void Context::initECDH(const std::string& curve) { #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH int nid = 0; if (!curve.empty()) { nid = OBJ_sn2nid(curve.c_str()); } else { nid = OBJ_sn2nid("prime256v1"); } if (nid == 0) { throw SSLContextException("Unknown ECDH curve name", curve); } EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); if (!ecdh) { throw SSLContextException("Cannot create ECDH curve"); } SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh); SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE); EC_KEY_free(ecdh); #endif #endif }
void ssl_set_ecdh_curve(SSL_CTX *ctx, const char *curve) { #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH int nid; EC_KEY *ecdh; if (curve == NULL) curve = SSL_ECDH_CURVE; if ((nid = OBJ_sn2nid(curve)) == 0) { ssl_error("ssl_set_ecdh_curve"); fatal("ssl_set_ecdh_curve: unknown curve name %s", curve); } if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { ssl_error("ssl_set_ecdh_curve"); fatal("ssl_set_ecdh_curve: unable to create curve %s", curve); } SSL_CTX_set_tmp_ecdh(ctx, ecdh); SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); EC_KEY_free(ecdh); #endif #endif }
int tls_config_set_ecdhecurves(struct tls_config *config, const char *curves) { int *curves_list = NULL, *curves_new; size_t curves_num = 0; char *cs = NULL; char *p, *q; int rv = -1; int nid; free(config->ecdhecurves); config->ecdhecurves = NULL; config->ecdhecurves_len = 0; if (curves == NULL || strcasecmp(curves, "default") == 0) curves = TLS_ECDHE_CURVES; if ((cs = strdup(curves)) == NULL) { tls_config_set_errorx(config, "out of memory"); goto err; } q = cs; while ((p = strsep(&q, ",:")) != NULL) { while (*p == ' ' || *p == '\t') p++; nid = OBJ_sn2nid(p); if (nid == NID_undef) nid = OBJ_ln2nid(p); if (nid == NID_undef) nid = EC_curve_nist2nid(p); if (nid == NID_undef) { tls_config_set_errorx(config, "invalid ecdhe curve '%s'", p); goto err; } if ((curves_new = reallocarray(curves_list, curves_num + 1, sizeof(int))) == NULL) { tls_config_set_errorx(config, "out of memory"); goto err; } curves_list = curves_new; curves_list[curves_num] = nid; curves_num++; } config->ecdhecurves = curves_list; config->ecdhecurves_len = curves_num; curves_list = NULL; rv = 0; err: free(cs); free(curves_list); return (rv); }
static void *construct_method(const char *algorithm_name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *data) { struct method_data_st *methdata = data; void *method = NULL; int nid = OBJ_sn2nid(algorithm_name); if (nid == NID_undef) { /* Create a new NID for that name on the fly */ ASN1_OBJECT tmpobj; /* This is the same as OBJ_create() but without requiring a OID */ tmpobj.nid = OBJ_new_nid(1); tmpobj.sn = tmpobj.ln = methdata->name; tmpobj.flags = ASN1_OBJECT_FLAG_DYNAMIC; tmpobj.length = 0; tmpobj.data = NULL; nid = OBJ_add_object(&tmpobj); } if (nid == NID_undef) return NULL; method = methdata->method_from_dispatch(nid, fns, prov); if (method == NULL) return NULL; return method; }
/* * keytype_from_text returns OpenSSL NID for digest by name, and * optionally the associated digest length. * * Used by ntpd authreadkeys(), ntpq keytype() */ int keytype_from_text( const char *text, size_t *pdigest_len ) { int key_type; u_int digest_len; #ifdef HAVE_OPENSSL const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t); uint8_t digest[EVP_MAX_MD_SIZE]; char * upcased; char * pch; EVP_MD_CTX ctx; /* * OpenSSL digest short names are capitalized, so uppercase the * digest name before passing to OBJ_sn2nid(). If it is not * recognized but begins with 'M' use NID_md5 to be consistent * with past behavior. */ INIT_SSL(); LIB_GETBUF(upcased); strlcpy(upcased, text, LIB_BUFLENGTH); for (pch = upcased; '\0' != *pch; pch++) *pch = (char)toupper((unsigned char)*pch); key_type = OBJ_sn2nid(upcased); #else key_type = 0; #endif if (!key_type && 'm' == tolower((unsigned char)text[0])) key_type = NID_md5; if (!key_type) return 0; if (NULL != pdigest_len) { #ifdef HAVE_OPENSSL EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type)); EVP_DigestFinal(&ctx, digest, &digest_len); if (digest_len > max_digest_len) { fprintf(stderr, "key type %s %u octet digests are too big, max %lu\n", keytype_name(key_type), digest_len, max_digest_len); msyslog(LOG_ERR, "key type %s %u octet digests are too big, max %lu", keytype_name(key_type), digest_len, max_digest_len); return 0; } #else digest_len = 16; #endif *pdigest_len = digest_len; } return key_type; }
blob WSService::pubkey_from_cert(X509* x509) { std::runtime_error e("Certificate error"); EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1")); BN_CTX* bn_ctx = BN_CTX_new(); std::vector<uint8_t> raw_public(33); try { if(ec_group == NULL || bn_ctx == NULL) throw e; EVP_PKEY* remote_pkey = X509_get_pubkey(x509); if(remote_pkey == NULL) throw e; EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey); if(remote_eckey == NULL) throw e; const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey); if(remote_pubkey == NULL) throw e; EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx); }catch(...){ BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group); bn_ctx = NULL; ec_group = NULL; throw; } BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group); return raw_public; }
/* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; EC_KEY *ecdh; int nid; /* Ignore values supported by 1.0.2 for the automatic selection */ if ((cctx->flags & SSL_CONF_FLAG_FILE) && strcasecmp(value, "+automatic") == 0) return 1; if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && strcmp(value, "auto") == 0) return 1; nid = EC_curve_nist2nid(value); if (nid == NID_undef) nid = OBJ_sn2nid(value); if (nid == 0) return 0; ecdh = EC_KEY_new_by_curve_name(nid); if (!ecdh) return 0; if (cctx->ctx) rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); else if (cctx->ssl) rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); EC_KEY_free(ecdh); return rv > 0; }
static int swSSL_set_ecdh_curve(SSL_CTX* ssl_context) { #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh; /* * Elliptic-Curve Diffie-Hellman parameters are either "named curves" * from RFC 4492 section 5.1.1, or explicitly described curves over * binary fields. OpenSSL only supports the "named curves", which provide * maximum interoperability. */ int nid = OBJ_sn2nid(SW_SSL_ECDH_CURVE); if (nid == 0) { swWarn("Unknown curve name \"%s\"", SW_SSL_ECDH_CURVE); return SW_ERR; } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { swWarn("Unable to create curve \"%s\"", SW_SSL_ECDH_CURVE); return SW_ERR; } SSL_CTX_set_options(ssl_context, SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_tmp_ecdh(ssl_context, ecdh); EC_KEY_free(ecdh); #endif #endif return SW_OK; }
void SSLContext::setServerECCurve(const std::string& curveName) { bool validCall = false; #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH validCall = true; #endif #endif if (!validCall) { throw std::runtime_error("Elliptic curve encryption not allowed"); } EC_KEY* ecdh = nullptr; int nid; /* * Elliptic-Curve Diffie-Hellman parameters are either "named curves" * from RFC 4492 section 5.1.1, or explicitly described curves over * binary fields. OpenSSL only supports the "named curves", which provide * maximum interoperability. */ nid = OBJ_sn2nid(curveName.c_str()); if (nid == 0) { LOG(FATAL) << "Unknown curve name:" << curveName.c_str(); return; } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == nullptr) { LOG(FATAL) << "Unable to create curve:" << curveName.c_str(); return; } SSL_CTX_set_tmp_ecdh(ctx_, ecdh); EC_KEY_free(ecdh); }
static int tls_init_ecdh_curve(void) { #ifdef SSL_CTRL_SET_ECDH_AUTO SSL_CTX_ctrl(tls_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); return 0; #else # ifndef SSL_OP_SINGLE_ECDH_USE errno = ENOTSUP; return -1; # else const char *curve_name; EC_KEY *curve; int nid; curve_name = TLS_DEFAULT_ECDH_CURVE; if ((nid = OBJ_sn2nid(curve_name)) == NID_undef) { logfile(LOG_INFO, "Curve [%s] not supported", curve_name); errno = ENOTSUP; return -1; } if ((curve = EC_KEY_new_by_curve_name(nid)) == NULL) { logfile(LOG_INFO, "Curve [%s] is not usable", curve_name); errno = ENOTSUP; return -1; } SSL_CTX_set_options(tls_ctx, SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_tmp_ecdh(tls_ctx, curve); EC_KEY_free(curve); return 0; # endif #endif }
void ecies_test(void) { int r; EC_GROUP *ec_group = NULL; EC_KEY *ec_key = NULL; ECIES_PARAMS params; ECIES_PARAMS *param2 = NULL; ECIES_CIPHERTEXT_VALUE *cv = NULL; unsigned char buffer1[1024]; unsigned char buffer2[1024]; unsigned char buffer3[1024]; unsigned char *der = NULL; int derlen; unsigned char *p; const unsigned char *cp; ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("secp192k1")); OPENSSL_assert(ec_key); r = EC_KEY_generate_key(ec_key); assert(r); /* set ECIESParameters */ params.kdf_md = EVP_sha1(); params.sym_cipher = EVP_aes_128_cbc(); params.mac_md = EVP_sha1(); derlen = i2d_ECIESParameters(¶ms, NULL); printf("ECIESParameters DER length = %d\n", derlen); memset(buffer1, 0, sizeof(buffer1)); strcpy((char *)buffer1, "hello"); cv = ECIES_do_encrypt(¶ms, buffer1, strlen(buffer1) + 1, ec_key); assert(cv); memset(buffer3, 0, sizeof(buffer3)); if (!ECIES_do_decrypt(cv, ¶ms, buffer3, &derlen, ec_key)) { ERR_print_errors_fp(stderr); return; } printf("decrypted plaintext length = %d\n", derlen); printf("%s\n", buffer3); derlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL); printf("ECIES Test: ECIES_CIPHERTEXT_VALUE DER encoding length = %d\n", derlen); der = OPENSSL_malloc(derlen); assert(der); p = der; i2d_ECIES_CIPHERTEXT_VALUE(cv, &p); ECIES_CIPHERTEXT_VALUE_free(cv); cv = NULL; cp = der; cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &cp, derlen); assert(cv); ecies_test_ECIESParameters(); }
/* * Creates a new EC_KEY on the EC group obj. arg can be an EC::Group or a String * representing an OID. */ static EC_KEY * ec_key_new_from_group(VALUE arg) { EC_KEY *ec; if (rb_obj_is_kind_of(arg, cEC_GROUP)) { EC_GROUP *group; SafeRequire_EC_GROUP(arg, group); if (!(ec = EC_KEY_new())) ossl_raise(eECError, NULL); if (!EC_KEY_set_group(ec, group)) { EC_KEY_free(ec); ossl_raise(eECError, NULL); } } else { int nid = OBJ_sn2nid(StringValueCStr(arg)); if (nid == NID_undef) ossl_raise(eECError, "invalid curve name"); if (!(ec = EC_KEY_new_by_curve_name(nid))) ossl_raise(eECError, NULL); EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED); } return ec; }
int ribs_ssl_set_options(SSL_CTX *ssl_ctx, char *cipher_list) { /* bugs */ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); /* almost all bugs */ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); /* disable SSLv2 per RFC 6176 */ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); /* disable SSLv3. goodbye IE6 */ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); /* ciphers */ if (!cipher_list) cipher_list = _HTTP_SERVER_SSL_CIPHERS; SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (0 == SSL_CTX_set_cipher_list(ssl_ctx, cipher_list)) return LOGGER_ERROR("failed to initialize SSL:cipher_list"), -1; /* DH 2048 bits */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE); DH *dh = DH_new(); dh->p = get_rfc3526_prime_2048(NULL); BN_dec2bn(&dh->g, "2"); if (0 == SSL_CTX_set_tmp_dh(ssl_ctx, dh)) return LOGGER_ERROR("failed to initialize SSL:dh"), -1; DH_free(dh); /* Ecliptic Curve DH */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); EC_KEY *ecdh = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime256v1")); if (ecdh == NULL) return LOGGER_ERROR("failed to initialize SSL:edch"), -1; SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh); EC_KEY_free(ecdh); return 0; }
static int lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, struct lws_vhost *vhost) { #ifdef LWS_HAVE_OPENSSL_ECDH_H EC_KEY *ecdh; int ecdh_nid; const char *ecdh_curve = "prime256v1"; if (info->ecdh_curve) ecdh_curve = info->ecdh_curve; ecdh_nid = OBJ_sn2nid(ecdh_curve); if (NID_undef == ecdh_nid) { lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve); return 1; } ecdh = EC_KEY_new_by_curve_name(ecdh_nid); if (NULL == ecdh) { lwsl_err("SSL: Unable to create curve '%s'", ecdh_curve); return 1; } SSL_CTX_set_tmp_ecdh(vhost->ssl_ctx, ecdh); EC_KEY_free(ecdh); SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve); #else lwsl_notice(" OpenSSL doesn't support ECDH\n"); #endif return 0; }
/* * Set ECDH parameters for generating ephemeral Elliptic Curve DH * keys. This is much simpler than the DH parameters, as we just * need to provide the name of the curve to OpenSSL. */ static bool initialize_ecdh(SSL_CTX *context, bool isServerStart) { #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh; int nid; nid = OBJ_sn2nid(SSLECDHCurve); if (!nid) { ereport(isServerStart ? FATAL : LOG, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve))); return false; } ecdh = EC_KEY_new_by_curve_name(nid); if (!ecdh) { ereport(isServerStart ? FATAL : LOG, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("ECDH: could not create key"))); return false; } SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_tmp_ecdh(context, ecdh); EC_KEY_free(ecdh); #endif return true; }
CAMLprim value ocaml_ssl_ctx_init_ec_from_named_curve(value context, value curve_name) { CAMLparam2(context, curve_name); EC_KEY *ecdh = NULL; int nid = 0; SSL_CTX *ctx = Ctx_val(context); char *ec_curve_name = String_val(curve_name); if(*ec_curve_name == 0) caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error")); nid = OBJ_sn2nid(ec_curve_name); if(nid == 0){ caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error")); } caml_enter_blocking_section(); ecdh = EC_KEY_new_by_curve_name(nid); if(ecdh != NULL){ if(SSL_CTX_set_tmp_ecdh(ctx,ecdh) != 1){ caml_leave_blocking_section(); caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error")); } SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); caml_leave_blocking_section(); EC_KEY_free(ecdh); } else{ caml_leave_blocking_section(); caml_raise_constant(*caml_named_value("ssl_exn_ec_curve_error")); } CAMLreturn(Val_unit); }
static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { if (strcmp(type, "ec_paramgen_curve") == 0) { int nid; nid = EC_curve_nist2nid(value); if (nid == NID_undef) nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); return 0; } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); #ifndef OPENSSL_NO_SM2 } else if (!strcmp(type, "ec_scheme")) { int scheme; if (!strcmp(value, "secg")) scheme = NID_secg_scheme; else if (!strcmp(value, "sm2")) scheme = NID_sm_scheme; else return -2; return EVP_PKEY_CTX_set_ec_scheme(ctx, scheme); } else if (!strcmp(type, "signer_id")) { return EVP_PKEY_CTX_set_signer_id(ctx, value); } else if (!strcmp(type, "ec_encrypt_param")) { int encrypt_param; if (!(encrypt_param = OBJ_txt2nid(value))) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_EC_ENCRYPT_PARAM); return 0; } return EVP_PKEY_CTX_set_ec_encrypt_param(ctx, encrypt_param); #endif } else if (strcmp(type, "ec_param_enc") == 0) { int param_enc; if (strcmp(value, "explicit") == 0) param_enc = 0; else if (strcmp(value, "named_curve") == 0) param_enc = OPENSSL_EC_NAMED_CURVE; else return -2; return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); } else if (strcmp(type, "ecdh_kdf_md") == 0) { const EVP_MD *md; if ((md = EVP_get_digestbyname(value)) == NULL) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST); return 0; } return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); } else if (strcmp(type, "ecdh_cofactor_mode") == 0) { int co_mode; co_mode = atoi(value); return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); } return -2; }
/* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { int onoff = -1, rv = 1; if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) return -2; if (cctx->flags & SSL_CONF_FLAG_FILE) { if (*value == '+') { onoff = 1; value++; } if (*value == '-') { onoff = 0; value++; } if (!strcasecmp(value, "automatic")) { if (onoff == -1) onoff = 1; } else if (onoff != -1) return 0; } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { if (!strcmp(value, "auto")) onoff = 1; } if (onoff != -1) { if (cctx->ctx) rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff); else if (cctx->ssl) rv = SSL_set_ecdh_auto(cctx->ssl, onoff); } else { EC_KEY *ecdh; int nid; nid = EC_curve_nist2nid(value); if (nid == NID_undef) nid = OBJ_sn2nid(value); if (nid == 0) return 0; ecdh = EC_KEY_new_by_curve_name(nid); if (!ecdh) return 0; if (cctx->ctx) rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); else if (cctx->ssl) rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); EC_KEY_free(ecdh); } return rv > 0; }
int setQatSmallPacketThreshold(unsigned char *cipher_name, int threshold) { if(threshold < 0) threshold = 0; else if (threshold > 16384) threshold = 16384; return qat_pkt_threshold_table_set_threshold(OBJ_sn2nid(cipher_name),threshold); }
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; cipher->cipher=NULL; if ((header == NULL) || (*header == '\0') || (*header == '\n')) return(1); if (strncmp(header,"Proc-Type: ",11) != 0) { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } header+=11; if (*header != '4') return(0); header++; if (*header != ',') return(0); header++; if (strncmp(header,"ENCRYPTED",9) != 0) { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } for (; (*header != '\n') && (*header != '\0'); header++) ; if (*header == '\0') { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } header++; if (strncmp(header,"DEK-Info: ",10) != 0) { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } header+=10; p=header; for (;;) { c= *header; #ifndef CHARSET_EBCDIC if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || ((c >= '0') && (c <= '9')))) break; #else if (!( isupper(c) || (c == '-') || isdigit(c))) break; #endif header++; } *header='\0'; o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; if (enc == NULL) { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); return(0); } if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) return(0); return(1); }
static int do_tcreate(const char *value, const char *name) { char *eptr; int nid, i, rv = 0; long tbl_min = -1, tbl_max = -1; unsigned long tbl_mask = 0, tbl_flags = 0; STACK_OF(CONF_VALUE) *lst = NULL; CONF_VALUE *cnf = NULL; nid = OBJ_sn2nid(name); if (nid == NID_undef) nid = OBJ_ln2nid(name); if (nid == NID_undef) goto err; lst = X509V3_parse_list(value); if (!lst) goto err; for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { cnf = sk_CONF_VALUE_value(lst, i); if (strcmp(cnf->name, "min") == 0) { tbl_min = strtoul(cnf->value, &eptr, 0); if (*eptr) goto err; } else if (strcmp(cnf->name, "max") == 0) { tbl_max = strtoul(cnf->value, &eptr, 0); if (*eptr) goto err; } else if (strcmp(cnf->name, "mask") == 0) { if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask) goto err; } else if (strcmp(cnf->name, "flags") == 0) { if (strcmp(cnf->value, "nomask") == 0) tbl_flags = STABLE_NO_MASK; else if (strcmp(cnf->value, "none") == 0) tbl_flags = STABLE_FLAGS_CLEAR; else goto err; } else goto err; } rv = 1; err: if (rv == 0) { ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE); if (cnf) ERR_add_error_data(4, "field=", cnf->name, ", value=", cnf->value); else ERR_add_error_data(4, "name=", name, ", value=", value); } else { rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, tbl_mask, tbl_flags); if (!rv) ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE); } sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); return rv; }
/* * Load an Elliptic Curve by name. If curvename is NULL, a default curve is * loaded. */ EC_KEY * ssl_ec_by_name(const char *curvename) { int nid; if (!curvename) curvename = SSL_EC_KEY_CURVE_DEFAULT; if ((nid = OBJ_sn2nid(curvename)) == NID_undef) { return NULL; } return EC_KEY_new_by_curve_name(nid); }
__owur static int parse_expected_sign_hash(int *ptype, const char *value) { int nid; if (value == NULL) return 0; nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) return 0; *ptype = nid; return 1; }
PKI_OID *PKI_OID_new( char *oid, char *name, char *descr ) { PKI_OID *ret = NULL; int nid = NID_undef; if( !oid && !name && !descr ) return NULL; /* Check if the object already exists */ if( ((nid = OBJ_sn2nid(name)) != NID_undef) || ((nid = OBJ_ln2nid(name)) != NID_undef) ) ret = OBJ_nid2obj(nid); if(!ret) { /* If it does not exists, then create it */ (void) OBJ_create( oid, name, descr ); if( ((nid = OBJ_sn2nid(name)) != NID_undef) || ((nid = OBJ_ln2nid(name)) != NID_undef) ) ret = OBJ_nid2obj(nid); } /* If successful it returns the new Object, otherwise it return NULL */ return ( ret ); }
extern "C" const ASN1_OBJECT* GetObjectDefinitionByName(const char* friendlyName) { int nid = OBJ_ln2nid(friendlyName); if (nid == NID_undef) { nid = OBJ_sn2nid(friendlyName); } if (nid == NID_undef) { return nullptr; } return OBJ_nid2obj(nid); }
/* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) { int crit; int ext_type; X509_EXTENSION *ret; crit = v3_check_critical(&value); if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); if (!ret) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION); ERR_add_error_data(4, "name=", name, ", value=", value); } return ret; }
const ASN1_OBJECT* CryptoNative_GetObjectDefinitionByName(const char* friendlyName) { int nid = OBJ_ln2nid(friendlyName); if (nid == NID_undef) { nid = OBJ_sn2nid(friendlyName); } if (nid == NID_undef) { return NULL; } return OBJ_nid2obj(nid); }
int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len, const char *groups) { uint16_t *new_group_ids, *group_ids = NULL; size_t ngroups = 0; char *gs, *p, *q; int nid; if ((gs = strdup(groups)) == NULL) return 0; q = gs; while ((p = strsep(&q, ":")) != NULL) { nid = OBJ_sn2nid(p); if (nid == NID_undef) nid = OBJ_ln2nid(p); if (nid == NID_undef) nid = EC_curve_nist2nid(p); if (nid == NID_undef) goto err; if ((new_group_ids = reallocarray(group_ids, ngroups + 1, sizeof(uint16_t))) == NULL) goto err; group_ids = new_group_ids; group_ids[ngroups] = tls1_ec_nid2curve_id(nid); if (group_ids[ngroups] == 0) goto err; ngroups++; } free(gs); free(*out_group_ids); *out_group_ids = group_ids; *out_group_ids_len = ngroups; return 1; err: free(gs); free(group_ids); return 0; }
static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { if (!strcmp(type, "ec_paramgen_curve")) { int nid; nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); return 0; } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); } return -2; }
/* char *value: Value */ X509_EXTENSION * X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) { int crit; int ext_type; X509_EXTENSION *ret; crit = v3_check_critical(&value); if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); if (!ret) { X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); ERR_asprintf_error_data("name=%s, value=%s", name, value); } return ret; }