int
get_ASN_public_key(unsigned char** public_key_der, int* public_key_der_len, struct ndn_pkey* private_key)
{
unsigned char *pub;
*public_key_der_len = i2d_PUBKEY((EVP_PKEY*)private_key, 0);
*public_key_der = pub = (unsigned char*) calloc(*public_key_der_len, 1);
i2d_PUBKEY((EVP_PKEY*)private_key, &pub);
return 0;
}
pki_key::pki_key(const pki_key *pk)
:pki_base(pk->desc)
{
int keylen;
unsigned char *der_key, *p;
ucount = pk->ucount;
keylen = i2d_PUBKEY(pk->key, NULL);
p = der_key = (unsigned char *)OPENSSL_malloc(keylen);
check_oom(der_key);
i2d_PUBKEY(pk->key, &p);
p = der_key;
key = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen);
OPENSSL_free(der_key);
pki_openssl_error();
}
int RSApubKeyToMsg(EVP_PKEY* pubKey, char** msg, int* msglen){
if(pubKey == NULL || msglen == NULL || msg == NULL)
return 0;
*msglen = i2d_PUBKEY(pubKey, (unsigned char **)msg);
return 1;
}
EVP_PKEY *pki_evp::priv2pub(EVP_PKEY* key)
{
int keylen;
unsigned char *p, *p1;
EVP_PKEY *pubkey;
keylen = i2d_PUBKEY(key, NULL);
p1 = p = (unsigned char *)OPENSSL_malloc(keylen);
check_oom(p);
/* convert rsa/dsa/ec to Pubkey */
keylen = i2d_PUBKEY(key, &p);
pki_openssl_error();
p = p1;
pubkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen);
OPENSSL_free(p1);
pki_openssl_error();
return pubkey;
}
SEXP R_parse_der_pubkey(SEXP input){
const unsigned char *ptr = RAW(input);
EVP_PKEY *pkey = d2i_PUBKEY(NULL, &ptr, LENGTH(input));
bail(!!pkey);
unsigned char *buf = NULL;
int len = i2d_PUBKEY(pkey, &buf);
bail(len);
SEXP res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
OPENSSL_free(buf);
return res;
}
/* Convert private to public key */
SEXP R_derive_pubkey(SEXP input){
BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input));
EVP_PKEY *pkey = d2i_PrivateKey_bio(mem, NULL);
BIO_free(mem);
bail(!!pkey);
unsigned char *buf = NULL;
int len = i2d_PUBKEY(pkey, &buf);
bail(len);
SEXP res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
OPENSSL_free(buf);
return res;
}
int
ccn_append_pubkey_blob(struct ccn_charbuf *c, const struct ccn_pkey *i_pubkey)
{
int res;
size_t bytes;
unsigned char *p = NULL;
res = i2d_PUBKEY((EVP_PKEY *)i_pubkey, NULL);
if (res < 0)
return(-1);
bytes = res;
res = ccn_charbuf_append_tt(c, bytes, CCN_BLOB);
if (res < 0)
return(-1);
p = ccn_charbuf_reserve(c, bytes);
if (p == NULL)
return(-1);
res = i2d_PUBKEY((EVP_PKEY *)i_pubkey, &p);
if (res != (int)bytes)
return(-1);
c->length += bytes;
return(bytes);
}
__attribute__((visibility("default"))) int openssl_get_keypair_public(const keymaster0_device_t*,
const uint8_t* key_blob,
const size_t key_blob_length,
uint8_t** x509_data,
size_t* x509_data_length) {
if (x509_data == NULL || x509_data_length == NULL) {
ALOGW("output public key buffer == NULL");
return -1;
}
Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
if (pkey.get() == NULL) {
return -1;
}
int len = i2d_PUBKEY(pkey.get(), NULL);
if (len <= 0) {
logOpenSSLError("openssl_get_keypair_public");
return -1;
}
UniquePtr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len)));
if (key.get() == NULL) {
ALOGE("Could not allocate memory for public key data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
logOpenSSLError("openssl_get_keypair_public");
return -1;
}
ALOGV("Length of x509 data is %d", len);
*x509_data_length = len;
*x509_data = key.release();
return 0;
}
/* Convert cert to public key */
SEXP R_cert_pubkey(SEXP input){
const unsigned char *ptr = RAW(input);
X509 *cert = d2i_X509(NULL, &ptr, LENGTH(input));
bail(!!cert);
EVP_PKEY *key = X509_get_pubkey(cert);
bail(!!key);
unsigned char *buf = NULL;
int len = i2d_PUBKEY(key, &buf);
bail(len);
SEXP res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
OPENSSL_free(buf);
return res;
}
// Set from OpenSSL representation
void OSSLGOSTPublicKey::setFromOSSL(const EVP_PKEY* pkey)
{
ByteString der;
int len = i2d_PUBKEY((EVP_PKEY*) pkey, NULL);
if (len != 37 + 64)
{
ERROR_MSG("bad GOST public key encoding length %d", len);
return;
}
der.resize(len);
unsigned char *p = &der[0];
i2d_PUBKEY((EVP_PKEY*) pkey, &p);
// can check: der is prefix + 64 bytes
setQ(der.substr(37));
ByteString inEC;
const EC_KEY* eckey = (const EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
inEC.resize(i2d_ASN1_OBJECT(OBJ_nid2obj(nid), NULL));
p = &inEC[0];
i2d_ASN1_OBJECT(OBJ_nid2obj(nid), &p);
setEC(inEC);
}
int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if(!a) return 0;
pktmp = EVP_PKEY_new();
if(!pktmp) {
ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_PKEY_set1_DSA(pktmp, a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return ret;
}
int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if (!a) return(0);
if ((pktmp = EVP_PKEY_new()) == NULL)
{
OPENSSL_PUT_ERROR(X509, i2d_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
return(0);
}
EVP_PKEY_set1_EC_KEY(pktmp, (EC_KEY*) a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return(ret);
}
int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if (!a) return(0);
if ((pktmp = EVP_PKEY_new()) == NULL)
{
ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
return(0);
}
EVP_PKEY_set1_EC_KEY(pktmp, a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return(ret);
}
int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if(!a) return 0;
pktmp = EVP_PKEY_new();
if(!pktmp)
{
OPENSSL_PUT_ERROR(X509, i2d_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_PKEY_set1_DSA(pktmp, (DSA*) a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return ret;
}
int
create_public_key_digest(struct ndn_pkey *key,
PyObject **py_public_key_digest, int *public_key_digest_len)
{
unsigned int err;
unsigned char *public_key_der = NULL;
size_t der_len;
unsigned char *key_digest;
size_t key_digest_size;
PyObject *py_digest = NULL;
int r;
assert(key);
assert(py_public_key_digest);
r = i2d_PUBKEY((EVP_PKEY *)key, &public_key_der);
if (r < 0) {
goto openssl_error;
}
der_len = r;
r = create_key_digest(public_key_der, der_len, &key_digest,
&key_digest_size);
free(public_key_der);
public_key_der = NULL;
JUMP_IF_NEG(r, error);
py_digest = PyBytes_FromStringAndSize((char *) key_digest, key_digest_size);
JUMP_IF_NULL(py_digest, error);
*py_public_key_digest = py_digest;
if (public_key_digest_len)
*public_key_digest_len = key_digest_size;
return 0;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to generate digest from the key:"
" %s", ERR_reason_error_string(err));
error:
if (public_key_der)
free(public_key_der);
return -1;
}
static char *hash_subject_pubkey_info(X509 *cert)
{
_cleanup_free_ unsigned char *spki = NULL;
char *hash = NULL;
EVP_PKEY *pkey;
int len;
pkey = X509_get_pubkey(cert);
if (!pkey)
return NULL;
len = i2d_PUBKEY(pkey, &spki);
if (len <= 0)
goto free_pkey;
hash = cipher_sha256_b64(spki, len);
free_pkey:
EVP_PKEY_free(pkey);
return hash;
}
static PARCBuffer *
_GetDEREncodedPublicKey(PARCPkcs12KeyStore *keystore)
{
parcSecurity_AssertIsInitialized();
assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore");
if (keystore->public_key_der == NULL) {
uint8_t *der = NULL;
// this allocates memory for der
int derLength = i2d_PUBKEY(keystore->public_key, &der);
if (derLength > 0) {
keystore->public_key_der =
parcBuffer_Flip(parcBuffer_PutArray(parcBuffer_Allocate(derLength), derLength, der));
}
OPENSSL_free(der);
}
return parcBuffer_Copy(keystore->public_key_der);
}
PyObject *
get_key_der_public(struct ndn_pkey *public_key_ndn)
{
PyObject *result;
unsigned long err;
unsigned char *public_key_der = NULL;
int der_len;
der_len = i2d_PUBKEY((EVP_PKEY *) public_key_ndn, &public_key_der);
JUMP_IF_NEG(der_len, openssl_error);
result = PyBytes_FromStringAndSize((char *) public_key_der, der_len);
JUMP_IF_NULL(result, error);
return result;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to write Public Key: %s",
ERR_reason_error_string(err));
error:
return NULL;
}
PKI_MEM * PKI_X509_KEYPAIR_get_pubkey(PKI_X509_KEYPAIR *kp)
{
PKI_X509_KEYPAIR_VALUE *kVal = NULL;
PKI_MEM *ret = NULL;
if(!kp || !kp->value)
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
};
kVal = kp->value;
if((ret = PKI_MEM_new_null())==NULL)
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
};
ret->size = (size_t) i2d_PUBKEY(kVal, &(ret->data));
return ret;
}
static isc_result_t
opensslgost_todns(const dst_key_t *key, isc_buffer_t *data) {
EVP_PKEY *pkey;
isc_region_t r;
unsigned char der[37 + 64], *p;
int len;
REQUIRE(key->keydata.pkey != NULL);
pkey = key->keydata.pkey;
isc_buffer_availableregion(data, &r);
if (r.length < 64)
return (ISC_R_NOSPACE);
p = der;
len = i2d_PUBKEY(pkey, &p);
INSIST(len == sizeof(der));
INSIST(memcmp(gost_prefix, der, 37) == 0);
memcpy(r.base, der + 37, 64);
isc_buffer_add(data, 64);
return (ISC_R_SUCCESS);
}
ldns_status
ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type)
{
unsigned char* buf = NULL;
size_t len;
X509_PUBKEY* xpubkey;
EVP_PKEY* epubkey;
unsigned char* digest;
assert(rdf != NULL);
assert(cert != NULL);
switch(selector) {
case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
len = (size_t)i2d_X509(cert, &buf);
break;
case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
#ifndef S_SPLINT_S
xpubkey = X509_get_X509_PUBKEY(cert);
#endif
if (! xpubkey) {
return LDNS_STATUS_SSL_ERR;
}
epubkey = X509_PUBKEY_get(xpubkey);
if (! epubkey) {
return LDNS_STATUS_SSL_ERR;
}
len = (size_t)i2d_PUBKEY(epubkey, &buf);
break;
default:
return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
}
switch(matching_type) {
case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
case LDNS_TLSA_MATCHING_TYPE_SHA256:
digest = LDNS_XMALLOC(unsigned char, SHA256_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
(void) ldns_sha256(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
case LDNS_TLSA_MATCHING_TYPE_SHA512:
digest = LDNS_XMALLOC(unsigned char, SHA512_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
(void) ldns_sha512(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA512_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
default:
LDNS_FREE(buf);
return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
}
}
static
DWORD
VMCAGenerateCACNForLdap(
X509* pCertificate,
PSTR* ppszCACN
)
{
DWORD dwError = ERROR_SUCCESS;
int length = 0;
unsigned char* pEncodedKey = NULL;
unsigned char* pKey = NULL;
unsigned char md[SHA_DIGEST_LENGTH];
EVP_PKEY* pPubKey = NULL;
PSTR pszCACN = NULL;
ASN1_OCTET_STRING* pSid = NULL;
if (pCertificate == NULL || ppszCACN == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_ERROR(dwError);
}
pSid = (ASN1_OCTET_STRING*)X509_get_ext_d2i(pCertificate,
NID_subject_key_identifier, NULL, NULL);
if (pSid)
{
dwError = VMCAKeyIdToHexString(pSid, &pszCACN);
BAIL_ON_ERROR(dwError);
}
if (IsNullOrEmptyString(pszCACN))
{
pPubKey = X509_get_pubkey(pCertificate);
length = i2d_PUBKEY(pPubKey, NULL);
dwError = VMCAAllocateMemory(length, (PVOID*)&pEncodedKey);
BAIL_ON_ERROR(dwError);
pKey = pEncodedKey;
length = i2d_PUBKEY(pPubKey, &pKey);
SHA1(pEncodedKey, length, md);
dwError = VMCABytesToHexString((PUCHAR)md, SHA_DIGEST_LENGTH, &pszCACN, FALSE);
BAIL_ON_ERROR(dwError);
}
*ppszCACN = pszCACN;
cleanup:
VMCA_SAFE_FREE_MEMORY(pEncodedKey);
if (pPubKey)
{
EVP_PKEY_free(pPubKey);
}
if (pSid)
{
ASN1_OCTET_STRING_free(pSid);
}
return dwError;
error:
if (*ppszCACN)
{
*ppszCACN = NULL;
}
VMCA_SAFE_FREE_MEMORY(pszCACN);
goto cleanup;
}
EVP_PKEY *pki_evp::decryptKey() const
{
unsigned char *p;
const unsigned char *p1;
int outl, decsize;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char ckey[EVP_MAX_KEY_LENGTH];
EVP_PKEY *tmpkey;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
char ownPassBuf[MAX_PASS_LENGTH] = "";
if (isPubKey()) {
unsigned char *q;
outl = i2d_PUBKEY(key, NULL);
p = q = (unsigned char *)OPENSSL_malloc(outl);
check_oom(q);
i2d_PUBKEY(key, &p);
p = q;
tmpkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, outl);
OPENSSL_free(q);
return tmpkey;
}
/* This key has its own password */
if (ownPass == ptPrivate) {
int ret;
pass_info pi(XCA_TITLE, qApp->translate("MainWindow",
"Please enter the password to decrypt the private key: '%1'").arg(getIntName()));
ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &pi);
if (ret < 0)
throw errorEx(tr("Password input aborted"), class_name);
} else if (ownPass == ptBogus) { // BOGUS pass
ownPassBuf[0] = '\0';
} else {
memcpy(ownPassBuf, passwd, MAX_PASS_LENGTH);
//printf("Orig password: '******' len:%d\n", passwd, strlen(passwd));
while (md5passwd(ownPassBuf) != passHash &&
sha512passwd(ownPassBuf, passHash) != passHash)
{
int ret;
//printf("Passhash= '%s', new hash= '%s', passwd= '%s'\n",
//CCHAR(passHash), CCHAR(md5passwd(ownPassBuf)), ownPassBuf);
pass_info p(XCA_TITLE, tr("Please enter the database password for decrypting the key '%1'").arg(getIntName()));
ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &p);
if (ret < 0)
throw errorEx(tr("Password input aborted"), class_name);
}
}
//printf("Using decrypt Pass: %s\n", ownPassBuf);
p = (unsigned char *)OPENSSL_malloc(encKey.count());
check_oom(p);
pki_openssl_error();
p1 = p;
memset(iv, 0, EVP_MAX_IV_LENGTH);
memcpy(iv, encKey.constData(), 8); /* recover the iv */
/* generate the key */
EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)ownPassBuf,
strlen(ownPassBuf), 1, ckey,NULL);
/* we use sha1 as message digest,
* because an md5 version of the password is
* stored in the database...
*/
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx, cipher, ckey, iv);
EVP_DecryptUpdate(&ctx, p , &outl,
(const unsigned char*)encKey.constData() +8, encKey.count() -8);
decsize = outl;
EVP_DecryptFinal(&ctx, p + decsize , &outl);
decsize += outl;
//printf("Decrypt decsize=%d, encKey_len=%d\n", decsize, encKey_len);
pki_openssl_error();
tmpkey = d2i_PrivateKey(key->type, NULL, &p1, decsize);
pki_openssl_error();
OPENSSL_free(p);
EVP_CIPHER_CTX_cleanup(&ctx);
pki_openssl_error();
if (EVP_PKEY_type(tmpkey->type) == EVP_PKEY_RSA)
RSA_blinding_on(tmpkey->pkey.rsa, NULL);
return tmpkey;
}
int
create_public_key_digest(RSA *private_key_rsa,
PyObject **py_public_key_digest, int *public_key_digest_len)
{
unsigned int err;
unsigned char *public_key_der = NULL;
size_t der_len;
unsigned char *key_digest;
size_t key_digest_size;
PyObject *py_digest = NULL;
int r;
EVP_PKEY *public_key = NULL;
RSA *public_key_rsa = NULL;
assert(private_key_rsa);
assert(py_public_key_digest);
public_key = EVP_PKEY_new();
JUMP_IF_NULL(public_key, openssl_error);
public_key_rsa = RSAPublicKey_dup(private_key_rsa);
JUMP_IF_NULL(public_key_rsa, openssl_error);
r = EVP_PKEY_set1_RSA(public_key, public_key_rsa);
RSA_free(public_key_rsa);
public_key_rsa = NULL;
JUMP_IF_NEG(r, openssl_error);
r = i2d_PUBKEY(public_key, &public_key_der);
EVP_PKEY_free(public_key);
public_key = NULL;
if (r < 0) {
free(public_key_der);
goto openssl_error;
}
der_len = r;
r = create_key_digest(public_key_der, der_len, &key_digest,
&key_digest_size);
free(public_key_der);
public_key_der = NULL;
JUMP_IF_NEG(r, error);
py_digest = PyBytes_FromStringAndSize((char *) key_digest, key_digest_size);
JUMP_IF_NULL(py_digest, error);
*py_public_key_digest = py_digest;
if (public_key_digest_len)
*public_key_digest_len = key_digest_size;
return 0;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_CCNKeyError, "Unable to generate digest from the key:"
" %s", ERR_reason_error_string(err));
error:
if (public_key_rsa)
RSA_free(public_key_rsa);
if (public_key)
EVP_PKEY_free(public_key);
if (public_key_der)
free(public_key_der);
return -1;
}
static int qcom_km_get_keypair_public(const keymaster_device* dev,
const uint8_t* keyBlob, const size_t keyBlobLength,
uint8_t** x509_data, size_t* x509_data_length) {
struct qcom_km_key_blob * keyblob_ptr = (struct qcom_km_key_blob *)keyBlob;
if (x509_data == NULL || x509_data_length == NULL) {
ALOGE("Output public key buffer == NULL");
return -1;
}
if (keyBlob == NULL) {
ALOGE("Supplied key blob was NULL");
return -1;
}
// Should be large enough for keyblob data:
if (keyBlobLength < (sizeof(qcom_km_key_blob_t))) {
ALOGE("key blob appears to be truncated");
return -1;
}
if (keyblob_ptr->magic_num != KM_MAGIC_NUM) {
ALOGE("Cannot read key; it was not made by this keymaster");
return -1;
}
if (keyblob_ptr->public_exponent_size == 0 ) {
ALOGE("Key blob appears to have incorrect exponent length");
return -1;
}
if (keyblob_ptr->modulus_size == 0 ) {
ALOGE("Key blob appears to have incorrect modulus length");
return -1;
}
Unique_RSA rsa(RSA_new());
if (rsa.get() == NULL) {
ALOGE("Could not allocate RSA structure");
return -1;
}
rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(keyblob_ptr->modulus),
keyblob_ptr->modulus_size, NULL);
if (rsa->n == NULL) {
ALOGE("Failed to initialize modulus");
return -1;
}
rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(&keyblob_ptr->public_exponent),
keyblob_ptr->public_exponent_size, NULL);
if (rsa->e == NULL) {
ALOGE("Failed to initialize public exponent");
return -1;
}
Unique_EVP_PKEY pkey(EVP_PKEY_new());
if (pkey.get() == NULL) {
ALOGE("Could not allocate EVP_PKEY structure");
return -1;
}
if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) {
ALOGE("Failed to assign rsa parameters \n");
return -1;
}
OWNERSHIP_TRANSFERRED(rsa);
int len = i2d_PUBKEY(pkey.get(), NULL);
if (len <= 0) {
ALOGE("Len returned is < 0 len = %d", len);
return -1;
}
UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
if (key.get() == NULL) {
ALOGE("Could not allocate memory for public key data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
ALOGE("Len 2 returned is < 0 len = %d", len);
return -1;
}
*x509_data_length = len;
*x509_data = key.release();
return 0;
}
