1 files changed, 171 insertions, 24 deletions
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 02188e68c4..de53b44144 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -55,34 +55,87 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
-int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)
+#ifndef NO_SYS_TYPES_H
-int (*i2d)();
+# include <sys/types.h>
-X509_ALGOR *algor1;
+#endif
-X509_ALGOR *algor2;
-ASN1_BIT_STRING *signature;
+#include <openssl/bn.h>
-char *data;
+#include <openssl/evp.h>
-EVP_PKEY *pkey;
+#include <openssl/x509.h>
-EVP_MD *type;
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#ifndef NO_ASN1_OLD
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+             const EVP_MD *type)
        {
        EVP_MD_CTX ctx;
        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
        int i,inl=0,outl=0,outll=0;
        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
        for (i=0; i<2; i++)
                {
                if (i == 0)
@@ -90,7 +143,14 @@ EVP_MD *type;
                else
                        a=algor2;
                if (a == NULL) continue;
-                if (    (a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
                        (a->parameter->type != V_ASN1_NULL))
                        {
                        ASN1_TYPE_free(a->parameter);
@@ -111,9 +171,9 @@ EVP_MD *type;
                        }
                }
        inl=i2d(data,NULL);
-        buf_in=(unsigned char *)Malloc((unsigned int)inl);
+        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
        outll=outl=EVP_PKEY_size(pkey);
-        buf_out=(unsigned char *)Malloc((unsigned int)outl);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
        if ((buf_in == NULL) || (buf_out == NULL))
                {
                outl=0;
@@ -123,7 +183,7 @@ EVP_MD *type;
        p=buf_in;
        i2d(data,&p);
-        EVP_SignInit(&ctx,type);
+        EVP_SignInit_ex(&ctx,type, NULL);
        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))
@@ -132,16 +192,103 @@ EVP_MD *type;
                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
                goto err;
                }
-        if (signature->data != NULL) Free((char *)signature->data);
+        if (signature->data != NULL) OPENSSL_free(signature->data);
        signature->data=buf_out;
        buf_out=NULL;
        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+#endif
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-        memset(&ctx,0,sizeof(ctx));
+        EVP_MD_CTX_cleanup(&ctx);
        if (buf_in != NULL)
-                { memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); }
+                { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
        if (buf_out != NULL)
-                { memset((char *)buf_out,0,outll); Free((char *)buf_out); }
+                { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
        return(outl);
        }

diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index 02188e68c4..de53b44144 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -55,34 +55,87 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* openssl-core@openssl.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	* ====================================================================
		105	*
		106	* This product includes cryptographic software written by Eric Young
		107	* (eay@cryptsoft.com). This product includes software written by Tim
		108	* Hudson (tjh@cryptsoft.com).
		109	*
		110	*/
58		111
59	#include <stdio.h>	112	#include <stdio.h>
60	#include <time.h>	113	#include <time.h>
61	#include <sys/types.h>
62	#include <sys/stat.h>
63		114
64	#include "cryptlib.h"	115	#include "cryptlib.h"
65	#include "bn.h"
66	#include "evp.h"
67	#include "x509.h"
68	#include "objects.h"
69	#include "buffer.h"
70	#include "pem.h"
71		116
72	int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)	117	#ifndef NO_SYS_TYPES_H
73	int (*i2d)();	118	# include <sys/types.h>
74	X509_ALGOR *algor1;	119	#endif
75	X509_ALGOR *algor2;	120
76	ASN1_BIT_STRING *signature;	121	#include <openssl/bn.h>
77	char *data;	122	#include <openssl/evp.h>
78	EVP_PKEY *pkey;	123	#include <openssl/x509.h>
79	EVP_MD *type;	124	#include <openssl/objects.h>
		125	#include <openssl/buffer.h>
		126
		127	#ifndef NO_ASN1_OLD
		128
		129	int ASN1_sign(int (i2d)(), X509_ALGOR algor1, X509_ALGOR *algor2,
		130	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
		131	const EVP_MD *type)
80	{	132	{
81	EVP_MD_CTX ctx;	133	EVP_MD_CTX ctx;
82	unsigned char p,buf_in=NULL,*buf_out=NULL;	134	unsigned char p,buf_in=NULL,*buf_out=NULL;
83	int i,inl=0,outl=0,outll=0;	135	int i,inl=0,outl=0,outll=0;
84	X509_ALGOR *a;	136	X509_ALGOR *a;
85		137
		138	EVP_MD_CTX_init(&ctx);
86	for (i=0; i<2; i++)	139	for (i=0; i<2; i++)
87	{	140	{
88	if (i == 0)	141	if (i == 0)
@@ -90,7 +143,14 @@ EVP_MD *type;
90	else	143	else
91	a=algor2;	144	a=algor2;
92	if (a == NULL) continue;	145	if (a == NULL) continue;
93	if ( (a->parameter == NULL) \|\|	146	if (type->pkey_type == NID_dsaWithSHA1)
		147	{
		148	/* special case: RFC 2459 tells us to omit 'parameters'
		149	* with id-dsa-with-sha1 */
		150	ASN1_TYPE_free(a->parameter);
		151	a->parameter = NULL;
		152	}
		153	else if ((a->parameter == NULL) \|\|
94	(a->parameter->type != V_ASN1_NULL))	154	(a->parameter->type != V_ASN1_NULL))
95	{	155	{
96	ASN1_TYPE_free(a->parameter);	156	ASN1_TYPE_free(a->parameter);
@@ -111,9 +171,9 @@ EVP_MD *type;
111	}	171	}
112	}	172	}
113	inl=i2d(data,NULL);	173	inl=i2d(data,NULL);
114	buf_in=(unsigned char *)Malloc((unsigned int)inl);	174	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
115	outll=outl=EVP_PKEY_size(pkey);	175	outll=outl=EVP_PKEY_size(pkey);
116	buf_out=(unsigned char *)Malloc((unsigned int)outl);	176	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
117	if ((buf_in == NULL) \|\| (buf_out == NULL))	177	if ((buf_in == NULL) \|\| (buf_out == NULL))
118	{	178	{
119	outl=0;	179	outl=0;
@@ -123,7 +183,7 @@ EVP_MD *type;
123	p=buf_in;	183	p=buf_in;
124		184
125	i2d(data,&p);	185	i2d(data,&p);
126	EVP_SignInit(&ctx,type);	186	EVP_SignInit_ex(&ctx,type, NULL);
127	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);	187	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
128	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,	188	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
129	(unsigned int *)&outl,pkey))	189	(unsigned int *)&outl,pkey))
@@ -132,16 +192,103 @@ EVP_MD *type;
132	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);	192	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
133	goto err;	193	goto err;
134	}	194	}
135	if (signature->data != NULL) Free((char *)signature->data);	195	if (signature->data != NULL) OPENSSL_free(signature->data);
136	signature->data=buf_out;	196	signature->data=buf_out;
137	buf_out=NULL;	197	buf_out=NULL;
138	signature->length=outl;	198	signature->length=outl;
		199	/* In the interests of compatibility, I'll make sure that
		200	* the bit string has a 'not-used bits' value of 0
		201	*/
		202	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
		203	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
		204	err:
		205	EVP_MD_CTX_cleanup(&ctx);
		206	if (buf_in != NULL)
		207	{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
		208	if (buf_out != NULL)
		209	{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
		210	return(outl);
		211	}
		212
		213	#endif
		214
		215	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
		216	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,
		217	const EVP_MD *type)
		218	{
		219	EVP_MD_CTX ctx;
		220	unsigned char buf_in=NULL,buf_out=NULL;
		221	int i,inl=0,outl=0,outll=0;
		222	X509_ALGOR *a;
		223
		224	EVP_MD_CTX_init(&ctx);
		225	for (i=0; i<2; i++)
		226	{
		227	if (i == 0)
		228	a=algor1;
		229	else
		230	a=algor2;
		231	if (a == NULL) continue;
		232	if (type->pkey_type == NID_dsaWithSHA1)
		233	{
		234	/* special case: RFC 2459 tells us to omit 'parameters'
		235	* with id-dsa-with-sha1 */
		236	ASN1_TYPE_free(a->parameter);
		237	a->parameter = NULL;
		238	}
		239	else if ((a->parameter == NULL) \|\|
		240	(a->parameter->type != V_ASN1_NULL))
		241	{
		242	ASN1_TYPE_free(a->parameter);
		243	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
		244	a->parameter->type=V_ASN1_NULL;
		245	}
		246	ASN1_OBJECT_free(a->algorithm);
		247	a->algorithm=OBJ_nid2obj(type->pkey_type);
		248	if (a->algorithm == NULL)
		249	{
		250	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
		251	goto err;
		252	}
		253	if (a->algorithm->length == 0)
		254	{
		255	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
		256	goto err;
		257	}
		258	}
		259	inl=ASN1_item_i2d(asn,&buf_in, it);
		260	outll=outl=EVP_PKEY_size(pkey);
		261	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
		262	if ((buf_in == NULL) \|\| (buf_out == NULL))
		263	{
		264	outl=0;
		265	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
		266	goto err;
		267	}
139		268
		269	EVP_SignInit_ex(&ctx,type, NULL);
		270	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
		271	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
		272	(unsigned int *)&outl,pkey))
		273	{
		274	outl=0;
		275	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
		276	goto err;
		277	}
		278	if (signature->data != NULL) OPENSSL_free(signature->data);
		279	signature->data=buf_out;
		280	buf_out=NULL;
		281	signature->length=outl;
		282	/* In the interests of compatibility, I'll make sure that
		283	* the bit string has a 'not-used bits' value of 0
		284	*/
		285	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
		286	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
140	err:	287	err:
141	memset(&ctx,0,sizeof(ctx));	288	EVP_MD_CTX_cleanup(&ctx);
142	if (buf_in != NULL)	289	if (buf_in != NULL)
143	{ memset((char )buf_in,0,(unsigned int)inl); Free((char )buf_in); }	290	{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
144	if (buf_out != NULL)	291	if (buf_out != NULL)
145	{ memset((char )buf_out,0,outll); Free((char )buf_out); }	292	{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
146	return(outl);	293	return(outl);
147	}	294	}