SEXP R_ecdsa_priv_decompose(SEXP input){ #ifndef OPENSSL_NO_EC BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input)); EVP_PKEY *pkey = d2i_PrivateKey_bio(mem, NULL); BIO_free(mem); bail(!!pkey); EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); const EC_POINT *pubkey = EC_KEY_get0_public_key(ec); const EC_GROUP *group = EC_KEY_get0_group(ec); int nid = EC_GROUP_get_curve_name(group); int keysize = nid_keysize(nid); BIGNUM *x = BN_new(); BIGNUM *y = BN_new(); BIGNUM *z = (BIGNUM*) EC_KEY_get0_private_key(ec); BN_CTX *ctx = BN_CTX_new(); bail(EC_POINT_get_affine_coordinates_GFp(group, pubkey, x, y, ctx)); BN_CTX_free(ctx); SEXP res = PROTECT(allocVector(VECSXP, 4)); SET_VECTOR_ELT(res, 0, mkString(my_nid2nist(nid))); SET_VECTOR_ELT(res, 1, bignum_to_r_size(x, keysize)); SET_VECTOR_ELT(res, 2, bignum_to_r_size(y, keysize)); SET_VECTOR_ELT(res, 3, bignum_to_r_size(z, keysize)); BN_free(x); BN_free(y); EVP_PKEY_free(pkey); UNPROTECT(1); return res; #else //OPENSSL_NO_EC Rf_error("OpenSSL has been configured without EC support"); #endif //OPENSSL_NO_EC }
bool Server::isKeyForCert(const QSslKey &key, const QSslCertificate &cert) { if (key.isNull() || cert.isNull() || (key.type() != QSsl::PrivateKey)) return false; QByteArray qbaKey = key.toDer(); QByteArray qbaCert = cert.toDer(); X509 *x509 = NULL; EVP_PKEY *pkey = NULL; BIO *mem = NULL; mem = BIO_new_mem_buf(qbaKey.data(), qbaKey.size()); Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE)); pkey = d2i_PrivateKey_bio(mem, NULL); BIO_free(mem); mem = BIO_new_mem_buf(qbaCert.data(), qbaCert.size()); Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE)); x509 = d2i_X509_bio(mem, NULL); BIO_free(mem); mem = NULL; if (x509 && pkey && X509_check_private_key(x509, pkey)) { EVP_PKEY_free(pkey); X509_free(x509); return true; } if (pkey) EVP_PKEY_free(pkey); if (x509) X509_free(x509); return false; }
/* * call-seq: * OpenSSL::PKey.read(string [, pwd ] ) -> PKey * OpenSSL::PKey.read(file [, pwd ]) -> PKey * * === Parameters * * +string+ is a DER- or PEM-encoded string containing an arbitrary private * or public key. * * +file+ is an instance of +File+ containing a DER- or PEM-encoded * arbitrary private or public key. * * +pwd+ is an optional password in case +string+ or +file+ is an encrypted * PEM resource. */ static VALUE ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; BIO *bio; VALUE data, pass; char *passwd = NULL; rb_scan_args(argc, argv, "11", &data, &pass); bio = ossl_obj2bio(data); if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!NIL_P(pass)) { passwd = StringValuePtr(pass); } if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, passwd))) { OSSL_BIO_reset(bio); if (!(pkey = d2i_PUBKEY_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!NIL_P(pass)) { passwd = StringValuePtr(pass); } pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, passwd); } } } BIO_free(bio); if (!pkey) ossl_raise(rb_eArgError, "Could not parse PKey"); return ossl_pkey_new(pkey); }
EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char *, int, int, void*)) #endif { EVP_PKEY *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ #if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_PrivateKey(fp, key, cb); #else rc = PEM_read_PrivateKey(fp, key, cb, NULL); #endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && key != NULL) { if (*key != NULL) EVP_PKEY_free(*key); *key = rc; } return rc; }
EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_password_cb *cb, void *s) { EVP_PKEY *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ if ((bioS=BIO_new_file(filename, "r")) == NULL) return NULL; rc = PEM_read_bio_PrivateKey(bioS, key, cb, s); BIO_free(bioS); if (rc == NULL) { /* 2. try DER+Base64 */ if ((bioS = BIO_new_file(filename, "r")) == NULL) return NULL; if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ if ((bioS = BIO_new_file(filename, "r")) == NULL) return NULL; rc = d2i_PrivateKey_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && key != NULL) { if (*key != NULL) EVP_PKEY_free(*key); *key = rc; } return rc; }
/* Convert private to public key */ SEXP R_derive_pubkey(SEXP input){ BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input)); EVP_PKEY *pkey = d2i_PrivateKey_bio(mem, NULL); BIO_free(mem); bail(!!pkey); unsigned char *buf = NULL; int len = i2d_PUBKEY(pkey, &buf); bail(len); SEXP res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); OPENSSL_free(buf); return res; }
int SSL_use_PrivateKey_file (SSL * ssl, const char *file, int type) { int j, ret = 0; BIO *in; EVP_PKEY *pkey = NULL; in = BIO_new (BIO_s_file_internal ()); if (in == NULL) { SSLerr (SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename (in, file) <= 0) { SSLerr (SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey (in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio (in, NULL); } else { SSLerr (SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { SSLerr (SSL_F_SSL_USE_PRIVATEKEY_FILE, j); goto end; } ret = SSL_use_PrivateKey (ssl, pkey); EVP_PKEY_free (pkey); end: if (in != NULL) BIO_free (in); return (ret); }
static EP_CRYPTO_KEY * key_read_bio(BIO *bio, const char *filename, int keyform, uint32_t flags) { EVP_PKEY *key = NULL; const char *pubsec = EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags) ? "secret" : "public"; ep_dbg_cprintf(Dbg, 20, "key_read_bio: name %s, form %d, flags %x\n", filename, keyform, flags); EP_ASSERT(bio != NULL); if (keyform <= 0) return _ep_crypto_error("keyform must be specified"); if (keyform == EP_CRYPTO_KEYFORM_PEM) { // easy case if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags)) key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); else key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); } else if (keyform == EP_CRYPTO_KEYFORM_DER) { if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags)) key = d2i_PrivateKey_bio(bio, NULL); else key = d2i_PUBKEY_bio(bio, NULL); } else { return _ep_crypto_error("unknown key format %d", keyform); } if (key == NULL) return _ep_crypto_error("cannot read %s key from %s", pubsec, filename); return key; }
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int reason_code, ret = 0; BIO *in; EVP_PKEY *pkey = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { reason_code = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { reason_code = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { OPENSSL_PUT_ERROR(SSL, reason_code); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: BIO_free(in); return ret; }
/** * xmlSecOpenSSLAppKeyLoadBIO: * @bio: the key BIO. * @format: the key file format. * @pwd: the key file password. * @pwdCallback: the key password callback. * @pwdCallbackCtx: the user context for password callback. * * Reads key from the an OpenSSL BIO object. * * Returns: pointer to the key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { xmlSecKeyPtr key = NULL; xmlSecKeyDataPtr data; EVP_PKEY* pKey = NULL; int ret; xmlSecAssert2(bio != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); switch(format) { case xmlSecKeyDataFormatPem: /* try to read private key first */ if(pwd != NULL) { pKey = PEM_read_bio_PrivateKey(bio, NULL, xmlSecOpenSSLDummyPasswordCallback, (void*)pwd); } else { pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); } if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatDer: /* try to read private key first */ pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatPkcs8Pem: /* try to read private key first */ pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; case xmlSecKeyDataFormatPkcs8Der: /* try to read private key first */ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; #ifndef XMLSEC_NO_X509 case xmlSecKeyDataFormatPkcs12: key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppPkcs12LoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); case xmlSecKeyDataFormatCertPem: case xmlSecKeyDataFormatCertDer: key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppKeyFromCertLoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); #endif /* XMLSEC_NO_X509 */ default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLEvpKeyAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); EVP_PKEY_free(pKey); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return(NULL); } return(key); }
static int openssl_pkey_read(lua_State*L) { EVP_PKEY * key = NULL; BIO* in = load_bio_object(L, 1); int priv = lua_isnoneornil(L, 2) ? 0 : auxiliar_checkboolean(L, 2); int fmt = luaL_checkoption(L, 3, "auto", format); const char* passphrase = luaL_optstring(L, 4, NULL); int type = -1; if (passphrase) { if (strcmp(passphrase, "rsa") == 0 || strcmp(passphrase, "RSA") == 0) type = EVP_PKEY_RSA; else if (strcmp(passphrase, "dsa") == 0 || strcmp(passphrase, "DSA") == 0) type = EVP_PKEY_DSA; else if (strcmp(passphrase, "ec") == 0 || strcmp(passphrase, "EC") == 0) type = EVP_PKEY_EC; } if (fmt == FORMAT_AUTO) { fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM; } if (!priv) { if (fmt == FORMAT_PEM) { key = PEM_read_bio_PUBKEY(in, NULL, NULL, (void*)passphrase); BIO_reset(in); if (key == NULL && type == EVP_PKEY_RSA) { RSA* rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); if (rsa) { key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key, rsa); } } }else if (fmt == FORMAT_DER) { key = d2i_PUBKEY_bio(in, NULL); BIO_reset(in); if (!key && type!=-1) { char * bio_mem_ptr; long bio_mem_len; bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr); key = d2i_PublicKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len); BIO_reset(in); } } } else { if (fmt == FORMAT_PEM) { key = PEM_read_bio_PrivateKey(in, NULL, NULL, (void*)passphrase); BIO_reset(in); }else if (fmt == FORMAT_DER) { if (passphrase) key = d2i_PKCS8PrivateKey_bio(in, NULL, NULL, (void*)passphrase); else key = d2i_PrivateKey_bio(in, NULL); BIO_reset(in); if (!key && type != -1) { char * bio_mem_ptr; long bio_mem_len; bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr); key = d2i_PrivateKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len); BIO_reset(in); } } } BIO_free(in); if (key) { PUSH_OBJECT(key, "openssl.evp_pkey"); return 1; } return openssl_pushresult(L, 0); }