1 files changed, 295 insertions, 0 deletions
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
new file mode 100644
index 0000000000..1081950518
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -0,0 +1,295 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#ifndef NO_ASN1_OLD
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=i2d(data,NULL);
+        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+        i2d(data,&p);
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+#endif
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1 ||
+                        type->pkey_type == NID_ecdsa_with_SHA1)
+                        {
+                        /* special case: RFC 3279 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }

diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c new file mode 100644 index 0000000000..1081950518 --- /dev/null +++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -0,0 +1,295 @@
	1	/* crypto/asn1/a_sign.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58	/* ====================================================================
	59	* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
	60	*
	61	* Redistribution and use in source and binary forms, with or without
	62	* modification, are permitted provided that the following conditions
	63	* are met:
	64	*
	65	* 1. Redistributions of source code must retain the above copyright
	66	* notice, this list of conditions and the following disclaimer.
	67	*
	68	* 2. Redistributions in binary form must reproduce the above copyright
	69	* notice, this list of conditions and the following disclaimer in
	70	* the documentation and/or other materials provided with the
	71	* distribution.
	72	*
	73	* 3. All advertising materials mentioning features or use of this
	74	* software must display the following acknowledgment:
	75	* "This product includes software developed by the OpenSSL Project
	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	77	*
	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	79	* endorse or promote products derived from this software without
	80	* prior written permission. For written permission, please contact
	81	* openssl-core@openssl.org.
	82	*
	83	* 5. Products derived from this software may not be called "OpenSSL"
	84	* nor may "OpenSSL" appear in their names without prior written
	85	* permission of the OpenSSL Project.
	86	*
	87	* 6. Redistributions of any form whatsoever must retain the following
	88	* acknowledgment:
	89	* "This product includes software developed by the OpenSSL Project
	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	91	*
	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
	104	* ====================================================================
	105	*
	106	* This product includes cryptographic software written by Eric Young
	107	* (eay@cryptsoft.com). This product includes software written by Tim
	108	* Hudson (tjh@cryptsoft.com).
	109	*
	110	*/
	111
	112	#include <stdio.h>
	113	#include <time.h>
	114
	115	#include "cryptlib.h"
	116
	117	#ifndef NO_SYS_TYPES_H
	118	# include <sys/types.h>
	119	#endif
	120
	121	#include <openssl/bn.h>
	122	#include <openssl/evp.h>
	123	#include <openssl/x509.h>
	124	#include <openssl/objects.h>
	125	#include <openssl/buffer.h>
	126
	127	#ifndef NO_ASN1_OLD
	128
	129	int ASN1_sign(i2d_of_void i2d, X509_ALGOR algor1, X509_ALGOR *algor2,
	130	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
	131	const EVP_MD *type)
	132	{
	133	EVP_MD_CTX ctx;
	134	unsigned char p,buf_in=NULL,*buf_out=NULL;
	135	int i,inl=0,outl=0,outll=0;
	136	X509_ALGOR *a;
	137
	138	EVP_MD_CTX_init(&ctx);
	139	for (i=0; i<2; i++)
	140	{
	141	if (i == 0)
	142	a=algor1;
	143	else
	144	a=algor2;
	145	if (a == NULL) continue;
	146	if (type->pkey_type == NID_dsaWithSHA1)
	147	{
	148	/* special case: RFC 2459 tells us to omit 'parameters'
	149	* with id-dsa-with-sha1 */
	150	ASN1_TYPE_free(a->parameter);
	151	a->parameter = NULL;
	152	}
	153	else if ((a->parameter == NULL) \|\|
	154	(a->parameter->type != V_ASN1_NULL))
	155	{
	156	ASN1_TYPE_free(a->parameter);
	157	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
	158	a->parameter->type=V_ASN1_NULL;
	159	}
	160	ASN1_OBJECT_free(a->algorithm);
	161	a->algorithm=OBJ_nid2obj(type->pkey_type);
	162	if (a->algorithm == NULL)
	163	{
	164	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
	165	goto err;
	166	}
	167	if (a->algorithm->length == 0)
	168	{
	169	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
	170	goto err;
	171	}
	172	}
	173	inl=i2d(data,NULL);
	174	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
	175	outll=outl=EVP_PKEY_size(pkey);
	176	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
	177	if ((buf_in == NULL) \|\| (buf_out == NULL))
	178	{
	179	outl=0;
	180	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
	181	goto err;
	182	}
	183	p=buf_in;
	184
	185	i2d(data,&p);
	186	EVP_SignInit_ex(&ctx,type, NULL);
	187	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	188	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
	189	(unsigned int *)&outl,pkey))
	190	{
	191	outl=0;
	192	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
	193	goto err;
	194	}
	195	if (signature->data != NULL) OPENSSL_free(signature->data);
	196	signature->data=buf_out;
	197	buf_out=NULL;
	198	signature->length=outl;
	199	/* In the interests of compatibility, I'll make sure that
	200	* the bit string has a 'not-used bits' value of 0
	201	*/
	202	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
	203	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
	204	err:
	205	EVP_MD_CTX_cleanup(&ctx);
	206	if (buf_in != NULL)
	207	{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
	208	if (buf_out != NULL)
	209	{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
	210	return(outl);
	211	}
	212
	213	#endif
	214
	215	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	216	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,
	217	const EVP_MD *type)
	218	{
	219	EVP_MD_CTX ctx;
	220	unsigned char buf_in=NULL,buf_out=NULL;
	221	int i,inl=0,outl=0,outll=0;
	222	X509_ALGOR *a;
	223
	224	EVP_MD_CTX_init(&ctx);
	225	for (i=0; i<2; i++)
	226	{
	227	if (i == 0)
	228	a=algor1;
	229	else
	230	a=algor2;
	231	if (a == NULL) continue;
	232	if (type->pkey_type == NID_dsaWithSHA1 \|\|
	233	type->pkey_type == NID_ecdsa_with_SHA1)
	234	{
	235	/* special case: RFC 3279 tells us to omit 'parameters'
	236	* with id-dsa-with-sha1 and ecdsa-with-SHA1 */
	237	ASN1_TYPE_free(a->parameter);
	238	a->parameter = NULL;
	239	}
	240	else if ((a->parameter == NULL) \|\|
	241	(a->parameter->type != V_ASN1_NULL))
	242	{
	243	ASN1_TYPE_free(a->parameter);
	244	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
	245	a->parameter->type=V_ASN1_NULL;
	246	}
	247	ASN1_OBJECT_free(a->algorithm);
	248	a->algorithm=OBJ_nid2obj(type->pkey_type);
	249	if (a->algorithm == NULL)
	250	{
	251	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
	252	goto err;
	253	}
	254	if (a->algorithm->length == 0)
	255	{
	256	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
	257	goto err;
	258	}
	259	}
	260	inl=ASN1_item_i2d(asn,&buf_in, it);
	261	outll=outl=EVP_PKEY_size(pkey);
	262	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
	263	if ((buf_in == NULL) \|\| (buf_out == NULL))
	264	{
	265	outl=0;
	266	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
	267	goto err;
	268	}
	269
	270	EVP_SignInit_ex(&ctx,type, NULL);
	271	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	272	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
	273	(unsigned int *)&outl,pkey))
	274	{
	275	outl=0;
	276	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
	277	goto err;
	278	}
	279	if (signature->data != NULL) OPENSSL_free(signature->data);
	280	signature->data=buf_out;
	281	buf_out=NULL;
	282	signature->length=outl;
	283	/* In the interests of compatibility, I'll make sure that
	284	* the bit string has a 'not-used bits' value of 0
	285	*/
	286	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
	287	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
	288	err:
	289	EVP_MD_CTX_cleanup(&ctx);
	290	if (buf_in != NULL)
	291	{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
	292	if (buf_out != NULL)
	293	{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
	294	return(outl);
	295	}