int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
{
int j,ret=0;
BIO *in;
EVP_PKEY *pkey=NULL;
in=BIO_new(BIO_s_file_internal());
if (in == NULL)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in,file) <= 0)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_PEM)
{
j=ERR_R_PEM_LIB;
pkey=PEM_read_bio_PrivateKey(in,NULL,
ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
}
else if (type == SSL_FILETYPE_ASN1)
{
j = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_bio(in,NULL);
}
else
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (pkey == NULL)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
goto end;
}
ret=SSL_use_PrivateKey(ssl,pkey);
EVP_PKEY_free(pkey);
end:
if (in != NULL) BIO_free(in);
return(ret);
}
//----------------START Get Private key--------------------------
EVP_PKEY*
an_key_get_private_key_from_keypair (uint8_t *key_label)
{
const char cert_filestr[] = PRIVATE_KEY_LOCATION;
EVP_PKEY *pkey;
BIO* rsa_pub_bio = BIO_new_file(cert_filestr, "r");
pkey = PEM_read_bio_PrivateKey(rsa_pub_bio, NULL, NULL, NULL);
if (pkey == NULL) {
DEBUG_AN_LOG(AN_LOG_BS_EVENT, AN_DEBUG_INFO, NULL,
"\n%sFailed to read private key from key pair",an_bs_event);
return FALSE;
}
fprintf(stdout, "RSA Private Key: (%d bit)\n", EVP_PKEY_bits(pkey));
BIO_free(rsa_pub_bio);
return(pkey);
}
static EVP_PKEY *
getkey(void)
{
EVP_PKEY *key;
BIO *bio;
/* new read-only BIO backed by KEY. */
bio = BIO_new_mem_buf((char*)KEY, -1);
tt_assert(bio);
key = PEM_read_bio_PrivateKey(bio,NULL,NULL,NULL);
BIO_free(bio);
tt_assert(key);
return key;
end:
return NULL;
}
/*
* Corrupted CA chain when initializing server
*/
static void us894_test19 (void)
{
BIO *certin, *keyin;
X509 *x;
EVP_PKEY *priv_key;
int rv;
EST_CTX *ctx;
LOG_FUNC_NM;
/*
* Read the server cert
*/
certin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(certin, US894_SERVER_CERT);
CU_ASSERT(rv > 0);
x = PEM_read_bio_X509(certin, NULL, NULL, NULL);
CU_ASSERT(x != NULL);
BIO_free(certin);
/*
* Read the server key
*/
keyin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(keyin, US894_SERVER_KEY);
CU_ASSERT(rv > 0);
priv_key = PEM_read_bio_PrivateKey(keyin, NULL, NULL, NULL);
CU_ASSERT(priv_key != NULL);
BIO_free(keyin);
/*
* Attempt to init EST proxy a corrupted CA chain
*/
est_init_logger(EST_LOG_LVL_INFO, NULL);
ctx = est_proxy_init((unsigned char*)"Bogus CA chain", 14,
(unsigned char*)"Bogus CA chain", 14,
EST_CERT_FORMAT_PEM, "testrealm", x, priv_key,
"estuser", "estpwd");
CU_ASSERT(ctx == NULL);
X509_free(x);
EVP_PKEY_free(priv_key);
}
bool TLSEncryption::load_certificate(const char* certificate_buf)
{
if (!certificate_buf) return false;
bool result = false;
#if defined(SSL_LIB_OPENSSL)
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
BIO *bio_buffer;
//create readonly memory BIO
if (!(bio_buffer = BIO_new_mem_buf((void*)certificate_buf, -1))) return false; //certificate_buf should be null terminated;
//load PEM cert from buffer
if(PEM_read_bio_X509(bio_buffer, &cert, 0, NULL))
{
result = (SSL_CTX_use_certificate(m_ctx, cert) == SSL_SUCCESS);
X509_free(cert);
BIO_reset(bio_buffer);
}
//load PEM private key from buffer
if(result && PEM_read_bio_PrivateKey(bio_buffer, &pkey, 0, NULL))
{
result = (SSL_CTX_use_PrivateKey(m_ctx, pkey) == SSL_SUCCESS);
EVP_PKEY_free(pkey);
}
BIO_free(bio_buffer);
#elif defined(SSL_LIB_CYASSL)
uint certificate_buf_len = strlen(certificate_buf);
if (CyaSSL_CTX_use_certificate_buffer(m_ctx, (const unsigned char*)certificate_buf,
certificate_buf_len, SSL_FILETYPE_PEM) == SSL_SUCCESS) {
result = (CyaSSL_CTX_use_PrivateKey_buffer(m_ctx, (const unsigned char*)certificate_buf,
certificate_buf_len, SSL_FILETYPE_PEM) == SSL_SUCCESS);
}
#endif
return result;
}
Handle<Key> Provider_System::getKeyFromURI(Handle<std::string> uri, Handle<std::string> format, bool enc){
LOGGER_FN();
try{
if (enc){
THROW_EXCEPTION(0, Provider_System, NULL, "Encrypted key need password callback function. Unsupported now");
}
BIO *bioFile = NULL;
EVP_PKEY *hkey = NULL;
LOGGER_OPENSSL(BIO_new);
bioFile = BIO_new(BIO_s_file());
LOGGER_OPENSSL(BIO_read_filename);
if (BIO_read_filename(bioFile, uri->c_str()) > 0){
LOGGER_OPENSSL(BIO_seek);
BIO_seek(bioFile, 0);
if (strcmp(format->c_str(), "PEM") == 0){
LOGGER_OPENSSL(PEM_read_bio_PrivateKey);
hkey = PEM_read_bio_PrivateKey(bioFile, NULL, 0, NULL);
}
else if (strcmp(format->c_str(), "DER") == 0){
LOGGER_OPENSSL(d2i_PKCS8PrivateKey_bio);
hkey = d2i_PKCS8PrivateKey_bio(bioFile, NULL, 0, NULL);
}
else{
THROW_EXCEPTION(0, Provider_System, NULL, "Unsupported format. Only PEM | DER");
}
}
LOGGER_OPENSSL(BIO_free);
BIO_free(bioFile);
if (!hkey){
THROW_EXCEPTION(0, Provider_System, NULL, "Unable decode key from PEM/DER");
}
else{
return new Key(hkey);
}
}
catch (Handle<Exception> e){
THROW_EXCEPTION(0, Provider_System, e, "getCSRFromURI");
}
}
// 根据给定的私钥获取RSA结构
//
// 本函数从openssl源码中crypto/pem/pem_all.c中第186行:
// RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
// 的函数修改而来,由从pem文件读取改为从内存中读取
RSA* get_rsa_from_private_key(const char* private_key)
{
RSA* rsa = NULL;
BIO *bio = NULL;
EVP_PKEY *pktmp = NULL;
if ((bio=BIO_new(BIO_s_mem())) == NULL)
{
PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
return(0);
}
BIO_puts(bio, private_key);
pktmp=PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
BIO_free(bio);
return pkey_get_rsa(pktmp, &rsa);
}
EVP_PKEY *fileio_read_pkey(const char *filename)
{
EVP_PKEY *key = NULL;
BIO *bio;
bio = BIO_new_file(filename, "r");
if (!bio)
goto out;
key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
out:
BIO_free_all(bio);
if (!key) {
fprintf(stderr, "Can't load key from file '%s'\n", filename);
ERR_print_errors_fp(stderr);
}
return key;
}
EVP_PKEY* copyPrivateKey(EVP_PKEY* from)
{
BIO* b = BIO_new( BIO_s_mem() );
BioAutoPtr bio(b);
if (PEM_write_bio_PKCS8PrivateKey(bio.get(), from, 0, 0, 0, 0, 0) <= 0)
{
throw InvalidCertificate("invalid certificate");
}
EVP_PKEY *target = 0;
if (PEM_read_bio_PrivateKey(bio.get(), &target, 0, 0) == 0)
{
throw InvalidCertificate("invalid certificate");
}
return target;
}
int
put_key_pem(int is_public_only, PyObject *py_key_pem,
PyObject **py_private_key_ndn, PyObject **py_public_key_ndn,
PyObject **py_public_key_digest,
char *password)
{
unsigned char *key_pem;
Py_ssize_t pem_len;
struct ndn_pkey *key = NULL;
BIO *bio = NULL;
int r;
unsigned long err;
r = PyBytes_AsStringAndSize(py_key_pem, (char **) &key_pem, &pem_len);
JUMP_IF_NEG(r, error);
bio = BIO_new_mem_buf(key_pem, pem_len);
JUMP_IF_NULL(bio, openssl_error);
if (is_public_only)
key = (struct ndn_pkey*)PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
else
key = (struct ndn_pkey*)PEM_read_bio_PrivateKey(bio, NULL, NULL, password);
JUMP_IF_NULL(key, openssl_error);
r = ndn_keypair(is_public_only, key, py_private_key_ndn, py_public_key_ndn);
JUMP_IF_NEG(r, error);
r = create_public_key_digest(key, py_public_key_digest, NULL);
JUMP_IF_NEG(r, error);
return 0;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to parse key: %s",
ERR_reason_error_string(err));
error:
EVP_PKEY_free ((EVP_PKEY *)key);
BIO_free(bio);
return -1;
}
static EVP_PKEY* load_key(const char* key,
size_t key_size,
const char* password) {
BIO* bio = BIO_new_mem_buf(const_cast<char*>(key), key_size);
if (bio == NULL) {
return NULL;
}
EVP_PKEY* pkey = PEM_read_bio_PrivateKey(bio,
NULL,
pem_password_callback,
const_cast<char*>(password));
if (pkey == NULL) {
ssl_log_errors("Unable to load private key");
}
BIO_free_all(bio);
return pkey;
}
RSA* key_from_bio(BIO *key_bio, BOOL is_private) {
EVP_PKEY *pkey = NULL;
if(is_private) {
pkey = PEM_read_bio_PrivateKey(key_bio,
NULL,NULL, NULL);
}else {
pkey = PEM_read_bio_PUBKEY(key_bio, NULL,
NULL, NULL);
}
if(!pkey) {
fprintf(stderr, "ERROR: key read from BIO is null\n");
exit(1);
}
BIO_free(key_bio);
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
return rsa;
}
/*
* Null trusted CA chain when initializing server
*/
static void us901_test18(void) {
BIO *certin, *keyin;
X509 *x;
EVP_PKEY *priv_key;
int rv;
EST_CTX *ctx;
LOG_FUNC_NM
;
/*
* Read the server cert
*/
certin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(certin, US901_SERVER_CERT);
CU_ASSERT(rv > 0);
x = PEM_read_bio_X509(certin, NULL, NULL, NULL);
CU_ASSERT(x != NULL);
BIO_free(certin);
/*
* Read the server key
*/
keyin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(keyin, US901_SERVER_KEY);
CU_ASSERT(rv > 0);
priv_key = PEM_read_bio_PrivateKey(keyin, NULL, NULL, NULL);
CU_ASSERT(priv_key != NULL);
BIO_free(keyin);
/*
* Attempt to init EST server using NULL local CA chain
*/
est_init_logger(EST_LOG_LVL_INFO, NULL);
ctx = est_server_init(NULL, 0, NULL, 0, EST_CERT_FORMAT_PEM, "testrealm", x,
priv_key);
CU_ASSERT(ctx == NULL);
X509_free(x);
EVP_PKEY_free(priv_key);
}
static EP_CRYPTO_KEY *
key_read_bio(BIO *bio,
const char *filename,
int keyform,
uint32_t flags)
{
EVP_PKEY *key = NULL;
const char *pubsec = EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags) ?
"secret" : "public";
ep_dbg_cprintf(Dbg, 20, "key_read_bio: name %s, form %d, flags %x\n",
filename, keyform, flags);
EP_ASSERT(bio != NULL);
if (keyform <= 0)
return _ep_crypto_error("keyform must be specified");
if (keyform == EP_CRYPTO_KEYFORM_PEM)
{
// easy case
if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags))
key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
else
key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
}
else if (keyform == EP_CRYPTO_KEYFORM_DER)
{
if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags))
key = d2i_PrivateKey_bio(bio, NULL);
else
key = d2i_PUBKEY_bio(bio, NULL);
}
else
{
return _ep_crypto_error("unknown key format %d", keyform);
}
if (key == NULL)
return _ep_crypto_error("cannot read %s key from %s",
pubsec, filename);
return key;
}
static void InitializeDefaultCredentials()
{
BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
assert (bio);
if (DefaultPrivateKey) {
// we may come here in a restart.
EVP_PKEY_free (DefaultPrivateKey);
DefaultPrivateKey = NULL;
}
PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
if (DefaultCertificate) {
// we may come here in a restart.
X509_free (DefaultCertificate);
DefaultCertificate = NULL;
}
PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
BIO_free (bio);
}
EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_password_cb *cb, void *s)
{
EVP_PKEY *rc;
BIO *bioS;
BIO *bioF;
/* 1. try PEM (= DER+Base64+headers) */
if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL;
rc = PEM_read_bio_PrivateKey(bioS, key, cb, s);
BIO_free(bioS);
if (rc == NULL) {
/* 2. try DER+Base64 */
if ((bioS = BIO_new_file(filename, "r")) == NULL)
return NULL;
if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
BIO_free(bioS);
return NULL;
}
bioS = BIO_push(bioF, bioS);
rc = d2i_PrivateKey_bio(bioS, NULL);
BIO_free_all(bioS);
if (rc == NULL) {
/* 3. try plain DER */
if ((bioS = BIO_new_file(filename, "r")) == NULL)
return NULL;
rc = d2i_PrivateKey_bio(bioS, NULL);
BIO_free(bioS);
}
}
if (rc != NULL && key != NULL) {
if (*key != NULL)
EVP_PKEY_free(*key);
*key = rc;
}
return rc;
}
int main(int argc, char **argv)
{
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
#if !defined(OPENSSL_NO_ENGINE)
/* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
ENGINE_register_all_ciphers();
ENGINE_register_all_digests();
#endif
{
BIO *bio = BIO_new_mem_buf(RSA_CERTIFICATE, strlen(RSA_CERTIFICATE));
X509 *x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
assert(x509 != NULL || !!"failed to load certificate");
BIO_free(bio);
cert.len = i2d_X509(x509, &cert.base);
X509_free(x509);
}
{
BIO *bio = BIO_new_mem_buf(RSA_PRIVATE_KEY, strlen(RSA_PRIVATE_KEY));
EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
assert(pkey != NULL || !"failed to load private key");
BIO_free(bio);
ptls_openssl_init_sign_certificate(&cert_signer, pkey);
EVP_PKEY_free(pkey);
}
subtest("next-packet-number", test_next_packet_number);
subtest("ranges", test_ranges);
subtest("frame", test_frame);
subtest("maxsender", test_maxsender);
subtest("ack", test_ack);
subtest("simple", test_simple);
subtest("stream-concurrency", test_stream_concurrency);
subtest("loss", test_loss);
return done_testing();
}
embassy_t *pki_embassy_load_from_memory(char *certificate, char *privatekey, uint32_t serial)
{
BIO *bio_memory = NULL;
embassy_t *embassy;
// create an empty embassy
embassy = calloc(1, sizeof(embassy_t));
// fetch the certificate in PEM format and convert to X509
bio_memory = BIO_new_mem_buf(certificate, strlen(certificate));
embassy->certificate = PEM_read_bio_X509(bio_memory, NULL, NULL, NULL);
BIO_free(bio_memory);
// fetch the private key in PEM format and convert to EVP
bio_memory = BIO_new_mem_buf(privatekey, strlen(privatekey));
embassy->keyring = PEM_read_bio_PrivateKey(bio_memory, NULL, NULL, NULL);
BIO_free(bio_memory);
embassy->serial = serial;
return embassy;
}
/* Loads an in-memory PEM private key into the SSL context. */
static tsi_result ssl_ctx_use_private_key(SSL_CTX* context,
const unsigned char* pem_key,
size_t pem_key_size) {
tsi_result result = TSI_OK;
EVP_PKEY* private_key = NULL;
BIO* pem = BIO_new_mem_buf((void*)pem_key, pem_key_size);
if (pem == NULL) return TSI_OUT_OF_RESOURCES;
do {
private_key = PEM_read_bio_PrivateKey(pem, NULL, NULL, "");
if (private_key == NULL) {
result = TSI_INVALID_ARGUMENT;
break;
}
if (!SSL_CTX_use_PrivateKey(context, private_key)) {
result = TSI_INVALID_ARGUMENT;
break;
}
} while (0);
if (private_key != NULL) EVP_PKEY_free(private_key);
BIO_free(pem);
return result;
}
/*
* Null Server certificate when initializing server
*/
static void us894_test16 (void)
{
unsigned char *cacerts = NULL;
int cacerts_len = 0;
BIO *keyin;
EVP_PKEY *priv_key;
int rv;
EST_CTX *ctx;
LOG_FUNC_NM;
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(US894_CACERT, &cacerts);
CU_ASSERT(cacerts_len > 0);
/*
* Read the server key
*/
keyin = BIO_new(BIO_s_file_internal());
rv = BIO_read_filename(keyin, US894_SERVER_KEY);
CU_ASSERT(rv > 0);
priv_key = PEM_read_bio_PrivateKey(keyin, NULL, NULL, NULL);
CU_ASSERT(priv_key != NULL);
BIO_free(keyin);
/*
* Attempt to init EST proxy using NULL server key
*/
est_init_logger(EST_LOG_LVL_INFO, NULL);
ctx = est_proxy_init(cacerts, cacerts_len, cacerts, cacerts_len,
EST_CERT_FORMAT_PEM,
"testrealm", NULL, priv_key,
"estuser", "estpwd");
CU_ASSERT(ctx == NULL);
EVP_PKEY_free(priv_key);
}
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) {
int reason_code, ret = 0;
BIO *in;
EVP_PKEY *pkey = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_PEM) {
reason_code = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata);
} else if (type == SSL_FILETYPE_ASN1) {
reason_code = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_bio(in, NULL);
} else {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (pkey == NULL) {
OPENSSL_PUT_ERROR(SSL, reason_code);
goto end;
}
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
end:
BIO_free(in);
return ret;
}
void pki_evp::fromPEM_BIO(BIO *bio, QString name)
{
EVP_PKEY *pkey;
int pos;
pass_info p(XCA_TITLE, QObject::tr(
"Please enter the password to decrypt the private key."));
pos = BIO_tell(bio);
pkey = PEM_read_bio_PrivateKey(bio, NULL, MainWindow::passRead, &p);
if (!pkey){
pki_ign_openssl_error();
pos = BIO_seek(bio, pos);
pkey = PEM_read_bio_PUBKEY(bio, NULL, MainWindow::passRead, &p);
}
if (pkey){
if (key)
EVP_PKEY_free(key);
key = pkey;
if (EVP_PKEY_isPrivKey(key))
bogusEncryptKey();
setIntName(rmslashdot(name));
}
openssl_error(name);
}
EVP_PKEY* VSslServer::loadKey(VError& error, QString fileName)
{
BIO* bio = BIO_new(BIO_s_file());
if (bio == NULL)
{
QString msg = "BIO_s_file return NULL";
LOG_ERROR("%s", qPrintable(msg));
error = VSslError(msg, VSslError::IN_BIO_S_FILE);
return NULL;
}
long res = BIO_read_filename(bio, qPrintable(fileName));
if (res <= 0)
{
QString msg = QString("BIO_read_filename(%1) return %2").arg(fileName).arg(res);
LOG_ERROR("%s", qPrintable(msg));
error = VSslError(msg, VSslError::IN_BIO_READ_FILENAME);
BIO_free(bio);
return NULL;
}
EVP_PKEY* key = PEM_read_bio_PrivateKey(bio, NULL,
NULL, // (pem_password_cb*)password_callback // gilgil temp 2008.10.29
NULL // &cb_data);
);
if (key == NULL)
{
QString msg = "PEM_read_bio_PrivateKey return NULL";
LOG_ERROR("%s", qPrintable(msg));
error = VSslError(msg, VSslError::IN_PEM_READ_BIO_PRIVATEKEY);
BIO_free(bio);
return NULL;
}
BIO_free(bio);
return key;
}
bool
CertificateManager::isCertificateValid (std::string certificate)
{
std::shared_ptr <BIO> bio;
std::shared_ptr <X509> x509;
std::shared_ptr <EVP_PKEY> private_key;
bio = std::shared_ptr<BIO>
(BIO_new_mem_buf ( (gpointer) certificate.c_str (), -1),
[] (BIO * obj) {
BIO_free_all (obj);
});
if (!bio) {
return false;
}
x509 = std::shared_ptr<X509>(
PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr),
[](X509 *obj) { X509_free(obj); });
if (!x509) {
return false;
}
(void) BIO_reset (bio.get() );
private_key = std::shared_ptr<EVP_PKEY>(
PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr),
[](EVP_PKEY *obj) { EVP_PKEY_free(obj); });
if (!private_key) {
return false;
}
return true;
}
static EVP_PKEY *load_key_file(const gchar *keyfile, GError **error)
{
EVP_PKEY *res = NULL;
BIO *key = NULL;
unsigned long err;
const gchar *data;
int flags;
g_return_val_if_fail(keyfile != NULL, NULL);
g_return_val_if_fail(error == NULL || *error == NULL, NULL);
key = BIO_new_file(keyfile, "r");
if (key == NULL) {
g_set_error(
error,
R_SIGNATURE_ERROR,
R_SIGNATURE_ERROR_LOAD_FAILED,
"failed to load key file '%s'", keyfile);
goto out;
}
res = PEM_read_bio_PrivateKey(key, NULL, NULL, NULL);
if (res == NULL) {
err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
g_set_error(
error,
R_SIGNATURE_ERROR,
R_SIGNATURE_ERROR_PARSE_ERROR,
"failed to parse key file '%s': %s", keyfile,
(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));
goto out;
}
out:
BIO_free_all(key);
return res;
}
static void
init_from_pem_string (GstDtlsCertificate * self, const gchar * pem)
{
GstDtlsCertificatePrivate *priv = self->priv;
BIO *bio;
g_return_if_fail (pem);
g_return_if_fail (!priv->x509);
g_return_if_fail (!priv->private_key);
bio = BIO_new_mem_buf ((gpointer) pem, -1);
g_return_if_fail (bio);
priv->x509 = PEM_read_bio_X509 (bio, NULL, NULL, NULL);
if (!priv->x509) {
GST_WARNING_OBJECT (self, "failed to read certificate from pem string");
return;
}
(void) BIO_reset (bio);
priv->private_key = PEM_read_bio_PrivateKey (bio, NULL, NULL, NULL);
BIO_free (bio);
bio = NULL;
if (!priv->private_key) {
GST_WARNING_OBJECT (self, "failed to read private key from pem string");
X509_free (priv->x509);
priv->x509 = NULL;
return;
}
self->priv->pem = g_strdup (pem);
}
int SSL_CTX_use_PrivateKey_file_pass (SSL_CTX * ctx, char *filename, char *pass)
{
EVP_PKEY *pkey = NULL;
BIO *key = NULL;
key = BIO_new (BIO_s_file ());
BIO_read_filename (key, filename);
pkey = PEM_read_bio_PrivateKey (key, NULL, NULL, pass);
if (pkey == NULL)
{
printf ("PEM_read_bio_PrivateKey err");
return -1;
}
if (SSL_CTX_use_PrivateKey (ctx, pkey) <= 0)
{
printf ("SSL_CTX_use_PrivateKey err\n");
return -1;
}
BIO_free (key);
return 1;
}
static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
{
BIO *certbio, *keybio;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
if (!TEST_ptr(certbio = BIO_new_file(certstr, "r")))
return 0;
cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
BIO_free(certbio);
if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r")))
goto end;
key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
BIO_free(keybio);
if (!TEST_ptr(cert) || !TEST_ptr(key))
goto end;
*cert_out = cert;
*key_out = key;
return 1;
end:
X509_free(cert);
EVP_PKEY_free(key);
return 0;
}
/*============================================================================
* OpcUa_P_OpenSSL_RSA_LoadPrivateKeyFromFile
*===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_LoadPrivateKeyFromFile(
OpcUa_StringA a_privateKeyFile,
OpcUa_P_FileFormat a_fileFormat,
OpcUa_StringA a_password, /* optional: just needed encrypted PEM */
OpcUa_ByteString* a_pPrivateKey)
{
BIO* pPrivateKeyFile = OpcUa_Null;
RSA* pRsaPrivateKey = OpcUa_Null;
EVP_PKEY* pEvpKey = OpcUa_Null;
unsigned char* pData;
OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_LoadPrivateKeyFromFile");
/* check parameters */
OpcUa_ReturnErrorIfArgumentNull(a_privateKeyFile);
OpcUa_ReturnErrorIfArgumentNull(a_pPrivateKey);
if(a_fileFormat == OpcUa_Crypto_Encoding_Invalid)
{
return OpcUa_BadInvalidArgument;
}
OpcUa_ReferenceParameter(a_password);
/* open file */
pPrivateKeyFile = BIO_new_file((const char*)a_privateKeyFile, "rb");
OpcUa_ReturnErrorIfArgumentNull(pPrivateKeyFile);
/* read and convert file */
switch(a_fileFormat)
{
case OpcUa_Crypto_Encoding_PEM:
{
/* read from file */
pEvpKey = PEM_read_bio_PrivateKey( pPrivateKeyFile, /* file */
NULL, /* key struct */
0, /* password callback */
a_password); /* default passphrase or arbitrary handle */
OpcUa_GotoErrorIfNull(pEvpKey, OpcUa_Bad);
break;
}
case OpcUa_Crypto_Encoding_PKCS12:
{
int iResult = 0;
/* read from file. */
PKCS12* pPkcs12 = d2i_PKCS12_bio(pPrivateKeyFile, NULL);
if (pPkcs12 == 0)
{
OpcUa_GotoErrorWithStatus(OpcUa_BadEncodingError);
}
/* parse the certificate. */
iResult = PKCS12_parse(pPkcs12, a_password, &pEvpKey, NULL, NULL);
if (iResult == 0)
{
OpcUa_GotoErrorWithStatus(OpcUa_BadEncodingError);
}
/* free certificate. */
PKCS12_free(pPkcs12);
pPkcs12 = NULL;
break;
}
case OpcUa_Crypto_Encoding_DER:
default:
{
uStatus = OpcUa_BadNotSupported;
OpcUa_GotoError;
}
}
/* convert to intermediary openssl struct */
pRsaPrivateKey = EVP_PKEY_get1_RSA(pEvpKey);
EVP_PKEY_free(pEvpKey);
OpcUa_GotoErrorIfNull(pRsaPrivateKey, OpcUa_Bad);
/* get required length */
a_pPrivateKey->Length = i2d_RSAPrivateKey(pRsaPrivateKey, OpcUa_Null);
OpcUa_GotoErrorIfTrue((a_pPrivateKey->Length <= 0), OpcUa_Bad);
/* allocate target buffer */
a_pPrivateKey->Data = (OpcUa_Byte*)OpcUa_P_Memory_Alloc(a_pPrivateKey->Length);
OpcUa_GotoErrorIfAllocFailed(a_pPrivateKey->Data);
/* do real conversion */
pData = a_pPrivateKey->Data;
a_pPrivateKey->Length = i2d_RSAPrivateKey(pRsaPrivateKey, &pData);
OpcUa_GotoErrorIfTrue((a_pPrivateKey->Length <= 0), OpcUa_Bad);
RSA_free(pRsaPrivateKey);
BIO_free(pPrivateKeyFile);
OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;
if(pEvpKey)
{
EVP_PKEY_free(pEvpKey);
}
if(a_pPrivateKey != OpcUa_Null)
{
if(a_pPrivateKey->Data != OpcUa_Null)
{
OpcUa_P_Memory_Free(a_pPrivateKey->Data);
a_pPrivateKey->Data = OpcUa_Null;
a_pPrivateKey->Length = -1;
}
}
if(pPrivateKeyFile != NULL)
{
BIO_free(pPrivateKeyFile);
}
if(pRsaPrivateKey != NULL)
{
RSA_free(pRsaPrivateKey);
}
OpcUa_FinishErrorHandling;
}
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
/* Open content being signed */
in = BIO_new_file("smencr.txt", "r");
if (!in)
goto err;
/* Sign content */
p7 = SMIME_read_PKCS7(in, NULL);
if (!p7)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
PKCS7_free(p7);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}