static int cardfingerprint(void *ctx,char *file,void *out) { int r=NOCARD; int len; EVP_PKEY *key; RSA *rsa=NULL; EC_KEY *ec=NULL; ENGINE *e=(ENGINE *)ctx; unsigned char bfr[2048]; unsigned char *p=bfr; resume_engine(e,engbits); if(!(key=ENGINE_load_public_key(e,file,NULL,NULL)))goto err1; r=CRYPTOFAIL; #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if(EVP_PKEY_get0_RSA(key)) { if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err2; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err3; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err3; } else if(EVP_PKEY_get0_EC_KEY(key)) { if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err2; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err3; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err3; } else goto err2; #else switch(EVP_PKEY_type(key->type)) { case EVP_PKEY_RSA: if(!(rsa=EVP_PKEY_get1_RSA(key)))goto err2; if((len=i2d_RSA_PUBKEY(rsa,NULL))>sizeof(bfr))goto err3; if(i2d_RSA_PUBKEY(rsa,&p)!=len)goto err3; break; case EVP_PKEY_EC: if(!(ec=EVP_PKEY_get1_EC_KEY(key)))goto err2; if((len=i2d_EC_PUBKEY(ec,NULL))>sizeof(bfr))goto err3; if(i2d_EC_PUBKEY(ec,&p)!=len)goto err3; break; default:goto err2; } #endif if(out)sha256(bfr,len,out); r=OK; err3: if(rsa)RSA_free(rsa); if(ec)EC_KEY_free(ec); memclear(bfr,0,sizeof(bfr)); err2: EVP_PKEY_free(key); err1: suspend_engine(e,&engbits); return r; }
static VALUE ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self) { ENGINE *e; EVP_PKEY *pkey; VALUE id, data; char *sid, *sdata; rb_scan_args(argc, argv, "02", &id, &data); sid = NIL_P(id) ? NULL : StringValuePtr(id); sdata = NIL_P(data) ? NULL : StringValuePtr(data); GetEngine(self, e); #if OPENSSL_VERSION_NUMBER < 0x00907000L pkey = ENGINE_load_public_key(e, sid, sdata); #else pkey = ENGINE_load_public_key(e, sid, NULL, sdata); #endif if (!pkey) ossl_raise(eEngineError, NULL); return ossl_pkey_new(pkey); }
static int hascard(void *ctx,char *file) { int r=NOCARD; ENGINE *e=(ENGINE *)ctx; EVP_PKEY *key; resume_engine(e,engbits); if(!(key=ENGINE_load_public_key(e,file,NULL,NULL)))goto err1; EVP_PKEY_free(key); r=OK; err1: suspend_engine(e,&engbits); return r; }
static EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip) { BIO *key=NULL; EVP_PKEY *pkey=NULL; PW_CB_DATA cb_data; cb_data.password = pass; cb_data.prompt_info = file; if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { BIO_printf(err,"no keyfile specified\n"); goto end; } #ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) BIO_printf(bio_err,"no engine specified\n"); else pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data); goto end; } #endif key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } if (file == NULL && maybe_stdin) { setvbuf(stdin, NULL, _IONBF, 0); BIO_set_fp(key,stdin,BIO_NOCLOSE); } else if (BIO_read_filename(key,file) <= 0) { BIO_printf(err, "Error opening %s %s\n", key_descrip, file); ERR_print_errors(err); goto end; } if (format == FORMAT_ASN1) { pkey=d2i_PUBKEY_bio(key, NULL); } else if (format == FORMAT_PEM) { pkey=PEM_read_bio_PUBKEY(key,NULL, (pem_password_cb *)password_callback, &cb_data); } #if defined(PACS_USING_FORMAT_NETSCAPE_OR_PKCS12) #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) pkey = load_netscape_key(err, key, file, key_descrip, format); #endif #endif else { BIO_printf(err,"bad input format specified for key file\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) BIO_printf(err,"unable to load %s\n", key_descrip); return(pkey); }
static isc_result_t opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { #ifdef USE_ENGINE ENGINE *e = NULL; isc_result_t ret; EVP_PKEY *pkey = NULL; RSA *rsa = NULL, *pubrsa = NULL; char *colon; UNUSED(pin); if (engine == NULL) DST_RET(DST_R_NOENGINE); e = dst__openssl_getengine(engine); if (e == NULL) DST_RET(DST_R_NOENGINE); pkey = ENGINE_load_public_key(e, label, NULL, NULL); if (pkey != NULL) { pubrsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); if (pubrsa == NULL) DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } pkey = ENGINE_load_private_key(e, label, NULL, NULL); if (pkey == NULL) DST_RET(dst__openssl_toresult2("ENGINE_load_private_key", ISC_R_NOTFOUND)); if (engine != NULL) { key->engine = isc_mem_strdup(key->mctx, engine); if (key->engine == NULL) DST_RET(ISC_R_NOMEMORY); } else { key->engine = isc_mem_strdup(key->mctx, label); if (key->engine == NULL) DST_RET(ISC_R_NOMEMORY); colon = strchr(key->engine, ':'); if (colon != NULL) *colon = '\0'; } key->label = isc_mem_strdup(key->mctx, label); if (key->label == NULL) DST_RET(ISC_R_NOMEMORY); rsa = EVP_PKEY_get1_RSA(pkey); if (rsa == NULL) DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) DST_RET(DST_R_INVALIDPRIVATEKEY); if (pubrsa != NULL) RSA_free(pubrsa); key->key_size = EVP_PKEY_bits(pkey); #if USE_EVP key->keydata.pkey = pkey; RSA_free(rsa); #else key->keydata.rsa = rsa; EVP_PKEY_free(pkey); #endif return (ISC_R_SUCCESS); err: if (rsa != NULL) RSA_free(rsa); if (pubrsa != NULL) RSA_free(pubrsa); if (pkey != NULL) EVP_PKEY_free(pkey); return (ret); #else UNUSED(key); UNUSED(engine); UNUSED(label); UNUSED(pin); return(DST_R_NOENGINE); #endif }
int main(int argc, char **argv) { EVP_PKEY *private_key, *public_key; EVP_PKEY_CTX *pkey_ctx; EVP_MD_CTX *md_ctx; const EVP_MD *digest_algo; char *private_key_name, *public_key_name; unsigned char sig[4096]; size_t sig_len; unsigned char md[128]; size_t md_len; unsigned digest_len; char *key_pass = NULL; const char *module_path, *efile; ENGINE *e; int ret; if (argc < 5) { fprintf(stderr, "usage: %s [PIN] [CONF] [private key URL] [public key URL] [module]\n", argv[0]); fprintf(stderr, "\n"); exit(1); } key_pass = argv[1]; efile = argv[2]; private_key_name = argv[3]; public_key_name = argv[4]; module_path = argv[5]; ret = CONF_modules_load_file(efile, "engines", 0); if (ret <= 0) { fprintf(stderr, "cannot load %s\n", efile); display_openssl_errors(__LINE__); exit(1); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); e = ENGINE_by_id("pkcs11"); if (e == NULL) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "VERBOSE", NULL, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_init(e)) { display_openssl_errors(__LINE__); exit(1); } if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) { display_openssl_errors(__LINE__); exit(1); } private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL); if (private_key == NULL) { fprintf(stderr, "cannot load: %s\n", private_key_name); display_openssl_errors(__LINE__); exit(1); } public_key = ENGINE_load_public_key(e, public_key_name, NULL, NULL); if (public_key == NULL) { fprintf(stderr, "cannot load: %s\n", public_key_name); display_openssl_errors(__LINE__); exit(1); } digest_algo = EVP_get_digestbyname("sha256"); #define TEST_DATA "test data" md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, digest_algo) <= 0) { display_openssl_errors(__LINE__); exit(1); } if (EVP_DigestUpdate(md_ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) { display_openssl_errors(__LINE__); exit(1); } digest_len = sizeof(md); if (EVP_DigestFinal(md_ctx, md, &digest_len) <= 0) { display_openssl_errors(__LINE__); exit(1); } md_len = digest_len; EVP_MD_CTX_destroy(md_ctx); /* Sign the hash */ pkey_ctx = EVP_PKEY_CTX_new(private_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_sign_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init signature\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } sig_len = sizeof(sig); if (EVP_PKEY_sign(pkey_ctx, sig, &sig_len, md, EVP_MD_size(digest_algo)) <= 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); printf("Signature created\n"); #if OPENSSL_VERSION_NUMBER >= 0x1000000fL pkey_ctx = EVP_PKEY_CTX_new(public_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_verify_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init verify\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } ret = EVP_PKEY_verify(pkey_ctx, sig, sig_len, md, md_len); if (ret < 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); if (ret == 1) { printf("Signature verified\n"); } else { printf("Verification failed\n"); display_openssl_errors(__LINE__); exit(1); } #else /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ printf("Unable to verify signature with %s\n", OPENSSL_VERSION_TEXT); #endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ ENGINE_finish(e); CONF_modules_unload(1); return 0; }
int main(int argc, char *argv[]) { ENGINE *e; EVP_PKEY *pub_key; FILE *fp; char *engine = NULL; char *pin = NULL; char *keyname = NULL; char *filename = NULL; int c, errflg = 0; extern char *optarg; extern int optopt; while ((c = getopt(argc, argv, ":e:p:k:f:")) != -1) { switch (c) { case 'e': engine = optarg; break; case 'p': pin = optarg; break; case 'k': keyname = optarg; break; case 'f': filename = optarg; break; case ':': fprintf(stderr, "Option -%c requires an operand\n", optopt); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", optopt); errflg++; } } if ((errflg) || (!engine) || (!filename) || (!keyname)) { fprintf(stderr, "usage: PEM_write_pubkey -e engine [-p pin] " "-k keyname -f filename\n"); exit(1); } /* Load the config file */ OPENSSL_config(NULL); /* Register engine */ e = ENGINE_by_id(engine); if (!e) { /* the engine isn't available */ printf("The engine isn't available\n"); ERR_print_errors_fp(stderr); exit(1); } /* Send PIN to engine */ if (pin && !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0)){ printf("Error sending PIN to engine\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } if (!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ printf("The engine couldn't initialise\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } if (!ENGINE_register_RSA(e)){ /* This should only happen when 'e' can't initialise, but the previous * statement suggests it did. */ printf("This should not happen\n"); ERR_print_errors_fp(stderr); exit(1); } /* Load public key */ pub_key = ENGINE_load_public_key(e, keyname, NULL, NULL); if (pub_key == NULL) { /* No public key */ printf("Error loading public key\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } /* write public key to file in PEM format */ fp = fopen(filename, "w"); if (fp == NULL) { printf("Error opening output file.\n"); ENGINE_free(e); exit(1); } if (!PEM_write_PUBKEY(fp, pub_key)) { /* Error writing public key */ printf("Error writing public key"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } fclose(fp); exit(0); }