int ssh_key_sign(ssh_key* key, const char* data, int length, unsigned char* sig) {
const EVP_MD* md;
EVP_MD_CTX md_ctx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen, len;
/* Get SHA1 digest */
if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)
return -1;
/* Digest data */
EVP_DigestInit(&md_ctx, md);
EVP_DigestUpdate(&md_ctx, data, length);
EVP_DigestFinal(&md_ctx, digest, &dlen);
/* Sign with key */
switch (key->type) {
case SSH_KEY_RSA:
if (RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa) == 1)
return len;
case SSH_KEY_DSA: {
DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);
if (dsa_sig != NULL) {
/* Compute size of each half of signature */
int rlen = BN_num_bytes(dsa_sig->r);
int slen = BN_num_bytes(dsa_sig->s);
/* Ensure each number is within the required size */
if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)
return -1;
/* Init to all zeroes */
memset(sig, 0, DSA_SIG_SIZE);
/* Add R at the end of the first block of the signature */
BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE
- DSA_SIG_NUMBER_SIZE - rlen);
/* Add S at the end of the second block of the signature */
BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);
/* Done */
DSA_SIG_free(dsa_sig);
return DSA_SIG_SIZE;
}
}
}
return -1;
}
int
_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
const unsigned char *hash,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
int r_len, s_len;
(void) hash_len;
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if (!sig) {
return -1;
}
r_len = BN_num_bytes(sig->r);
if (r_len < 1 || r_len > 20) {
DSA_SIG_free(sig);
return -1;
}
s_len = BN_num_bytes(sig->s);
if (s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
}
memset(signature, 0, 40);
BN_bn2bin(sig->r, signature + (20 - r_len));
BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
return 0;
}
static isc_result_t
openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_sha1_t *sha1ctx = dctx->opaque;
dst_key_t *key = dctx->key;
DSA *dsa = key->opaque;
DSA_SIG *dsasig;
isc_region_t r;
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
isc_buffer_availableregion(sig, &r);
if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
return (ISC_R_NOSPACE);
isc_sha1_final(sha1ctx, digest);
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (dst__openssl_toresult(DST_R_SIGNFAILURE));
*r.base++ = (key->key_size - 512)/64;
BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
DSA_SIG_free(dsasig);
isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
return (ISC_R_SUCCESS);
}
/* sign */
void DSASigner::sign(
const void *data,
size_t dataLen,
void *sig,
size_t *sigLen) /* IN/OUT */
{
if(mDsaKey == NULL) {
CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
}
if(mDsaKey->priv_key == NULL) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
/* get signature in internal format */
DSA_SIG *dsaSig = DSA_do_sign((unsigned char *)data, dataLen, mDsaKey);
if(dsaSig == NULL) {
throwRsaDsa("DSA_do_sign");
}
/* DER encode the signature */
CssmAutoData encodedSig(alloc());
int irtn = DSASigEncode(dsaSig, encodedSig);
if(irtn) {
throwRsaDsa("DSASigEncode");
}
if(encodedSig.length() > *sigLen) {
throwRsaDsa("DSA sign overflow");
}
memmove(sig, encodedSig.data(), encodedSig.length());
*sigLen = encodedSig.length();
DSA_SIG_free(dsaSig);
}
static void generateSignatureVector(DSA* key, unsigned char* mess, int len, BOOL passes)
{
unsigned char buf[len];
unsigned int siglen;
int err;
DSA_SIG* sig;
Mem::Copy(buf, mess, len);
setOurRandom();
sig = DSA_do_sign(buf, len, key);
if (sig == NULL)
processError();
if (!passes)
scramble(buf, len);
printActionHeader("DSA test vector", "DSASignVector");
printDSAPrivateKey(key);
printHexElement("digest", buf, len);
printBNElement("sigR", sig->r);
printBNElement("sigS", sig->s);
printActionFooter(passes);
printActionHeader("DSA test vector", "DSAVerifyVector");
printDSAPublicKey(key);
printHexElement("digest", buf, len);
printBNElement("sigR", sig->r);
printBNElement("sigS", sig->s);
printActionFooter(passes);
DSA_SIG_free(sig);
}
/**
* Sign data with DSA
*
* \param[in] to_sign The ldns_buffer containing raw data that is
* to be signed
* \param[in] key The DSA key structure to sign with
* \return ldns_rdf for the RRSIG ldns_rr
*/
ldns_rdf *
ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
{
unsigned char *sha1_hash;
ldns_rdf *sigdata_rdf;
ldns_buffer *b64sig;
DSA_SIG *sig;
uint8_t *data;
size_t pad;
b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!b64sig) {
return NULL;
}
sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign), NULL);
if (!sha1_hash) {
ldns_buffer_free(b64sig);
return NULL;
}
sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
if(!sig) {
ldns_buffer_free(b64sig);
return NULL;
}
data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
if(!data) {
ldns_buffer_free(b64sig);
DSA_SIG_free(sig);
return NULL;
}
data[0] = 1;
pad = 20 - (size_t) BN_num_bytes(sig->r);
if (pad > 0) {
memset(data + 1, 0, pad);
}
BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad);
pad = 20 - (size_t) BN_num_bytes(sig->s);
if (pad > 0) {
memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
}
BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,
1 + 2 * SHA_DIGEST_LENGTH,
data);
ldns_buffer_free(b64sig);
LDNS_FREE(data);
DSA_SIG_free(sig);
return sigdata_rdf;
}
ssh_string SshAgentSignDss(uint8_t* data, int dataSize, ssh_key key, uint32_t flags)
{
unsigned char hash[SHA_DIGEST_LEN] = {0};
SHACTX ctx;
ctx = sha1_init();
if (ctx == NULL)
{
return NULL;
}
sha1_update(ctx, data, dataSize);
sha1_final(hash, ctx); // This release ctx.
DSA_SIG* sig = NULL;
sig = DSA_do_sign(hash, sizeof(hash), key->dsa);
if (sig == NULL)
{
return NULL;
}
uint8_t sigblob[40];
memset(sigblob, 0, 40);
int rlen = BN_num_bytes(sig->r);
int slen = BN_num_bytes(sig->s);
BN_bn2bin(sig->r, sigblob + 20 - rlen);
BN_bn2bin(sig->s, sigblob + 40 - slen);
if (flags & SSH_AGENT_OLD_SIGNATURE)
{
uint8_t* signatureBlob = malloc(sizeof(sigblob));
if (signatureBlob == NULL)
{
return NULL;
}
memcpy(signatureBlob, sigblob, 40);
return (ssh_string)signatureBlob;
}
int signatureTypeLength = 7;
int signatureLength = 40;
int signatureBlobLength = 8 + signatureTypeLength + signatureLength;
uint8_t* signatureBlob = malloc(4 + signatureBlobLength);
if (signatureBlob == NULL)
{
return NULL;
}
pack32(signatureBlob, signatureBlobLength);
pack32(signatureBlob + 4, signatureTypeLength);
memcpy(signatureBlob + 8, "ssh-dss", signatureTypeLength);
pack32(signatureBlob + 15, signatureLength);
memcpy(signatureBlob + 19, sigblob, 40);
return (ssh_string)signatureBlob;
}
/* this function signs the session id */
STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey){
SHACTX ctx;
unsigned char hash[SHA_DIGEST_LEN+1];
SIGNATURE *sign;
STRING *signature;
CRYPTO *crypto=session->current_crypto?session->current_crypto:session->next_crypto;
#ifdef HAVE_LIBGCRYPT
gcry_sexp_t data_sexp;
#endif
ctx=sha1_init();
sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN);
sha1_final(hash+1,ctx);
hash[0]=0;
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN);
#endif
sign=malloc(sizeof(SIGNATURE));
switch(privatekey->type){
case TYPE_DSS:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_build(&data_sexp,NULL,"%b",SHA_DIGEST_LEN+1,hash);
gcry_pk_sign(&sign->dsa_sign,data_sexp,privatekey->dsa_priv);
#elif defined HAVE_LIBCRYPTO
sign->dsa_sign=DSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->dsa_priv);
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r",sign->dsa_sign->r);
ssh_print_bignum("s",sign->dsa_sign->s);
#endif
#endif
sign->rsa_sign=NULL;
break;
case TYPE_RSA:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_build(&data_sexp,NULL,"(data(flags pkcs1)(hash sha1 %b))",SHA_DIGEST_LEN,hash+1);
gcry_pk_sign(&sign->rsa_sign,data_sexp,privatekey->rsa_priv);
#elif defined HAVE_LIBCRYPTO
sign->rsa_sign=RSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->rsa_priv);
#endif
sign->dsa_sign=NULL;
break;
}
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(data_sexp);
#endif
sign->type=privatekey->type;
if(!sign->dsa_sign && !sign->rsa_sign){
#ifdef HAVE_LIBGCRYPT
ssh_set_error(session,SSH_FATAL,"Signing : libgcrypt error");
#elif defined HAVE_LIBCRYPTO
ssh_set_error(session,SSH_FATAL,"Signing : openssl error");
#endif
signature_free(sign);
return NULL;
}
signature=signature_to_string(sign);
signature_free(sign);
return signature;
}
int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) {
DSA_SIG *s;
s = DSA_do_sign(digest, digest_len, dsa);
if (s == NULL) {
*out_siglen = 0;
return 0;
}
*out_siglen = i2d_DSA_SIG(s, &out_sig);
DSA_SIG_free(s);
return 1;
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
*siglen=0;
return(0);
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
}
int signatureofshorthash(
unsigned char sm[SIGNATURE_BYTES],unsigned long long *smlen,
const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,
const unsigned char sk[SECRETKEY_BYTES],const unsigned long long sklen
)
{
unsigned char h[20];
DSA *x;
DSA_SIG *y;
int len;
if (mlen > SHORTHASH_BYTES) return -1;
SHA1(m,mlen,h);
x = DSA_new();
if (!x) return -1;
x->p = BN_new(); if (!x->p) goto error;
x->q = BN_new(); if (!x->q) goto error;
x->g = BN_new(); if (!x->g) goto error;
x->pub_key = BN_new(); if (!x->pub_key) goto error;
x->priv_key = BN_new(); if (!x->priv_key) goto error;
if (!BN_bin2bn(prime,sizeof prime,x->p)) goto error;
if (!BN_bin2bn(prime_q,sizeof prime_q,x->q)) goto error;
if (!BN_bin2bn(prime_g,sizeof prime_g,x->g)) goto error;
if (!BN_bin2bn(sk,PUBLICKEY_BYTES,x->pub_key)) goto error; sk += PUBLICKEY_BYTES;
if (!BN_bin2bn(sk,SECRETKEY_BYTES - PUBLICKEY_BYTES,x->priv_key)) goto error;
y = DSA_do_sign(h,20,x);
if (!y) goto error;
memset(sm,0,40);
len = BN_num_bytes(y->r); if (len > 20) goto yerror;
BN_bn2bin(y->r,sm + 20 - len);
len = BN_num_bytes(y->s); if (len > 20) goto yerror;
BN_bn2bin(y->s,sm + 40 - len);
*smlen = 40;
DSA_SIG_free(y);
DSA_free(x);
return 0;
yerror:
DSA_SIG_free(y);
error:
DSA_free(x);
return -1;
}
struct signature_struct *pki_do_sign(ssh_key privatekey,
const unsigned char *hash) {
struct signature_struct *sign;
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
sign->type = privatekey->type;
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa);
if (sign->dsa_sign == NULL) {
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r", sign->dsa_sign->r);
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa);
if (sign->rsa_sign == NULL) {
signature_free(sign);
return NULL;
}
sign->dsa_sign = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
signature_free(sign);
return NULL;
}
return sign;
}
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this
* function to skip that. Returns > 0 on success */
int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen,
const BIGNUM **r, const BIGNUM **s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa);
if (!sig) return 0;
DSA_SIG_get0(sig, r, s);
*r = BN_dup(*r);
*s = BN_dup(*s);
DSA_SIG_free(sig);
return 1;
#else
DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa);
if (!sig) return 0;
*r = sig->r;
*s = sig->s;
free(sig);
return 1;
#endif
}
DSA_SIG* ops_dsa_sign(unsigned char* hashbuf, unsigned hashsize, const ops_dsa_secret_key_t *sdsa, const ops_dsa_public_key_t *dsa)
{
DSA *odsa;
DSA_SIG *dsasig;
odsa=DSA_new();
odsa->p=dsa->p;
odsa->q=dsa->q;
odsa->g=dsa->g;
odsa->pub_key=dsa->y;
odsa->priv_key=sdsa->x;
dsasig=DSA_do_sign(hashbuf,hashsize,odsa);
odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL;
DSA_free(odsa);
return dsasig;
}
int
_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
const unsigned char *hash,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
const BIGNUM * r;
const BIGNUM * s;
int r_len, s_len;
(void) hash_len;
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if(!sig) {
return -1;
}
#ifdef HAVE_OPAQUE_STRUCTS
DSA_SIG_get0(sig, &r, &s);
#else
r = sig->r;
s = sig->s;
#endif
r_len = BN_num_bytes(r);
if(r_len < 1 || r_len > 20) {
DSA_SIG_free(sig);
return -1;
}
s_len = BN_num_bytes(s);
if(s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
}
memset(signature, 0, 40);
BN_bn2bin(r, signature + (20 - r_len));
BN_bn2bin(s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
return 0;
}
void siggen()
{
char buf[1024];
int nmod=0;
DSA *dsa=NULL;
while(fgets(buf,sizeof buf,stdin) != NULL)
{
if(!strncmp(buf,"[mod = ",7))
{
nmod=atoi(buf+7);
printf("[mod = %d]\n\n",nmod);
dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
pbn("P",dsa->p);
pbn("Q",dsa->q);
pbn("G",dsa->g);
putc('\n',stdout);
}
else if(!strncmp(buf,"Msg = ",6))
{
unsigned char msg[1024];
unsigned char hash[20];
int n;
DSA_SIG *sig;
n=hex2bin(buf+6,msg);
pv("Msg",msg,n);
DSA_generate_key(dsa);
pbn("Y",dsa->pub_key);
SHA1(msg,n,hash);
sig=DSA_do_sign(hash,sizeof hash,dsa);
pbn("R",sig->r);
pbn("S",sig->s);
putc('\n',stdout);
}
}
}
// Signing functions
bool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
ByteString& signature, const AsymMech::Type mechanism,
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
{
if (mechanism == AsymMech::DSA)
{
// Separate implementation for DSA signing without hash computation
// Check if the private key is the right type
if (!privateKey->isOfType(OSSLDSAPrivateKey::type))
{
ERROR_MSG("Invalid key type supplied");
return false;
}
OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey;
DSA* dsa = pk->getOSSLKey();
// Perform the signature operation
unsigned int sigLen = pk->getOutputLength();
signature.resize(sigLen);
memset(&signature[0], 0, sigLen);
int dLen = dataToSign.size();
DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa);
if (sig == NULL)
return false;
// Store the 2 values with padding
BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
DSA_SIG_free(sig);
return true;
}
else
{
// Call default implementation
return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen);
}
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
RAND_seed(dgst, dlen);
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
*siglen=0;
return(0);
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
}
DSA_SIG *
__ops_dsa_sign(uint8_t *hashbuf,
unsigned hashsize,
const __ops_dsa_seckey_t *secdsa,
const __ops_dsa_pubkey_t *pubdsa)
{
DSA_SIG *dsasig;
DSA *odsa;
odsa = DSA_new();
odsa->p = pubdsa->p;
odsa->q = pubdsa->q;
odsa->g = pubdsa->g;
odsa->pub_key = pubdsa->y;
odsa->priv_key = secdsa->x;
dsasig = DSA_do_sign(hashbuf, (int)hashsize, odsa);
odsa->p = odsa->q = odsa->g = odsa->pub_key = odsa->priv_key = NULL;
DSA_free(odsa);
return dsasig;
}
byte_array
dsa160_key::sign(byte_array const& digest) const
{
assert(type() == public_and_private);
assert(digest.size() == SHA256_DIGEST_LENGTH);
// The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.
int digest_size = 160/8;
DSA_SIG *sig = DSA_do_sign((const unsigned char*)digest.data(), digest_size, dsa_);
assert(sig);
byte_array signature;
{
byte_array_owrap<flurry::oarchive> write(signature);
// write to signature
write.archive() << sig->r << sig->s;
}
DSA_SIG_free(sig);
return signature;
}
bool OSSLDSA::signFinal(ByteString& signature)
{
// Save necessary state before calling super class signFinal
OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey;
if (!AsymmetricAlgorithm::signFinal(signature))
{
return false;
}
ByteString hash;
bool bFirstResult = pCurrentHash->hashFinal(hash);
delete pCurrentHash;
pCurrentHash = NULL;
if (!bFirstResult)
{
return false;
}
DSA* dsa = pk->getOSSLKey();
// Perform the signature operation
unsigned int sigLen = pk->getOutputLength();
signature.resize(sigLen);
memset(&signature[0], 0, sigLen);
DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa);
if (sig == NULL)
return false;
// Store the 2 values with padding
BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
DSA_SIG_free(sig);
return true;
}
static int
xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dlen,
unsigned char *sig, unsigned int *siglen, void *dsa) {
DSA_SIG *s;
int rSize, sSize;
s = DSA_do_sign(dgst, dlen, dsa);
if(s == NULL) {
*siglen=0;
return(0);
}
rSize = BN_num_bytes(s->r);
sSize = BN_num_bytes(s->s);
if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
(sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size(r)=%d or size(s)=%d > %d",
rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
DSA_SIG_free(s);
return(0);
}
memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
*siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
DSA_SIG_free(s);
return(1);
}
BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
{
buffer_t *msg = NULL;
char *s;
int ret;
msg = buffer_init();
if (msg == NULL) {
// TODO: error check
return FALSE;
}
switch (keypair->type) {
case KEY_RSA: // RSA
{
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], *sig;
u_int slen, dlen, len;
int ok, nid = NID_sha1;
// ダイジェスト値の計算
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, &dlen);
slen = RSA_size(keypair->rsa);
sig = malloc(slen);
if (sig == NULL)
goto error;
// 電子署名を計算
ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
memset(digest, 'd', sizeof(digest));
if (ok != 1) { // error
free(sig);
goto error;
}
// 署名のサイズがバッファより小さい場合、後ろへずらす。先頭はゼロで埋める。
if (len < slen) {
u_int diff = slen - len;
memmove(sig + diff, sig, len);
memset(sig, 0, diff);
} else if (len > slen) {
free(sig);
goto error;
} else {
// do nothing
}
s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
buffer_append_length(msg, sig, slen);
len = buffer_len(msg);
// setting
*siglen = len;
*sigptr = malloc(len);
if (*sigptr == NULL) {
free(sig);
goto error;
}
memcpy(*sigptr, buffer_ptr(msg), len);
free(sig);
break;
}
case KEY_DSA: // DSA
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
// ダイジェストの計算
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, &dlen);
// DSA電子署名を計算
sig = DSA_do_sign(digest, dlen, keypair->dsa);
memset(digest, 'd', sizeof(digest));
if (sig == NULL) {
goto error;
}
// BIGNUMからバイナリ値への変換
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
DSA_SIG_free(sig);
goto error;
}
memset(sigblob, 0, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
// setting
s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
buffer_append_length(msg, sigblob, sizeof(sigblob));
len = buffer_len(msg);
// setting
*siglen = len;
*sigptr = malloc(len);
if (*sigptr == NULL) {
goto error;
}
memcpy(*sigptr, buffer_ptr(msg), len);
break;
}
case KEY_ECDSA256: // ECDSA
case KEY_ECDSA384:
case KEY_ECDSA521:
{
ECDSA_SIG *sig;
const EVP_MD *evp_md;
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE];
u_int len, dlen, nid;
buffer_t *buf2 = NULL;
nid = keytype_to_hash_nid(keypair->type);
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
goto error;
}
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, &dlen);
sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
memset(digest, 'd', sizeof(digest));
if (sig == NULL) {
goto error;
}
buf2 = buffer_init();
if (buf2 == NULL) {
// TODO: error check
goto error;
}
buffer_put_bignum2(buf2, sig->r);
buffer_put_bignum2(buf2, sig->s);
ECDSA_SIG_free(sig);
s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
buffer_free(buf2);
len = buffer_len(msg);
*siglen = len;
*sigptr = malloc(len);
if (*sigptr == NULL) {
goto error;
}
memcpy(*sigptr, buffer_ptr(msg), len);
break;
}
case KEY_ED25519:
ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen);
if (ret != 0)
goto error;
break;
default:
buffer_free(msg);
return FALSE;
break;
}
buffer_free(msg);
return TRUE;
error:
buffer_free(msg);
return FALSE;
}
int
ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, u_int compat)
{
DSA_SIG *sig = NULL;
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
struct sshbuf *b = NULL;
int ret = SSH_ERR_INVALID_ARGUMENT;
if (lenp != NULL)
*lenp = 0;
if (sigp != NULL)
*sigp = NULL;
if (key == NULL || key->dsa == NULL ||
sshkey_type_plain(key->type) != KEY_DSA)
return SSH_ERR_INVALID_ARGUMENT;
if (dlen == 0)
return SSH_ERR_INTERNAL_ERROR;
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
digest, sizeof(digest))) != 0)
goto out;
if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
ret = SSH_ERR_INTERNAL_ERROR;
goto out;
}
explicit_bzero(sigblob, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
if (compat & SSH_BUG_SIGBLOB) {
if (sigp != NULL) {
if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sigblob, SIGBLOB_LEN);
}
if (lenp != NULL)
*lenp = SIGBLOB_LEN;
ret = 0;
} else {
/* ietf-drafts */
if ((b = sshbuf_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
goto out;
len = sshbuf_len(b);
if (sigp != NULL) {
if ((*sigp = malloc(len)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sshbuf_ptr(b), len);
}
if (lenp != NULL)
*lenp = len;
ret = 0;
}
out:
explicit_bzero(digest, sizeof(digest));
if (sig != NULL)
DSA_SIG_free(sig);
sshbuf_free(b);
return ret;
}
int
ssh_dss_sign(const struct sshkey *key, u_char **sigp, u_int *lenp,
const u_char *data, u_int datalen, u_int compat)
{
DSA_SIG *sig = NULL;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
struct sshbuf *b = NULL;
int ret = SSH_ERR_INVALID_ARGUMENT;
if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00))
return SSH_ERR_INVALID_ARGUMENT;
if (EVP_DigestInit(&md, evp_md) != 1 ||
EVP_DigestUpdate(&md, data, datalen) != 1 ||
EVP_DigestFinal(&md, digest, &dlen) != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
ret = SSH_ERR_INTERNAL_ERROR;
goto out;
}
bzero(sigblob, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
if (compat & SSH_BUG_SIGBLOB) {
if (lenp != NULL)
*lenp = SIGBLOB_LEN;
if (sigp != NULL) {
if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sigblob, SIGBLOB_LEN);
}
ret = 0;
} else {
/* ietf-drafts */
if ((b = sshbuf_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
goto out;
len = sshbuf_len(b);
if (lenp != NULL)
*lenp = len;
if (sigp != NULL) {
if ((*sigp = malloc(len)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
memcpy(*sigp, sshbuf_ptr(b), len);
}
ret = 0;
}
out:
bzero(&md, sizeof(md));
bzero(digest, sizeof(digest));
if (sig != NULL)
DSA_SIG_free(sig);
if (b != NULL)
sshbuf_free(b);
return ret;
}
/*
* This function signs the session id (known as H) as a string then
* the content of sigbuf */
STRING *ssh_do_sign(SSH_SESSION *session, BUFFER *sigbuf,
PRIVATE_KEY *privatekey) {
CRYPTO *crypto = session->current_crypto ? session->current_crypto :
session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
STRING *session_str = NULL;
STRING *signature = NULL;
SIGNATURE *sign = NULL;
SHACTX ctx = NULL;
#ifdef HAVE_LIBGCRYPT
gcry_sexp_t gcryhash;
#endif
session_str = string_new(SHA_DIGEST_LEN);
if (session_str == NULL) {
return NULL;
}
string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
ctx = sha1_init();
if (ctx == NULL) {
string_free(session_str);
return NULL;
}
sha1_update(ctx, session_str, string_len(session_str) + 4);
string_free(session_str);
sha1_update(ctx, buffer_get(sigbuf), buffer_get_len(sigbuf));
sha1_final(hash + 1,ctx);
hash[0] = 0;
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
#endif
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
switch(privatekey->type) {
case TYPE_DSS:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa_priv);
if (sign->dsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r", sign->dsa_sign->r);
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
#endif /* HAVE_LIBCRYPTO */
sign->rsa_sign = NULL;
break;
case TYPE_RSA:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa_priv);
if (sign->rsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#endif
sign->dsa_sign = NULL;
break;
}
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(gcryhash);
#endif
sign->type = privatekey->type;
signature = signature_to_string(sign);
signature_free(sign);
return signature;
}
int
ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
const u_char *data, u_int datalen)
{
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
u_int rlen, slen, len, dlen;
Buffer b;
if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&
key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {
error("ssh_dss_sign: no DSA key");
return -1;
}
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, &dlen);
sig = DSA_do_sign(digest, dlen, key->dsa);
memset(digest, 'd', sizeof(digest));
if (sig == NULL) {
error("ssh_dss_sign: sign failed");
return -1;
}
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
error("bad sig size %u %u", rlen, slen);
DSA_SIG_free(sig);
return -1;
}
memset(sigblob, 0, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
if (datafellows & SSH_BUG_SIGBLOB) {
if (lenp != NULL)
*lenp = SIGBLOB_LEN;
if (sigp != NULL) {
*sigp = xmalloc(SIGBLOB_LEN);
memcpy(*sigp, sigblob, SIGBLOB_LEN);
}
} else {
/* ietf-drafts */
buffer_init(&b);
buffer_put_cstring(&b, "ssh-dss");
buffer_put_string(&b, sigblob, SIGBLOB_LEN);
len = buffer_len(&b);
if (lenp != NULL)
*lenp = len;
if (sigp != NULL) {
*sigp = xmalloc(len);
memcpy(*sigp, buffer_ptr(&b), len);
}
buffer_free(&b);
}
return 0;
}
/* this function signs the session id */
ssh_string ssh_sign_session_id(ssh_session session, ssh_private_key privatekey) {
struct ssh_crypto_struct *crypto=session->current_crypto ? session->current_crypto :
session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
ssh_string signature = NULL;
SIGNATURE *sign = NULL;
SHACTX ctx = NULL;
#ifdef HAVE_LIBGCRYPT
gcry_sexp_t data_sexp;
#endif
ctx = sha1_init();
if (ctx == NULL) {
return NULL;
}
sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN);
sha1_final(hash + 1,ctx);
hash[0] = 0;
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN);
#endif
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
ZERO_STRUCTP(sign);
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&data_sexp, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign, data_sexp, privatekey->dsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error");
gcry_sexp_release(data_sexp);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa_priv);
if (sign->dsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r",sign->dsa_sign->r);
ssh_print_bignum("s",sign->dsa_sign->s);
#endif
#endif /* HAVE_LIBCRYPTO */
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash sha1 %b))",
SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, data_sexp, privatekey->rsa_priv)) {
ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error");
gcry_sexp_release(data_sexp);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa_priv);
if (sign->rsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#endif
sign->dsa_sign = NULL;
break;
default:
signature_free(sign);
return NULL;
}
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(data_sexp);
#endif
sign->type = privatekey->type;
signature = signature_to_string(sign);
signature_free(sign);
return signature;
}
unsigned int OpenSSLCryptoKeyDSA::signBase64Signature(unsigned char * hashBuf,
unsigned int hashLen,
char * base64SignatureBuf,
unsigned int base64SignatureBufLen) {
// Sign a pre-calculated hash using this key
if (mp_dsaKey == NULL) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Attempt to sign data with empty key");
}
DSA_SIG * dsa_sig;
dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
if (dsa_sig == NULL) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Error signing data");
}
// Now turn the signature into a base64 string
unsigned char rawSigBuf[256];
unsigned int rawLen;
rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
if (rawLen <= 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Error converting signature to raw buffer");
}
unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
if (rawLenS <= 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Error converting signature to raw buffer");
}
rawLen += rawLenS;
// Now convert to Base 64
BIO * b64 = BIO_new(BIO_f_base64());
BIO * bmem = BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(bmem, 0);
b64 = BIO_push(b64, bmem);
// Translate signature from Base64
BIO_write(b64, rawSigBuf, rawLen);
BIO_flush(b64);
unsigned int sigValLen = BIO_read(bmem, base64SignatureBuf, base64SignatureBufLen);
BIO_free_all(b64);
if (sigValLen <= 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Error base64 encoding signature");
}
return sigValLen;
}
static isc_result_t
openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_key_t *key = dctx->key;
DSA *dsa = key->keydata.dsa;
isc_region_t r;
DSA_SIG *dsasig;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey;
unsigned char *sigbuf;
const unsigned char *sb;
unsigned int siglen;
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
#endif
isc_buffer_availableregion(sig, &r);
if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
return (ISC_R_NOSPACE);
#if USE_EVP
pkey = EVP_PKEY_new();
if (pkey == NULL)
return (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
EVP_PKEY_free(pkey);
return (ISC_R_FAILURE);
}
sigbuf = malloc(EVP_PKEY_size(pkey));
if (sigbuf == NULL) {
EVP_PKEY_free(pkey);
return (ISC_R_NOMEMORY);
}
if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) {
EVP_PKEY_free(pkey);
free(sigbuf);
return (ISC_R_FAILURE);
}
INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
EVP_PKEY_free(pkey);
/* Convert from Dss-Sig-Value (RFC2459). */
dsasig = DSA_SIG_new();
if (dsasig == NULL) {
free(sigbuf);
return (ISC_R_NOMEMORY);
}
sb = sigbuf;
if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) {
free(sigbuf);
return (ISC_R_FAILURE);
}
free(sigbuf);
#elif 0
/* Only use EVP for the Digest */
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
return (ISC_R_FAILURE);
}
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (dst__openssl_toresult(DST_R_SIGNFAILURE));
#else
isc_sha1_final(sha1ctx, digest);
dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
if (dsasig == NULL)
return (dst__openssl_toresult(DST_R_SIGNFAILURE));
#endif
*r.base++ = (key->key_size - 512)/64;
BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
r.base += ISC_SHA1_DIGESTLENGTH;
DSA_SIG_free(dsasig);
isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
return (ISC_R_SUCCESS);
}
