/src/openssl/crypto/asn1/a_sign.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include <time.h> |
12 | | #include <sys/types.h> |
13 | | |
14 | | #include "internal/cryptlib.h" |
15 | | |
16 | | #include <openssl/bn.h> |
17 | | #include <openssl/evp.h> |
18 | | #include <openssl/x509.h> |
19 | | #include <openssl/objects.h> |
20 | | #include <openssl/buffer.h> |
21 | | #include <openssl/core_names.h> |
22 | | #include "crypto/asn1.h" |
23 | | #include "crypto/evp.h" |
24 | | |
25 | | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
26 | | |
27 | | int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, |
28 | | ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, |
29 | | const EVP_MD *type) |
30 | 0 | { |
31 | 0 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
32 | 0 | unsigned char *p, *buf_in = NULL, *buf_out = NULL; |
33 | 0 | int i, inl = 0, outl = 0; |
34 | 0 | size_t inll = 0, outll = 0; |
35 | 0 | X509_ALGOR *a; |
36 | |
|
37 | 0 | if (ctx == NULL) { |
38 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
39 | 0 | goto err; |
40 | 0 | } |
41 | 0 | for (i = 0; i < 2; i++) { |
42 | 0 | if (i == 0) |
43 | 0 | a = algor1; |
44 | 0 | else |
45 | 0 | a = algor2; |
46 | 0 | if (a == NULL) |
47 | 0 | continue; |
48 | 0 | if (type->pkey_type == NID_dsaWithSHA1) { |
49 | | /* |
50 | | * special case: RFC 3370 tells us to omit 'parameters' with |
51 | | * id-dsa-with-sha1 |
52 | | */ |
53 | 0 | ASN1_TYPE_free(a->parameter); |
54 | 0 | a->parameter = NULL; |
55 | 0 | } else if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { |
56 | 0 | ASN1_TYPE_free(a->parameter); |
57 | 0 | if ((a->parameter = ASN1_TYPE_new()) == NULL) |
58 | 0 | goto err; |
59 | 0 | a->parameter->type = V_ASN1_NULL; |
60 | 0 | } |
61 | 0 | ASN1_OBJECT_free(a->algorithm); |
62 | 0 | a->algorithm = OBJ_nid2obj(type->pkey_type); |
63 | 0 | if (a->algorithm == NULL) { |
64 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE); |
65 | 0 | goto err; |
66 | 0 | } |
67 | 0 | if (a->algorithm->length == 0) { |
68 | 0 | ERR_raise(ERR_LIB_ASN1, |
69 | 0 | ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); |
70 | 0 | goto err; |
71 | 0 | } |
72 | 0 | } |
73 | 0 | inl = i2d(data, NULL); |
74 | 0 | if (inl <= 0) { |
75 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); |
76 | 0 | goto err; |
77 | 0 | } |
78 | 0 | inll = (size_t)inl; |
79 | 0 | buf_in = OPENSSL_malloc(inll); |
80 | 0 | outll = outl = EVP_PKEY_get_size(pkey); |
81 | 0 | buf_out = OPENSSL_malloc(outll); |
82 | 0 | if (buf_in == NULL || buf_out == NULL) { |
83 | 0 | outl = 0; |
84 | 0 | goto err; |
85 | 0 | } |
86 | 0 | p = buf_in; |
87 | |
|
88 | 0 | i2d(data, &p); |
89 | 0 | if (!EVP_SignInit_ex(ctx, type, NULL) |
90 | 0 | || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) |
91 | 0 | || !EVP_SignFinal(ctx, (unsigned char *)buf_out, |
92 | 0 | (unsigned int *)&outl, pkey)) { |
93 | 0 | outl = 0; |
94 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
95 | 0 | goto err; |
96 | 0 | } |
97 | 0 | ASN1_STRING_set0(signature, buf_out, outl); |
98 | 0 | buf_out = NULL; |
99 | | /* |
100 | | * In the interests of compatibility, I'll make sure that the bit string |
101 | | * has a 'not-used bits' value of 0 |
102 | | */ |
103 | 0 | ossl_asn1_string_set_bits_left(signature, 0); |
104 | 0 | err: |
105 | 0 | EVP_MD_CTX_free(ctx); |
106 | 0 | OPENSSL_clear_free((char *)buf_in, inll); |
107 | 0 | OPENSSL_clear_free((char *)buf_out, outll); |
108 | 0 | return outl; |
109 | 0 | } |
110 | | |
111 | | #endif |
112 | | |
113 | | int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, |
114 | | ASN1_BIT_STRING *signature, const void *data, |
115 | | EVP_PKEY *pkey, const EVP_MD *md) |
116 | 0 | { |
117 | 0 | return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey, |
118 | 0 | md, NULL, NULL); |
119 | 0 | } |
120 | | |
121 | | int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, |
122 | | X509_ALGOR *algor2, ASN1_BIT_STRING *signature, |
123 | | const void *data, const ASN1_OCTET_STRING *id, |
124 | | EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, |
125 | | const char *propq) |
126 | 0 | { |
127 | 0 | int rv = 0; |
128 | 0 | EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq); |
129 | |
|
130 | 0 | if (ctx == NULL) { |
131 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
132 | 0 | return 0; |
133 | 0 | } |
134 | | /* We can use the non _ex variant here since the pkey is already setup */ |
135 | 0 | if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) |
136 | 0 | goto err; |
137 | | |
138 | 0 | rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); |
139 | |
|
140 | 0 | err: |
141 | 0 | EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); |
142 | 0 | EVP_MD_CTX_free(ctx); |
143 | 0 | return rv; |
144 | 0 | } |
145 | | |
146 | | int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, |
147 | | X509_ALGOR *algor2, ASN1_BIT_STRING *signature, |
148 | | const void *data, EVP_MD_CTX *ctx) |
149 | 0 | { |
150 | 0 | const EVP_MD *md; |
151 | 0 | EVP_PKEY *pkey; |
152 | 0 | unsigned char *buf_in = NULL, *buf_out = NULL; |
153 | 0 | size_t inl = 0, outl = 0, outll = 0; |
154 | 0 | int signid, paramtype, buf_len = 0; |
155 | 0 | int rv, pkey_id; |
156 | |
|
157 | 0 | md = EVP_MD_CTX_get0_md(ctx); |
158 | 0 | pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); |
159 | |
|
160 | 0 | if (pkey == NULL) { |
161 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); |
162 | 0 | goto err; |
163 | 0 | } |
164 | | |
165 | 0 | if (pkey->ameth == NULL) { |
166 | 0 | EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx); |
167 | 0 | OSSL_PARAM params[2]; |
168 | 0 | unsigned char aid[128]; |
169 | 0 | size_t aid_len = 0; |
170 | |
|
171 | 0 | if (pctx == NULL |
172 | 0 | || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { |
173 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); |
174 | 0 | goto err; |
175 | 0 | } |
176 | | |
177 | 0 | params[0] = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, |
178 | 0 | aid, sizeof(aid)); |
179 | 0 | params[1] = OSSL_PARAM_construct_end(); |
180 | |
|
181 | 0 | if (EVP_PKEY_CTX_get_params(pctx, params) <= 0) |
182 | 0 | goto err; |
183 | | |
184 | 0 | if ((aid_len = params[0].return_size) == 0) { |
185 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); |
186 | 0 | goto err; |
187 | 0 | } |
188 | | |
189 | 0 | if (algor1 != NULL) { |
190 | 0 | const unsigned char *pp = aid; |
191 | |
|
192 | 0 | if (d2i_X509_ALGOR(&algor1, &pp, (long)aid_len) == NULL) { |
193 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); |
194 | 0 | goto err; |
195 | 0 | } |
196 | 0 | } |
197 | | |
198 | 0 | if (algor2 != NULL) { |
199 | 0 | const unsigned char *pp = aid; |
200 | |
|
201 | 0 | if (d2i_X509_ALGOR(&algor2, &pp, (long)aid_len) == NULL) { |
202 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); |
203 | 0 | goto err; |
204 | 0 | } |
205 | 0 | } |
206 | | |
207 | 0 | rv = 3; |
208 | 0 | } else if (pkey->ameth->item_sign) { |
209 | 0 | rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature); |
210 | 0 | if (rv == 1) |
211 | 0 | outl = signature->length; |
212 | | /*- |
213 | | * Return value meanings: |
214 | | * <=0: error. |
215 | | * 1: method does everything. |
216 | | * 2: carry on as normal. |
217 | | * 3: ASN1 method sets algorithm identifiers: just sign. |
218 | | */ |
219 | 0 | if (rv <= 0) |
220 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
221 | 0 | if (rv <= 1) |
222 | 0 | goto err; |
223 | 0 | } else { |
224 | 0 | rv = 2; |
225 | 0 | } |
226 | | |
227 | 0 | if (rv == 2) { |
228 | 0 | if (md == NULL) { |
229 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); |
230 | 0 | goto err; |
231 | 0 | } |
232 | | |
233 | 0 | pkey_id = |
234 | 0 | #ifndef OPENSSL_NO_SM2 |
235 | 0 | EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : |
236 | 0 | #endif |
237 | 0 | pkey->ameth->pkey_id; |
238 | |
|
239 | 0 | if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { |
240 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); |
241 | 0 | goto err; |
242 | 0 | } |
243 | | |
244 | 0 | paramtype = pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL ? V_ASN1_NULL : V_ASN1_UNDEF; |
245 | 0 | if (algor1 != NULL |
246 | 0 | && !X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL)) |
247 | 0 | goto err; |
248 | 0 | if (algor2 != NULL |
249 | 0 | && !X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL)) |
250 | 0 | goto err; |
251 | 0 | } |
252 | | |
253 | 0 | buf_len = ASN1_item_i2d(data, &buf_in, it); |
254 | 0 | if (buf_len <= 0) { |
255 | 0 | outl = 0; |
256 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); |
257 | 0 | goto err; |
258 | 0 | } |
259 | 0 | inl = buf_len; |
260 | 0 | if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) { |
261 | 0 | outl = 0; |
262 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
263 | 0 | goto err; |
264 | 0 | } |
265 | 0 | outl = outll; |
266 | 0 | buf_out = OPENSSL_malloc(outll); |
267 | 0 | if (buf_in == NULL || buf_out == NULL) { |
268 | 0 | outl = 0; |
269 | 0 | goto err; |
270 | 0 | } |
271 | | |
272 | 0 | if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { |
273 | 0 | outl = 0; |
274 | 0 | ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
275 | 0 | goto err; |
276 | 0 | } |
277 | 0 | ASN1_STRING_set0(signature, buf_out, (int)outl); |
278 | 0 | buf_out = NULL; |
279 | | /* |
280 | | * In the interests of compatibility, I'll make sure that the bit string |
281 | | * has a 'not-used bits' value of 0 |
282 | | */ |
283 | 0 | ossl_asn1_string_set_bits_left(signature, 0); |
284 | 0 | err: |
285 | 0 | OPENSSL_clear_free((char *)buf_in, inl); |
286 | 0 | OPENSSL_clear_free((char *)buf_out, outll); |
287 | 0 | return (int)outl; |
288 | 0 | } |