コード例 #1
0
ファイル: cms_kari.c プロジェクト: AimaTeam-hehai/openssl
/* Create ephemeral key and initialise context based on it */
static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
                                         EVP_PKEY *pk)
{
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *ekey = NULL;
    int rv = 0;
    pctx = EVP_PKEY_CTX_new(pk, NULL);
    if (!pctx)
        goto err;
    if (EVP_PKEY_keygen_init(pctx) <= 0)
        goto err;
    if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
        goto err;
    EVP_PKEY_CTX_free(pctx);
    pctx = EVP_PKEY_CTX_new(ekey, NULL);
    if (!pctx)
        goto err;
    if (EVP_PKEY_derive_init(pctx) <= 0)
        goto err;
    kari->pctx = pctx;
    rv = 1;
 err:
    if (!rv)
        EVP_PKEY_CTX_free(pctx);
    EVP_PKEY_free(ekey);
    return rv;
}
コード例 #2
0
ファイル: ssl_rsa.c プロジェクト: a397871706/plug
enum ssl_private_key_result_t ssl_private_key_sign(
    SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, const EVP_MD *md,
    const uint8_t *in, size_t in_len) {
  if (ssl->cert->key_method != NULL) {
    return ssl->cert->key_method->sign(ssl, out, out_len, max_out, md, in,
                                       in_len);
  }

  enum ssl_private_key_result_t ret = ssl_private_key_failure;
  EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(ssl->cert->privatekey, NULL);
  if (ctx == NULL) {
    goto end;
  }

  size_t len = max_out;
  if (!EVP_PKEY_sign_init(ctx) ||
      !EVP_PKEY_CTX_set_signature_md(ctx, md) ||
      !EVP_PKEY_sign(ctx, out, &len, in, in_len)) {
    goto end;
  }
  *out_len = len;
  ret = ssl_private_key_success;

end:
  EVP_PKEY_CTX_free(ctx);
  return ret;
}
コード例 #3
0
/* Padding is ignored. We use OAEP by default. Parameter is to support more paddings in the future */
soter_status_t soter_asym_cipher_init(soter_asym_cipher_t* asym_cipher, const void* key, const size_t key_length, soter_asym_cipher_padding_t pad)
{
	EVP_PKEY *pkey;

	if ((!asym_cipher) || (SOTER_ASYM_CIPHER_OAEP != pad))
	{
		return SOTER_INVALID_PARAMETER;
	}

	pkey = EVP_PKEY_new();
	if (!pkey)
	{
		return SOTER_NO_MEMORY;
	}

	/* Only RSA supports asymmetric encryption */
	if (!EVP_PKEY_set_type(pkey, EVP_PKEY_RSA))
	{
		EVP_PKEY_free(pkey);
		return SOTER_FAIL;
	}

	asym_cipher->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
	if (!(asym_cipher->pkey_ctx))
	{
		EVP_PKEY_free(pkey);
		return SOTER_FAIL;
	}
	SOTER_IF_FAIL(soter_asym_cipher_import_key(asym_cipher, key, key_length)==SOTER_SUCCESS, (EVP_PKEY_free(pkey), EVP_PKEY_CTX_free(asym_cipher->pkey_ctx)));
	return SOTER_SUCCESS;
}
コード例 #4
0
ファイル: p_enc.c プロジェクト: BeyondChallenge/GmSSL
/* GMSSL: EVP_PKEY_encrypt_old() is modified */
int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
	int inlen, EVP_PKEY *pkey)
{
	int ret = 0;
	EVP_PKEY_CTX *ctx = NULL;
	size_t size;

	if (pkey->type == EVP_PKEY_RSA) {
		ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
			RSA_PKCS1_PADDING);
	} else {
		if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
			return 0;
		}
		if (1 != EVP_PKEY_encrypt_init(ctx)) {
			return 0;
		}
		if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
			goto end;
		}
		ret = (int)size;
	}
end:
	EVP_PKEY_CTX_free(ctx);
	return ret;
}
コード例 #5
0
ファイル: p_dec.c プロジェクト: LiTianjue/GmSSL
int EVP_PKEY_decrypt_old(unsigned char *out, const unsigned char *in, int inlen,
	EVP_PKEY *pkey)
{
	int ret = 0;
	EVP_PKEY_CTX *ctx = NULL;
	size_t outlen;

	if (pkey->type == EVP_PKEY_RSA) {
		return ossl_EVP_PKEY_decrypt_old(out, in, inlen, pkey);
	}

	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
		return 0;
	}

	if (!EVP_PKEY_decrypt_init(ctx)) {
		goto end;
	}
	if (!EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen)) {
		goto end;
	}

	ret = (int)outlen;

end:
	EVP_PKEY_CTX_free(ctx);
	return ret;
}
コード例 #6
0
ファイル: sign.c プロジェクト: 0x64616E69656C/boringssl
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
                    EVP_PKEY *pkey) {
  uint8_t m[EVP_MAX_MD_SIZE];
  unsigned int m_len;
  int ret = 0;
  EVP_MD_CTX tmp_ctx;
  EVP_PKEY_CTX *pkctx = NULL;

  EVP_MD_CTX_init(&tmp_ctx);
  if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
      !EVP_DigestFinal_ex(&tmp_ctx, m, &m_len)) {
    EVP_MD_CTX_cleanup(&tmp_ctx);
    goto out;
  }
  EVP_MD_CTX_cleanup(&tmp_ctx);

  pkctx = EVP_PKEY_CTX_new(pkey, NULL);
  if (!pkctx ||
      !EVP_PKEY_verify_init(pkctx) ||
      !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest)) {
    goto out;
  }
  ret = EVP_PKEY_verify(pkctx, sig, sig_len, m, m_len);

out:
  EVP_PKEY_CTX_free(pkctx);
  return ret;
}
コード例 #7
0
ファイル: sign.c プロジェクト: 0x64616E69656C/boringssl
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
                  unsigned int *out_sig_len, EVP_PKEY *pkey) {
  uint8_t m[EVP_MAX_MD_SIZE];
  unsigned int m_len;
  int ret = 0;
  EVP_MD_CTX tmp_ctx;
  EVP_PKEY_CTX *pkctx = NULL;
  size_t sig_len = EVP_PKEY_size(pkey);

  *out_sig_len = 0;
  EVP_MD_CTX_init(&tmp_ctx);
  if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
      !EVP_DigestFinal_ex(&tmp_ctx, m, &m_len)) {
    goto out;
  }
  EVP_MD_CTX_cleanup(&tmp_ctx);

  pkctx = EVP_PKEY_CTX_new(pkey, NULL);
  if (!pkctx || !EVP_PKEY_sign_init(pkctx) ||
      !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
      !EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
    goto out;
  }
  *out_sig_len = sig_len;
  ret = 1;

out:
  if (pkctx) {
    EVP_PKEY_CTX_free(pkctx);
  }

  return ret;
}
コード例 #8
0
ファイル: dh.c プロジェクト: adminspotter/r9
struct dh_message *dh_shared_secret(EVP_PKEY *priv_key, EVP_PKEY *peer_key)
{
    EVP_PKEY_CTX *derive_ctx;
    struct dh_message *msg = NULL, *digest = NULL;

    if ((msg = OPENSSL_malloc(sizeof(struct dh_message))) == NULL)
        return NULL;

    if ((derive_ctx = EVP_PKEY_CTX_new(priv_key, NULL)) == NULL)
        goto BAILOUT1;

    if (EVP_PKEY_derive_init(derive_ctx) != 1
        || EVP_PKEY_derive_set_peer(derive_ctx, peer_key) != 1
        || EVP_PKEY_derive(derive_ctx, NULL, &msg->message_len) != 1
        || (msg->message = OPENSSL_malloc(msg->message_len)) == NULL)
        goto BAILOUT2;

    if (EVP_PKEY_derive(derive_ctx, msg->message, &msg->message_len) != 1)
        goto BAILOUT3;

    EVP_PKEY_CTX_free(derive_ctx);
    digest = digest_message(msg);
    free_dh_message(msg);
    return digest;

  BAILOUT3:
    OPENSSL_free(msg->message);
  BAILOUT2:
    EVP_PKEY_CTX_free(derive_ctx);
  BAILOUT1:
    OPENSSL_free(msg);
    return NULL;
}
コード例 #9
0
ファイル: saf_keyhandle.c プロジェクト: winstard/GmSSL
/* 7.3.32 */
int SAF_ImportEncedKey(
	void *hSymmKeyObj,
	unsigned char *pucSymmKey,
	unsigned int uiSymmKeyLen,
	void **phKeyHandle)
{
	SAF_KEY *hkey = NULL;
	SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
	EVP_PKEY *pkey = NULL;
	EVP_PKEY_CTX *pctx = NULL;
	char key_id[1024];

	/*			
	snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
	*/

	if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
		|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
		|| EVP_PKEY_decrypt_init(pctx) <= 0
		|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
		goto end;
	}

end:
	return 0;
}
コード例 #10
0
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
	     EVP_PKEY *pkey)
	{
	unsigned char m[EVP_MAX_MD_SIZE];
	unsigned int m_len;
	int i,ok=0,v;
	EVP_MD_CTX tmp_ctx;

	*siglen=0;
	EVP_MD_CTX_init(&tmp_ctx);
	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
	EVP_MD_CTX_cleanup(&tmp_ctx);

	if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
		{
		EVP_PKEY_CTX *pkctx = NULL;
		size_t sltmp = (size_t)EVP_PKEY_size(pkey);
		i = 0;
		pkctx = EVP_PKEY_CTX_new(pkey, NULL);
		if (!pkctx)
			goto err;
		if (EVP_PKEY_sign_init(pkctx) <= 0)
			goto err;
		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
			goto err;
		if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
			goto err;
		*siglen = sltmp;
		i = 1;
		err:
		EVP_PKEY_CTX_free(pkctx);
		return i;
		}

	for (i=0; i<4; i++)
		{
		v=ctx->digest->required_pkey_type[i];
		if (v == 0) break;
		if (pkey->type == v)
			{
			ok=1;
			break;
			}
		}
	if (!ok)
		{
		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
		return(0);
		}

	if (ctx->digest->sign == NULL)
		{
		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
		return(0);
		}
	return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
		pkey->pkey.ptr));
	}
コード例 #11
0
ファイル: p_verify.c プロジェクト: GH-JY/openssl
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                    unsigned int siglen, EVP_PKEY *pkey)
{
    unsigned char m[EVP_MAX_MD_SIZE];
    unsigned int m_len = 0;
    int i = 0, ok = 0, v = 0;
    EVP_PKEY_CTX *pkctx = NULL;

    if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
            goto err;
    } else {
        int rv = 0;
        EVP_MD_CTX tmp_ctx;
        EVP_MD_CTX_init(&tmp_ctx);
        rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
        if (rv)
            rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len);
        EVP_MD_CTX_cleanup(&tmp_ctx);
        if (!rv)
            return 0;
    }

    if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
        i = -1;
        pkctx = EVP_PKEY_CTX_new(pkey, NULL);
        if (pkctx == NULL)
            goto err;
        if (EVP_PKEY_verify_init(pkctx) <= 0)
            goto err;
        if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
            goto err;
        i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
 err:
        EVP_PKEY_CTX_free(pkctx);
        return i;
    }

    for (i = 0; i < 4; i++) {
        v = ctx->digest->required_pkey_type[i];
        if (v == 0)
            break;
        if (pkey->type == v) {
            ok = 1;
            break;
        }
    }
    if (!ok) {
        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
        return (-1);
    }
    if (ctx->digest->verify == NULL) {
        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
        return (0);
    }

    return (ctx->digest->verify(ctx->digest->type, m, m_len,
                                sigbuf, siglen, pkey->pkey.ptr));
}
コード例 #12
0
// Verification functions
bool OSSLGOST::verify(PublicKey* publicKey, const ByteString& originalData,
		      const ByteString& signature, const AsymMech::Type mechanism,
		      const void* param /* = NULL */, const size_t paramLen /* = 0 */)
{
	if (mechanism == AsymMech::GOST)
	{
		// Separate implementation for GOST verification without hash computation

		// Check if the private key is the right type
		if (!publicKey->isOfType(OSSLGOSTPublicKey::type))
		{
			ERROR_MSG("Invalid key type supplied");

			return false;
		}

		// Perform the verification operation
		OSSLGOSTPublicKey* osslKey = (OSSLGOSTPublicKey*) publicKey;
		EVP_PKEY* pkey = osslKey->getOSSLKey();

		if (pkey == NULL)
		{
			ERROR_MSG("Could not get the OpenSSL public key");

			return false;
		}

		EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey,NULL);
		if (ctx == NULL)
		{
			ERROR_MSG("EVP_PKEY_CTX_new failed");
			return false;
		}

		if (EVP_PKEY_verify_init(ctx) <= 0)
		{
			ERROR_MSG("EVP_PKEY_verify_init failed");
			EVP_PKEY_CTX_free(ctx);
			return false;
		}

		int ret = EVP_PKEY_verify(ctx, signature.const_byte_str(), signature.size(), originalData.const_byte_str(), originalData.size());
		EVP_PKEY_CTX_free(ctx);
		if (ret != 1)
		{
			if (ret < 0)
				ERROR_MSG("GOST verify failed (0x%08X)", ERR_get_error());

			return false;
		}
		return true;
	}
	else
	{
		// Call the generic function
		return AsymmetricAlgorithm::verify(publicKey, originalData, signature, mechanism, param, paramLen);
	}
}
コード例 #13
0
ファイル: pk7_doit.c プロジェクト: 4872866/node
static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
{
    EVP_PKEY_CTX *pctx = NULL;
    unsigned char *ek = NULL;
    size_t eklen;

    int ret = -1;

    pctx = EVP_PKEY_CTX_new(pkey, NULL);
    if (!pctx)
        return -1;

    if (EVP_PKEY_decrypt_init(pctx) <= 0)
        goto err;

    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
        goto err;
    }

    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
                         ri->enc_key->data, ri->enc_key->length) <= 0)
        goto err;

    ek = OPENSSL_malloc(eklen);

    if (ek == NULL) {
        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
                         ri->enc_key->data, ri->enc_key->length) <= 0) {
        ret = 0;
        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
        goto err;
    }

    ret = 1;

    if (*pek) {
        OPENSSL_cleanse(*pek, *peklen);
        OPENSSL_free(*pek);
    }

    *pek = ek;
    *peklen = eklen;

 err:
    if (pctx)
        EVP_PKEY_CTX_free(pctx);
    if (!ret && ek)
        OPENSSL_free(ek);

    return ret;
}
コード例 #14
0
ファイル: check-signature.c プロジェクト: vevedh/rig
static gboolean
verify_signature (const uint8_t *hash,
                  const uint8_t *signature,
                  EVP_PKEY *pubkey,
                  GError **error)
{
    EVP_PKEY_CTX *pkey_ctx = EVP_PKEY_CTX_new (pubkey, NULL);
    gboolean ret = TRUE;

    if (pkey_ctx == NULL)
    {
        g_set_error_literal (error,
                             CRYPT_ERROR,
                             CRYPT_ERROR_INIT,
                             "Error allocating pkey context");
        ret = FALSE;
    }
    else
    {
        if (EVP_PKEY_verify_init (pkey_ctx) <= 0 ||
                EVP_PKEY_CTX_set_rsa_padding (pkey_ctx, RSA_PKCS1_PADDING) <= 0 ||
                EVP_PKEY_CTX_set_signature_md (pkey_ctx, EVP_sha256 ()) <= 0)
        {
            g_set_error_literal (error,
                                 CRYPT_ERROR,
                                 CRYPT_ERROR_INIT,
                                 "Error initialising pkey context");
            ret = FALSE;
        }
        else
        {
            int validate_ret = EVP_PKEY_verify (pkey_ctx,
                                                signature, SIGNATURE_SIZE,
                                                hash, SHA256_DIGEST_LENGTH);

            if (validate_ret == 0)
            {
                g_set_error_literal (error,
                                     CRYPT_ERROR,
                                     CRYPT_ERROR_INVALID_SIGNATURE,
                                     "Signature is invalid");
                ret = FALSE;
            }
            else if (validate_ret != 1)
            {
                g_set_error_literal (error,
                                     CRYPT_ERROR,
                                     CRYPT_ERROR_VERIFY,
                                     "Error verifying signature");
                ret = FALSE;
            }
        }

        EVP_PKEY_CTX_free (pkey_ctx);
    }

    return ret;
}
コード例 #15
0
ファイル: cms_env.c プロジェクト: 2014lh/node-v0.x-archive
static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
                                          CMS_RecipientInfo *ri)
{
    CMS_KeyTransRecipientInfo *ktri;
    CMS_EncryptedContentInfo *ec;
    EVP_PKEY_CTX *pctx = NULL;
    unsigned char *ek = NULL;
    size_t eklen;

    int ret = 0;

    if (ri->type != CMS_RECIPINFO_TRANS) {
        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
        return 0;
    }
    ktri = ri->d.ktri;
    ec = cms->d.envelopedData->encryptedContentInfo;

    pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
    if (!pctx)
        return 0;

    if (EVP_PKEY_encrypt_init(pctx) <= 0)
        goto err;

    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
                          EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
        goto err;
    }

    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
        goto err;

    ek = OPENSSL_malloc(eklen);

    if (ek == NULL) {
        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
        goto err;

    ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
    ek = NULL;

    ret = 1;

 err:
    if (pctx)
        EVP_PKEY_CTX_free(pctx);
    if (ek)
        OPENSSL_free(ek);
    return ret;

}
コード例 #16
0
static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
					unsigned char *key, int keylen)
	{
	EVP_PKEY_CTX *pctx = NULL;
	EVP_PKEY *pkey = NULL;
	unsigned char *ek = NULL;
	int ret = 0;
	size_t eklen;

	pkey = X509_get_pubkey(ri->cert);

	if (!pkey)
		return 0;

	pctx = EVP_PKEY_CTX_new(pkey, NULL);
	if (!pctx)
		return 0;

	if (EVP_PKEY_encrypt_init(pctx) <= 0)
		goto err;

	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
				EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
		{
		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
		goto err;
		}

	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
		goto err;

	ek = (unsigned char*)OPENSSL_malloc(eklen);

	if (ek == NULL)
		{
		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
		goto err;
		}

	if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
		goto err;

	ASN1_STRING_set0(ri->enc_key, ek, eklen);
	ek = NULL;

	ret = 1;

	err:
	if (pkey)
		EVP_PKEY_free(pkey);
	if (pctx)
		EVP_PKEY_CTX_free(pctx);
	if (ek)
		OPENSSL_free(ek);
	return ret;

	}
コード例 #17
0
ファイル: m_sigver.c プロジェクト: Bilibili/openssl
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
                          int ver)
{
    if (ctx->pctx == NULL)
        ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
    if (ctx->pctx == NULL)
        return 0;

    if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {

        if (type == NULL) {
            int def_nid;
            if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
                type = EVP_get_digestbynid(def_nid);
        }

        if (type == NULL) {
            EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
            return 0;
        }
    }

    if (ver) {
        if (ctx->pctx->pmeth->verifyctx_init) {
            if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
                return 0;
            ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
        } else if (ctx->pctx->pmeth->digestverify != 0) {
            ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
            ctx->update = update;
        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
            return 0;
        }
    } else {
        if (ctx->pctx->pmeth->signctx_init) {
            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
                return 0;
            ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
        } else if (ctx->pctx->pmeth->digestsign != 0) {
            ctx->pctx->operation = EVP_PKEY_OP_SIGN;
            ctx->update = update;
        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
            return 0;
        }
    }
    if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
        return 0;
    if (pctx)
        *pctx = ctx->pctx;
    if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
        return 1;
    if (!EVP_DigestInit_ex(ctx, type, e))
        return 0;
    return 1;
}
コード例 #18
0
ファイル: utilities.c プロジェクト: RaphByrne/Cloud-Provider
//The partner verification function to the above signing function. Similar problem
int verify_signed_data(char *data, size_t data_len, unsigned char *orig_sig, size_t sig_len, EVP_PKEY *key)
{
	EVP_PKEY_CTX *ctx;
	ctx = EVP_PKEY_CTX_new(key, NULL);
	EVP_PKEY_verify_init(ctx);
	EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
	EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());

	return EVP_PKEY_verify(ctx, orig_sig, sig_len, data, data_len);
}
コード例 #19
0
ファイル: soter_verify_rsa.c プロジェクト: cossacklabs/themis
soter_status_t soter_verify_init_rsa_pss_pkcs8(soter_sign_ctx_t* ctx,
                                               const void* private_key,
                                               const size_t private_key_length,
                                               const void* public_key,
                                               const size_t public_key_length)
{
    /* pkey_ctx init */
    EVP_PKEY* pkey;
    pkey = EVP_PKEY_new();
    if (!pkey) {
        return SOTER_NO_MEMORY;
    }
    if (!EVP_PKEY_set_type(pkey, EVP_PKEY_RSA)) {
        EVP_PKEY_free(pkey);
        return SOTER_FAIL;
    }
    ctx->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
    if (!(ctx->pkey_ctx)) {
        EVP_PKEY_free(pkey);
        return SOTER_FAIL;
    }
    if (private_key && private_key_length != 0) {
        if (soter_rsa_import_key(pkey, private_key, private_key_length) != SOTER_SUCCESS) {
            soter_verify_cleanup_rsa_pss_pkcs8(ctx);
            return SOTER_FAIL;
        }
    }
    if (public_key && public_key_length != 0) {
        if (soter_rsa_import_key(pkey, public_key, public_key_length) != SOTER_SUCCESS) {
            soter_verify_cleanup_rsa_pss_pkcs8(ctx);
            return SOTER_FAIL;
        }
    }

    /*md_ctx init*/
    ctx->md_ctx = EVP_MD_CTX_create();
    if (!(ctx->md_ctx)) {
        soter_verify_cleanup_rsa_pss_pkcs8(ctx);
        return SOTER_NO_MEMORY;
    }
    EVP_PKEY_CTX* md_pkey_ctx = NULL;
    if (!EVP_DigestVerifyInit(ctx->md_ctx, &md_pkey_ctx, EVP_sha256(), NULL, pkey)) {
        soter_verify_cleanup_rsa_pss_pkcs8(ctx);
        return SOTER_FAIL;
    }
    if (!EVP_PKEY_CTX_set_rsa_padding(md_pkey_ctx, RSA_PKCS1_PSS_PADDING)) {
        soter_verify_cleanup_rsa_pss_pkcs8(ctx);
        return SOTER_FAIL;
    }
    if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(md_pkey_ctx, -2)) {
        soter_verify_cleanup_rsa_pss_pkcs8(ctx);
        return SOTER_FAIL;
    }
    return SOTER_SUCCESS;
}
コード例 #20
0
ファイル: saf_keyhandle.c プロジェクト: winstard/GmSSL
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
	void *hSymmKeyObj,
	unsigned char *pucPublicKey,
	unsigned int uiPublicKeyLen,
	unsigned char *pucSymmKey,
	unsigned int *puiSymmKeyLen,
	void **phKeyHandle)
{
	int ret = SAR_UnknownErr;
	SAF_KEY *hkey = NULL;
	SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
	const EVP_CIPHER *cipher;
	unsigned char keybuf[32];
	EVP_PKEY *pkey = NULL;
	EVP_PKEY_CTX *pkctx = NULL;
	size_t outlen;

	if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
		|| !puiSymmKeyLen || !phKeyHandle) {
		SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
		return SAR_IndataErr;
	}

	if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
		SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
		return SAR_IndataLenErr;
	}

	outlen = (size_t)*puiSymmKeyLen;
	if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID))
		|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
		|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
		|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
		|| !EVP_PKEY_encrypt_init(pkctx)
		|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
		SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
		goto end;
	}

	// init EVP_CIPHER_CTX
	if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
		SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
		goto end;
	}

	*puiSymmKeyLen = (unsigned int)outlen;
	ret = SAR_Ok;

end:
	EVP_PKEY_free(pkey);
	EVP_PKEY_CTX_free(pkctx);
	return ret;
}
コード例 #21
0
ファイル: digestsign.c プロジェクト: randombit/hacrypto
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
                          int is_verify) {
  if (ctx->pctx == NULL) {
    ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
  }
  if (ctx->pctx == NULL) {
    return 0;
  }
  ctx->pctx_ops = &md_pctx_ops;

  if (type == NULL) {
    type = EVP_sha1();
  }

  if (type == NULL) {
    OPENSSL_PUT_ERROR(EVP, do_sigver_init, EVP_R_NO_DEFAULT_DIGEST);
    return 0;
  }

  if (is_verify) {
    if (ctx->pctx->pmeth->verifyctx_init) {
      if (!ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx)) {
        return 0;
      }
      ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
    } else if (!EVP_PKEY_verify_init(ctx->pctx)) {
      return 0;
    }
  } else {
    if (ctx->pctx->pmeth->signctx_init) {
      if (!ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx)) {
        return 0;
      }
      ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
    } else if (!EVP_PKEY_sign_init(ctx->pctx)) {
      return 0;
    }
  }
  if (!EVP_PKEY_CTX_set_signature_md(ctx->pctx, type)) {
    return 0;
  }
  if (pctx) {
    *pctx = ctx->pctx;
  }
  if (!EVP_DigestInit_ex(ctx, type, e)) {
    return 0;
  }
  return 1;
}
コード例 #22
0
soter_status_t soter_verify_init_ecdsa_none_pkcs8(soter_sign_ctx_t* ctx,
                                                  const void* private_key,
                                                  const size_t private_key_length,
                                                  const void* public_key,
                                                  const size_t public_key_length)
{
    /* pkey_ctx init */
    EVP_PKEY* pkey;
    pkey = EVP_PKEY_new();
    if (!pkey) {
        return SOTER_NO_MEMORY;
    }
    if (!EVP_PKEY_set_type(pkey, EVP_PKEY_EC)) {
        EVP_PKEY_free(pkey);
        return SOTER_FAIL;
    }
    ctx->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
    if (!(ctx->pkey_ctx)) {
        EVP_PKEY_free(pkey);
        return SOTER_FAIL;
    }

    /* TODO: Review needed */
    if ((private_key) && (private_key_length)) {
        if (soter_ec_import_key(pkey, private_key, private_key_length) != SOTER_SUCCESS) {
            soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
            return SOTER_FAIL;
        }
    }

    if ((public_key) && (public_key_length)) {
        if (soter_ec_import_key(pkey, public_key, public_key_length) != SOTER_SUCCESS) {
            soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
            return SOTER_FAIL;
        }
    }

    /*md_ctx init*/
    ctx->md_ctx = EVP_MD_CTX_create();
    if (!(ctx->md_ctx)) {
        soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
        return SOTER_NO_MEMORY;
    }
    if (!EVP_DigestVerifyInit(ctx->md_ctx, NULL, EVP_sha256(), NULL, pkey)) {
        soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
        return SOTER_FAIL;
    }
    return SOTER_SUCCESS;
}
コード例 #23
0
ファイル: utilities.c プロジェクト: RaphByrne/Cloud-Provider
//Experimental function for signing data using a public key. Couldn't get it
//complete working. Seems to have problem with XDRed things
unsigned char *sign_data(char *data, size_t len, EVP_PKEY* key, int *sig_len) 
{
	EVP_PKEY_CTX *ctx;
	ctx = EVP_PKEY_CTX_new(key, NULL);
	EVP_PKEY_sign_init(ctx);
	EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
	EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());

	EVP_PKEY_sign(ctx, NULL, sig_len, data, len); //determines the sig_len
	unsigned char * sig = OPENSSL_malloc(*sig_len);
	if(EVP_PKEY_sign(ctx, sig, sig_len, data, len <= 0)) {
		ssl_error("PKEY SIGN");
		sig = NULL;
	}
	return sig;
}
コード例 #24
0
ファイル: privatekey.c プロジェクト: Detegr/tapi2p
int privkey_load(struct privkey* pkey, const char* file)
{
	if(!pkey->m_keydata.m_ctx) privkey_init(pkey);
	EVP_PKEY* evp_pkey;
	BIO_read_filename(pkey->m_keydata.m_bio, file);
	evp_pkey = PEM_read_bio_PrivateKey(pkey->m_keydata.m_bio, NULL, NULL, (void*)"");
	if(!evp_pkey)
	{
		fprintf(stderr, "Failed to load private key\n");
		return -1;
	}
	pkey->m_keydata.m_size=EVP_PKEY_size(evp_pkey);
	pkey->m_keydata.m_ctx = EVP_PKEY_CTX_new(evp_pkey, NULL);
	EVP_PKEY_free(evp_pkey);
	return 0;
}
コード例 #25
0
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
				const char *file, ENGINE *e)
	{
	BIO *pbio;
	EVP_PKEY *pkey = NULL;
	EVP_PKEY_CTX *ctx = NULL;
	if (*pctx)
		{
		BIO_puts(err, "Parameters already set!\n");
		return 0;
		}

	pbio = BIO_new_file(file, "r");
	if (!pbio)
		{
		BIO_printf(err, "Can't open parameter file %s\n", file);
		return 0;
		}

	pkey = PEM_read_bio_Parameters(pbio, NULL);
	BIO_free(pbio);

	if (!pkey)
		{
		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
		return 0;
		}

	ctx = EVP_PKEY_CTX_new(pkey, e);
	if (!ctx)
		goto err;
	if (EVP_PKEY_keygen_init(ctx) <= 0)
		goto err;
	EVP_PKEY_free(pkey);
	*pctx = ctx;
	return 1;

	err:
	BIO_puts(err, "Error initializing context\n");
	ERR_print_errors(err);
	if (ctx)
		EVP_PKEY_CTX_free(ctx);
	if (pkey)
		EVP_PKEY_free(pkey);
	return 0;

	}
コード例 #26
0
ファイル: pkey.c プロジェクト: houzhenggang/luajit-android
static LUA_FUNCTION(openssl_pkey_decrypt)
{
  size_t dlen = 0;
  EVP_PKEY *pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
  const char *data = luaL_checklstring(L, 2, &dlen);
  int padding = auxiliar_checkoption(L, 3, "pkcs1", sPadding, iPadding);
  size_t clen = EVP_PKEY_size(pkey);
  EVP_PKEY_CTX *ctx = NULL;
  int ret = 0;

  if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA2) {
    luaL_argerror(L, 2, "EVP_PKEY must be of type RSA or RSA2");
    return ret;
  }

  if (openssl_pkey_is_private(pkey))
  {
    ctx = EVP_PKEY_CTX_new(pkey, pkey->engine);
    if (EVP_PKEY_decrypt_init(ctx) == 1)
    {
      if (EVP_PKEY_CTX_set_rsa_padding(ctx, padding) == 1)
      {
        byte* buf = malloc(clen);

        if (EVP_PKEY_decrypt(ctx, buf, &clen, (const unsigned char*)data, dlen) == 1)
        {
          lua_pushlstring(L, (const char*)buf, clen);
          ret = 1;
        }
        else
          ret = openssl_pushresult(L, 0);
        free(buf);
      }
      else
        ret = openssl_pushresult(L, 0);
    }
    else
      ret = openssl_pushresult(L, 0);
    EVP_PKEY_CTX_free(ctx);
  }
  else
  {
    luaL_argerror(L, 2, "EVP_PKEY must be private key");
  }
  return ret;
}
コード例 #27
0
ファイル: p_sign.c プロジェクト: AndreV84/openssl
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                  unsigned int *siglen, EVP_PKEY *pkey)
{
    unsigned char m[EVP_MAX_MD_SIZE];
    unsigned int m_len = 0;
    int i = 0;
    size_t sltmp;
    EVP_PKEY_CTX *pkctx = NULL;

    *siglen = 0;
    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
            goto err;
    } else {
        int rv = 0;
        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
        if (tmp_ctx == NULL) {
            EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
        if (rv)
            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
        EVP_MD_CTX_free(tmp_ctx);
        if (!rv)
            return 0;
    }

    sltmp = (size_t)EVP_PKEY_size(pkey);
    i = 0;
    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
    if (pkctx == NULL)
        goto err;
    if (EVP_PKEY_sign_init(pkctx) <= 0)
        goto err;
    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
        goto err;
    if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
        goto err;
    *siglen = sltmp;
    i = 1;
 err:
    EVP_PKEY_CTX_free(pkctx);
    return i;
}
コード例 #28
0
ファイル: pki-x509.c プロジェクト: rOpenSec/PKI
SEXP PKI_sign(SEXP what, SEXP sKey, SEXP sMD, SEXP sPad) {
    SEXP res;
    EVP_PKEY *key;
    EVP_PKEY_CTX *ctx;
    int mdt, padt, r;
    size_t sl;
    if (TYPEOF(what) != RAWSXP)
	Rf_error("invalid payload to sign - must be a raw vector");
    if (!inherits(sKey, "private.key"))
	Rf_error("key must be RSA private key");
    PKI_init();
    mdt = asInteger(sMD);
    padt = asInteger(sPad);
    key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
    if (!key)
	Rf_error("NULL key");
    ctx = EVP_PKEY_CTX_new(key);
    if (!ctx || EVP_PKEY_sign_init(ctx) <= 0)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    switch (padt) {
    case PKI_PKCS1:
    default:
	r = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
    }
    if (r <= 0)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    switch (mdt) {
    case PKI_MD5:
	r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_md5()); break;
    case PKI_SHA1:
	r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()); break;
    default:
    case PKI_SHA256:
	r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); break;
    }	
    if (r <= 0)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    sl = sizeof(buf);
    if (EVP_PKEY_sign(ctx, buf, &sl, (const unsigned char*) RAW(what), LENGTH(what)) <= 0)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    res = allocVector(RAWSXP, sl);
    memcpy(RAW(res), buf, sl);
    EVP_PKEY_CTX_free(ctx);
    return res;
}
コード例 #29
0
ファイル: cms_kari.c プロジェクト: AimaTeam-hehai/openssl
int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
{
    EVP_PKEY_CTX *pctx;
    CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;

    EVP_PKEY_CTX_free(kari->pctx);
    kari->pctx = NULL;
    if (!pk)
        return 1;
    pctx = EVP_PKEY_CTX_new(pk, NULL);
    if (!pctx || !EVP_PKEY_derive_init(pctx))
        goto err;
    kari->pctx = pctx;
    return 1;
 err:
    EVP_PKEY_CTX_free(pctx);
    return 0;
}
コード例 #30
0
ファイル: cms_env.c プロジェクト: 03050903/godot
static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
                                       EVP_PKEY *pk, unsigned int flags)
{
    CMS_KeyTransRecipientInfo *ktri;
    int idtype;

    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
    if (!ri->d.ktri)
        return 0;
    ri->type = CMS_RECIPINFO_TRANS;

    ktri = ri->d.ktri;

    if (flags & CMS_USE_KEYID) {
        ktri->version = 2;
        idtype = CMS_RECIPINFO_KEYIDENTIFIER;
    } else {
        ktri->version = 0;
        idtype = CMS_RECIPINFO_ISSUER_SERIAL;
    }

    /*
     * Not a typo: RecipientIdentifier and SignerIdentifier are the same
     * structure.
     */

    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
        return 0;

    CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
    ktri->pkey = pk;
    ktri->recip = recip;

    if (flags & CMS_KEY_PARAM) {
        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
        if (!ktri->pctx)
            return 0;
        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
            return 0;
    } else if (!cms_env_asn1_ctrl(ri, 0))
        return 0;
    return 1;
}