int write_key_pem_private(FILE *fp, struct ndn_pkey *private_key_ndn, char *password) { unsigned long err; int res = 0; if (password) { res = PEM_write_PKCS8PrivateKey (fp, (EVP_PKEY *) private_key_ndn, EVP_aes_256_cbc (), password, strlen(password), NULL, NULL); } else { res = PEM_write_PrivateKey(fp, (EVP_PKEY *) private_key_ndn, NULL, NULL, 0, NULL, NULL); } if (!res) { err = ERR_get_error(); PyErr_Format(g_PyExc_NDNKeyError, "Unable to write Private Key: %s", ERR_reason_error_string(err)); return -1; } return 0; }
int main(int argc, char *argv[]) { FILE *fp = fopen("ecdsa.pem", "w"); FILE *fp1 = fopen("ecdsa_pub.pem", "w"); /*EVP_PKEY is a structure used by openssl to store private keys*/ EVP_PKEY *root_pkey; initOpenSSL(); /*Generate a private key for root CA*/ root_pkey = generate_PrivateKey(); /*Printing it on the stdout*/ PEM_write_PrivateKey(stdout, root_pkey, NULL, NULL, 0, 0, NULL); PEM_write_PUBKEY(stdout, root_pkey); /*Copying private key on the file */ PEM_write_PrivateKey(fp, root_pkey, NULL, NULL, 0, 0, NULL); /*Copying public key on the file */ PEM_write_PUBKEY(fp1, root_pkey); /*Free the allocated EVP_PKEY structure*/ EVP_PKEY_free(root_pkey); return 0; }
int main(int argc, char **argv) { BIO *bio_err; X509 *x509=NULL; EVP_PKEY *pkey=NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509,&pkey,argv[1],1024,0,365); FILE* file = fopen(argv[2], "w"); PEM_write_PrivateKey(file,pkey,NULL,NULL,0,NULL, NULL); fclose(file); printf("Private key written to: %s\n", argv[2]); file = fopen(argv[3], "w"); X509_print_fp(file,x509); PEM_write_X509(file,x509); fclose(file); printf("Certificate written to: %s\n", argv[3]); X509_free(x509); EVP_PKEY_free(pkey); ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return(0); }
int main() { BIO *bio_err; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); mkit(&x509, &pkey, 512, 0, 365); RSA_print_fp(stdout, pkey->pkey.rsa, 0); X509_print_fp(stdout, x509); PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); PEM_write_X509(stdout, x509); X509_free(x509); EVP_PKEY_free(pkey); #ifdef CUSTOM_EXT /* Only needed if we add objects or custom extensions */ X509V3_EXT_cleanup(); OBJ_cleanup(); #endif CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return (0); }
int isns_dsa_store_private(const char *name, EVP_PKEY *key) { FILE *fp; int rv, fd; if ((fd = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) { isns_error("Cannot save DSA key to %s: %m\n", name); return 0; } if (!(fp = fdopen(fd, "w"))) { isns_error("fdopen(%s): %m\n", name); close(fd); return 0; } rv = PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL); fclose(fp); if (rv == 0) isns_dsasig_report_errors("Failed to store private key", isns_error); return rv; }
int main(int argc, char **argv) { BIO *bio_err; X509 *x509=NULL; EVP_PKEY *pkey=NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509,&pkey,512,0,365); RSA_print_fp(stdout,pkey->pkey.rsa,0); X509_print_fp(stdout,x509); PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL); PEM_write_X509(stdout,x509); X509_free(x509); EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return(0); }
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName())); if (isPubKey()) { writePublic(fname, pem); return; } FILE *fp = fopen(QString2filename(fname), "w"); if (!fp) { fopen_error(fname); return; } if (key){ pkey = decryptKey(); if (pkey) { if (pem) { PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); } else { i2d_PrivateKey_fp(fp, pkey); } EVP_PKEY_free(pkey); } pki_openssl_error(); } fclose(fp); }
int main(int argc, char **argv) { void *pkey; pkey = EVP_PKEY_new(); FILE f = fopen(pem,"w"); if (!f) return 0; PEM_write_PrivateKey(f,pkey,EVP_des_ede3_cbc(),NULL,0,NULL,NULL); fclose(f); return 0; }
int main(int argc, char **argv) { FILE *fp; EVP_PKEY *pkey; X509 *cert; STACK_OF(X509) *ca = NULL; PKCS12 *p12; int i; if (argc != 4) { fprintf(stderr, "Usage: pkread p12file password opfile\n"); exit (1); } SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); if (!(fp = fopen(argv[1], "rb"))) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } p12 = d2i_PKCS12_fp(fp, NULL); fclose (fp); if (!p12) { fprintf(stderr, "Error reading PKCS#12 file\n"); ERR_print_errors_fp(stderr); exit (1); } if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) { fprintf(stderr, "Error parsing PKCS#12 file\n"); ERR_print_errors_fp(stderr); exit (1); } PKCS12_free(p12); if (!(fp = fopen(argv[3], "w"))) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } if (pkey) { fprintf(fp, "***Private Key***\n"); PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); } if (cert) { fprintf(fp, "***User Certificate***\n"); PEM_write_X509_AUX(fp, cert); } if (ca && sk_X509_num(ca)) { fprintf(fp, "***Other Certificates***\n"); for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); } fclose(fp); return 0; }
gboolean WritePemFile(EVP_PKEY *pkey, // IN const gchar *keyFile, // IN X509 *cert, // IN const gchar *certFile) // IN { FILE *file; gboolean ret = FALSE; gchar *err = NULL; mode_t mode; mode = umask(066); file = fopen(keyFile, "w"); if (!file) { Error("Failed to open %s: %s.\n", keyFile, strerror(errno)); goto exit; } if (!PEM_write_PrivateKey(file, pkey, NULL, NULL, 0, NULL, NULL)) { Error("Failed to write the private key file %s: %s.\n", keyFile, GetSSLError(&err)); goto exit; } fclose(file); umask(022); file = fopen(certFile, "w"); if (!file) { Error("Failed to open %s: %s.\n", certFile, strerror(errno)); goto exit; } if (!PEM_write_X509(file, cert)) { Error("Failed to write the certificate file %s: %s.\n", certFile, GetSSLError(&err)); goto exit; } ret = TRUE; exit: if (file) { fclose(file); } g_free(err); umask(mode); return ret; }
int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { EVP_PKEY *k; int ret; k = EVP_PKEY_new(); if (!k) return 0; EVP_PKEY_set1_DSA(k, x); ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); EVP_PKEY_free(k); return ret; }
void saveCertKeyPair(const char* certFile, const char* p12File, const char* keyPairFile, CertKeyPair certKeyPair) { FILE* certFilePtr = fopen(certFile, "w"); FILE* keyPairFilePtr = fopen(keyPairFile, "w"); FILE* p12FilePtr = fopen(p12File, "wb"); //TODO: error check PEM_write_PrivateKey(keyPairFilePtr, certKeyPair.pkey, NULL, NULL, 0, NULL, NULL); PEM_write_X509(certFilePtr, certKeyPair.x509); i2d_PKCS12_fp(p12FilePtr, certKeyPair.p12); fclose(p12FilePtr); fclose(certFilePtr); fclose(keyPairFilePtr); }
int RSAprivKeyToFile(EVP_PKEY* privKey, char* fname, int* msglen){ FILE * f = NULL; if(privKey == NULL || fname == NULL || strlen(fname)<1 || msglen == NULL) return 0; f = fopen(fname, "w"); if (f == NULL) return 0; *msglen = PEM_write_PrivateKey(f , privKey, NULL, NULL, 0, 0, NULL); fclose(f); if(*msglen < 1) return 0; return 1; }
int main(int argc, char *argv[]) { BIO *bio_err; X509 *x509=NULL; EVP_PKEY *pkey=NULL; FILE *f; #ifdef _WIN32 WSADATA data; #endif if(argc<2) { fprintf(stderr,"Usage: %s <filename>",argv[0]); return -1; } #ifdef _WIN32 if(WSAStartup (MAKEWORD (1, 1), &data)) { fprintf(stderr,"WSAStartup failed"); return -1; } #endif CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkit(&x509,&pkey,1024,0,3650); /* Passing 100 years here causes buffer overrun!! */ f = fopen(argv[1],"w"); if(!f) { perror("Couldn't create key file"); return -1; } PEM_write_PrivateKey(f,pkey,NULL,NULL,0,NULL, NULL); PEM_write_X509(f,x509); fclose(f); X509_free(x509); EVP_PKEY_free(pkey); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return(0); }
/* * Save Private Key with a hashed filename. * Return: 0 on success, 1 on failure. */ static int savePKeyHome( X509* cert, EVP_PKEY * pkey) { char buf[4096]; FILE * fp = NULL; unsigned int i = 0; int retval = 1; char *dir = get_current_dir_name(); if (dir) { /*Attempt to create .dillo/certs blindly - check later*/ snprintf(buf,4096,"%s/.mDolphin/", dir); if (opendir(buf)==NULL) mkdir(buf, 01777); snprintf(buf,4096,"%s/.mDolphin/certs/", dir); if (opendir(buf)==NULL) mkdir(buf, 01777); do{ snprintf(buf,4096,"%s/.mDolphin/certs/%lx.%s", dir, X509_issuer_name_hash(cert), "key"); fp=fopen(buf, "r"); if (fp == NULL){ /*File name doesn't exist so we can use it safely*/ fp=fopen(buf, "w"); if (fp == NULL){ printf("Unable to open key save file in home dir\n"); break; } else { PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, 0, NULL); fclose(fp); retval = 0; break; } } else { fclose(fp); } i++; /*Don't loop too many times - just give up*/ } while( i < 1024 ); free(dir); } return retval; }
Try<Nothing> write_key_file(EVP_PKEY* private_key, const Path& path) { // We use 'FILE*' here because it is an API requirement by openssl. FILE* file = fopen(path.value.c_str(), "wb"); if (file == NULL) { return Error("Failed to open file '" + stringify(path) + "' for writing"); } if (PEM_write_PrivateKey(file, private_key, NULL, NULL, 0, NULL, NULL) != 1) { fclose(file); return Error("Failed to write private key to file '" + stringify(path) + "': PEM_write_PrivateKey"); } fclose(file); return Nothing(); }
void mkcert(X509_REQ* req, const char* rootkey, const char* rootcert, const char* passwd) { RSA* rsa_key = EVP_PKEY_get1_RSA(X509_PUBKEY_get(req->req_info->pubkey)); int key_length = RSA_size(rsa_key); if (key_len != 128) { fprintf(stderr, "CA::key length of req is %d, not long enough\n"); return NULL; } X509* cacert = X509_new(); assert(cacert != NULL); load_cacert(&cacert, rootcert); EVP_PKEY* cakey = EVP_PKEY_new(); load_cakey(&cakey, rootkey, passwd); PEM_write_PrivateKey(stdout, cakey, NULL, NULL, 0, NULL, NULL); PEM_write_PUBKEY(stdout, cakey); X509* x = X509_new(); X509_set_version(x, 3); ASN1_INTEGER_set(X509_get_serialNumber(x), 1024); X509_gmtime_adj(X509_get_notBefore(x), 0); X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * 365); X509_set_pubkey(x, X509_PUBKEY_get(req->req_info->pubkey)); X509_set_subject_name(x, X509_REQ_get_subject_name(req)); X509_set_issuer_name(x, X509_get_subject_name(cacert)); assert(X509_sign(x, cakey, EVP_sha1()) > 0); FILE* f = fopen("usercert.pem", "wb"); PEM_write_X509(f, x); fclose(f); X509_print_fp(stdout, x); PEM_write_X509(stdout, x); X509_free(cacert); EVP_PKEY_free(cakey); }
int key_store(key_t *key) { FILE *fp = NULL; if (key->fn) { fp = fopen(key->fn, "w"); if (fp) { PEM_write_PrivateKey(fp, key->key, NULL, NULL, 0, NULL, NULL); fclose(fp); return 1; } else { ERROR("Cannot create file %s\n", key->fn); } } else { ERROR("Key filename not specified\n"); } return 0; }
/* cr_load_certs : loads private key and certificates from files * if cert_file and key_file are NULL , the function will generate * a dynamic certificate and private key */ void cr_load_certs(SSL_CTX *ssl,u_char *cert_file,u_char *key_file) { X509 *cert = NULL; EVP_PKEY *pkey = NULL; if(cert_file == NULL || key_file == NULL) { /* generate a public certificate and a private key */ cr_make_cert(&cert,&pkey,2048,0,365); SSL_CTX_use_certificate(ssl, cert); SSL_CTX_use_PrivateKey(ssl, pkey); #ifdef CR_MK_CERT RSA_print_fp(stdout,pkey->pkey.rsa,0); X509_print_fp(stdout,cert); PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL); PEM_write_X509(stdout,cert); #endif } else { if (SSL_CTX_use_certificate_file(ssl, (const char*)cert_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_RSAPrivateKey_file(ssl, (const char*)key_file, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } } if (!SSL_CTX_check_private_key(ssl)) { perrx("Private key does not match the certificate public key\n"); exit(5); } }
static void dump_cert(struct dtls_cert *cert) { FILE *fp; char *buf; size_t len; if (get_log_level() < LOG_DEBUG) return; /* cert */ fp = open_memstream(&buf, &len); PEM_write_X509(fp, cert->x509); fclose(fp); ilog(LOG_DEBUG, "Dump of DTLS certificate:"); buf_dump_free(buf, len); /* key */ fp = open_memstream(&buf, &len); PEM_write_PrivateKey(fp, cert->pkey, NULL, NULL, 0, 0, NULL); fclose(fp); ilog(LOG_DEBUG, "Dump of DTLS private key:"); buf_dump_free(buf, len); }
/* * Create identity */ int build_identity(void) { EVP_PKEY * pkey ; RSA * rsa ; EC_KEY * ecc ; X509 * cert ; X509_NAME * name ; identity ca ; char filename[FIELD_SZ+5]; FILE * pem ; /* Check before overwriting */ sprintf(filename, "%s.crt", certinfo.cn); if (access(filename, F_OK)!=-1) { fprintf(stderr, "identity named %s already exists in this directory. Exiting now\n", filename); return -1 ; } sprintf(filename, "%s.key", certinfo.cn); if (access(filename, F_OK)!=-1) { fprintf(stderr, "identity named %s already exists in this directory. Exiting now\n", filename); return -1 ; } switch (certinfo.profile) { case PROFILE_ROOT_CA: strcpy(certinfo.ou, "Root"); break; case PROFILE_SUB_CA: strcpy(certinfo.ou, "Sub"); break; case PROFILE_SERVER: strcpy(certinfo.ou, "Server"); break; case PROFILE_CLIENT: strcpy(certinfo.ou, "Client"); break; case PROFILE_WWW: strcpy(certinfo.ou, "Server"); break; default: fprintf(stderr, "Unknown profile: aborting\n"); return -1 ; } if (certinfo.ec_name[0] && certinfo.profile!=PROFILE_CLIENT) { fprintf(stderr, "ECC keys are only supported for clients\n"); return -1 ; } if (certinfo.profile != PROFILE_ROOT_CA) { /* Need to load signing CA */ if (load_ca(certinfo.signing_ca, &ca)!=0) { fprintf(stderr, "Cannot find CA key or certificate\n"); return -1 ; } /* Organization is the same as root */ X509_NAME_get_text_by_NID(X509_get_subject_name(ca.cert), NID_organizationName, certinfo.o, FIELD_SZ); } /* Generate key pair */ if (certinfo.ec_name[0]) { printf("Generating EC key [%s]\n", certinfo.ec_name); ecc = EC_KEY_new_by_curve_name(OBJ_txt2nid(certinfo.ec_name)); if (!ecc) { fprintf(stderr, "Unknown curve: [%s]\n", certinfo.ec_name); return -1 ; } EC_KEY_set_asn1_flag(ecc, OPENSSL_EC_NAMED_CURVE); EC_KEY_generate_key(ecc); pkey = EVP_PKEY_new(); EVP_PKEY_assign_EC_KEY(pkey, ecc); } else { printf("Generating RSA-%d key\n", certinfo.rsa_keysz); pkey = EVP_PKEY_new(); rsa = RSA_generate_key(certinfo.rsa_keysz, RSA_F4, progress, 0); EVP_PKEY_assign_RSA(pkey, rsa); } /* Assign all certificate fields */ cert = X509_new(); X509_set_version(cert, 2); set_serial128(cert); X509_gmtime_adj(X509_get_notBefore(cert), 0); X509_gmtime_adj(X509_get_notAfter(cert), certinfo.days * 24*60*60); X509_set_pubkey(cert, pkey); name = X509_get_subject_name(cert); if (certinfo.c[0]) { X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)certinfo.c, -1, -1, 0); } X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)certinfo.o, -1, -1, 0); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)certinfo.cn, -1, -1, 0); X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, (unsigned char*)certinfo.ou, -1, -1, 0); if (certinfo.l[0]) { X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC, (unsigned char *)certinfo.l, -1, -1, 0); } if (certinfo.st[0]) { X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_ASC, (unsigned char *)certinfo.st, -1, -1, 0); } /* Set extensions according to profile */ switch (certinfo.profile) { case PROFILE_ROOT_CA: /* CA profiles can issue certs and sign CRLS */ set_extension(cert, cert, NID_basic_constraints, "critical,CA:TRUE"); set_extension(cert, cert, NID_key_usage, "critical,keyCertSign,cRLSign"); set_extension(cert, cert, NID_subject_key_identifier, "hash"); set_extension(cert, cert, NID_authority_key_identifier, "keyid:always"); break ; case PROFILE_SUB_CA: /* CA profiles can issue certs and sign CRLS */ set_extension(ca.cert, cert, NID_basic_constraints, "critical,CA:TRUE"); set_extension(ca.cert, cert, NID_key_usage, "critical,keyCertSign,cRLSign"); set_extension(ca.cert, cert, NID_subject_key_identifier, "hash"); set_extension(ca.cert, cert, NID_authority_key_identifier, "keyid:always"); break; case PROFILE_CLIENT: if (certinfo.san[0]) { set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san); } set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE"); set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "clientAuth"); set_extension(ca.cert, cert, NID_key_usage, "digitalSignature"); set_extension(ca.cert, cert, NID_subject_key_identifier, "hash"); set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always"); break ; case PROFILE_SERVER: if (certinfo.san[0]) { set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san); } set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE"); set_extension(ca.cert, cert, NID_netscape_cert_type, "server"); set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "serverAuth"); set_extension(ca.cert, cert, NID_key_usage, "digitalSignature,keyEncipherment"); set_extension(ca.cert, cert, NID_subject_key_identifier, "hash"); set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always"); break ; case PROFILE_WWW: if (certinfo.san[0]) { set_extension(ca.cert, cert, NID_subject_alt_name, certinfo.san); } set_extension(ca.cert, cert, NID_basic_constraints, "CA:FALSE"); set_extension(ca.cert, cert, NID_netscape_cert_type, "server"); set_extension(ca.cert, cert, NID_anyExtendedKeyUsage, "serverAuth,clientAuth"); set_extension(ca.cert, cert, NID_key_usage, "digitalSignature,keyEncipherment"); set_extension(ca.cert, cert, NID_subject_key_identifier, "hash"); set_extension(ca.cert, cert, NID_authority_key_identifier, "issuer:always,keyid:always"); break; case PROFILE_UNKNOWN: default: break ; } /* Set issuer */ if (certinfo.profile==PROFILE_ROOT_CA) { /* Self-signed */ X509_set_issuer_name(cert, name); X509_sign(cert, pkey, EVP_sha256()); } else { /* Signed by parent CA */ X509_set_issuer_name(cert, X509_get_subject_name(ca.cert)); X509_sign(cert, ca.key, EVP_sha256()); } printf("Saving results to %s.[crt|key]\n", certinfo.cn); pem = fopen(filename, "wb"); PEM_write_PrivateKey(pem, pkey, NULL, NULL, 0, NULL, NULL); fclose(pem); sprintf(filename, "%s.crt", certinfo.cn); pem = fopen(filename, "wb"); PEM_write_X509(pem, cert); fclose(pem); X509_free(cert); EVP_PKEY_free(pkey); if (certinfo.profile!=PROFILE_ROOT_CA) { X509_free(ca.cert); EVP_PKEY_free(ca.key); } printf("done\n"); return 0; }
int genrequest(char department[], char cname0[]) { X509_REQ *webrequest = NULL; EVP_PKEY *pubkey = NULL; X509_NAME *reqname = NULL; DSA *mydsa = NULL; RSA *myrsa = NULL; BIO *outbio = NULL; X509_NAME_ENTRY *e; int i; FILE *fp, *fp2; char buf[80] = ""; char country[81] = "UK"; char province[81] = "Gloucestershire"; char locality[81] = "Tetbury"; char organisation[81] = "TETBURY SOFTWARE SERVICES Ltd"; char email_addr[81] = "*****@*****.**"; char cname1[81] = ""; char cname2[81] = ""; char surname[81] = ""; char givenname[81] = ""; char keytype[81] = "rsa"; int rsastrength = 4096; int dsastrength = 0; /* we do not accept requests with no data, i.e. being empty with just a public key. Although technically possible to sign and create a cert, they don't make much sense. We require here at least one CN supplied. */ if(strlen(cname0) == 0 && strlen(cname1) == 0 && strlen(cname2) == 0) printf("Error supply at least one CNAME in request subject"); /* -------------------------------------------------------------------------- * * These function calls are essential to make many PEM + other openssl * * functions work. It is not well documented, I found out after looking into * * the openssl source directly. * * needed by: PEM_read_PrivateKey(), X509_REQ_verify() ... * * -------------------------------------------------------------------------- */ OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* ------------------------------------------------------------------------- * * Generate the key pair based on the selected keytype * * ------------------------------------------------------------------------- */ if ((pubkey=EVP_PKEY_new()) == NULL) printf("Error creating EVP_PKEY structure."); if(strcmp(keytype, "rsa") == 0) { myrsa = RSA_new(); if (! (myrsa = RSA_generate_key(rsastrength, RSA_F4, NULL, NULL))) printf("Error generating the RSA key."); if (!EVP_PKEY_assign_RSA(pubkey,myrsa)) printf("Error assigning RSA key to EVP_PKEY structure."); } else if(strcmp(keytype, "dsa") == 0) { mydsa = DSA_new(); mydsa = DSA_generate_parameters(dsastrength, NULL, 0, NULL, NULL, NULL, NULL); if (! (DSA_generate_key(mydsa))) printf("Error generating the DSA key."); if (!EVP_PKEY_assign_DSA(pubkey,mydsa)) printf("Error assigning DSA key to EVP_PKEY structure."); } else printf("Error: Wrong keytype - choose either RSA or DSA."); /* ------------------------------------------------------------------------- * * Generate the certificate request from scratch * * ------------------------------------------------------------------------- */ if ((webrequest=X509_REQ_new()) == NULL) printf("Error creating new X509_REQ structure."); if (X509_REQ_set_pubkey(webrequest, pubkey) == 0) printf("Error setting public key for X509_REQ structure."); if ((reqname=X509_REQ_get_subject_name(webrequest)) == NULL) printf("Error setting public key for X509_REQ structure."); /* The following functions create and add the entries, working out * * the correct string type and performing checks on its length. * * We also check the return value for errors... */ if(strlen(country) != 0) X509_NAME_add_entry_by_txt(reqname,"C", MBSTRING_ASC, (unsigned char*) country, -1, -1, 0); if(strlen(province) != 0) X509_NAME_add_entry_by_txt(reqname,"ST", MBSTRING_ASC, (unsigned char *) province, -1, -1, 0); if(strlen(locality) != 0) X509_NAME_add_entry_by_txt(reqname,"L", MBSTRING_ASC, (unsigned char *) locality, -1, -1, 0); if(strlen(organisation) != 0) X509_NAME_add_entry_by_txt(reqname,"O", MBSTRING_ASC, (unsigned char *) organisation, -1, -1, 0); if(strlen(department) != 0) X509_NAME_add_entry_by_txt(reqname,"OU", MBSTRING_ASC, (unsigned char *) department, -1, -1, 0); if(strlen(email_addr) != 0) X509_NAME_add_entry_by_txt(reqname,"emailAddress", MBSTRING_ASC, (unsigned char *) email_addr, -1, -1, 0); if(strlen(cname0) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname0, -1, -1, 0); if(strlen(cname1) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname1, -1, -1, 0); if(strlen(cname2) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname2, -1, -1, 0); if(strlen(surname) != 0) X509_NAME_add_entry_by_txt(reqname,"SN", MBSTRING_ASC, (unsigned char *) surname, -1, -1, 0); if(strlen(givenname) != 0) X509_NAME_add_entry_by_txt(reqname,"GN", MBSTRING_ASC, (unsigned char *) givenname, -1, -1, 0); /* ------------------------------------------------------------------------- * * Sign the certificate request: md5 for RSA keys, dss for DSA keys * * ------------------------------------------------------------------------- */ if(strcmp(keytype, "rsa") == 0) { if (!X509_REQ_sign(webrequest,pubkey,EVP_md5())) printf("Error MD5 signing X509_REQ structure."); } else if(strcmp(keytype, "dsa") == 0) { if (!X509_REQ_sign(webrequest,pubkey,EVP_dss())) printf("Error DSS signing X509_REQ structure."); } /* ------------------------------------------------------------------------- * * and sort out the content plus start the html output * * ------------------------------------------------------------------------- */ if (! (fp=fopen("clave_publica.pem", "w"))) printf("No puedo crear el fichero de la request"); if (! (fp2=fopen("clave_privada.pem", "w"))) printf("No puedo crear el fichero de la clave privada"); outbio = BIO_new(BIO_s_file()); BIO_set_fp(outbio, fp, BIO_NOCLOSE); if (! PEM_write_bio_X509_REQ(outbio, webrequest)) printf("Error printing the request"); for (i = 0; i < X509_NAME_entry_count(reqname); i++) { e = X509_NAME_get_entry(reqname, i); OBJ_obj2txt(buf, 80, e->object, 0); } PEM_write_PrivateKey(fp2,pubkey,NULL,NULL,0,0,NULL); BIO_free(outbio); fclose(fp); fclose(fp2); return(0); }
/* ChangePasswordPEM() returns: * -1 Wrong password * 0 Changing password failed for unknown reason * 1 Password changed successfully */ int ChangePasswordPEM(HWND hwndDlg) { char keyfile[MAX_PATH]; char oldpsw[50]; char newpsw[50]; WCHAR oldpsw_unicode[50]; WCHAR newpsw_unicode[50]; FILE *fp; EVP_PKEY *privkey; /* Get filename, old_psw and new_psw from Dialog */ GetDlgItemText(hwndDlg, TEXT_KEYFILE, keyfile, sizeof(keyfile) - 1); GetDlgItemTextW(hwndDlg, EDIT_PSW_CURRENT, oldpsw_unicode, sizeof(oldpsw_unicode)/2 - 1); GetDlgItemTextW(hwndDlg, EDIT_PSW_NEW, newpsw_unicode, sizeof(newpsw_unicode)/2 - 1); /* Convert Unicode to ASCII (CP850) */ ConvertUnicode2Ascii(oldpsw_unicode, oldpsw, sizeof(oldpsw)); if (!ConvertUnicode2Ascii(newpsw_unicode, newpsw, sizeof(newpsw))) { ShowLocalizedMsg(GUI_NAME, ERR_INVALID_CHARS_IN_PSW, ""); return(-1); } privkey = EVP_PKEY_new(); /* Open old keyfile for reading */ if (! (fp = fopen (keyfile, "r"))) { /* can't open key file */ ShowLocalizedMsg(GUI_NAME, ERR_OPEN_PRIVATE_KEY_FILE, keyfile); return(0); } /* Import old key */ if (! (privkey = PEM_read_PrivateKey (fp, NULL, NULL, oldpsw))) { /* wrong password */ ShowLocalizedMsg(GUI_NAME, ERR_OLD_PWD_INCORRECT, ""); fclose(fp); return(-1); } fclose(fp); /* Open keyfile for writing */ if (! (fp = fopen (keyfile, "w"))) { /* can't open file rw */ ShowLocalizedMsg(GUI_NAME, ERR_OPEN_WRITE_KEY, keyfile); EVP_PKEY_free(privkey); return(0); } /* Write new key to file */ if (strlen(newpsw) == 0) { /* No passphrase */ if ( !(PEM_write_PrivateKey(fp, privkey, \ NULL, NULL, /* Use NO encryption */ 0, 0, NULL))) { /* error writing new key */ ShowLocalizedMsg(GUI_NAME, ERR_WRITE_NEW_KEY, keyfile); EVP_PKEY_free(privkey); fclose(fp); return(0); } } else { /* Use passphrase */ if ( !(PEM_write_PrivateKey(fp, privkey, \ EVP_des_ede3_cbc(), /* Use 3DES encryption */ newpsw, (int) strlen(newpsw), 0, NULL))) { /* can't write new key */ ShowLocalizedMsg(GUI_NAME, ERR_WRITE_NEW_KEY, keyfile); EVP_PKEY_free(privkey); fclose(fp); return(0); } } EVP_PKEY_free(privkey); fclose(fp); /* signal success to user */ ShowLocalizedMsg(GUI_NAME, INFO_PWD_CHANGED, ""); return(1); }
int generate_rsa(void) { int iRet = EXIT_SUCCESS; EVP_PKEY* pPrivKey = NULL; EVP_PKEY* pPubKey = NULL; FILE* pFile = NULL; const EVP_CIPHER* pCipher = NULL; init_openssl(); pPrivKey = create_rsa_key(); pPubKey = create_rsa_key(); if(pPrivKey && pPubKey) {/* Save the keys */ if((pFile = fopen("privkey.pem","wt")) && (pCipher = EVP_aes_256_cbc())) { if(!PEM_write_PrivateKey(pFile,pPrivKey,pCipher, (unsigned char*)pcszPassphrase, (int)strlen(pcszPassphrase),NULL,NULL)) { fprintf(stderr,"PEM_write_PrivateKey failed.\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } fclose(pFile); pFile = NULL; if(iRet == EXIT_SUCCESS) { if((pFile = fopen("pubkey.pem","wt")) && PEM_write_PUBKEY(pFile,pPubKey)) fprintf(stderr,"Both keys saved.\n"); else { handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } } } else { fprintf(stderr,"Cannot create \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; if(pFile) { fclose(pFile); pFile = NULL; } } if(iRet == EXIT_SUCCESS) {/* Read the keys */ EVP_PKEY_free(pPrivKey); pPrivKey = NULL; EVP_PKEY_free(pPubKey); pPubKey = NULL; if((pFile = fopen("privkey.pem","rt")) && (pPrivKey = PEM_read_PrivateKey(pFile,NULL,passwd_callback,(void*)pcszPassphrase))) { fprintf(stderr,"Private key read.\n"); } else { fprintf(stderr,"Cannot read \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } if((pFile = fopen("pubkey.pem","rt")) && (pPubKey = PEM_read_PUBKEY(pFile,NULL,NULL,NULL))) { fprintf(stderr,"Public key read.\n"); } else { fprintf(stderr,"Cannot read \"pubkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } char msg[2048/8]; // Get rid of the newline int session_seed = rand(); sprintf(msg, "%d", session_seed); // Encrypt the message } } if(pPrivKey) { EVP_PKEY_free(pPrivKey); pPrivKey = NULL; } if(pPubKey) { EVP_PKEY_free(pPubKey); pPubKey = NULL; } cleanup_openssl(); return iRet; }
int main(int argc, char **argv) { FILE *fp; EVP_PKEY *pkey = NULL; X509 *cert = NULL; STACK_OF(X509) *ca = NULL; PKCS12 *p12 = NULL; char *name = NULL; int i, ret = EXIT_FAILURE; if (argc != 4) { fprintf(stderr, "Usage: pkread p12file password opfile\n"); exit(EXIT_FAILURE); } if ((fp = fopen(argv[1], "rb")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(EXIT_FAILURE); } p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (p12 == NULL) { fprintf(stderr, "Error reading PKCS#12 file\n"); ERR_print_errors_fp(stderr); goto err; } if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) { fprintf(stderr, "Error parsing PKCS#12 file\n"); ERR_print_errors_fp(stderr); goto err; } name = find_friendly_name(p12); PKCS12_free(p12); if ((fp = fopen(argv[3], "w")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); goto err; } if (name != NULL) fprintf(fp, "***Friendly Name***\n%s\n", name); if (pkey != NULL) { fprintf(fp, "***Private Key***\n"); PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); } if (cert != NULL) { fprintf(fp, "***User Certificate***\n"); PEM_write_X509_AUX(fp, cert); } if (ca != NULL && sk_X509_num(ca) > 0) { fprintf(fp, "***Other Certificates***\n"); for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); } fclose(fp); ret = EXIT_SUCCESS; err: OPENSSL_free(name); X509_free(cert); EVP_PKEY_free(pkey); sk_X509_pop_free(ca, X509_free); return ret; }
int main(int argc, char **argv) { FILE *fp = NULL; EVP_PKEY *pkey = NULL; X509 *cert = NULL; STACK_OF(X509) *ca = NULL; PKCS12 *p12 = NULL; char *pass = strdup(""); int i; if (argc != 2) { fprintf(stderr, "[!] Usage: %s certificate.p12\n", argv[0]); exit(1); } printf("[+] Initializing OpenSSL\n"); SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); printf("[+] Opening PKCS#12 certificate\n"); if (!(fp = fopen(argv[1], "r"))) { fprintf(stderr, "[!] Unable to open certificate `%s'\n", argv[1]); goto endpkcs12; } if (chdir(dirname(argv[1])) == -1) { fprintf(stderr, "[!] Unable to change directory to `%s'\n", dirname(argv[1])); goto endpkcs12; } p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); fp = NULL; if (!p12) { fprintf(stderr, "[!] Unable to parse PKCS#12 certificate: %s\n", ERR_reason_error_string(ERR_get_error())); goto endpkcs12; } while (!PKCS12_parse(p12, pass, &pkey, &cert, &ca)) { ca = NULL; free(pass); if (getpassword("[?] Password: "******"[!] PKCS#12 certificate is incomplete\n"); goto endpkcs12; } #define PEM_w(path, call) \ do { \ if (!(fp = fopen(path, "w"))) { \ fprintf(stderr, "[!] Unable to open `%s'\n", path); \ goto endpkcs12; \ } \ printf("[+] Write certificate to `%s'\n", path); \ call; \ fclose(fp); fp = NULL; \ } while(0) PEM_w("user.pem", PEM_write_X509(fp, cert)); PEM_w("user.key", PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL)); PEM_w("cacert.pem", for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509(fp, sk_X509_value(ca, i))); sk_free(ca); X509_free(cert); EVP_PKEY_free(pkey); exit(0); endpkcs12: if (pass) free(pass); if (ca) sk_free(ca); if (cert) X509_free(cert); if (pkey) EVP_PKEY_free(pkey); if (p12) PKCS12_free(p12); if (fp) fclose(fp); exit(1); }
SL::Remote_Access_Library::Crypto::CertSaveLocation SL::Remote_Access_Library::Crypto::CreateCertificate(const CertInfo& info) { assert(INTERNAL::Started);//you must ensure proper startup of the encryption library! CryptoKeys cry; CertSaveLocation svloc; SL_RAT_LOG(Utilities::Logging_Levels::INFO_log_level, "Starting to generate a certifiate and private key!"); if (!cry.x509Certificate || !cry.PrivateKey) { SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to allocate space for the certificate and private key!"); return svloc; } auto rsa = RSA_generate_key(info.bits, RSA_F4, NULL, NULL); if (!EVP_PKEY_assign_RSA(cry.PrivateKey, rsa)) { SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed EVP_PKEY_assign_RSA"); return svloc; } X509_set_version(cry.x509Certificate, 2); ASN1_INTEGER_set(X509_get_serialNumber(cry.x509Certificate), info.Serial); X509_gmtime_adj(X509_get_notBefore(cry.x509Certificate), 0); X509_gmtime_adj(X509_get_notAfter(cry.x509Certificate), (long)60 * 60 * 24 * info.DaysValid); X509_set_pubkey(cry.x509Certificate, cry.PrivateKey); auto name = X509_get_subject_name(cry.x509Certificate); /* This function creates and adds the entry, working out the * correct string type and performing checks on its length. * Normally we'd check the return value for errors... */ X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char*)info.country.c_str(), -1, -1, 0); X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char*)info.companyname.c_str(), -1, -1, 0); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const unsigned char*)info.commonname.c_str(), -1, -1, 0); /* Its self signed so set the issuer name to be the same as the * subject. */ X509_set_issuer_name(cry.x509Certificate, name); /* Add various extensions: standard extensions */ add_ext(cry.x509Certificate, NID_basic_constraints, (char*)"critical,CA:TRUE"); add_ext(cry.x509Certificate, NID_key_usage, (char*)"critical,keyCertSign,cRLSign"); add_ext(cry.x509Certificate, NID_subject_key_identifier, (char*)"hash"); /* Some Netscape specific extensions */ add_ext(cry.x509Certificate, NID_netscape_cert_type, (char*)"sslCA"); add_ext(cry.x509Certificate, NID_netscape_comment, (char*)"example comment extension"); if (!X509_sign(cry.x509Certificate, cry.PrivateKey, EVP_sha256())) { SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to sign the certifiate!"); return svloc; } std::string saveloc = info.savelocation; if (saveloc.back() != '/' && saveloc.back() != '\\') saveloc += '/'; assert(!saveloc.empty()); svloc.Private_Key = saveloc + info.filename + "_private.pem"; cry.priv_keyfile = fopen(svloc.Private_Key.c_str(), "wb"); if(cry.priv_keyfile!=NULL){ SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to open the Private Key File '" << svloc.Private_Key << "' for writing!"); svloc.Private_Key = ""; return svloc; } PEM_write_PrivateKey( cry.priv_keyfile, /* write the key to the file we've opened */ cry.PrivateKey, /* our key from earlier */ EVP_des_ede3_cbc(), /* default cipher for encrypting the key on disk */ (unsigned char*)info.password.c_str(), /* passphrase required for decrypting the key on disk */ static_cast<int>(info.password.size()), /* length of the passphrase string */ NULL, /* callback for requesting a password */ NULL /* data to pass to the callback */ ); svloc.Certificate = saveloc + info.filename + "_cert.crt"; cry.certfile = fopen(svloc.Certificate.c_str(), "wb"); if(cry.certfile!=NULL){ SL_RAT_LOG(Utilities::Logging_Levels::ERROR_log_level, "Failed to open the Certificate File '" << svloc.Certificate << "' for writing!"); svloc.Certificate = ""; return svloc; } return svloc; }
int main() { EVP_PKEY *pKey; RSA *rsa; X509 *x509; X509_NAME *name; X509_EXTENSION *ex; FILE *fp; int KEY_SIZE = 2048; int days = 365; pKey = EVP_PKEY_new(); // Create a private key rsa = RSA_generate_key( KEY_SIZE, // Key length (bits) RSA_F4, // Exponent NULL, // Callback NULL // Callback argument ); EVP_PKEY_assign_RSA(pKey, rsa); x509 = X509_new(); X509_set_version(x509, 3); ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60 * 24 * days); X509_set_pubkey(x509, pKey); name = X509_get_subject_name(x509); X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "Wnmp", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, "Wnmp", -1, -1, 0); X509_set_issuer_name(x509, name); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server"); X509_add_ext(x509, ex, -1); X509_EXTENSION_free(ex); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "Wnmp by Kurt Cancemi"); X509_add_ext(x509, ex, -1); X509_EXTENSION_free(ex); ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "localhost"); X509_add_ext(x509, ex, -1); X509_EXTENSION_free(ex); X509_sign(x509, pKey, EVP_sha1()); if (!(fp = fopen(KEY_PUB, "w"))) { printf("Error writing to public key file"); return -1; } if (PEM_write_X509(fp, x509) != 1) printf("Error while writing public key"); fclose(fp); if (!(fp = fopen(KEY_PRV, "w"))) { printf("Error writing to private key file"); return -1; } if (PEM_write_PrivateKey(fp, pKey, NULL, NULL, 0, NULL, NULL) != 1) printf("Error while writing private key"); fclose(fp); X509_free(x509); EVP_PKEY_free(pKey); return 0; }
SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix) { //BIO *bio_err; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; char *rsa = NULL, *pvt = NULL; FILE *fp; char *pem = NULL; if (switch_stristr(".pem", prefix)) { if (switch_is_file_path(prefix)) { pem = strdup(prefix); } else { pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); } if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) { goto end; } } else { if (switch_is_file_path(prefix)) { pvt = switch_mprintf("%s.key", prefix); rsa = switch_mprintf("%s.crt", prefix); } else { pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); } if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) { goto end; } } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); //bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509, &pkey, 1024, 0, 36500); //RSA_print_fp(stdout, pkey->pkey.rsa, 0); //X509_print_fp(stdout, x509); if (pem) { if ((fp = fopen(pem, "w"))) { PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); PEM_write_X509(fp, x509); fclose(fp); } } else { if (pvt && (fp = fopen(pvt, "w"))) { PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); fclose(fp); } if (rsa && (fp = fopen(rsa, "w"))) { PEM_write_X509(fp, x509); fclose(fp); } } X509_free(x509); EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); //CRYPTO_mem_leaks(bio_err); //BIO_free(bio_err); end: switch_safe_free(pvt); switch_safe_free(rsa); switch_safe_free(pem); return(0); }