EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; if ((a == NULL) || (*a == NULL)) { if ((ret=EVP_PKEY_new()) == NULL) { ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB); return(NULL); } } else ret= *a; ret->save_type=type; ret->type=EVP_PKEY_type(type); switch (ret->type) { #ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); goto err; } break; #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ { ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); goto err; } break; #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, (const unsigned char **)pp, length)) == NULL) { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; } break; #endif default: ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; /* break; */ } if (a != NULL) (*a)=ret; return(ret); err: if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); return(NULL); }
static int old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; BN_CTX *ctx = NULL; BIGNUM *j, *p1, *newp1; if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { DSAerror(ERR_R_DSA_LIB); return 0; } ctx = BN_CTX_new(); if (ctx == NULL) goto err; /* * Check that p and q are consistent with each other. */ j = BN_CTX_get(ctx); p1 = BN_CTX_get(ctx); newp1 = BN_CTX_get(ctx); if (j == NULL || p1 == NULL || newp1 == NULL) goto err; /* p1 = p - 1 */ if (BN_sub(p1, dsa->p, BN_value_one()) == 0) goto err; /* j = (p - 1) / q */ if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0) goto err; /* q * j should == p - 1 */ if (BN_mul(newp1, dsa->q, j, ctx) == 0) goto err; if (BN_cmp(newp1, p1) != 0) { DSAerror(DSA_R_BAD_Q_VALUE); goto err; } /* * Check that q is not a composite number. */ if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) { DSAerror(DSA_R_BAD_Q_VALUE); goto err; } BN_CTX_free(ctx); EVP_PKEY_assign_DSA(pkey, dsa); return 1; err: BN_CTX_free(ctx); DSA_free(dsa); return 0; }
static int old_dsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { DSA *dsa; dsa = d2i_DSAPrivateKey(NULL, pder, derlen); if (dsa == NULL) { OPENSSL_PUT_ERROR(EVP, ERR_R_DSA_LIB); return 0; } EVP_PKEY_assign_DSA(pkey, dsa); return 1; }
static int old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); return 0; } EVP_PKEY_assign_DSA(pkey, dsa); return 1; }
SEXP R_dsa_priv_decompose(SEXP bin){ DSA *dsa = DSA_new(); const unsigned char *ptr = RAW(bin); bail(!!d2i_DSAPrivateKey(&dsa, &ptr, LENGTH(bin))); const BIGNUM *p, *q, *g, *pub_key, *priv_key; MY_DSA_get0_pqg(dsa, &p, &q, &g); MY_DSA_get0_key(dsa, &pub_key, &priv_key); SEXP res = PROTECT(allocVector(VECSXP, 5)); SET_VECTOR_ELT(res, 0, bignum_to_r(p)); SET_VECTOR_ELT(res, 1, bignum_to_r(q)); SET_VECTOR_ELT(res, 2, bignum_to_r(g)); SET_VECTOR_ELT(res, 3, bignum_to_r(pub_key)); SET_VECTOR_ELT(res, 4, bignum_to_r(priv_key)); UNPROTECT(1); return res; }
/* * Decode a string to a key. Return 0 on success. */ int kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) { void *kk = NULL; X509 *px509Cert; EVP_PKEY *pPublicKey; unsigned char *ptr = NULL, *decoded = NULL; int encoding, internalencoding; long len = 0; keynote_errno = 0; if (keytype == KEYNOTE_PRIVATE_KEY) dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding, &internalencoding); else dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding, &internalencoding); if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE) { if ((dc->dec_key = strdup(key)) == NULL) { keynote_errno = ERROR_MEMORY; return -1; } return 0; } key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed * to have a ':' character, since this is a key */ key++; /* Remove ASCII encoding */ switch (encoding) { case ENCODING_NONE: break; case ENCODING_HEX: len = strlen(key) / 2; if (kn_decode_hex(key, (char **) &decoded) != 0) return -1; ptr = decoded; break; case ENCODING_BASE64: len = strlen(key); if (len % 4) /* Base64 encoding must be a multiple of 4 */ { keynote_errno = ERROR_SYNTAX; return -1; } len = 3 * (len / 4); decoded = calloc(len, sizeof(unsigned char)); ptr = decoded; if (decoded == NULL) { keynote_errno = ERROR_MEMORY; return -1; } if ((len = kn_decode_base64(key, decoded, len)) == -1) return -1; break; case ENCODING_NATIVE: decoded = strdup(key); if (decoded == NULL) { keynote_errno = ERROR_MEMORY; return -1; } len = strlen(key); ptr = decoded; break; default: keynote_errno = ERROR_SYNTAX; return -1; } /* DSA-HEX */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && (internalencoding == INTERNAL_ENC_ASN1)) { dc->dec_key = DSA_new(); if (dc->dec_key == NULL) { keynote_errno = ERROR_MEMORY; return -1; } kk = dc->dec_key; if (keytype == KEYNOTE_PRIVATE_KEY) { if (d2i_DSAPrivateKey((DSA **) &kk,(const unsigned char **) &decoded, len) == NULL) { free(ptr); DSA_free(kk); keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ return -1; } } else { if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == NULL) { free(ptr); DSA_free(kk); keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ return -1; } } free(ptr); return 0; } /* RSA-PKCS1-HEX */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && (internalencoding == INTERNAL_ENC_PKCS1)) { dc->dec_key = RSA_new(); if (dc->dec_key == NULL) { keynote_errno = ERROR_MEMORY; return -1; } kk = dc->dec_key; if (keytype == KEYNOTE_PRIVATE_KEY) { if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == NULL) { free(ptr); RSA_free(kk); keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ return -1; } if (RSA_blinding_on((RSA *) kk, NULL) != 1) { free(ptr); RSA_free(kk); keynote_errno = ERROR_MEMORY; return -1; } } else { if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == NULL) { free(ptr); RSA_free(kk); keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ return -1; } } free(ptr); return 0; } /* X509 Cert */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) && (internalencoding == INTERNAL_ENC_ASN1) && (keytype == KEYNOTE_PUBLIC_KEY)) { if ((px509Cert = X509_new()) == NULL) { free(ptr); keynote_errno = ERROR_MEMORY; return -1; } if(d2i_X509(&px509Cert, (const unsigned char **)&decoded, len) == NULL) { free(ptr); X509_free(px509Cert); keynote_errno = ERROR_SYNTAX; return -1; } if ((pPublicKey = X509_get_pubkey(px509Cert)) == NULL) { free(ptr); X509_free(px509Cert); keynote_errno = ERROR_SYNTAX; return -1; } /* RSA-specific */ dc->dec_key = pPublicKey->pkey.rsa; free(ptr); return 0; } /* BINARY keys */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && (internalencoding == INTERNAL_ENC_NONE)) { dc->dec_key = calloc(1, sizeof(struct keynote_binary)); if (dc->dec_key == NULL) { keynote_errno = ERROR_MEMORY; return -1; } ((struct keynote_binary *) dc->dec_key)->bn_key = decoded; ((struct keynote_binary *) dc->dec_key)->bn_len = len; return RESULT_TRUE; } /* Add support for more algorithms here */ free(ptr); /* This shouldn't ever be reached really */ keynote_errno = ERROR_SYNTAX; return -1; }
static void process_file(const char *filename) { FILE *keyfile; int i, count; unsigned char buffer[LINE_BUFFER_SIZE]; BIO *bp; char *nm = NULL, *header = NULL; unsigned char *data = NULL; EVP_CIPHER_INFO cipher; EVP_PKEY pk; long len; DSA *dsapkc = NULL; RSA *rsapkc = NULL; const char unsigned *dc; if (!(keyfile = fopen(filename, "rb"))) { fprintf(stderr, "! %s : %s\n", filename, strerror(errno)); return; } /* verify input files using OpenSSL */ bp = BIO_new(BIO_s_file()); if(!bp) { fprintf(stderr, "OpenSSL BIO allocation failure\n"); return; } if(!BIO_read_filename(bp, filename)) { fprintf(stderr, "OpenSSL BIO_read_filename failure\n"); ERR_print_errors_fp(stderr); return; } /* PEM_bytes_read_bio function in crypto/pem/pem_lib.c * check_pem function in crypto/pem/pem_lib.c */ for (;;) { if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { /* ERR_print_errors_fp(stderr); */ fprintf(stderr, "! %s : %s\n", filename, "input keyfile validation failed"); goto out; } } if(!nm) { fprintf(stderr, "! %s : %s\n", filename, "input keyfile validation failed"); goto out; } /* only PEM encoded DSA and RSA private keys are supported. */ if (!strcmp(nm, PEM_STRING_DSA)) { pk.save_type = EVP_PKEY_DSA; break; } if (!strcmp(nm, PEM_STRING_RSA)) { pk.save_type = EVP_PKEY_RSA; break; } OPENSSL_free(nm); OPENSSL_free(header); OPENSSL_free(data); BIO_free(bp); } if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) { ERR_print_errors_fp(stderr); return; } /* check if key has no password */ dc = data; if (PEM_do_header(&cipher, data, &len, NULL, (char *) "")) { if (pk.save_type == EVP_PKEY_DSA) { if ((dsapkc = d2i_DSAPrivateKey(NULL, &dc, len)) != NULL) { fprintf(stderr, "%s has no password!\n", filename); DSA_free(dsapkc); goto out; } } else if (pk.save_type == EVP_PKEY_RSA) { if ((rsapkc = d2i_RSAPrivateKey(NULL, &dc, len)) != NULL) { fprintf(stderr, "%s has no password!\n", filename); RSA_free(rsapkc); goto out; } } } /* key has been verified */ count = fread(buffer, 1, LINE_BUFFER_SIZE, keyfile); printf("%s:$ssh2$", basename(filename)); for (i = 0; i < count; i++) { printf("%c%c", itoa16[ARCH_INDEX(buffer[i] >> 4)], itoa16[ARCH_INDEX(buffer[i] & 0x0f)]); } printf("*%d\n", count); out: fclose(keyfile); if(bp) BIO_free(bp); }