[thirdparty/openssl.git] / crypto / asn1 / a_sign.c

/*
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <time.h>
#include <sys/types.h>

#include "internal/cryptlib.h"

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/core_names.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"

#ifndef OPENSSL_NO_DEPRECATED_3_0

int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
              const EVP_MD *type)
{
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
    int i, inl = 0, outl = 0;
    size_t inll = 0, outll = 0;
    X509_ALGOR *a;

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    for (i = 0; i < 2; i++) {
        if (i == 0)
            a = algor1;
        else
            a = algor2;
        if (a == NULL)
            continue;
        if (type->pkey_type == NID_dsaWithSHA1) {
            /*
             * special case: RFC 2459 tells us to omit 'parameters' with
             * id-dsa-with-sha1
             */
            ASN1_TYPE_free(a->parameter);
            a->parameter = NULL;
        } else if ((a->parameter == NULL) ||
                   (a->parameter->type != V_ASN1_NULL)) {
            ASN1_TYPE_free(a->parameter);
            if ((a->parameter = ASN1_TYPE_new()) == NULL)
                goto err;
            a->parameter->type = V_ASN1_NULL;
        }
        ASN1_OBJECT_free(a->algorithm);
        a->algorithm = OBJ_nid2obj(type->pkey_type);
        if (a->algorithm == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE);
            goto err;
        }
        if (a->algorithm->length == 0) {
            ERR_raise(ERR_LIB_ASN1,
                      ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
            goto err;
        }
    }
    inl = i2d(data, NULL);
    if (inl <= 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inll = (size_t)inl;
    buf_in = OPENSSL_malloc(inll);
    outll = outl = EVP_PKEY_get_size(pkey);
    buf_out = OPENSSL_malloc(outll);
    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    p = buf_in;

    i2d(data, &p);
    if (!EVP_SignInit_ex(ctx, type, NULL)
        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
                          (unsigned int *)&outl, pkey)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    ASN1_STRING_set0(signature, buf_out, outl);
    buf_out = NULL;
    /*
     * In the interests of compatibility, I'll make sure that the bit string
     * has a 'not-used bits' value of 0
     */
    ossl_asn1_string_set_bits_left(signature, 0);
 err:
    EVP_MD_CTX_free(ctx);
    OPENSSL_clear_free((char *)buf_in, inll);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
}

#endif

int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                   ASN1_BIT_STRING *signature, const void *data,
                   EVP_PKEY *pkey, const EVP_MD *md)
{
    return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey,
                             md, NULL, NULL);
}

int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
                      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                      const void *data, const ASN1_OCTET_STRING *id,
                      EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx,
                      const char *propq)
{
    int rv = 0;
    EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq);

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    /* We can use the non _ex variant here since the pkey is already setup */
    if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
        goto err;

    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);

 err:
    EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx));
    EVP_MD_CTX_free(ctx);
    return rv;
}

int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                       const void *data, EVP_MD_CTX *ctx)
{
    const EVP_MD *md;
    EVP_PKEY *pkey;
    unsigned char *buf_in = NULL, *buf_out = NULL;
    size_t inl = 0, outl = 0, outll = 0;
    int signid, paramtype, buf_len = 0;
    int rv, pkey_id;

    md = EVP_MD_CTX_get0_md(ctx);
    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
        goto err;
    }

    if (pkey->ameth == NULL) {
        EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx);
        OSSL_PARAM params[2];
        unsigned char aid[128];
        size_t aid_len = 0;

        if (pctx == NULL
            || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
            goto err;
        }

        params[0] =
            OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID,
                                              aid, sizeof(aid));
        params[1] = OSSL_PARAM_construct_end();

        if (EVP_PKEY_CTX_get_params(pctx, params) <= 0)
            goto err;

        if ((aid_len = params[0].return_size) == 0) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
            goto err;
        }

        if (algor1 != NULL) {
            const unsigned char *pp = aid;

            if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                goto err;
            }
        }

        if (algor2 != NULL) {
            const unsigned char *pp = aid;

            if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                goto err;
            }
        }

        rv = 3;
    } else if (pkey->ameth->item_sign) {
        rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature);
        if (rv == 1)
            outl = signature->length;
        /*-
         * Return value meanings:
         * <=0: error.
         *   1: method does everything.
         *   2: carry on as normal.
         *   3: ASN1 method sets algorithm identifiers: just sign.
         */
        if (rv <= 0)
            ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        if (rv <= 1)
            goto err;
    } else {
        rv = 2;
    }

    if (rv == 2) {
        if (md == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
            goto err;
        }

        pkey_id =
#ifndef OPENSSL_NO_SM2
            EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 :
#endif
            pkey->ameth->pkey_id;

        if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
            goto err;
        }

        paramtype = pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL ?
            V_ASN1_NULL : V_ASN1_UNDEF;
        if (algor1 != NULL
            && !X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL))
            goto err;
        if (algor2 != NULL
            && !X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL))
            goto err;
    }

    buf_len = ASN1_item_i2d(data, &buf_in, it);
    if (buf_len <= 0) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inl = buf_len;
    if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    outl = outll;
    buf_out = OPENSSL_malloc(outll);
    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    ASN1_STRING_set0(signature, buf_out, outl);
    buf_out = NULL;
    /*
     * In the interests of compatibility, I'll make sure that the bit string
     * has a 'not-used bits' value of 0
     */
    ossl_asn1_string_set_bits_left(signature, 0);
 err:
    OPENSSL_clear_free((char *)buf_in, inl);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
}
Commit	Line	Data
2039c421	1	/*
fecb3aae	2	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
8df61b50	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
8df61b50	8	*/
d02b48c6 RE	9
	10	#include <stdio.h>
	11	#include <time.h>
b379fe6c	12	#include <sys/types.h>
d02b48c6	13
b39fc560	14	#include "internal/cryptlib.h"
17f389bb	15
ec577822 BM	16	#include <openssl/bn.h>
	17	#include <openssl/evp.h>
	18	#include <openssl/x509.h>
	19	#include <openssl/objects.h>
	20	#include <openssl/buffer.h>
d5aef594	21	#include <openssl/core_names.h>
25f2138b DMSP	22	#include "crypto/asn1.h"
25f2138b DMSP	23	#include "crypto/evp.h"
d02b48c6	24
12d99aac	25	#ifndef OPENSSL_NO_DEPRECATED_3_0
73e92de5	26
8bb826ee	27	int ASN1_sign(i2d_of_void i2d, X509_ALGOR algor1, X509_ALGOR *algor2,
0f113f3e MC	28	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
	29	const EVP_MD *type)
	30	{
bfb0641f	31	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
0f113f3e	32	unsigned char p, buf_in = NULL, *buf_out = NULL;
da84249b F	33	int i, inl = 0, outl = 0;
da84249b F	34	size_t inll = 0, outll = 0;
0f113f3e	35	X509_ALGOR *a;
d02b48c6	36
6e59a892	37	if (ctx == NULL) {
9311d0c4	38	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
6e59a892 RL	39	goto err;
6e59a892 RL	40	}
0f113f3e MC	41	for (i = 0; i < 2; i++) {
	42	if (i == 0)
	43	a = algor1;
	44	else
	45	a = algor2;
	46	if (a == NULL)
	47	continue;
	48	if (type->pkey_type == NID_dsaWithSHA1) {
	49	/*
	50	* special case: RFC 2459 tells us to omit 'parameters' with
	51	* id-dsa-with-sha1
	52	*/
	53	ASN1_TYPE_free(a->parameter);
	54	a->parameter = NULL;
	55	} else if ((a->parameter == NULL) \|\|
	56	(a->parameter->type != V_ASN1_NULL)) {
	57	ASN1_TYPE_free(a->parameter);
	58	if ((a->parameter = ASN1_TYPE_new()) == NULL)
	59	goto err;
	60	a->parameter->type = V_ASN1_NULL;
	61	}
	62	ASN1_OBJECT_free(a->algorithm);
	63	a->algorithm = OBJ_nid2obj(type->pkey_type);
	64	if (a->algorithm == NULL) {
9311d0c4	65	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE);
0f113f3e MC	66	goto err;
	67	}
	68	if (a->algorithm->length == 0) {
9311d0c4 RL	69	ERR_raise(ERR_LIB_ASN1,
9311d0c4 RL	70	ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
0f113f3e MC	71	goto err;
	72	}
	73	}
	74	inl = i2d(data, NULL);
da84249b	75	if (inl <= 0) {
9311d0c4	76	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
da84249b F	77	goto err;
	78	}
	79	inll = (size_t)inl;
	80	buf_in = OPENSSL_malloc(inll);
ed576acd	81	outll = outl = EVP_PKEY_get_size(pkey);
da84249b F	82	buf_out = OPENSSL_malloc(outll);
da84249b F	83	if (buf_in == NULL \|\| buf_out == NULL) {
0f113f3e	84	outl = 0;
9311d0c4	85	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	86	goto err;
	87	}
	88	p = buf_in;
d02b48c6	89
0f113f3e	90	i2d(data, &p);
6e59a892 RL	91	if (!EVP_SignInit_ex(ctx, type, NULL)
	92	\|\| !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
	93	\|\| !EVP_SignFinal(ctx, (unsigned char *)buf_out,
0f113f3e MC	94	(unsigned int *)&outl, pkey)) {
0f113f3e MC	95	outl = 0;
9311d0c4	96	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	97	goto err;
0f113f3e MC	98	}
33847508	99	ASN1_STRING_set0(signature, buf_out, outl);
0f113f3e	100	buf_out = NULL;
0f113f3e MC	101	/*
	102	* In the interests of compatibility, I'll make sure that the bit string
	103	* has a 'not-used bits' value of 0
	104	*/
7c310e87	105	ossl_asn1_string_set_bits_left(signature, 0);
0f113f3e	106	err:
bfb0641f	107	EVP_MD_CTX_free(ctx);
da84249b	108	OPENSSL_clear_free((char *)buf_in, inll);
4b45c6e5	109	OPENSSL_clear_free((char *)buf_out, outll);
26a7d938	110	return outl;
0f113f3e	111	}
09ab755c	112
73e92de5 DSH	113	#endif
73e92de5 DSH	114
ded346fa DDO	115	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	116	ASN1_BIT_STRING signature, const void data,
	117	EVP_PKEY pkey, const EVP_MD md)
0f113f3e	118	{
d8652be0 MC	119	return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey,
d8652be0 MC	120	md, NULL, NULL);
ded346fa DDO	121	}
ded346fa DDO	122
d8652be0 MC	123	int ASN1_item_sign_ex(const ASN1_ITEM it, X509_ALGOR algor1,
	124	X509_ALGOR algor2, ASN1_BIT_STRING signature,
	125	const void data, const ASN1_OCTET_STRING id,
b4250010	126	EVP_PKEY pkey, const EVP_MD md, OSSL_LIB_CTX *libctx,
d8652be0	127	const char *propq)
ded346fa DDO	128	{
ded346fa DDO	129	int rv = 0;
d8652be0	130	EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq);
6e59a892 RL	131
6e59a892 RL	132	if (ctx == NULL) {
9311d0c4	133	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	134	return 0;
0f113f3e MC	135	}
e6c2f964	136	/* We can use the non _ex variant here since the pkey is already setup */
ded346fa DDO	137	if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
ded346fa DDO	138	goto err;
c6aca19b	139
ded346fa	140	rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);
c6aca19b	141
ded346fa	142	err:
ed576acd	143	EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx));
c6aca19b SF	144	EVP_MD_CTX_free(ctx);
c6aca19b SF	145	return rv;
0f113f3e	146	}
85522a07	147
ded346fa DDO	148	int ASN1_item_sign_ctx(const ASN1_ITEM it, X509_ALGOR algor1,
	149	X509_ALGOR algor2, ASN1_BIT_STRING signature,
	150	const void data, EVP_MD_CTX ctx)
0f113f3e	151	{
ded346fa	152	const EVP_MD *md;
0f113f3e MC	153	EVP_PKEY *pkey;
	154	unsigned char buf_in = NULL, buf_out = NULL;
	155	size_t inl = 0, outl = 0, outll = 0;
da84249b	156	int signid, paramtype, buf_len = 0;
bc42bd62	157	int rv, pkey_id;
85522a07	158
f6c95e46	159	md = EVP_MD_CTX_get0_md(ctx);
ed576acd	160	pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
09ab755c	161
7dd6de9f	162	if (pkey == NULL) {
9311d0c4	163	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
2c91b3f5 MRA	164	goto err;
	165	}
	166
219f3ca6	167	if (pkey->ameth == NULL) {
ed576acd	168	EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx);
d5aef594 RL	169	OSSL_PARAM params[2];
	170	unsigned char aid[128];
	171	size_t aid_len = 0;
	172
	173	if (pctx == NULL
	174	\|\| !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
9311d0c4	175	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
d5aef594 RL	176	goto err;
	177	}
	178
	179	params[0] =
	180	OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID,
	181	aid, sizeof(aid));
	182	params[1] = OSSL_PARAM_construct_end();
	183
	184	if (EVP_PKEY_CTX_get_params(pctx, params) <= 0)
	185	goto err;
	186
	187	if ((aid_len = params[0].return_size) == 0) {
9311d0c4	188	ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
d5aef594 RL	189	goto err;
	190	}
	191
	192	if (algor1 != NULL) {
	193	const unsigned char *pp = aid;
	194
	195	if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) {
9311d0c4	196	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
d5aef594 RL	197	goto err;
	198	}
	199	}
	200
	201	if (algor2 != NULL) {
	202	const unsigned char *pp = aid;
	203
	204	if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) {
9311d0c4	205	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
d5aef594 RL	206	goto err;
	207	}
	208	}
03919683	209
d5aef594 RL	210	rv = 3;
d5aef594 RL	211	} else if (pkey->ameth->item_sign) {
ded346fa	212	rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature);
0f113f3e MC	213	if (rv == 1)
0f113f3e MC	214	outl = signature->length;
50e735f9 MC	215	/*-
	216	* Return value meanings:
	217	* <=0: error.
	218	* 1: method does everything.
	219	* 2: carry on as normal.
	220	* 3: ASN1 method sets algorithm identifiers: just sign.
	221	*/
0f113f3e	222	if (rv <= 0)
9311d0c4	223	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	224	if (rv <= 1)
0f113f3e MC	225	goto err;
7dd6de9f	226	} else {
0f113f3e	227	rv = 2;
7dd6de9f	228	}
03919683	229
0f113f3e	230	if (rv == 2) {
ded346fa	231	if (md == NULL) {
9311d0c4	232	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
7dd6de9f DSH	233	goto err;
7dd6de9f DSH	234	}
bc42bd62 PY	235
	236	pkey_id =
	237	#ifndef OPENSSL_NO_SM2
ed576acd	238	EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 :
bc42bd62	239	#endif
d5aef594	240	pkey->ameth->pkey_id;
bc42bd62	241
ded346fa	242	if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) {
9311d0c4	243	ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
2c91b3f5	244	goto err;
7f572e95	245	}
ee1d9ec0	246
04bc3c12 DDO	247	paramtype = pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL ?
	248	V_ASN1_NULL : V_ASN1_UNDEF;
	249	if (algor1 != NULL
	250	&& !X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL))
	251	goto err;
	252	if (algor2 != NULL
	253	&& !X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL))
	254	goto err;
0f113f3e	255	}
ee1d9ec0	256
ded346fa	257	buf_len = ASN1_item_i2d(data, &buf_in, it);
da84249b F	258	if (buf_len <= 0) {
da84249b F	259	outl = 0;
9311d0c4	260	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
da84249b F	261	goto err;
	262	}
	263	inl = buf_len;
9767a3dc RL	264	if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) {
9767a3dc RL	265	outl = 0;
9311d0c4	266	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
9767a3dc RL	267	goto err;
	268	}
	269	outl = outll;
da84249b F	270	buf_out = OPENSSL_malloc(outll);
da84249b F	271	if (buf_in == NULL \|\| buf_out == NULL) {
0f113f3e	272	outl = 0;
9311d0c4	273	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	274	goto err;
0f113f3e MC	275	}
09ab755c	276
75394189	277	if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
0f113f3e	278	outl = 0;
9311d0c4	279	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	280	goto err;
0f113f3e MC	281	}
33847508	282	ASN1_STRING_set0(signature, buf_out, outl);
0f113f3e	283	buf_out = NULL;
0f113f3e MC	284	/*
	285	* In the interests of compatibility, I'll make sure that the bit string
	286	* has a 'not-used bits' value of 0
	287	*/
7c310e87	288	ossl_asn1_string_set_bits_left(signature, 0);
0f113f3e	289	err:
da84249b	290	OPENSSL_clear_free((char *)buf_in, inl);
4b45c6e5	291	OPENSSL_clear_free((char *)buf_out, outll);
26a7d938	292	return outl;
0f113f3e	293	}