[thirdparty/openssl.git] / crypto / asn1 / a_sign.c

/* crypto/asn1/a_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <time.h>

#include "cryptlib.h"

#ifndef NO_SYS_TYPES_H
# include <sys/types.h>
#endif

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include "asn1_locl.h"

#ifndef NO_ASN1_OLD

int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
	      ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
	      const EVP_MD *type)
	{
	EVP_MD_CTX ctx;
	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
	int i,inl=0,outl=0,outll=0;
	X509_ALGOR *a;

	EVP_MD_CTX_init(&ctx);
	for (i=0; i<2; i++)
		{
		if (i == 0)
			a=algor1;
		else
			a=algor2;
		if (a == NULL) continue;
                if (type->pkey_type == NID_dsaWithSHA1)
			{
			/* special case: RFC 2459 tells us to omit 'parameters'
			 * with id-dsa-with-sha1 */
			ASN1_TYPE_free(a->parameter);
			a->parameter = NULL;
			}
		else if ((a->parameter == NULL) || 
			(a->parameter->type != V_ASN1_NULL))
			{
			ASN1_TYPE_free(a->parameter);
			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
			a->parameter->type=V_ASN1_NULL;
			}
		ASN1_OBJECT_free(a->algorithm);
		a->algorithm=OBJ_nid2obj(type->pkey_type);
		if (a->algorithm == NULL)
			{
			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
			goto err;
			}
		if (a->algorithm->length == 0)
			{
			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
			goto err;
			}
		}
	inl=i2d(data,NULL);
	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
	outll=outl=EVP_PKEY_size(pkey);
	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
	if ((buf_in == NULL) || (buf_out == NULL))
		{
		outl=0;
		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	p=buf_in;

	i2d(data,&p);
	EVP_SignInit_ex(&ctx,type, NULL);
	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
			(unsigned int *)&outl,pkey))
		{
		outl=0;
		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
		goto err;
		}
	if (signature->data != NULL) OPENSSL_free(signature->data);
	signature->data=buf_out;
	buf_out=NULL;
	signature->length=outl;
	/* In the interests of compatibility, I'll make sure that
	 * the bit string has a 'not-used bits' value of 0
	 */
	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
	EVP_MD_CTX_cleanup(&ctx);
	if (buf_in != NULL)
		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
	if (buf_out != NULL)
		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
	return(outl);
	}

#endif

int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
	     const EVP_MD *type)
	{
	EVP_MD_CTX ctx;
	unsigned char *buf_in=NULL,*buf_out=NULL;
	int inl=0,outl=0,outll=0;
	int signid, paramtype;

	if (type == NULL)
		{
		int def_nid;
		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
			type = EVP_get_digestbynid(def_nid);
		}

	if (type == NULL)
		{
		ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
		return 0;
		}

	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
		{
		if (!pkey->ameth ||
			!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
						pkey->ameth->pkey_id))
			{
			ASN1err(ASN1_F_ASN1_ITEM_SIGN,
				ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
			return 0;
			}
		}
	else
		signid = type->pkey_type;

	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
		paramtype = V_ASN1_NULL;
	else
		paramtype = V_ASN1_UNDEF;

	if (algor1)
		X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
	if (algor2)
		X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);

	EVP_MD_CTX_init(&ctx);
	inl=ASN1_item_i2d(asn,&buf_in, it);
	outll=outl=EVP_PKEY_size(pkey);
	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
	if ((buf_in == NULL) || (buf_out == NULL))
		{
		outl=0;
		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
		goto err;
		}

	EVP_SignInit_ex(&ctx,type, NULL);
	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
			(unsigned int *)&outl,pkey))
		{
		outl=0;
		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
		goto err;
		}
	if (signature->data != NULL) OPENSSL_free(signature->data);
	signature->data=buf_out;
	buf_out=NULL;
	signature->length=outl;
	/* In the interests of compatibility, I'll make sure that
	 * the bit string has a 'not-used bits' value of 0
	 */
	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
	EVP_MD_CTX_cleanup(&ctx);
	if (buf_in != NULL)
		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
	if (buf_out != NULL)
		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
	return(outl);
	}
Commit	Line	Data
d02b48c6	1	/* crypto/asn1/a_sign.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
8df61b50	58	/* ====================================================================
9048c724	59	* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
8df61b50 BM	60	*
	61	* Redistribution and use in source and binary forms, with or without
	62	* modification, are permitted provided that the following conditions
	63	* are met:
	64	*
	65	* 1. Redistributions of source code must retain the above copyright
	66	* notice, this list of conditions and the following disclaimer.
	67	*
	68	* 2. Redistributions in binary form must reproduce the above copyright
	69	* notice, this list of conditions and the following disclaimer in
	70	* the documentation and/or other materials provided with the
	71	* distribution.
	72	*
	73	* 3. All advertising materials mentioning features or use of this
	74	* software must display the following acknowledgment:
	75	* "This product includes software developed by the OpenSSL Project
	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	77	*
	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	79	* endorse or promote products derived from this software without
	80	* prior written permission. For written permission, please contact
	81	* openssl-core@openssl.org.
	82	*
	83	* 5. Products derived from this software may not be called "OpenSSL"
	84	* nor may "OpenSSL" appear in their names without prior written
	85	* permission of the OpenSSL Project.
	86	*
	87	* 6. Redistributions of any form whatsoever must retain the following
	88	* acknowledgment:
	89	* "This product includes software developed by the OpenSSL Project
	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	91	*
	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
	104	* ====================================================================
	105	*
	106	* This product includes cryptographic software written by Eric Young
	107	* (eay@cryptsoft.com). This product includes software written by Tim
	108	* Hudson (tjh@cryptsoft.com).
	109	*
	110	*/
d02b48c6 RE	111
	112	#include <stdio.h>
	113	#include <time.h>
d02b48c6 RE	114
d02b48c6 RE	115	#include "cryptlib.h"
17f389bb AP	116
	117	#ifndef NO_SYS_TYPES_H
	118	# include <sys/types.h>
	119	#endif
	120
ec577822 BM	121	#include <openssl/bn.h>
	122	#include <openssl/evp.h>
	123	#include <openssl/x509.h>
	124	#include <openssl/objects.h>
	125	#include <openssl/buffer.h>
ee1d9ec0	126	#include "asn1_locl.h"
d02b48c6	127
73e92de5 DSH	128	#ifndef NO_ASN1_OLD
73e92de5 DSH	129
8bb826ee BL	130	int ASN1_sign(i2d_of_void i2d, X509_ALGOR algor1, X509_ALGOR *algor2,
	131	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
	132	const EVP_MD *type)
d02b48c6 RE	133	{
	134	EVP_MD_CTX ctx;
	135	unsigned char p,buf_in=NULL,*buf_out=NULL;
	136	int i,inl=0,outl=0,outll=0;
	137	X509_ALGOR *a;
	138
dbad1690	139	EVP_MD_CTX_init(&ctx);
d02b48c6 RE	140	for (i=0; i<2; i++)
	141	{
	142	if (i == 0)
	143	a=algor1;
	144	else
	145	a=algor2;
	146	if (a == NULL) continue;
8df61b50 BM	147	if (type->pkey_type == NID_dsaWithSHA1)
	148	{
	149	/* special case: RFC 2459 tells us to omit 'parameters'
	150	* with id-dsa-with-sha1 */
	151	ASN1_TYPE_free(a->parameter);
	152	a->parameter = NULL;
	153	}
	154	else if ((a->parameter == NULL) \|\|
d02b48c6 RE	155	(a->parameter->type != V_ASN1_NULL))
	156	{
	157	ASN1_TYPE_free(a->parameter);
	158	if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
	159	a->parameter->type=V_ASN1_NULL;
	160	}
	161	ASN1_OBJECT_free(a->algorithm);
	162	a->algorithm=OBJ_nid2obj(type->pkey_type);
	163	if (a->algorithm == NULL)
	164	{
	165	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
	166	goto err;
	167	}
	168	if (a->algorithm->length == 0)
	169	{
	170	ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
	171	goto err;
	172	}
	173	}
	174	inl=i2d(data,NULL);
26a3a48d	175	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
d02b48c6	176	outll=outl=EVP_PKEY_size(pkey);
26a3a48d	177	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
d02b48c6 RE	178	if ((buf_in == NULL) \|\| (buf_out == NULL))
	179	{
	180	outl=0;
	181	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
	182	goto err;
	183	}
	184	p=buf_in;
	185
	186	i2d(data,&p);
20d2186c	187	EVP_SignInit_ex(&ctx,type, NULL);
d02b48c6 RE	188	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	189	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
	190	(unsigned int *)&outl,pkey))
	191	{
	192	outl=0;
	193	ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
	194	goto err;
	195	}
26a3a48d	196	if (signature->data != NULL) OPENSSL_free(signature->data);
d02b48c6 RE	197	signature->data=buf_out;
	198	buf_out=NULL;
	199	signature->length=outl;
657e60fa	200	/* In the interests of compatibility, I'll make sure that
dfeab068 RE	201	* the bit string has a 'not-used bits' value of 0
	202	*/
	203	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
	204	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
d02b48c6	205	err:
dbad1690	206	EVP_MD_CTX_cleanup(&ctx);
d02b48c6	207	if (buf_in != NULL)
4579924b	208	{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
d02b48c6	209	if (buf_out != NULL)
4579924b	210	{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
d02b48c6 RE	211	return(outl);
d02b48c6 RE	212	}
09ab755c	213
73e92de5 DSH	214	#endif
73e92de5 DSH	215
09ab755c DSH	216	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	217	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,
	218	const EVP_MD *type)
	219	{
	220	EVP_MD_CTX ctx;
	221	unsigned char buf_in=NULL,buf_out=NULL;
ee1d9ec0 DSH	222	int inl=0,outl=0,outll=0;
ee1d9ec0 DSH	223	int signid, paramtype;
09ab755c	224
03919683 DSH	225	if (type == NULL)
	226	{
	227	int def_nid;
	228	if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
	229	type = EVP_get_digestbynid(def_nid);
	230	}
	231
	232	if (type == NULL)
	233	{
	234	ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
	235	return 0;
	236	}
	237
ee1d9ec0	238	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
09ab755c	239	{
ee1d9ec0 DSH	240	if (!pkey->ameth \|\|
	241	!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
	242	pkey->ameth->pkey_id))
09ab755c	243	{
ee1d9ec0 DSH	244	ASN1err(ASN1_F_ASN1_ITEM_SIGN,
	245	ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
	246	return 0;
09ab755c DSH	247	}
09ab755c DSH	248	}
ee1d9ec0 DSH	249	else
	250	signid = type->pkey_type;
	251
	252	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
	253	paramtype = V_ASN1_NULL;
	254	else
	255	paramtype = V_ASN1_UNDEF;
	256
	257	if (algor1)
	258	X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
	259	if (algor2)
	260	X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
	261
	262	EVP_MD_CTX_init(&ctx);
09ab755c DSH	263	inl=ASN1_item_i2d(asn,&buf_in, it);
	264	outll=outl=EVP_PKEY_size(pkey);
	265	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
	266	if ((buf_in == NULL) \|\| (buf_out == NULL))
	267	{
	268	outl=0;
fbeaa3c4	269	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
09ab755c DSH	270	goto err;
	271	}
	272
20d2186c	273	EVP_SignInit_ex(&ctx,type, NULL);
09ab755c DSH	274	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
	275	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
	276	(unsigned int *)&outl,pkey))
	277	{
	278	outl=0;
fbeaa3c4	279	ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
09ab755c DSH	280	goto err;
	281	}
	282	if (signature->data != NULL) OPENSSL_free(signature->data);
	283	signature->data=buf_out;
	284	buf_out=NULL;
	285	signature->length=outl;
	286	/* In the interests of compatibility, I'll make sure that
	287	* the bit string has a 'not-used bits' value of 0
	288	*/
	289	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
	290	signature->flags\|=ASN1_STRING_FLAG_BITS_LEFT;
	291	err:
dbad1690	292	EVP_MD_CTX_cleanup(&ctx);
09ab755c	293	if (buf_in != NULL)
4579924b	294	{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
09ab755c	295	if (buf_out != NULL)
4579924b	296	{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
09ab755c DSH	297	return(outl);
09ab755c DSH	298	}