| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <stdio.h> |
| 11 | #include <time.h> |
| 12 | #include <sys/types.h> |
| 13 | |
| 14 | #include "internal/cryptlib.h" |
| 15 | |
| 16 | #include <openssl/bn.h> |
| 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/x509.h> |
| 19 | #include <openssl/objects.h> |
| 20 | #include <openssl/buffer.h> |
| 21 | #include "crypto/asn1.h" |
| 22 | #include "crypto/evp.h" |
| 23 | |
| 24 | #ifndef NO_ASN1_OLD |
| 25 | |
| 26 | int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, |
| 27 | ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, |
| 28 | const EVP_MD *type) |
| 29 | { |
| 30 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
| 31 | unsigned char *p, *buf_in = NULL, *buf_out = NULL; |
| 32 | int i, inl = 0, outl = 0; |
| 33 | size_t inll = 0, outll = 0; |
| 34 | X509_ALGOR *a; |
| 35 | |
| 36 | if (ctx == NULL) { |
| 37 | ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); |
| 38 | goto err; |
| 39 | } |
| 40 | for (i = 0; i < 2; i++) { |
| 41 | if (i == 0) |
| 42 | a = algor1; |
| 43 | else |
| 44 | a = algor2; |
| 45 | if (a == NULL) |
| 46 | continue; |
| 47 | if (type->pkey_type == NID_dsaWithSHA1) { |
| 48 | /* |
| 49 | * special case: RFC 2459 tells us to omit 'parameters' with |
| 50 | * id-dsa-with-sha1 |
| 51 | */ |
| 52 | ASN1_TYPE_free(a->parameter); |
| 53 | a->parameter = NULL; |
| 54 | } else if ((a->parameter == NULL) || |
| 55 | (a->parameter->type != V_ASN1_NULL)) { |
| 56 | ASN1_TYPE_free(a->parameter); |
| 57 | if ((a->parameter = ASN1_TYPE_new()) == NULL) |
| 58 | goto err; |
| 59 | a->parameter->type = V_ASN1_NULL; |
| 60 | } |
| 61 | ASN1_OBJECT_free(a->algorithm); |
| 62 | a->algorithm = OBJ_nid2obj(type->pkey_type); |
| 63 | if (a->algorithm == NULL) { |
| 64 | ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); |
| 65 | goto err; |
| 66 | } |
| 67 | if (a->algorithm->length == 0) { |
| 68 | ASN1err(ASN1_F_ASN1_SIGN, |
| 69 | ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); |
| 70 | goto err; |
| 71 | } |
| 72 | } |
| 73 | inl = i2d(data, NULL); |
| 74 | if (inl <= 0) { |
| 75 | ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR); |
| 76 | goto err; |
| 77 | } |
| 78 | inll = (size_t)inl; |
| 79 | buf_in = OPENSSL_malloc(inll); |
| 80 | outll = outl = EVP_PKEY_size(pkey); |
| 81 | buf_out = OPENSSL_malloc(outll); |
| 82 | if (buf_in == NULL || buf_out == NULL) { |
| 83 | outl = 0; |
| 84 | ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); |
| 85 | goto err; |
| 86 | } |
| 87 | p = buf_in; |
| 88 | |
| 89 | i2d(data, &p); |
| 90 | if (!EVP_SignInit_ex(ctx, type, NULL) |
| 91 | || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) |
| 92 | || !EVP_SignFinal(ctx, (unsigned char *)buf_out, |
| 93 | (unsigned int *)&outl, pkey)) { |
| 94 | outl = 0; |
| 95 | ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); |
| 96 | goto err; |
| 97 | } |
| 98 | OPENSSL_free(signature->data); |
| 99 | signature->data = buf_out; |
| 100 | buf_out = NULL; |
| 101 | signature->length = outl; |
| 102 | /* |
| 103 | * In the interests of compatibility, I'll make sure that the bit string |
| 104 | * has a 'not-used bits' value of 0 |
| 105 | */ |
| 106 | signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); |
| 107 | signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; |
| 108 | err: |
| 109 | EVP_MD_CTX_free(ctx); |
| 110 | OPENSSL_clear_free((char *)buf_in, inll); |
| 111 | OPENSSL_clear_free((char *)buf_out, outll); |
| 112 | return outl; |
| 113 | } |
| 114 | |
| 115 | #endif |
| 116 | |
| 117 | int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, |
| 118 | X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, |
| 119 | EVP_PKEY *pkey, const EVP_MD *type) |
| 120 | { |
| 121 | int rv; |
| 122 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
| 123 | |
| 124 | if (ctx == NULL) { |
| 125 | ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); |
| 126 | return 0; |
| 127 | } |
| 128 | if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { |
| 129 | EVP_MD_CTX_free(ctx); |
| 130 | return 0; |
| 131 | } |
| 132 | |
| 133 | rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); |
| 134 | |
| 135 | EVP_MD_CTX_free(ctx); |
| 136 | return rv; |
| 137 | } |
| 138 | |
| 139 | int ASN1_item_sign_ctx(const ASN1_ITEM *it, |
| 140 | X509_ALGOR *algor1, X509_ALGOR *algor2, |
| 141 | ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) |
| 142 | { |
| 143 | const EVP_MD *type; |
| 144 | EVP_PKEY *pkey; |
| 145 | unsigned char *buf_in = NULL, *buf_out = NULL; |
| 146 | size_t inl = 0, outl = 0, outll = 0; |
| 147 | int signid, paramtype, buf_len = 0; |
| 148 | int rv; |
| 149 | |
| 150 | type = EVP_MD_CTX_md(ctx); |
| 151 | pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); |
| 152 | |
| 153 | if (pkey == NULL) { |
| 154 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); |
| 155 | goto err; |
| 156 | } |
| 157 | |
| 158 | if (pkey->ameth == NULL) { |
| 159 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); |
| 160 | goto err; |
| 161 | } |
| 162 | |
| 163 | if (pkey->ameth->item_sign) { |
| 164 | rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); |
| 165 | if (rv == 1) |
| 166 | outl = signature->length; |
| 167 | /*- |
| 168 | * Return value meanings: |
| 169 | * <=0: error. |
| 170 | * 1: method does everything. |
| 171 | * 2: carry on as normal. |
| 172 | * 3: ASN1 method sets algorithm identifiers: just sign. |
| 173 | */ |
| 174 | if (rv <= 0) |
| 175 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); |
| 176 | if (rv <= 1) |
| 177 | goto err; |
| 178 | } else { |
| 179 | rv = 2; |
| 180 | } |
| 181 | |
| 182 | if (rv == 2) { |
| 183 | if (type == NULL) { |
| 184 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); |
| 185 | goto err; |
| 186 | } |
| 187 | if (!OBJ_find_sigid_by_algs(&signid, |
| 188 | EVP_MD_nid(type), |
| 189 | pkey->ameth->pkey_id)) { |
| 190 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, |
| 191 | ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); |
| 192 | goto err; |
| 193 | } |
| 194 | |
| 195 | if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) |
| 196 | paramtype = V_ASN1_NULL; |
| 197 | else |
| 198 | paramtype = V_ASN1_UNDEF; |
| 199 | |
| 200 | if (algor1) |
| 201 | X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); |
| 202 | if (algor2) |
| 203 | X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); |
| 204 | |
| 205 | } |
| 206 | |
| 207 | buf_len = ASN1_item_i2d(asn, &buf_in, it); |
| 208 | if (buf_len <= 0) { |
| 209 | outl = 0; |
| 210 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR); |
| 211 | goto err; |
| 212 | } |
| 213 | inl = buf_len; |
| 214 | outll = outl = EVP_PKEY_size(pkey); |
| 215 | buf_out = OPENSSL_malloc(outll); |
| 216 | if (buf_in == NULL || buf_out == NULL) { |
| 217 | outl = 0; |
| 218 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); |
| 219 | goto err; |
| 220 | } |
| 221 | |
| 222 | if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { |
| 223 | outl = 0; |
| 224 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); |
| 225 | goto err; |
| 226 | } |
| 227 | OPENSSL_free(signature->data); |
| 228 | signature->data = buf_out; |
| 229 | buf_out = NULL; |
| 230 | signature->length = outl; |
| 231 | /* |
| 232 | * In the interests of compatibility, I'll make sure that the bit string |
| 233 | * has a 'not-used bits' value of 0 |
| 234 | */ |
| 235 | signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); |
| 236 | signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; |
| 237 | err: |
| 238 | OPENSSL_clear_free((char *)buf_in, inl); |
| 239 | OPENSSL_clear_free((char *)buf_out, outll); |
| 240 | return outl; |
| 241 | } |