1 files changed, 38 insertions, 40 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c
index 4dee45fbb8..ff63bfc7be 100644
--- a/src/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "asn1_locl.h"
 #ifndef NO_ASN1_OLD
@@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        {
        EVP_MD_CTX ctx;
        unsigned char *buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
+        int inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
+        int signid, paramtype;
-        EVP_MD_CTX_init(&ctx);
+        if (type == NULL)
-        for (i=0; i<2; i++)
                {
-                if (i == 0)
+                int def_nid;
-                        a=algor1;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-                else
+                        type = EVP_get_digestbynid(def_nid);
-                        a=algor2;
+                }
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
+        if (type == NULL)
-                        type->pkey_type == NID_ecdsa_with_SHA1)
+                {
-                        {
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
-                        /* special case: RFC 3279 tells us to omit 'parameters'
+                return 0;
-                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                }
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
+        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-                        }
+                {
-                else if ((a->parameter == NULL) || 
+                if (!pkey->ameth ||
-                        (a->parameter->type != V_ASN1_NULL))
+                        !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-                        {
+                                                pkey->ameth->pkey_id))
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,
-                        goto err;
+                                ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                        return 0;
                        }
                }
+        else
+                signid = type->pkey_type;
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                paramtype = V_ASN1_NULL;
+        else
+                paramtype = V_ASN1_UNDEF;
+        if (algor1)
+                X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+                X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+        EVP_MD_CTX_init(&ctx);
        inl=ASN1_item_i2d(asn,&buf_in, it);
        outll=outl=EVP_PKEY_size(pkey);
        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
@@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                goto err;
                }
-        if (!EVP_SignInit_ex(&ctx,type, NULL))
+        EVP_SignInit_ex(&ctx,type, NULL);
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))

diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c index 4dee45fbb8..ff63bfc7be 100644 --- a/src/lib/libssl/src/crypto/asn1/a_sign.c +++ b/src/lib/libssl/src/crypto/asn1/a_sign.c
@@ -123,6 +123,7 @@
123	#include <openssl/x509.h>	123	#include <openssl/x509.h>
124	#include <openssl/objects.h>	124	#include <openssl/objects.h>
125	#include <openssl/buffer.h>	125	#include <openssl/buffer.h>
		126	#include "asn1_locl.h"
126		127
127	#ifndef NO_ASN1_OLD	128	#ifndef NO_ASN1_OLD
128		129
@@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
218	{	219	{
219	EVP_MD_CTX ctx;	220	EVP_MD_CTX ctx;
220	unsigned char buf_in=NULL,buf_out=NULL;	221	unsigned char buf_in=NULL,buf_out=NULL;
221	int i,inl=0,outl=0,outll=0;	222	int inl=0,outl=0,outll=0;
222	X509_ALGOR *a;	223	int signid, paramtype;
223		224
224	EVP_MD_CTX_init(&ctx);	225	if (type == NULL)
225	for (i=0; i<2; i++)
226	{	226	{
227	if (i == 0)	227	int def_nid;
228	a=algor1;	228	if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
229	else	229	type = EVP_get_digestbynid(def_nid);
230	a=algor2;	230	}
231	if (a == NULL) continue;	231
232	if (type->pkey_type == NID_dsaWithSHA1 \|\|	232	if (type == NULL)
233	type->pkey_type == NID_ecdsa_with_SHA1)	233	{
234	{	234	ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
235	/* special case: RFC 3279 tells us to omit 'parameters'	235	return 0;
236	* with id-dsa-with-sha1 and ecdsa-with-SHA1 */	236	}
237	ASN1_TYPE_free(a->parameter);	237
238	a->parameter = NULL;	238	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
239	}	239	{
240	else if ((a->parameter == NULL) \|\|	240	if (!pkey->ameth \|\|
241	(a->parameter->type != V_ASN1_NULL))	241	!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
242	{	242	pkey->ameth->pkey_id))
243	ASN1_TYPE_free(a->parameter);
244	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
245	a->parameter->type=V_ASN1_NULL;
246	}
247	ASN1_OBJECT_free(a->algorithm);
248	a->algorithm=OBJ_nid2obj(type->pkey_type);
249	if (a->algorithm == NULL)
250	{
251	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
252	goto err;
253	}
254	if (a->algorithm->length == 0)
255	{	243	{
256	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);	244	ASN1err(ASN1_F_ASN1_ITEM_SIGN,
257	goto err;	245	ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
		246	return 0;
258	}	247	}
259	}	248	}
		249	else
		250	signid = type->pkey_type;
		251
		252	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
		253	paramtype = V_ASN1_NULL;
		254	else
		255	paramtype = V_ASN1_UNDEF;
		256
		257	if (algor1)
		258	X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
		259	if (algor2)
		260	X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
		261
		262	EVP_MD_CTX_init(&ctx);
260	inl=ASN1_item_i2d(asn,&buf_in, it);	263	inl=ASN1_item_i2d(asn,&buf_in, it);
261	outll=outl=EVP_PKEY_size(pkey);	264	outll=outl=EVP_PKEY_size(pkey);
262	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);	265	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
@@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
267	goto err;	270	goto err;
268	}	271	}
269		272
270	if (!EVP_SignInit_ex(&ctx,type, NULL))	273	EVP_SignInit_ex(&ctx,type, NULL);
271	{
272	outl=0;
273	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
274	goto err;
275	}
276	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);	274	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
277	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,	275	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
278	(unsigned int *)&outl,pkey))	276	(unsigned int *)&outl,pkey))