summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/crypto/asn1/a_sign.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/crypto/asn1/a_sign.c')
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_sign.c111
1 files changed, 38 insertions, 73 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c
index 7b4a193d6b..ff63bfc7be 100644
--- a/src/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -184,9 +184,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
184 p=buf_in; 184 p=buf_in;
185 185
186 i2d(data,&p); 186 i2d(data,&p);
187 if (!EVP_SignInit_ex(&ctx,type, NULL) 187 EVP_SignInit_ex(&ctx,type, NULL);
188 || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl) 188 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
189 || !EVP_SignFinal(&ctx,(unsigned char *)buf_out, 189 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
190 (unsigned int *)&outl,pkey)) 190 (unsigned int *)&outl,pkey))
191 { 191 {
192 outl=0; 192 outl=0;
@@ -218,100 +218,65 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
218 const EVP_MD *type) 218 const EVP_MD *type)
219 { 219 {
220 EVP_MD_CTX ctx; 220 EVP_MD_CTX ctx;
221 EVP_MD_CTX_init(&ctx);
222 if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey))
223 {
224 EVP_MD_CTX_cleanup(&ctx);
225 return 0;
226 }
227 return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
228 }
229
230
231int ASN1_item_sign_ctx(const ASN1_ITEM *it,
232 X509_ALGOR *algor1, X509_ALGOR *algor2,
233 ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
234 {
235 const EVP_MD *type;
236 EVP_PKEY *pkey;
237 unsigned char *buf_in=NULL,*buf_out=NULL; 221 unsigned char *buf_in=NULL,*buf_out=NULL;
238 size_t inl=0,outl=0,outll=0; 222 int inl=0,outl=0,outll=0;
239 int signid, paramtype; 223 int signid, paramtype;
240 int rv;
241
242 type = EVP_MD_CTX_md(ctx);
243 pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
244 224
245 if (!type || !pkey) 225 if (type == NULL)
246 { 226 {
247 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); 227 int def_nid;
248 return 0; 228 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
229 type = EVP_get_digestbynid(def_nid);
249 } 230 }
250 231
251 if (pkey->ameth->item_sign) 232 if (type == NULL)
252 { 233 {
253 rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, 234 ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
254 signature); 235 return 0;
255 if (rv == 1)
256 outl = signature->length;
257 /* Return value meanings:
258 * <=0: error.
259 * 1: method does everything.
260 * 2: carry on as normal.
261 * 3: ASN1 method sets algorithm identifiers: just sign.
262 */
263 if (rv <= 0)
264 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
265 if (rv <= 1)
266 goto err;
267 } 236 }
268 else
269 rv = 2;
270 237
271 if (rv == 2) 238 if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
272 { 239 {
273 if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) 240 if (!pkey->ameth ||
241 !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
242 pkey->ameth->pkey_id))
274 { 243 {
275 if (!pkey->ameth || 244 ASN1err(ASN1_F_ASN1_ITEM_SIGN,
276 !OBJ_find_sigid_by_algs(&signid, 245 ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
277 EVP_MD_nid(type), 246 return 0;
278 pkey->ameth->pkey_id))
279 {
280 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
281 ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
282 return 0;
283 }
284 } 247 }
285 else 248 }
286 signid = type->pkey_type; 249 else
250 signid = type->pkey_type;
287 251
288 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) 252 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
289 paramtype = V_ASN1_NULL; 253 paramtype = V_ASN1_NULL;
290 else 254 else
291 paramtype = V_ASN1_UNDEF; 255 paramtype = V_ASN1_UNDEF;
292 256
293 if (algor1) 257 if (algor1)
294 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); 258 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
295 if (algor2) 259 if (algor2)
296 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); 260 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
297
298 }
299 261
262 EVP_MD_CTX_init(&ctx);
300 inl=ASN1_item_i2d(asn,&buf_in, it); 263 inl=ASN1_item_i2d(asn,&buf_in, it);
301 outll=outl=EVP_PKEY_size(pkey); 264 outll=outl=EVP_PKEY_size(pkey);
302 buf_out=OPENSSL_malloc((unsigned int)outl); 265 buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
303 if ((buf_in == NULL) || (buf_out == NULL)) 266 if ((buf_in == NULL) || (buf_out == NULL))
304 { 267 {
305 outl=0; 268 outl=0;
306 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE); 269 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
307 goto err; 270 goto err;
308 } 271 }
309 272
310 if (!EVP_DigestSignUpdate(ctx, buf_in, inl) 273 EVP_SignInit_ex(&ctx,type, NULL);
311 || !EVP_DigestSignFinal(ctx, buf_out, &outl)) 274 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
275 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
276 (unsigned int *)&outl,pkey))
312 { 277 {
313 outl=0; 278 outl=0;
314 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB); 279 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
315 goto err; 280 goto err;
316 } 281 }
317 if (signature->data != NULL) OPENSSL_free(signature->data); 282 if (signature->data != NULL) OPENSSL_free(signature->data);
@@ -324,7 +289,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
324 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 289 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
325 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; 290 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
326err: 291err:
327 EVP_MD_CTX_cleanup(ctx); 292 EVP_MD_CTX_cleanup(&ctx);
328 if (buf_in != NULL) 293 if (buf_in != NULL)
329 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } 294 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
330 if (buf_out != NULL) 295 if (buf_out != NULL)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 06:57:31 +0000