/* * call-seq: * OpenSSL::PKey.read(string [, pwd ] ) -> PKey * OpenSSL::PKey.read(file [, pwd ]) -> PKey * * === Parameters * * +string+ is a DER- or PEM-encoded string containing an arbitrary private * or public key. * * +file+ is an instance of +File+ containing a DER- or PEM-encoded * arbitrary private or public key. * * +pwd+ is an optional password in case +string+ or +file+ is an encrypted * PEM resource. */ static VALUE ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; BIO *bio; VALUE data, pass; char *passwd = NULL; rb_scan_args(argc, argv, "11", &data, &pass); bio = ossl_obj2bio(data); if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!NIL_P(pass)) { passwd = StringValuePtr(pass); } if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, passwd))) { OSSL_BIO_reset(bio); if (!(pkey = d2i_PUBKEY_bio(bio, NULL))) { OSSL_BIO_reset(bio); if (!NIL_P(pass)) { passwd = StringValuePtr(pass); } pkey = PEM_read_bio_PUBKEY(bio, NULL, ossl_pem_passwd_cb, passwd); } } } BIO_free(bio); if (!pkey) ossl_raise(rb_eArgError, "Could not parse PKey"); return ossl_pkey_new(pkey); }
SEXP R_pubkey_bitsize(SEXP input){ BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input)); EVP_PKEY *pkey = d2i_PUBKEY_bio(mem, NULL); BIO_free(mem); if(!pkey) return R_NilValue; int size = 0; const BIGNUM * val; switch(EVP_PKEY_base_id(pkey)){ case EVP_PKEY_RSA: MY_RSA_get0_key(EVP_PKEY_get1_RSA(pkey), &val, NULL, NULL); size = BN_num_bits(val); break; case EVP_PKEY_DSA: MY_DSA_get0_pqg(EVP_PKEY_get1_DSA(pkey), &val, NULL, NULL); size = BN_num_bits(val); break; #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: size = ec_bitsize(EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get1_EC_KEY(pkey)))); break; #endif //OPENSSL_NO_EC default: Rf_error("Unsupported key type: %d", EVP_PKEY_base_id(pkey)); } EVP_PKEY_free(pkey); return ScalarInteger(size); }
static LUA_FUNCTION(openssl_csr_sign) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); luaL_argcheck(L, csr->req_info->pubkey, 1, "has not set public key!!!"); if (auxiliar_isclass(L, "openssl.evp_pkey", 2)) { EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); const EVP_MD* md = lua_isnone(L, 3) ? EVP_get_digestbyname("sha1") : get_digest(L, 3); int ret = 1; if (X509_REQ_get_pubkey(csr) == NULL) { BIO* bio = BIO_new(BIO_s_mem()); if ( ret = i2d_PUBKEY_bio(bio, pkey)) { ret = X509_REQ_set_pubkey(csr, d2i_PUBKEY_bio(bio, NULL)); } BIO_free(bio); } if (ret == 1) ret = X509_REQ_sign(csr, pkey, md); return openssl_pushresult(L, ret); } else if (lua_isstring(L, 2)) { size_t siglen; const unsigned char* sigdata = (const unsigned char*)luaL_checklstring(L, 2, &siglen); const EVP_MD* md = get_digest(L, 3); /* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */ X509_ALGOR_set0(csr->sig_alg, OBJ_nid2obj(md->pkey_type), V_ASN1_NULL, NULL); if (csr->signature->data != NULL) OPENSSL_free(csr->signature->data); csr->signature->data = OPENSSL_malloc(siglen); memcpy(csr->signature->data, sigdata, siglen); csr->signature->length = siglen; /* * In the interests of compatibility, I'll make sure that the bit string * has a 'not-used bits' value of 0 */ csr->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); csr->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; lua_pushboolean(L, 1); return 1; } else { unsigned char* tosign = NULL; const ASN1_ITEM *it = ASN1_ITEM_rptr(X509_REQ_INFO); int inl = ASN1_item_i2d((void*)csr->req_info, &tosign, it); if (inl > 0 && tosign) { lua_pushlstring(L, (const char*)tosign, inl); OPENSSL_free(tosign); return 1; } return openssl_pushresult(L, 0); } }
static int verify_pubkey(X509* cert, const char *key, size_t key_size) { EVP_PKEY* cert_pubkey = NULL; EVP_PKEY* orig_pubkey = NULL; BIO* bio = NULL; int ret = 0; if (!key || key_size == 0) return 0; if (!cert) { SPICE_DEBUG("warning: no cert!"); return 0; } cert_pubkey = X509_get_pubkey(cert); if (!cert_pubkey) { SPICE_DEBUG("warning: reading public key from certificate failed"); goto finish; } bio = BIO_new_mem_buf((void*)key, key_size); if (!bio) { SPICE_DEBUG("creating BIO failed"); goto finish; } orig_pubkey = d2i_PUBKEY_bio(bio, NULL); if (!orig_pubkey) { SPICE_DEBUG("reading pubkey from bio failed"); goto finish; } ret = EVP_PKEY_cmp(orig_pubkey, cert_pubkey); if (ret == 1) SPICE_DEBUG("public keys match"); else if (ret == 0) SPICE_DEBUG("public keys mismatch"); else SPICE_DEBUG("public keys types mismatch"); finish: if (bio) BIO_free(bio); if (orig_pubkey) EVP_PKEY_free(orig_pubkey); if (cert_pubkey) EVP_PKEY_free(cert_pubkey); return ret; }
int cipher_rsa_encrypt(const char *plaintext, const struct public_key *public_key, unsigned char *out_crypttext, size_t *out_len) { EVP_PKEY *pubkey = NULL; RSA *rsa = NULL; BIO *memory = NULL; int ret; if (*out_len < public_key->len) { ret = -EINVAL; goto out; } memory = BIO_new(BIO_s_mem()); ret = BIO_write(memory, public_key->key, public_key->len); if (ret < 0) goto out; ret = -EIO; pubkey = d2i_PUBKEY_bio(memory, NULL); if (!pubkey) goto out; rsa = EVP_PKEY_get1_RSA(pubkey); if (!rsa) goto out; ret = RSA_public_encrypt(strlen(plaintext), (unsigned char *) plaintext, (unsigned char *) out_crypttext, rsa, RSA_PKCS1_OAEP_PADDING); if (ret < 0) goto out; *out_len = ret; ret = 0; out: EVP_PKEY_free(pubkey); RSA_free(rsa); BIO_free_all(memory); return ret; }
static EP_CRYPTO_KEY * key_read_bio(BIO *bio, const char *filename, int keyform, uint32_t flags) { EVP_PKEY *key = NULL; const char *pubsec = EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags) ? "secret" : "public"; ep_dbg_cprintf(Dbg, 20, "key_read_bio: name %s, form %d, flags %x\n", filename, keyform, flags); EP_ASSERT(bio != NULL); if (keyform <= 0) return _ep_crypto_error("keyform must be specified"); if (keyform == EP_CRYPTO_KEYFORM_PEM) { // easy case if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags)) key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); else key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); } else if (keyform == EP_CRYPTO_KEYFORM_DER) { if (EP_UT_BITSET(EP_CRYPTO_F_SECRET, flags)) key = d2i_PrivateKey_bio(bio, NULL); else key = d2i_PUBKEY_bio(bio, NULL); } else { return _ep_crypto_error("unknown key format %d", keyform); } if (key == NULL) return _ep_crypto_error("cannot read %s key from %s", pubsec, filename); return key; }
PublicKey::PublicKey(ByteArray &derEncoded) throw (EncodeException) : AsymmetricKey(NULL) { /* DER format support only RSA, DSA and EC. DH isn't supported */ BIO *buffer; buffer = BIO_new(BIO_s_mem()); if (buffer == NULL) { throw EncodeException(EncodeException::BUFFER_CREATING, "PublicKey::PublicKey"); } if ((unsigned int)(BIO_write(buffer, derEncoded.getDataPointer(), derEncoded.size())) != derEncoded.size()) { BIO_free(buffer); throw EncodeException(EncodeException::BUFFER_WRITING, "PublicKey::PublicKey"); } this->key = d2i_PUBKEY_bio(buffer, NULL); /* TODO: will the second parameter work fine ? */ if (this->key == NULL) { BIO_free(buffer); throw EncodeException(EncodeException::DER_DECODE, "PublicKey::PublicKey"); } BIO_free(buffer); }
SEXP R_pubkey_type(SEXP input){ BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input)); EVP_PKEY *pkey = d2i_PUBKEY_bio(mem, NULL); BIO_free(mem); if(!pkey) return R_NilValue; char *keytype; switch(EVP_PKEY_base_id(pkey)){ case EVP_PKEY_RSA: keytype = "rsa"; break; case EVP_PKEY_DSA: keytype = "dsa"; break; case EVP_PKEY_EC: keytype = "ecdsa"; break; default: Rf_error("Unsupported key type: %d", EVP_PKEY_base_id(pkey)); } EVP_PKEY_free(pkey); return mkString(keytype); }
/* coroutine context */ static void spice_channel_send_auth(SpiceChannel *channel) { spice_channel *c = channel->priv; EVP_PKEY *pubkey; int nRSASize; BIO *bioKey; RSA *rsa; char *password; uint8_t *encrypted; int rc; bioKey = BIO_new(BIO_s_mem()); g_return_if_fail(bioKey != NULL); BIO_write(bioKey, c->peer_msg->pub_key, SPICE_TICKET_PUBKEY_BYTES); pubkey = d2i_PUBKEY_bio(bioKey, NULL); rsa = pubkey->pkey.rsa; nRSASize = RSA_size(rsa); encrypted = g_alloca(nRSASize); /* The use of RSA encryption limit the potential maximum password length. for RSA_PKCS1_OAEP_PADDING it is RSA_size(rsa) - 41. */ g_object_get(c->session, "password", &password, NULL); if (password == NULL) password = g_strdup(""); rc = RSA_public_encrypt(strlen(password) + 1, (uint8_t*)password, encrypted, rsa, RSA_PKCS1_OAEP_PADDING); g_warn_if_fail(rc > 0); spice_channel_write(channel, encrypted, nRSASize); memset(encrypted, 0, nRSASize); BIO_free(bioKey); g_free(password); }
static EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; PW_CB_DATA cb_data; cb_data.password = pass; cb_data.prompt_info = file; if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { BIO_printf(err,"no keyfile specified\n"); goto end; } #ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) BIO_printf(bio_err,"no engine specified\n"); else pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data); goto end; } #endif key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } if (file == NULL && maybe_stdin) { setvbuf(stdin, NULL, _IONBF, 0); BIO_set_fp(key,stdin,BIO_NOCLOSE); } else if (BIO_read_filename(key,file) <= 0) { BIO_printf(err, "Error opening %s %s\n", key_descrip, file); ERR_print_errors(err); goto end; } if (format == FORMAT_ASN1) { pkey=d2i_PUBKEY_bio(key, NULL); } else if (format == FORMAT_PEM) { pkey=PEM_read_bio_PUBKEY(key,NULL, (pem_password_cb *)password_callback, &cb_data); } #if defined(PACS_USING_FORMAT_NETSCAPE_OR_PKCS12) #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) pkey = load_netscape_key(err, key, file, key_descrip, format); #endif #endif else { BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); }
/** * xmlSecOpenSSLAppKeyLoadBIO: * @bio: the key BIO. * @format: the key file format. * @pwd: the key file password. * @pwdCallback: the key password callback. * @pwdCallbackCtx: the user context for password callback. * * Reads key from the an OpenSSL BIO object. * * Returns: pointer to the key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { xmlSecKeyPtr key = NULL; xmlSecKeyDataPtr data; EVP_PKEY* pKey = NULL; int ret; xmlSecAssert2(bio != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); switch(format) { case xmlSecKeyDataFormatPem: /* try to read private key first */ if(pwd != NULL) { pKey = PEM_read_bio_PrivateKey(bio, NULL, xmlSecOpenSSLDummyPasswordCallback, (void*)pwd); } else { pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); } if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatDer: /* try to read private key first */ pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatPkcs8Pem: /* try to read private key first */ pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; case xmlSecKeyDataFormatPkcs8Der: /* try to read private key first */ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; #ifndef XMLSEC_NO_X509 case xmlSecKeyDataFormatPkcs12: key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppPkcs12LoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); case xmlSecKeyDataFormatCertPem: case xmlSecKeyDataFormatCertDer: key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppKeyFromCertLoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); #endif /* XMLSEC_NO_X509 */ default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLEvpKeyAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); EVP_PKEY_free(pKey); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return(NULL); } return(key); }
static int openssl_pkey_read(lua_State*L) { EVP_PKEY * key = NULL; BIO* in = load_bio_object(L, 1); int priv = lua_isnoneornil(L, 2) ? 0 : auxiliar_checkboolean(L, 2); int fmt = luaL_checkoption(L, 3, "auto", format); const char* passphrase = luaL_optstring(L, 4, NULL); int type = -1; if (passphrase) { if (strcmp(passphrase, "rsa") == 0 || strcmp(passphrase, "RSA") == 0) type = EVP_PKEY_RSA; else if (strcmp(passphrase, "dsa") == 0 || strcmp(passphrase, "DSA") == 0) type = EVP_PKEY_DSA; else if (strcmp(passphrase, "ec") == 0 || strcmp(passphrase, "EC") == 0) type = EVP_PKEY_EC; } if (fmt == FORMAT_AUTO) { fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM; } if (!priv) { if (fmt == FORMAT_PEM) { key = PEM_read_bio_PUBKEY(in, NULL, NULL, (void*)passphrase); BIO_reset(in); if (key == NULL && type == EVP_PKEY_RSA) { RSA* rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); if (rsa) { key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key, rsa); } } }else if (fmt == FORMAT_DER) { key = d2i_PUBKEY_bio(in, NULL); BIO_reset(in); if (!key && type!=-1) { char * bio_mem_ptr; long bio_mem_len; bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr); key = d2i_PublicKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len); BIO_reset(in); } } } else { if (fmt == FORMAT_PEM) { key = PEM_read_bio_PrivateKey(in, NULL, NULL, (void*)passphrase); BIO_reset(in); }else if (fmt == FORMAT_DER) { if (passphrase) key = d2i_PKCS8PrivateKey_bio(in, NULL, NULL, (void*)passphrase); else key = d2i_PrivateKey_bio(in, NULL); BIO_reset(in); if (!key && type != -1) { char * bio_mem_ptr; long bio_mem_len; bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr); key = d2i_PrivateKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len); BIO_reset(in); } } } BIO_free(in); if (key) { PUSH_OBJECT(key, "openssl.evp_pkey"); return 1; } return openssl_pushresult(L, 0); }
void RedChannelBase::link(uint32_t connection_id, const std::string& password, int protocol) { SpiceLinkHeader header; SpiceLinkMess link_mess; SpiceLinkReply* reply; uint32_t link_res; uint32_t i; EVP_PKEY *pubkey; int nRSASize; BIO *bioKey; RSA *rsa; uint8_t *buffer, *p; uint32_t expected_major; header.magic = SPICE_MAGIC; header.size = sizeof(link_mess); if (protocol == 1) { /* protocol 1 == major 1, old 0.4 protocol, last active minor */ expected_major = header.major_version = 1; header.minor_version = 3; } else if (protocol == 2) { /* protocol 2 == current */ expected_major = header.major_version = SPICE_VERSION_MAJOR; header.minor_version = SPICE_VERSION_MINOR; } else { THROW("unsupported protocol version specified"); } link_mess.connection_id = connection_id; link_mess.channel_type = _type; link_mess.channel_id = _id; link_mess.num_common_caps = get_common_caps().size(); link_mess.num_channel_caps = get_caps().size(); link_mess.caps_offset = sizeof(link_mess); header.size += (link_mess.num_common_caps + link_mess.num_channel_caps) * sizeof(uint32_t); buffer = new uint8_t[sizeof(header) + sizeof(link_mess) + _common_caps.size() * sizeof(uint32_t) + _caps.size() * sizeof(uint32_t)]; p = buffer; memcpy(p, (uint8_t*)&header, sizeof(header)); p += sizeof(header); memcpy(p, (uint8_t*)&link_mess, sizeof(link_mess)); p += sizeof(link_mess); for (i = 0; i < _common_caps.size(); i++) { *(uint32_t *)p = _common_caps[i]; p += sizeof(uint32_t); } for (i = 0; i < _caps.size(); i++) { *(uint32_t *)p = _caps[i]; p += sizeof(uint32_t); } send(buffer, p - buffer); delete [] buffer; recive((uint8_t*)&header, sizeof(header)); if (header.magic != SPICE_MAGIC) { THROW_ERR(SPICEC_ERROR_CODE_CONNECT_FAILED, "bad magic"); } if (header.major_version != expected_major) { THROW_ERR(SPICEC_ERROR_CODE_VERSION_MISMATCH, "version mismatch: expect %u got %u", expected_major, header.major_version); } _remote_major = header.major_version; _remote_minor = header.minor_version; AutoArray<uint8_t> reply_buf(new uint8_t[header.size]); recive(reply_buf.get(), header.size); reply = (SpiceLinkReply *)reply_buf.get(); if (reply->error != SPICE_LINK_ERR_OK) { THROW_ERR(SPICEC_ERROR_CODE_CONNECT_FAILED, "connect error %u - %s", reply->error, spice_link_error_string(reply->error)); } uint32_t num_caps = reply->num_channel_caps + reply->num_common_caps; if ((uint8_t *)(reply + 1) > reply_buf.get() + header.size || (uint8_t *)reply + reply->caps_offset + num_caps * sizeof(uint32_t) > reply_buf.get() + header.size) { THROW_ERR(SPICEC_ERROR_CODE_CONNECT_FAILED, "access violation"); } uint32_t *caps = (uint32_t *)((uint8_t *)reply + reply->caps_offset); _remote_common_caps.clear(); for (i = 0; i < reply->num_common_caps; i++, caps++) { _remote_common_caps.resize(i + 1); _remote_common_caps[i] = *caps; } _remote_caps.clear(); for (i = 0; i < reply->num_channel_caps; i++, caps++) { _remote_caps.resize(i + 1); _remote_caps[i] = *caps; } bioKey = BIO_new(BIO_s_mem()); if (bioKey != NULL) { BIO_write(bioKey, reply->pub_key, SPICE_TICKET_PUBKEY_BYTES); pubkey = d2i_PUBKEY_bio(bioKey, NULL); rsa = pubkey->pkey.rsa; nRSASize = RSA_size(rsa); AutoArray<unsigned char> bufEncrypted(new unsigned char[nRSASize]); /* The use of RSA encryption limit the potential maximum password length. for RSA_PKCS1_OAEP_PADDING it is RSA_size(rsa) - 41. */ if (RSA_public_encrypt(password.length() + 1, (unsigned char *)password.c_str(), (uint8_t *)bufEncrypted.get(), rsa, RSA_PKCS1_OAEP_PADDING) > 0) { send((uint8_t*)bufEncrypted.get(), nRSASize); } else { THROW("could not encrypt password"); } memset(bufEncrypted.get(), 0, nRSASize); } else { THROW("Could not initiate BIO"); } BIO_free(bioKey); recive((uint8_t*)&link_res, sizeof(link_res)); if (link_res != SPICE_LINK_ERR_OK) { int error_code = (link_res == SPICE_LINK_ERR_PERMISSION_DENIED) ? SPICEC_ERROR_CODE_CONNECT_FAILED : SPICEC_ERROR_CODE_CONNECT_FAILED; THROW_ERR(error_code, "connect failed %u", link_res); } }
/*** sign x509_req object @function sign @tparam evp_pkey pkey private key which to sign x509_req object @tparam number|string|evp_md md message digest alg used to sign @treturn boolean result true for suceess */ static LUA_FUNCTION(openssl_csr_sign) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); if (auxiliar_getclassudata(L, "openssl.evp_pkey", 2)) { EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); const EVP_MD* md = get_digest(L, 3, "sha256"); int ret = 1; if (pubkey == NULL) { BIO* bio = BIO_new(BIO_s_mem()); if ((ret = i2d_PUBKEY_bio(bio, pkey)) == 1) { pubkey = d2i_PUBKEY_bio(bio, NULL); if (pubkey) { ret = X509_REQ_set_pubkey(csr, pubkey); EVP_PKEY_free(pubkey); } else { ret = 0; } } BIO_free(bio); } else { EVP_PKEY_free(pubkey); } if (ret == 1) ret = X509_REQ_sign(csr, pkey, md); return openssl_pushresult(L, ret); } else if (lua_isstring(L, 2)) { size_t siglen; unsigned char* sigdata = (unsigned char*)luaL_checklstring(L, 2, &siglen); const EVP_MD* md = get_digest(L, 3, NULL); ASN1_BIT_STRING *sig = NULL; X509_ALGOR *alg = NULL; luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!"); X509_REQ_get0_signature(csr, (const ASN1_BIT_STRING **)&sig, (const X509_ALGOR **)&alg); /* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */ X509_ALGOR_set0((X509_ALGOR *)alg, OBJ_nid2obj(EVP_MD_pkey_type(md)), V_ASN1_NULL, NULL); ASN1_BIT_STRING_set((ASN1_BIT_STRING *)sig, sigdata, siglen); /* * In the interests of compatibility, I'll make sure that the bit string * has a 'not-used bits' value of 0 */ sig->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); sig->flags |= ASN1_STRING_FLAG_BITS_LEFT; lua_pushboolean(L, 1); return 1; } else { int inl; unsigned char* tosign = NULL; luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!"); inl = i2d_re_X509_REQ_tbs(csr, &tosign); if (inl > 0 && tosign) { lua_pushlstring(L, (const char*)tosign, inl); OPENSSL_free(tosign); return 1; } return openssl_pushresult(L, 0); } }