source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/asn1/a_sign.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 6.8 KB
Line 
1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <time.h>
12
13#include "internal/cryptlib.h"
14
15#ifndef NO_SYS_TYPES_H
16# include <sys/types.h>
17#endif
18
19#include <openssl/bn.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/objects.h>
23#include <openssl/buffer.h>
24#include "internal/asn1_int.h"
25#include "internal/evp_int.h"
26
27#ifndef NO_ASN1_OLD
28
29int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
30 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
31 const EVP_MD *type)
32{
33 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
34 unsigned char *p, *buf_in = NULL, *buf_out = NULL;
35 int i, inl = 0, outl = 0, outll = 0;
36 X509_ALGOR *a;
37
38 if (ctx == NULL) {
39 ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
40 goto err;
41 }
42 for (i = 0; i < 2; i++) {
43 if (i == 0)
44 a = algor1;
45 else
46 a = algor2;
47 if (a == NULL)
48 continue;
49 if (type->pkey_type == NID_dsaWithSHA1) {
50 /*
51 * special case: RFC 2459 tells us to omit 'parameters' with
52 * id-dsa-with-sha1
53 */
54 ASN1_TYPE_free(a->parameter);
55 a->parameter = NULL;
56 } else if ((a->parameter == NULL) ||
57 (a->parameter->type != V_ASN1_NULL)) {
58 ASN1_TYPE_free(a->parameter);
59 if ((a->parameter = ASN1_TYPE_new()) == NULL)
60 goto err;
61 a->parameter->type = V_ASN1_NULL;
62 }
63 ASN1_OBJECT_free(a->algorithm);
64 a->algorithm = OBJ_nid2obj(type->pkey_type);
65 if (a->algorithm == NULL) {
66 ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
67 goto err;
68 }
69 if (a->algorithm->length == 0) {
70 ASN1err(ASN1_F_ASN1_SIGN,
71 ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
72 goto err;
73 }
74 }
75 inl = i2d(data, NULL);
76 buf_in = OPENSSL_malloc((unsigned int)inl);
77 outll = outl = EVP_PKEY_size(pkey);
78 buf_out = OPENSSL_malloc((unsigned int)outl);
79 if ((buf_in == NULL) || (buf_out == NULL)) {
80 outl = 0;
81 ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
82 goto err;
83 }
84 p = buf_in;
85
86 i2d(data, &p);
87 if (!EVP_SignInit_ex(ctx, type, NULL)
88 || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
89 || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
90 (unsigned int *)&outl, pkey)) {
91 outl = 0;
92 ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
93 goto err;
94 }
95 OPENSSL_free(signature->data);
96 signature->data = buf_out;
97 buf_out = NULL;
98 signature->length = outl;
99 /*
100 * In the interests of compatibility, I'll make sure that the bit string
101 * has a 'not-used bits' value of 0
102 */
103 signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
104 signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
105 err:
106 EVP_MD_CTX_free(ctx);
107 OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
108 OPENSSL_clear_free((char *)buf_out, outll);
109 return (outl);
110}
111
112#endif
113
114int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
115 X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
116 EVP_PKEY *pkey, const EVP_MD *type)
117{
118 int rv;
119 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
120
121 if (ctx == NULL) {
122 ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
123 return 0;
124 }
125 if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
126 EVP_MD_CTX_free(ctx);
127 return 0;
128 }
129
130 rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
131
132 EVP_MD_CTX_free(ctx);
133 return rv;
134}
135
136int ASN1_item_sign_ctx(const ASN1_ITEM *it,
137 X509_ALGOR *algor1, X509_ALGOR *algor2,
138 ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
139{
140 const EVP_MD *type;
141 EVP_PKEY *pkey;
142 unsigned char *buf_in = NULL, *buf_out = NULL;
143 size_t inl = 0, outl = 0, outll = 0;
144 int signid, paramtype;
145 int rv;
146
147 type = EVP_MD_CTX_md(ctx);
148 pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
149
150 if (type == NULL || pkey == NULL) {
151 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
152 goto err;
153 }
154
155 if (pkey->ameth == NULL) {
156 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
157 goto err;
158 }
159
160 if (pkey->ameth->item_sign) {
161 rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
162 if (rv == 1)
163 outl = signature->length;
164 /*-
165 * Return value meanings:
166 * <=0: error.
167 * 1: method does everything.
168 * 2: carry on as normal.
169 * 3: ASN1 method sets algorithm identifiers: just sign.
170 */
171 if (rv <= 0)
172 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
173 if (rv <= 1)
174 goto err;
175 } else
176 rv = 2;
177
178 if (rv == 2) {
179 if (!OBJ_find_sigid_by_algs(&signid,
180 EVP_MD_nid(type),
181 pkey->ameth->pkey_id)) {
182 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
183 ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
184 goto err;
185 }
186
187 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
188 paramtype = V_ASN1_NULL;
189 else
190 paramtype = V_ASN1_UNDEF;
191
192 if (algor1)
193 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
194 if (algor2)
195 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
196
197 }
198
199 inl = ASN1_item_i2d(asn, &buf_in, it);
200 outll = outl = EVP_PKEY_size(pkey);
201 buf_out = OPENSSL_malloc((unsigned int)outl);
202 if ((buf_in == NULL) || (buf_out == NULL)) {
203 outl = 0;
204 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
205 goto err;
206 }
207
208 if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
209 || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
210 outl = 0;
211 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
212 goto err;
213 }
214 OPENSSL_free(signature->data);
215 signature->data = buf_out;
216 buf_out = NULL;
217 signature->length = outl;
218 /*
219 * In the interests of compatibility, I'll make sure that the bit string
220 * has a 'not-used bits' value of 0
221 */
222 signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
223 signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
224 err:
225 OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
226 OPENSSL_clear_free((char *)buf_out, outll);
227 return (outl);
228}
Note: See TracBrowser for help on using the repository browser.