155714Skris/* crypto/asn1/a_sign.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8296465Sdelphij * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15296465Sdelphij * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22296465Sdelphij * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37296465Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40296465Sdelphij * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52296465Sdelphij * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 58100928Snectar/* ==================================================================== 59160814Ssimon * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 60100928Snectar * 61100928Snectar * Redistribution and use in source and binary forms, with or without 62100928Snectar * modification, are permitted provided that the following conditions 63100928Snectar * are met: 64100928Snectar * 65100928Snectar * 1. Redistributions of source code must retain the above copyright 66296465Sdelphij * notice, this list of conditions and the following disclaimer. 67100928Snectar * 68100928Snectar * 2. Redistributions in binary form must reproduce the above copyright 69100928Snectar * notice, this list of conditions and the following disclaimer in 70100928Snectar * the documentation and/or other materials provided with the 71100928Snectar * distribution. 72100928Snectar * 73100928Snectar * 3. All advertising materials mentioning features or use of this 74100928Snectar * software must display the following acknowledgment: 75100928Snectar * "This product includes software developed by the OpenSSL Project 76100928Snectar * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77100928Snectar * 78100928Snectar * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79100928Snectar * endorse or promote products derived from this software without 80100928Snectar * prior written permission. For written permission, please contact 81100928Snectar * openssl-core@openssl.org. 82100928Snectar * 83100928Snectar * 5. Products derived from this software may not be called "OpenSSL" 84100928Snectar * nor may "OpenSSL" appear in their names without prior written 85100928Snectar * permission of the OpenSSL Project. 86100928Snectar * 87100928Snectar * 6. Redistributions of any form whatsoever must retain the following 88100928Snectar * acknowledgment: 89100928Snectar * "This product includes software developed by the OpenSSL Project 90100928Snectar * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91100928Snectar * 92100928Snectar * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93100928Snectar * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94100928Snectar * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95100928Snectar * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96100928Snectar * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97100928Snectar * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98100928Snectar * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99100928Snectar * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100100928Snectar * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101100928Snectar * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102100928Snectar * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103100928Snectar * OF THE POSSIBILITY OF SUCH DAMAGE. 104100928Snectar * ==================================================================== 105100928Snectar * 106100928Snectar * This product includes cryptographic software written by Eric Young 107100928Snectar * (eay@cryptsoft.com). This product includes software written by Tim 108100928Snectar * Hudson (tjh@cryptsoft.com). 109100928Snectar * 110100928Snectar */ 11155714Skris 11255714Skris#include <stdio.h> 11355714Skris#include <time.h> 11455714Skris 11555714Skris#include "cryptlib.h" 11659191Skris 11759191Skris#ifndef NO_SYS_TYPES_H 11859191Skris# include <sys/types.h> 11959191Skris#endif 12059191Skris 12155714Skris#include <openssl/bn.h> 12255714Skris#include <openssl/evp.h> 12355714Skris#include <openssl/x509.h> 12455714Skris#include <openssl/objects.h> 12555714Skris#include <openssl/buffer.h> 12655714Skris 127109998Smarkm#ifndef NO_ASN1_OLD 128109998Smarkm 129160814Ssimonint ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, 130296465Sdelphij ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, 131296465Sdelphij const EVP_MD *type) 132296465Sdelphij{ 133296465Sdelphij EVP_MD_CTX ctx; 134296465Sdelphij unsigned char *p, *buf_in = NULL, *buf_out = NULL; 135296465Sdelphij int i, inl = 0, outl = 0, outll = 0; 136296465Sdelphij X509_ALGOR *a; 13755714Skris 138296465Sdelphij EVP_MD_CTX_init(&ctx); 139296465Sdelphij for (i = 0; i < 2; i++) { 140296465Sdelphij if (i == 0) 141296465Sdelphij a = algor1; 142296465Sdelphij else 143296465Sdelphij a = algor2; 144296465Sdelphij if (a == NULL) 145296465Sdelphij continue; 146296465Sdelphij if (type->pkey_type == NID_dsaWithSHA1) { 147296465Sdelphij /* 148296465Sdelphij * special case: RFC 2459 tells us to omit 'parameters' with 149296465Sdelphij * id-dsa-with-sha1 150296465Sdelphij */ 151296465Sdelphij ASN1_TYPE_free(a->parameter); 152296465Sdelphij a->parameter = NULL; 153296465Sdelphij } else if ((a->parameter == NULL) || 154296465Sdelphij (a->parameter->type != V_ASN1_NULL)) { 155296465Sdelphij ASN1_TYPE_free(a->parameter); 156296465Sdelphij if ((a->parameter = ASN1_TYPE_new()) == NULL) 157296465Sdelphij goto err; 158296465Sdelphij a->parameter->type = V_ASN1_NULL; 159296465Sdelphij } 160296465Sdelphij ASN1_OBJECT_free(a->algorithm); 161296465Sdelphij a->algorithm = OBJ_nid2obj(type->pkey_type); 162296465Sdelphij if (a->algorithm == NULL) { 163296465Sdelphij ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); 164296465Sdelphij goto err; 165296465Sdelphij } 166296465Sdelphij if (a->algorithm->length == 0) { 167296465Sdelphij ASN1err(ASN1_F_ASN1_SIGN, 168296465Sdelphij ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); 169296465Sdelphij goto err; 170296465Sdelphij } 171296465Sdelphij } 172296465Sdelphij inl = i2d(data, NULL); 173296465Sdelphij buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); 174296465Sdelphij outll = outl = EVP_PKEY_size(pkey); 175296465Sdelphij buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); 176296465Sdelphij if ((buf_in == NULL) || (buf_out == NULL)) { 177296465Sdelphij outl = 0; 178296465Sdelphij ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); 179296465Sdelphij goto err; 180296465Sdelphij } 181296465Sdelphij p = buf_in; 18255714Skris 183296465Sdelphij i2d(data, &p); 184296465Sdelphij EVP_SignInit_ex(&ctx, type, NULL); 185296465Sdelphij EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); 186296465Sdelphij if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, 187296465Sdelphij (unsigned int *)&outl, pkey)) { 188296465Sdelphij outl = 0; 189296465Sdelphij ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); 190296465Sdelphij goto err; 191296465Sdelphij } 192296465Sdelphij if (signature->data != NULL) 193296465Sdelphij OPENSSL_free(signature->data); 194296465Sdelphij signature->data = buf_out; 195296465Sdelphij buf_out = NULL; 196296465Sdelphij signature->length = outl; 197296465Sdelphij /* 198296465Sdelphij * In the interests of compatibility, I'll make sure that the bit string 199296465Sdelphij * has a 'not-used bits' value of 0 200296465Sdelphij */ 201296465Sdelphij signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 202296465Sdelphij signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; 203296465Sdelphij err: 204296465Sdelphij EVP_MD_CTX_cleanup(&ctx); 205296465Sdelphij if (buf_in != NULL) { 206296465Sdelphij OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); 207296465Sdelphij OPENSSL_free(buf_in); 208296465Sdelphij } 209296465Sdelphij if (buf_out != NULL) { 210296465Sdelphij OPENSSL_cleanse((char *)buf_out, outll); 211296465Sdelphij OPENSSL_free(buf_out); 212296465Sdelphij } 213296465Sdelphij return (outl); 214296465Sdelphij} 215109998Smarkm 216109998Smarkm#endif 217109998Smarkm 218296465Sdelphijint ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, 219296465Sdelphij X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, 220296465Sdelphij EVP_PKEY *pkey, const EVP_MD *type) 221296465Sdelphij{ 222296465Sdelphij EVP_MD_CTX ctx; 223296465Sdelphij unsigned char *buf_in = NULL, *buf_out = NULL; 224296465Sdelphij int i, inl = 0, outl = 0, outll = 0; 225296465Sdelphij X509_ALGOR *a; 226109998Smarkm 227296465Sdelphij EVP_MD_CTX_init(&ctx); 228296465Sdelphij for (i = 0; i < 2; i++) { 229296465Sdelphij if (i == 0) 230296465Sdelphij a = algor1; 231296465Sdelphij else 232296465Sdelphij a = algor2; 233296465Sdelphij if (a == NULL) 234296465Sdelphij continue; 235296465Sdelphij if (type->pkey_type == NID_dsaWithSHA1 || 236296465Sdelphij type->pkey_type == NID_ecdsa_with_SHA1) { 237296465Sdelphij /* 238296465Sdelphij * special case: RFC 3279 tells us to omit 'parameters' with 239296465Sdelphij * id-dsa-with-sha1 and ecdsa-with-SHA1 240296465Sdelphij */ 241296465Sdelphij ASN1_TYPE_free(a->parameter); 242296465Sdelphij a->parameter = NULL; 243296465Sdelphij } else if ((a->parameter == NULL) || 244296465Sdelphij (a->parameter->type != V_ASN1_NULL)) { 245296465Sdelphij ASN1_TYPE_free(a->parameter); 246296465Sdelphij if ((a->parameter = ASN1_TYPE_new()) == NULL) 247296465Sdelphij goto err; 248296465Sdelphij a->parameter->type = V_ASN1_NULL; 249296465Sdelphij } 250296465Sdelphij ASN1_OBJECT_free(a->algorithm); 251296465Sdelphij a->algorithm = OBJ_nid2obj(type->pkey_type); 252296465Sdelphij if (a->algorithm == NULL) { 253296465Sdelphij ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); 254296465Sdelphij goto err; 255296465Sdelphij } 256296465Sdelphij if (a->algorithm->length == 0) { 257296465Sdelphij ASN1err(ASN1_F_ASN1_ITEM_SIGN, 258296465Sdelphij ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); 259296465Sdelphij goto err; 260296465Sdelphij } 261296465Sdelphij } 262296465Sdelphij inl = ASN1_item_i2d(asn, &buf_in, it); 263296465Sdelphij outll = outl = EVP_PKEY_size(pkey); 264296465Sdelphij buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); 265296465Sdelphij if ((buf_in == NULL) || (buf_out == NULL)) { 266296465Sdelphij outl = 0; 267296465Sdelphij ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); 268296465Sdelphij goto err; 269296465Sdelphij } 270109998Smarkm 271296465Sdelphij if (!EVP_SignInit_ex(&ctx, type, NULL)) { 272296465Sdelphij outl = 0; 273296465Sdelphij ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); 274296465Sdelphij goto err; 275296465Sdelphij } 276296465Sdelphij EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); 277296465Sdelphij if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, 278296465Sdelphij (unsigned int *)&outl, pkey)) { 279296465Sdelphij outl = 0; 280296465Sdelphij ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); 281296465Sdelphij goto err; 282296465Sdelphij } 283296465Sdelphij if (signature->data != NULL) 284296465Sdelphij OPENSSL_free(signature->data); 285296465Sdelphij signature->data = buf_out; 286296465Sdelphij buf_out = NULL; 287296465Sdelphij signature->length = outl; 288296465Sdelphij /* 289296465Sdelphij * In the interests of compatibility, I'll make sure that the bit string 290296465Sdelphij * has a 'not-used bits' value of 0 291296465Sdelphij */ 292296465Sdelphij signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 293296465Sdelphij signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; 294296465Sdelphij err: 295296465Sdelphij EVP_MD_CTX_cleanup(&ctx); 296296465Sdelphij if (buf_in != NULL) { 297296465Sdelphij OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); 298296465Sdelphij OPENSSL_free(buf_in); 299296465Sdelphij } 300296465Sdelphij if (buf_out != NULL) { 301296465Sdelphij OPENSSL_cleanse((char *)buf_out, outll); 302296465Sdelphij OPENSSL_free(buf_out); 303296465Sdelphij } 304296465Sdelphij return (outl); 305296465Sdelphij} 306