -154,13 +154,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
        pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
        if (!type || !pkey) {
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                    ASN1_R_CONTEXT_NOT_INITIALISED);
                return 0;
        }
        if (pkey->ameth->item_sign) {
                rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
-                                                signature);
+                    signature);
                if (rv == 1)
                        outl = signature->length;
                /* Return value meanings:
@@ -173,22 +174,19 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
                        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
                if (rv <= 1)
                        goto err;
-        }
+        } else
-        else
                rv = 2;
        if (rv == 2) {
                if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
                        if (!pkey->ameth ||
-                                !OBJ_find_sigid_by_algs(&signid,
+                            !OBJ_find_sigid_by_algs(&signid,
-                                                        EVP_MD_nid(type),
+                                EVP_MD_nid(type), pkey->ameth->pkey_id)) {
-                                                        pkey->ameth->pkey_id)) {
                                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
-                                        ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
                                return 0;
                        }
-                }
+                } else
-                else
                        signid = type->pkey_type;
                if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
@@ -197,43 +195,49 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
                        paramtype = V_ASN1_UNDEF;
                if (algor1)
-                        X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+                        X509_ALGOR_set0(algor1,
+                            OBJ_nid2obj(signid), paramtype, NULL);
                if (algor2)
-                        X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+                        X509_ALGOR_set0(algor2,
+                            OBJ_nid2obj(signid), paramtype, NULL);
        }
-        inl=ASN1_item_i2d(asn,&buf_in, it);
+        inl = ASN1_item_i2d(asn, &buf_in, it);
-        outll=outl=EVP_PKEY_size(pkey);
+        outll = outl = EVP_PKEY_size(pkey);
-        buf_out=malloc((unsigned int)outl);
+        buf_out = malloc((unsigned int)outl);
        if ((buf_in == NULL) || (buf_out == NULL)) {
-                outl=0;
+                outl = 0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
+        if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
-                || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+            !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
-                outl=0;
+                outl = 0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB);
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
                goto err;
        }
-        if (signature->data != NULL) free(signature->data);
+        if (signature->data != NULL)
-        signature->data=buf_out;
+                free(signature->data);
-        buf_out=NULL;
+        signature->data = buf_out;
-        signature->length=outl;
+        buf_out = NULL;
+        signature->length = outl;
        /* In the interests of compatibility, I'll make sure that
         * the bit string has a 'not-used bits' value of 0
         */
-        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+        signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
        EVP_MD_CTX_cleanup(ctx);
        if (buf_in != NULL) {
-                OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); free(buf_in);
+                OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
+                free(buf_in);
        }
        if (buf_out != NULL) {
-                OPENSSL_cleanse((char *)buf_out,outll); free(buf_out);
+                OPENSSL_cleanse((char *)buf_out, outll);
+                free(buf_out);
        }
-        return(outl);
+        return (outl);
 }

diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index 046f3b4a99..40c6809669 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -5,21 +5,21 @@
5	* This package is an SSL implementation written	5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).	6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.	7	* The implementation was written so as to conform with Netscapes SSL.
8	*	8	*
9	* This library is free for commercial and non-commercial use as long as	9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions	10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,	11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms	13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*	15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in	16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.	17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution	18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.	19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or	20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.	21	* in documentation (online or textual) provided with the package.
22	*	22	*
23	* Redistribution and use in source and binary forms, with or without	23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions	24	* modification, are permitted provided that the following conditions
25	* are met:	25	* are met:
@@ -34,10 +34,10 @@
34	* Eric Young (eay@cryptsoft.com)"	34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library	35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).	36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from	37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:	38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*	40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.	51	* SUCH DAMAGE.
52	*	52	*
53	* The licence and distribution terms for any publically available version or	53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
@@ -63,7 +63,7 @@
63	* are met:	63	* are met:
64	*	64	*
65	* 1. Redistributions of source code must retain the above copyright	65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.	66	* notice, this list of conditions and the following disclaimer.
67	*	67	*
68	* 2. Redistributions in binary form must reproduce the above copyright	68	* 2. Redistributions in binary form must reproduce the above copyright
69	* notice, this list of conditions and the following disclaimer in	69	* notice, this list of conditions and the following disclaimer in
@@ -125,9 +125,9 @@
125	#include <openssl/buffer.h>	125	#include <openssl/buffer.h>
126	#include "asn1_locl.h"	126	#include "asn1_locl.h"
127		127
128	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,	128	int
129	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,	129	ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
130	const EVP_MD *type)	130	ASN1_BIT_STRING signature, void asn, EVP_PKEY pkey, const EVP_MD type)
131	{	131	{
132	EVP_MD_CTX ctx;	132	EVP_MD_CTX ctx;
133	EVP_MD_CTX_init(&ctx);	133	EVP_MD_CTX_init(&ctx);
@@ -137,16 +137,16 @@ int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
137	}	137	}
138	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);	138	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
139	}	139	}
140
141		140
142	int ASN1_item_sign_ctx(const ASN1_ITEM *it,	141
143	X509_ALGOR algor1, X509_ALGOR algor2,	142	int
144	ASN1_BIT_STRING signature, void asn, EVP_MD_CTX *ctx)	143	ASN1_item_sign_ctx(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
		144	ASN1_BIT_STRING signature, void asn, EVP_MD_CTX *ctx)
145	{	145	{
146	const EVP_MD *type;	146	const EVP_MD *type;
147	EVP_PKEY *pkey;	147	EVP_PKEY *pkey;
148	unsigned char buf_in=NULL,buf_out=NULL;	148	unsigned char buf_in = NULL, buf_out = NULL;
149	size_t inl=0,outl=0,outll=0;	149	size_t inl = 0, outl = 0, outll = 0;
150	int signid, paramtype;	150	int signid, paramtype;
151	int rv;	151	int rv;
152		152
@@ -154,13 +154,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
154	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);	154	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
155		155
156	if (!type \|\| !pkey) {	156	if (!type \|\| !pkey) {
157	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);	157	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
		158	ASN1_R_CONTEXT_NOT_INITIALISED);
158	return 0;	159	return 0;
159	}	160	}
160		161
161	if (pkey->ameth->item_sign) {	162	if (pkey->ameth->item_sign) {
162	rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,	163	rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
163	signature);	164	signature);
164	if (rv == 1)	165	if (rv == 1)
165	outl = signature->length;	166	outl = signature->length;
166	/* Return value meanings:	167	/* Return value meanings:
@@ -173,22 +174,19 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
173	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);	174	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
174	if (rv <= 1)	175	if (rv <= 1)
175	goto err;	176	goto err;
176	}	177	} else
177	else
178	rv = 2;	178	rv = 2;
179		179
180	if (rv == 2) {	180	if (rv == 2) {
181	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {	181	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
182	if (!pkey->ameth \|\|	182	if (!pkey->ameth \|\|
183	!OBJ_find_sigid_by_algs(&signid,	183	!OBJ_find_sigid_by_algs(&signid,
184	EVP_MD_nid(type),	184	EVP_MD_nid(type), pkey->ameth->pkey_id)) {
185	pkey->ameth->pkey_id)) {
186	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,	185	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
187	ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);	186	ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
188	return 0;	187	return 0;
189	}	188	}
190	}	189	} else
191	else
192	signid = type->pkey_type;	190	signid = type->pkey_type;
193		191
194	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)	192	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
@@ -197,43 +195,49 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
197	paramtype = V_ASN1_UNDEF;	195	paramtype = V_ASN1_UNDEF;
198		196
199	if (algor1)	197	if (algor1)
200	X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);	198	X509_ALGOR_set0(algor1,
		199	OBJ_nid2obj(signid), paramtype, NULL);
201	if (algor2)	200	if (algor2)
202	X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);	201	X509_ALGOR_set0(algor2,
		202	OBJ_nid2obj(signid), paramtype, NULL);
203		203
204	}	204	}
205		205
206	inl=ASN1_item_i2d(asn,&buf_in, it);	206	inl = ASN1_item_i2d(asn, &buf_in, it);
207	outll=outl=EVP_PKEY_size(pkey);	207	outll = outl = EVP_PKEY_size(pkey);
208	buf_out=malloc((unsigned int)outl);	208	buf_out = malloc((unsigned int)outl);
209	if ((buf_in == NULL) \|\| (buf_out == NULL)) {	209	if ((buf_in == NULL) \|\| (buf_out == NULL)) {
210	outl=0;	210	outl = 0;
211	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE);	211	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
212	goto err;	212	goto err;
213	}	213	}
214		214
215	if (!EVP_DigestSignUpdate(ctx, buf_in, inl)	215	if (!EVP_DigestSignUpdate(ctx, buf_in, inl) \|\|
216	\|\| !EVP_DigestSignFinal(ctx, buf_out, &outl)) {	216	!EVP_DigestSignFinal(ctx, buf_out, &outl)) {
217	outl=0;	217	outl = 0;
218	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB);	218	ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
219	goto err;	219	goto err;
220	}	220	}
221	if (signature->data != NULL) free(signature->data);	221	if (signature->data != NULL)
222	signature->data=buf_out;	222	free(signature->data);
223	buf_out=NULL;	223	signature->data = buf_out;
224	signature->length=outl;	224	buf_out = NULL;
		225	signature->length = outl;
225	/* In the interests of compatibility, I'll make sure that	226	/* In the interests of compatibility, I'll make sure that
226	* the bit string has a 'not-used bits' value of 0	227	* the bit string has a 'not-used bits' value of 0
227	*/	228	*/
228	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);	229	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
229	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;	230	signature->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
		231
230	err:	232	err:
231	EVP_MD_CTX_cleanup(ctx);	233	EVP_MD_CTX_cleanup(ctx);
232	if (buf_in != NULL) {	234	if (buf_in != NULL) {
233	OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); free(buf_in);	235	OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
		236	free(buf_in);
234	}	237	}
235	if (buf_out != NULL) {	238	if (buf_out != NULL) {
236	OPENSSL_cleanse((char *)buf_out,outll); free(buf_out);	239	OPENSSL_cleanse((char *)buf_out, outll);
		240	free(buf_out);
237	}	241	}
238	return(outl);	242	return (outl);
239	}	243	}