/src/boringssl/crypto/x509/a_sign.cc

Source (jump to first uncovered line)
// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/asn1.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/mem.h>
#include <openssl/obj.h>
#include <openssl/x509.h>

#include <limits.h>

#include "internal.h"

int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                   ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
                   const EVP_MD *type) {
  if (signature->type != V_ASN1_BIT_STRING) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
    return 0;
  }
  bssl::ScopedEVP_MD_CTX ctx;
  if (!EVP_DigestSignInit(ctx.get(), nullptr, type, nullptr, pkey)) {
    return 0;
  }
  return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx.get());
}

int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                       void *asn, EVP_MD_CTX *ctx) {
  int ret = 0;
  uint8_t *in = NULL, *out = NULL;

  {
    if (signature->type != V_ASN1_BIT_STRING) {
      OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
      goto err;
    }

    // Write out the requested copies of the AlgorithmIdentifier.
    if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) {
      goto err;
    }
    if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) {
      goto err;
    }

    int in_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &in, it);
    if (in_len < 0) {
      goto err;
    }

    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
    size_t out_len = EVP_PKEY_size(pkey);
    if (out_len > INT_MAX) {
      OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
      goto err;
    }

    out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(out_len));
    if (out == NULL) {
      goto err;
    }

    if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
      OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
      goto err;
    }

    ASN1_STRING_set0(signature, out, (int)out_len);
    out = NULL;
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
    ret = (int)out_len;
  }

err:
  EVP_MD_CTX_cleanup(ctx);
  OPENSSL_free(in);
  OPENSSL_free(out);
  return ret;
}

Line	Count	Source (jump to first uncovered line)
1		// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <openssl/asn1.h>
16		#include <openssl/digest.h>
17		#include <openssl/err.h>
18		#include <openssl/evp.h>
19		#include <openssl/mem.h>
20		#include <openssl/obj.h>
21		#include <openssl/x509.h>
22
23		#include <limits.h>
24
25		#include "internal.h"
26
27		int ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
28		ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey,
29	0	const EVP_MD *type) {
30	0	if (signature->type != V_ASN1_BIT_STRING) {
31	0	OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
32	0	return 0;
33	0	}
34	0	bssl::ScopedEVP_MD_CTX ctx;
35	0	if (!EVP_DigestSignInit(ctx.get(), nullptr, type, nullptr, pkey)) {
36	0	return 0;
37	0	}
38	0	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx.get());
39	0	}
40
41		int ASN1_item_sign_ctx(const ASN1_ITEM it, X509_ALGOR algor1,
42		X509_ALGOR algor2, ASN1_BIT_STRING signature,
43	0	void asn, EVP_MD_CTX ctx) {
44	0	int ret = 0;
45	0	uint8_t in = NULL, out = NULL;
46
47	0	{
48	0	if (signature->type != V_ASN1_BIT_STRING) {
49	0	OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
50	0	goto err;
51	0	}
52
53		// Write out the requested copies of the AlgorithmIdentifier.
54	0	if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) {
55	0	goto err;
56	0	}
57	0	if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) {
58	0	goto err;
59	0	}
60
61	0	int in_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &in, it);
62	0	if (in_len < 0) {
63	0	goto err;
64	0	}
65
66	0	EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
67	0	size_t out_len = EVP_PKEY_size(pkey);
68	0	if (out_len > INT_MAX) {
69	0	OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
70	0	goto err;
71	0	}
72
73	0	out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(out_len));
74	0	if (out == NULL) {
75	0	goto err;
76	0	}
77
78	0	if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
79	0	OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
80	0	goto err;
81	0	}
82
83	0	ASN1_STRING_set0(signature, out, (int)out_len);
84	0	out = NULL;
85	0	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT \| 0x07);
86	0	signature->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
87	0	ret = (int)out_len;
88	0	}
89
90	0	err:
91	0	EVP_MD_CTX_cleanup(ctx);
92	0	OPENSSL_free(in);
93	0	OPENSSL_free(out);
94	0	return ret;
95	0	}

Coverage Report

Created: 2025-06-11 06:41