[thirdparty/openssl.git] / crypto / asn1 / a_sign.c

/*
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <time.h>
#include <sys/types.h>

#include "internal/cryptlib.h"

#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/core_names.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"

#ifndef OPENSSL_NO_DEPRECATED_3_0

int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
              const EVP_MD *type)
{
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
    int i, inl = 0, outl = 0;
    size_t inll = 0, outll = 0;
    X509_ALGOR *a;

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    for (i = 0; i < 2; i++) {
        if (i == 0)
            a = algor1;
        else
            a = algor2;
        if (a == NULL)
            continue;
        if (type->pkey_type == NID_dsaWithSHA1) {
            /*
             * special case: RFC 2459 tells us to omit 'parameters' with
             * id-dsa-with-sha1
             */
            ASN1_TYPE_free(a->parameter);
            a->parameter = NULL;
        } else if ((a->parameter == NULL) ||
                   (a->parameter->type != V_ASN1_NULL)) {
            ASN1_TYPE_free(a->parameter);
            if ((a->parameter = ASN1_TYPE_new()) == NULL)
                goto err;
            a->parameter->type = V_ASN1_NULL;
        }
        ASN1_OBJECT_free(a->algorithm);
        a->algorithm = OBJ_nid2obj(type->pkey_type);
        if (a->algorithm == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE);
            goto err;
        }
        if (a->algorithm->length == 0) {
            ERR_raise(ERR_LIB_ASN1,
                      ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
            goto err;
        }
    }
    inl = i2d(data, NULL);
    if (inl <= 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inll = (size_t)inl;
    buf_in = OPENSSL_malloc(inll);
    outll = outl = EVP_PKEY_size(pkey);
    buf_out = OPENSSL_malloc(outll);
    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    p = buf_in;

    i2d(data, &p);
    if (!EVP_SignInit_ex(ctx, type, NULL)
        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
                          (unsigned int *)&outl, pkey)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    OPENSSL_free(signature->data);
    signature->data = buf_out;
    buf_out = NULL;
    signature->length = outl;
    /*
     * In the interests of compatibility, I'll make sure that the bit string
     * has a 'not-used bits' value of 0
     */
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
    EVP_MD_CTX_free(ctx);
    OPENSSL_clear_free((char *)buf_in, inll);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
}

#endif

int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                   ASN1_BIT_STRING *signature, const void *data,
                   EVP_PKEY *pkey, const EVP_MD *md)
{
    return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey,
                             md, NULL, NULL);
}

int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
                      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                      const void *data, const ASN1_OCTET_STRING *id,
                      EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx,
                      const char *propq)
{
    int rv = 0;
    EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq);

    if (ctx == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
        goto err;

    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);

 err:
    EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
    EVP_MD_CTX_free(ctx);
    return rv;
}

int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                       const void *data, EVP_MD_CTX *ctx)
{
    const EVP_MD *md;
    EVP_PKEY *pkey;
    unsigned char *buf_in = NULL, *buf_out = NULL;
    size_t inl = 0, outl = 0, outll = 0;
    int signid, paramtype, buf_len = 0;
    int rv, pkey_id;

    md = EVP_MD_CTX_md(ctx);
    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
        goto err;
    }

    if (pkey->ameth == NULL) {
        EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
        OSSL_PARAM params[2];
        unsigned char aid[128];
        size_t aid_len = 0;

        if (pctx == NULL
            || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
            goto err;
        }

        params[0] =
            OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID,
                                              aid, sizeof(aid));
        params[1] = OSSL_PARAM_construct_end();

        if (EVP_PKEY_CTX_get_params(pctx, params) <= 0)
            goto err;

        if ((aid_len = params[0].return_size) == 0) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
            goto err;
        }

        if (algor1 != NULL) {
            const unsigned char *pp = aid;

            if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                goto err;
            }
        }

        if (algor2 != NULL) {
            const unsigned char *pp = aid;

            if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
                goto err;
            }
        }

        rv = 3;
    } else if (pkey->ameth->item_sign) {
        rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature);
        if (rv == 1)
            outl = signature->length;
        /*-
         * Return value meanings:
         * <=0: error.
         *   1: method does everything.
         *   2: carry on as normal.
         *   3: ASN1 method sets algorithm identifiers: just sign.
         */
        if (rv <= 0)
            ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        if (rv <= 1)
            goto err;
    } else {
        rv = 2;
    }

    if (rv == 2) {
        if (md == NULL) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
            goto err;
        }

        pkey_id =
#ifndef OPENSSL_NO_SM2
            EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 :
#endif
            pkey->ameth->pkey_id;

        if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
            goto err;
        }

        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
            paramtype = V_ASN1_NULL;
        else
            paramtype = V_ASN1_UNDEF;

        if (algor1)
            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
        if (algor2)
            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);

    }

    buf_len = ASN1_item_i2d(data, &buf_in, it);
    if (buf_len <= 0) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inl = buf_len;
    if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    outl = outll;
    buf_out = OPENSSL_malloc(outll);
    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
        outl = 0;
        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
        goto err;
    }
    OPENSSL_free(signature->data);
    signature->data = buf_out;
    buf_out = NULL;
    signature->length = outl;
    /*
     * In the interests of compatibility, I'll make sure that the bit string
     * has a 'not-used bits' value of 0
     */
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
    OPENSSL_clear_free((char *)buf_in, inl);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
}
Commit	Line	Data
2039c421	1	/*
33388b44	2	* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
8df61b50	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
8df61b50	8	*/
d02b48c6 RE	9
	10	#include <stdio.h>
	11	#include <time.h>
b379fe6c	12	#include <sys/types.h>
d02b48c6	13
b39fc560	14	#include "internal/cryptlib.h"
17f389bb	15
ec577822 BM	16	#include <openssl/bn.h>
	17	#include <openssl/evp.h>
	18	#include <openssl/x509.h>
	19	#include <openssl/objects.h>
	20	#include <openssl/buffer.h>
d5aef594	21	#include <openssl/core_names.h>
25f2138b DMSP	22	#include "crypto/asn1.h"
25f2138b DMSP	23	#include "crypto/evp.h"
d02b48c6	24
12d99aac	25	#ifndef OPENSSL_NO_DEPRECATED_3_0
73e92de5	26
8bb826ee	27	int ASN1_sign(i2d_of_void i2d, X509_ALGOR algor1, X509_ALGOR *algor2,
0f113f3e MC	28	ASN1_BIT_STRING signature, char data, EVP_PKEY *pkey,
	29	const EVP_MD *type)
	30	{
bfb0641f	31	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
0f113f3e	32	unsigned char p, buf_in = NULL, *buf_out = NULL;
da84249b F	33	int i, inl = 0, outl = 0;
da84249b F	34	size_t inll = 0, outll = 0;
0f113f3e	35	X509_ALGOR *a;
d02b48c6	36
6e59a892	37	if (ctx == NULL) {
9311d0c4	38	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
6e59a892 RL	39	goto err;
6e59a892 RL	40	}
0f113f3e MC	41	for (i = 0; i < 2; i++) {
	42	if (i == 0)
	43	a = algor1;
	44	else
	45	a = algor2;
	46	if (a == NULL)
	47	continue;
	48	if (type->pkey_type == NID_dsaWithSHA1) {
	49	/*
	50	* special case: RFC 2459 tells us to omit 'parameters' with
	51	* id-dsa-with-sha1
	52	*/
	53	ASN1_TYPE_free(a->parameter);
	54	a->parameter = NULL;
	55	} else if ((a->parameter == NULL) \|\|
	56	(a->parameter->type != V_ASN1_NULL)) {
	57	ASN1_TYPE_free(a->parameter);
	58	if ((a->parameter = ASN1_TYPE_new()) == NULL)
	59	goto err;
	60	a->parameter->type = V_ASN1_NULL;
	61	}
	62	ASN1_OBJECT_free(a->algorithm);
	63	a->algorithm = OBJ_nid2obj(type->pkey_type);
	64	if (a->algorithm == NULL) {
9311d0c4	65	ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE);
0f113f3e MC	66	goto err;
	67	}
	68	if (a->algorithm->length == 0) {
9311d0c4 RL	69	ERR_raise(ERR_LIB_ASN1,
9311d0c4 RL	70	ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
0f113f3e MC	71	goto err;
	72	}
	73	}
	74	inl = i2d(data, NULL);
da84249b	75	if (inl <= 0) {
9311d0c4	76	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
da84249b F	77	goto err;
	78	}
	79	inll = (size_t)inl;
	80	buf_in = OPENSSL_malloc(inll);
0f113f3e	81	outll = outl = EVP_PKEY_size(pkey);
da84249b F	82	buf_out = OPENSSL_malloc(outll);
da84249b F	83	if (buf_in == NULL \|\| buf_out == NULL) {
0f113f3e	84	outl = 0;
9311d0c4	85	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	86	goto err;
	87	}
	88	p = buf_in;
d02b48c6	89
0f113f3e	90	i2d(data, &p);
6e59a892 RL	91	if (!EVP_SignInit_ex(ctx, type, NULL)
	92	\|\| !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
	93	\|\| !EVP_SignFinal(ctx, (unsigned char *)buf_out,
0f113f3e MC	94	(unsigned int *)&outl, pkey)) {
0f113f3e MC	95	outl = 0;
9311d0c4	96	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	97	goto err;
0f113f3e MC	98	}
b548a1f1	99	OPENSSL_free(signature->data);
0f113f3e MC	100	signature->data = buf_out;
	101	buf_out = NULL;
	102	signature->length = outl;
	103	/*
	104	* In the interests of compatibility, I'll make sure that the bit string
	105	* has a 'not-used bits' value of 0
	106	*/
	107	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT \| 0x07);
	108	signature->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
	109	err:
bfb0641f	110	EVP_MD_CTX_free(ctx);
da84249b	111	OPENSSL_clear_free((char *)buf_in, inll);
4b45c6e5	112	OPENSSL_clear_free((char *)buf_out, outll);
26a7d938	113	return outl;
0f113f3e	114	}
09ab755c	115
73e92de5 DSH	116	#endif
73e92de5 DSH	117
ded346fa DDO	118	int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	119	ASN1_BIT_STRING signature, const void data,
	120	EVP_PKEY pkey, const EVP_MD md)
0f113f3e	121	{
d8652be0 MC	122	return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey,
d8652be0 MC	123	md, NULL, NULL);
ded346fa DDO	124	}
ded346fa DDO	125
d8652be0 MC	126	int ASN1_item_sign_ex(const ASN1_ITEM it, X509_ALGOR algor1,
	127	X509_ALGOR algor2, ASN1_BIT_STRING signature,
	128	const void data, const ASN1_OCTET_STRING id,
b4250010	129	EVP_PKEY pkey, const EVP_MD md, OSSL_LIB_CTX *libctx,
d8652be0	130	const char *propq)
ded346fa DDO	131	{
ded346fa DDO	132	int rv = 0;
d8652be0	133	EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq);
6e59a892 RL	134
6e59a892 RL	135	if (ctx == NULL) {
9311d0c4	136	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	137	return 0;
0f113f3e MC	138	}
ded346fa DDO	139	if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey))
ded346fa DDO	140	goto err;
c6aca19b	141
ded346fa	142	rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);
c6aca19b	143
ded346fa DDO	144	err:
ded346fa DDO	145	EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
c6aca19b SF	146	EVP_MD_CTX_free(ctx);
c6aca19b SF	147	return rv;
0f113f3e	148	}
85522a07	149
ded346fa DDO	150	int ASN1_item_sign_ctx(const ASN1_ITEM it, X509_ALGOR algor1,
	151	X509_ALGOR algor2, ASN1_BIT_STRING signature,
	152	const void data, EVP_MD_CTX ctx)
0f113f3e	153	{
ded346fa	154	const EVP_MD *md;
0f113f3e MC	155	EVP_PKEY *pkey;
	156	unsigned char buf_in = NULL, buf_out = NULL;
	157	size_t inl = 0, outl = 0, outll = 0;
da84249b	158	int signid, paramtype, buf_len = 0;
bc42bd62	159	int rv, pkey_id;
85522a07	160
ded346fa	161	md = EVP_MD_CTX_md(ctx);
6e59a892	162	pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
09ab755c	163
7dd6de9f	164	if (pkey == NULL) {
9311d0c4	165	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
2c91b3f5 MRA	166	goto err;
	167	}
	168
219f3ca6	169	if (pkey->ameth == NULL) {
d5aef594 RL	170	EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
	171	OSSL_PARAM params[2];
	172	unsigned char aid[128];
	173	size_t aid_len = 0;
	174
	175	if (pctx == NULL
	176	\|\| !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
9311d0c4	177	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
d5aef594 RL	178	goto err;
	179	}
	180
	181	params[0] =
	182	OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID,
	183	aid, sizeof(aid));
	184	params[1] = OSSL_PARAM_construct_end();
	185
	186	if (EVP_PKEY_CTX_get_params(pctx, params) <= 0)
	187	goto err;
	188
	189	if ((aid_len = params[0].return_size) == 0) {
9311d0c4	190	ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
d5aef594 RL	191	goto err;
	192	}
	193
	194	if (algor1 != NULL) {
	195	const unsigned char *pp = aid;
	196
	197	if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) {
9311d0c4	198	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
d5aef594 RL	199	goto err;
	200	}
	201	}
	202
	203	if (algor2 != NULL) {
	204	const unsigned char *pp = aid;
	205
	206	if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) {
9311d0c4	207	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
d5aef594 RL	208	goto err;
	209	}
	210	}
03919683	211
d5aef594 RL	212	rv = 3;
d5aef594 RL	213	} else if (pkey->ameth->item_sign) {
ded346fa	214	rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature);
0f113f3e MC	215	if (rv == 1)
0f113f3e MC	216	outl = signature->length;
50e735f9 MC	217	/*-
	218	* Return value meanings:
	219	* <=0: error.
	220	* 1: method does everything.
	221	* 2: carry on as normal.
	222	* 3: ASN1 method sets algorithm identifiers: just sign.
	223	*/
0f113f3e	224	if (rv <= 0)
9311d0c4	225	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	226	if (rv <= 1)
0f113f3e MC	227	goto err;
7dd6de9f	228	} else {
0f113f3e	229	rv = 2;
7dd6de9f	230	}
03919683	231
0f113f3e	232	if (rv == 2) {
ded346fa	233	if (md == NULL) {
9311d0c4	234	ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
7dd6de9f DSH	235	goto err;
7dd6de9f DSH	236	}
bc42bd62 PY	237
	238	pkey_id =
	239	#ifndef OPENSSL_NO_SM2
	240	EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 :
	241	#endif
d5aef594	242	pkey->ameth->pkey_id;
bc42bd62	243
ded346fa	244	if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) {
9311d0c4	245	ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
2c91b3f5	246	goto err;
7f572e95	247	}
ee1d9ec0	248
0f113f3e MC	249	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
	250	paramtype = V_ASN1_NULL;
	251	else
	252	paramtype = V_ASN1_UNDEF;
ee1d9ec0	253
0f113f3e MC	254	if (algor1)
	255	X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
	256	if (algor2)
	257	X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
85522a07	258
0f113f3e	259	}
ee1d9ec0	260
ded346fa	261	buf_len = ASN1_item_i2d(data, &buf_in, it);
da84249b F	262	if (buf_len <= 0) {
da84249b F	263	outl = 0;
9311d0c4	264	ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
da84249b F	265	goto err;
	266	}
	267	inl = buf_len;
9767a3dc RL	268	if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) {
9767a3dc RL	269	outl = 0;
9311d0c4	270	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
9767a3dc RL	271	goto err;
	272	}
	273	outl = outll;
da84249b F	274	buf_out = OPENSSL_malloc(outll);
da84249b F	275	if (buf_in == NULL \|\| buf_out == NULL) {
0f113f3e	276	outl = 0;
9311d0c4	277	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	278	goto err;
0f113f3e MC	279	}
09ab755c	280
75394189	281	if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
0f113f3e	282	outl = 0;
9311d0c4	283	ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
0f113f3e MC	284	goto err;
0f113f3e MC	285	}
b548a1f1	286	OPENSSL_free(signature->data);
0f113f3e MC	287	signature->data = buf_out;
	288	buf_out = NULL;
	289	signature->length = outl;
	290	/*
	291	* In the interests of compatibility, I'll make sure that the bit string
	292	* has a 'not-used bits' value of 0
	293	*/
	294	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT \| 0x07);
	295	signature->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
	296	err:
da84249b	297	OPENSSL_clear_free((char *)buf_in, inl);
4b45c6e5	298	OPENSSL_clear_free((char *)buf_out, outll);
26a7d938	299	return outl;
0f113f3e	300	}