static int generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; int len, len2; dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { *error_r = t_strdup_printf( "DH_generate_parameters(bits=%d, gen=%d) failed: %s", bitsize, DH_GENERATOR, openssl_iostream_error()); return -1; } len = i2d_DHparams(dh, NULL); if (len < 0) { *error_r = t_strdup_printf("i2d_DHparams() failed: %s", openssl_iostream_error()); DH_free(dh); return -1; } buffer_append(output, &bitsize, sizeof(bitsize)); buffer_append(output, &len, sizeof(len)); p = buffer_append_space_unsafe(output, len); len2 = i2d_DHparams(dh, &p); i_assert(len == len2); DH_free(dh); return 0; }
/* * call-seq: * dh.to_der -> aString * * Encodes this DH to its DER encoding. Note that any existing per-session * public/private keys will *not* get encoded, just the Diffie-Hellman * parameters will be encoded. */ static VALUE ossl_dh_to_der(VALUE self) { EVP_PKEY *pkey; unsigned char *p; long len; VALUE str; GetPKeyDH(self, pkey); if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0) ossl_raise(eDHError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if(i2d_DHparams(pkey->pkey.dh, &p) < 0) ossl_raise(eDHError, NULL); ossl_str_adjust(str, p); return str; }
/* * call-seq: * dh.to_der -> aString * * Encodes this DH to its DER encoding. Note that any existing per-session * public/private keys will *not* get encoded, just the Diffie-Hellman * parameters will be encoded. */ static VALUE ossl_dh_to_der(VALUE self) { DH *dh; unsigned char *p; long len; VALUE str; GetDH(self, dh); if((len = i2d_DHparams(dh, NULL)) <= 0) ossl_raise(eDHError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if(i2d_DHparams(dh, &p) < 0) ossl_raise(eDHError, NULL); ossl_str_adjust(str, p); return str; }
static int dh_priv_encode (PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey) { ASN1_STRING *params = NULL; ASN1_INTEGER *prkey = NULL; unsigned char *dp = NULL; int dplen; params = ASN1_STRING_new (); if (!params) { DHerr (DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } params->length = i2d_DHparams (pkey->pkey.dh, ¶ms->data); if (params->length <= 0) { DHerr (DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } params->type = V_ASN1_SEQUENCE; /* Get private key into integer */ prkey = BN_to_ASN1_INTEGER (pkey->pkey.dh->priv_key, NULL); if (!prkey) { DHerr (DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR); goto err; } dplen = i2d_ASN1_INTEGER (prkey, &dp); ASN1_INTEGER_free (prkey); if (!PKCS8_pkey_set0 (p8, OBJ_nid2obj (NID_dhKeyAgreement), 0, V_ASN1_SEQUENCE, params, dp, dplen)) goto err; return 1; err: if (dp != NULL) OPENSSL_free (dp); if (params != NULL) ASN1_STRING_free (params); if (prkey != NULL) ASN1_INTEGER_free (prkey); return 0; }
static int dh_pub_encode (X509_PUBKEY * pk, const EVP_PKEY * pkey) { DH *dh; void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; ASN1_STRING *str; ASN1_INTEGER *pub_key = NULL; dh = pkey->pkey.dh; str = ASN1_STRING_new (); str->length = i2d_DHparams (dh, &str->data); if (str->length <= 0) { DHerr (DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER (dh->pub_key, NULL); if (!pub_key) goto err; penclen = i2d_ASN1_INTEGER (pub_key, &penc); ASN1_INTEGER_free (pub_key); if (penclen <= 0) { DHerr (DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } if (X509_PUBKEY_set0_param (pk, OBJ_nid2obj (EVP_PKEY_DH), ptype, pval, penc, penclen)) return 1; err: if (penc) OPENSSL_free (penc); if (pval) ASN1_STRING_free (pval); return 0; }
static bool generate_dh_parameters(int bitsize, int fd, const char *fname) { DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); unsigned char *buf, *p; int len; if (dh == NULL) return FALSE; len = i2d_DHparams(dh, NULL); if (len < 0) i_fatal("i2d_DHparams() failed: %s", ssl_last_error()); buf = p = i_malloc(len); len = i2d_DHparams(dh, &p); if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 || write_full(fd, &len, sizeof(len)) < 0 || write_full(fd, buf, len) < 0) i_fatal("write_full() failed for file %s: %m", fname); i_free(buf); return TRUE; }
static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp) { if (pkey->ameth == &dhx_asn1_meth) return i2d_DHxparams(a, pp); return i2d_DHparams(a, pp); }
static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) { return i2d_DHparams(pkey->pkey.dh, pder); }
int handle_usmDHParameters (netsnmp_mib_handler * handler, netsnmp_handler_registration * reginfo, netsnmp_agent_request_info * reqinfo, netsnmp_request_info * requests) { /* * We are never called for a GETNEXT if it's registered as a * "instance", as it's "magically" handled for us. */ static unsigned char *cp = NULL; static DH *dh_tmpp = NULL; int cp_len; /* * a instance handler also only hands us one request at a time, so * we don't need to loop over a list of requests; we'll only get one. */ switch (reqinfo->mode) { case MODE_GET: if (cp) { free (cp); cp = NULL; } cp_len = i2d_DHparams (dh_params, &cp); if (cp_len > 0) snmp_set_var_typed_value (requests->requestvb, ASN_OCTET_STR, (u_char *) cp, cp_len); break; /* * SET REQUEST * * multiple states in the transaction. See: * http://www.net-snmp.org/tutorial-5/toolkit/mib_module/set-actions.jpg */ case MODE_SET_RESERVE1: break; case MODE_SET_RESERVE2: cp = requests->requestvb->val.string; dh_tmpp = d2i_DHparams (NULL, (const unsigned char **) (void *) &cp, requests->requestvb->val_len); if (!dh_tmpp) { netsnmp_set_request_error (reqinfo, requests, SNMP_ERR_WRONGVALUE); } if (cp - requests->requestvb->val.string != requests->requestvb->val_len) { /* value too long; we didn't parse the whole thing */ netsnmp_set_request_error (reqinfo, requests, SNMP_ERR_WRONGVALUE); DH_free (dh_tmpp); dh_tmpp = NULL; } break; case MODE_SET_FREE: case MODE_SET_COMMIT: DH_free (dh_tmpp); dh_tmpp = NULL; break; case MODE_SET_ACTION: { DH *tmpp; tmpp = dh_params; dh_params = dh_tmpp; dh_tmpp = tmpp; break; } case MODE_SET_UNDO: { DH_free (dh_params); /* free new value */ dh_params = dh_tmpp; /* restore old value */ dh_tmpp = NULL; break; } default: /* * we should never get here, so this is a really bad error */ return SNMP_ERR_GENERR; } return SNMP_ERR_NOERROR; }