/** @fn int soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen) @brief Initiates a (signed) digest computation. @param soap context @param[in,out] data smdevp engine context @param[in] alg is algorithm to use @param[in] key is key to use or NULL for digests @param[in] keylen is length of HMAC key (when provided) @return SOAP_OK or SOAP_SSL_ERROR */ int soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen) { static int done = 0; int err = 1; #ifdef WITH_OPENSSL /* OpenSSL: make sure we have the digest algorithms, need to call just once */ if (!done) { done = 1; OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); } #endif /* the algorithm to use */ data->alg = alg; /* the key to use */ data->key = key; /* allocate and init the OpenSSL HMAC or EVP_MD context */ if ((alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1) { data->ctx = (void*)SOAP_MALLOC(soap, sizeof(HMAC_CTX)); HMAC_CTX_init((HMAC_CTX*)data->ctx); } else { data->ctx = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX)); EVP_MD_CTX_init((EVP_MD_CTX*)data->ctx); } DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Init alg=%d (%p) --\n", alg, data->ctx)); /* init the digest or signature computations */ switch (alg & (SOAP_SMD_PASSTHRU-1)) { case SOAP_SMD_DGST_MD5: EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_md5()); break; case SOAP_SMD_DGST_SHA1: EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_sha1()); break; case SOAP_SMD_DGST_SHA256: EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_sha256()); break; case SOAP_SMD_HMAC_SHA1: HMAC_Init((HMAC_CTX*)data->ctx, key, keylen, EVP_sha1()); break; case SOAP_SMD_SIGN_DSA_SHA1: err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_dss1()); break; case SOAP_SMD_SIGN_RSA_SHA1: err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_sha1()); break; case SOAP_SMD_SIGN_RSA_SHA256: err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_sha256()); break; case SOAP_SMD_VRFY_DSA_SHA1: err = EVP_VerifyInit((EVP_MD_CTX*)data->ctx, EVP_dss1()); break; case SOAP_SMD_VRFY_RSA_SHA1: err = EVP_VerifyInit((EVP_MD_CTX*)data->ctx, EVP_sha1()); break; } /* check and return */ return soap_smd_check(soap, data, err, "soap_smd_init() failed"); }
/* NOTE: Caller must xfree the signature returned by sig_pp */ extern int crypto_sign(void * key, char *buffer, int buf_size, char **sig_pp, unsigned int *sig_size_p) { EVP_MD_CTX ectx; int rc = SLURM_SUCCESS; int ksize = EVP_PKEY_size((EVP_PKEY *) key); /* * Allocate memory for signature: at most EVP_PKEY_size() bytes */ *sig_pp = xmalloc(ksize * sizeof(unsigned char)); EVP_SignInit(&ectx, EVP_sha1()); EVP_SignUpdate(&ectx, buffer, buf_size); if (!(EVP_SignFinal(&ectx, (unsigned char *)*sig_pp, sig_size_p, (EVP_PKEY *) key))) { rc = SLURM_ERROR; } #ifdef HAVE_EVP_MD_CTX_CLEANUP /* Note: Likely memory leak if this function is absent */ EVP_MD_CTX_cleanup(&ectx); #endif return rc; }
/* NOTE: Caller must xfree the signature returned by sig_pp */ extern int crypto_sign(void * key, char *buffer, int buf_size, char **sig_pp, unsigned int *sig_size_p) { EVP_MD_CTX *ectx; int rc = SLURM_SUCCESS; int ksize = EVP_PKEY_size((EVP_PKEY *) key); /* * Allocate memory for signature: at most EVP_PKEY_size() bytes */ *sig_pp = xmalloc(ksize * sizeof(unsigned char)); ectx = EVP_MD_CTX_new(); EVP_SignInit(ectx, EVP_sha1()); EVP_SignUpdate(ectx, buffer, buf_size); if (!(EVP_SignFinal(ectx, (unsigned char *)*sig_pp, sig_size_p, (EVP_PKEY *) key))) { rc = SLURM_ERROR; } EVP_MD_CTX_free(ectx); return rc; }
char *oauth_sign_rsa_sha1 (const char *m, const char *k) { unsigned char *sig = NULL; unsigned char *passphrase = NULL; unsigned int len=0; EVP_MD_CTX md_ctx; EVP_PKEY *pkey; BIO *in; in = BIO_new_mem_buf((unsigned char*) k, strlen(k)); pkey = PEM_read_bio_PrivateKey(in, NULL, 0, passphrase); // generate sign BIO_free(in); if (pkey == NULL) { //fprintf(stderr, "liboauth/OpenSSL: can not read private key\n"); return xstrdup("liboauth/OpenSSL: can not read private key"); } len = EVP_PKEY_size(pkey); sig = (unsigned char*)xmalloc((len+1)*sizeof(char)); EVP_SignInit(&md_ctx, EVP_sha1()); EVP_SignUpdate(&md_ctx, m, strlen(m)); if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) { char *tmp; sig[len] = '\0'; tmp = oauth_encode_base64(len,sig); OPENSSL_free(sig); EVP_PKEY_free(pkey); return tmp; } return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed"); }
ldns_rdf * ldns_sign_public_evp(ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type) { unsigned int siglen; ldns_rdf *sigdata_rdf; ldns_buffer *b64sig; EVP_MD_CTX ctx; const EVP_MD *md_type; int r; siglen = 0; b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!b64sig) { return NULL; } /* initializes a signing context */ md_type = digest_type; if(!md_type) { /* unknown message difest */ ldns_buffer_free(b64sig); return NULL; } EVP_MD_CTX_init(&ctx); r = EVP_SignInit(&ctx, md_type); if(r == 1) { r = EVP_SignUpdate(&ctx, (unsigned char*) ldns_buffer_begin(to_sign), ldns_buffer_position(to_sign)); } else { ldns_buffer_free(b64sig); return NULL; } if(r == 1) { r = EVP_SignFinal(&ctx, (unsigned char*) ldns_buffer_begin(b64sig), &siglen, key); } else { ldns_buffer_free(b64sig); return NULL; } if(r != 1) { ldns_buffer_free(b64sig); return NULL; } /* unfortunately, OpenSSL output is differenct from DNS DSA format */ if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen); } else { /* ok output for other types is the same */ sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, ldns_buffer_begin(b64sig)); } ldns_buffer_free(b64sig); EVP_MD_CTX_cleanup(&ctx); return sigdata_rdf; }
int evp_sign_internal(EVP_PKEY* evp, EVP_MD_CTX* ctx, enum EVP_DIGEST_TYPE type, const unsigned char* digest, unsigned int digest_length, string* s) { const EVP_MD* md = NULL; md = get_EVP_MD(type); if (md == NULL) { return 0; } EVP_MD_CTX_init(ctx); if (!EVP_SignInit(ctx, md)) { return 0; } if (!EVP_SignUpdate(ctx, digest, digest_length)) { return 0; } if (!EVP_SignFinal(ctx, string_base(s), &string_size(s), evp)) { return 0; } return 1; }
int COsslKey::SignBin( sqbind::CSqBinary *pData, sqbind::CSqBinary *sig ) {_STT(); if ( !pData || !sig || !getPrivateKeyPtr() ) return 0; EVP_MD_CTX md_ctx; // Initialize if ( !EVP_SignInit( &md_ctx, EVP_sha1() ) ) { oexERROR( 0, oexT( "EVP_SignInit() failed" ) ); return 0; } // end if if ( !EVP_SignUpdate( &md_ctx, pData->Ptr(), pData->getUsed() ) ) { oexERROR( 0, oexT( "EVP_SignUpdate() failed" ) ); return 0; } // end if if ( !sig->Allocate( 2 * 1024 ) ) { oexERROR( 0, oexT( "EVP_SignUpdate() failed" ) ); return 0; } // end if unsigned int sig_len = sig->Size(); int err = EVP_SignFinal( &md_ctx, (unsigned char*)sig->Ptr(), &sig_len, getPrivateKeyPtr() ); if ( 1 != err ) { oexERROR( err, oexT( "EVP_SignFinal() failed" ) ); return 0; } // end if sig->setUsed( sig_len ); return 1; }
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; int ret = -1; int i, j, max = 0; char *s = NULL; /* * Make sure ctx is properly initialized so that we can always pass * it to PEM_ENCODE_SEAL_CTX_cleanup() in the error path. */ EVP_EncodeInit(&ctx->encode); EVP_MD_CTX_init(&ctx->md); EVP_CIPHER_CTX_init(&ctx->cipher); for (i = 0; i < npubk; i++) { if (pubk[i]->type != EVP_PKEY_RSA) { PEMerror(PEM_R_PUBLIC_KEY_NO_RSA); goto err; } j = RSA_size(pubk[i]->pkey.rsa); if (j > max) max = j; } s = reallocarray(NULL, max, 2); if (s == NULL) { PEMerror(ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_SignInit(&ctx->md, md_type)) goto err; ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); if (ret <= 0) goto err; /* base64 encode the keys */ for (i = 0; i < npubk; i++) { j = EVP_EncodeBlock((unsigned char *)s, ek[i], RSA_size(pubk[i]->pkey.rsa)); ekl[i] = j; memcpy(ek[i], s, j + 1); } ret = npubk; if (0) { err: PEM_ENCODE_SEAL_CTX_cleanup(ctx); } free(s); explicit_bzero(key, sizeof(key)); return (ret); }
void rsatest() { const EVP_MD *sha256 = EVP_get_digestbyname("sha256"); if(!sha256){ fprintf(stderr,"SHA256 not available\n"); return; } printf("Now try signing with X.509 certificates and EVP\n"); char ptext[16]; memset(ptext,0,sizeof(ptext)); strcpy(ptext,"Simson"); unsigned char sig[1024]; uint32_t siglen = sizeof(sig); BIO *bp = BIO_new_file("signing_key.pem","r"); EVP_MD_CTX md; EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bp,0,0,0); EVP_SignInit(&md,sha256); EVP_SignUpdate(&md,ptext,sizeof(ptext)); EVP_SignFinal(&md,sig,&siglen,pkey); /* let's try to verify it */ bp = BIO_new_file("signing_cert.pem","r"); X509 *x = 0; PEM_read_bio_X509(bp,&x,0,0); EVP_PKEY *pubkey = X509_get_pubkey(x); printf("pubkey=%p\n",pubkey); EVP_VerifyInit(&md,sha256); EVP_VerifyUpdate(&md,ptext,sizeof(ptext)); int r = EVP_VerifyFinal(&md,sig,siglen,pubkey); printf("r=%d\n",r); printf("do it again...\n"); EVP_VerifyInit(&md,sha256); EVP_VerifyUpdate(&md,ptext,sizeof(ptext)); r = EVP_VerifyFinal(&md,sig,siglen,pubkey); printf("r=%d\n",r); printf("make a tiny change...\n"); ptext[0]='f'; EVP_VerifyInit(&md,sha256); EVP_VerifyUpdate(&md,ptext,sizeof(ptext)); r = EVP_VerifyFinal(&md,sig,siglen,pubkey); printf("r=%d\n",r); }
static TokenError _backend_sign(PKCS12Token *token, const char *message, size_t messagelen, char **signature, size_t *siglen) { if (!message || !signature || !siglen) { assert(false); return TokenError_Unknown; } if (messagelen >= UINT_MAX) return TokenError_MessageTooLong; // Find the certificate for the token STACK_OF(X509) *certList = pkcs12_listCerts(token->sharedP12->data); if (!certList) return TokenError_Unknown; X509 *cert = certutil_findCert(certList, token->subjectName, token->base.backend->notifier->keyUsage, false); if (!cert) { sk_X509_pop_free(certList, X509_free); return TokenError_Unknown; } // Get the corresponding private key EVP_PKEY *key = getPrivateKey(token->sharedP12->data, cert, token->base.password); sk_X509_pop_free(certList, X509_free); if (!key) return TokenError_BadPassword; // Sign with the default crypto with SHA1 unsigned int sig_len = EVP_PKEY_size(key); *siglen = sig_len; *signature = malloc(sig_len); EVP_MD_CTX sig_ctx; EVP_MD_CTX_init(&sig_ctx); bool success = (EVP_SignInit(&sig_ctx, EVP_sha1()) && EVP_SignUpdate(&sig_ctx, message, messagelen) && EVP_SignFinal(&sig_ctx, (unsigned char*)*signature, &sig_len, key)); EVP_MD_CTX_cleanup(&sig_ctx); EVP_PKEY_free(key); *siglen = sig_len; if (success) { return TokenError_Success; } else { certutil_updateErrorString(); free(*signature); return TokenError_SignatureFailure; } }
int sign_with_rsa_sha256(const char *input, const char *private_key, unsigned char *buffer_out, int *buffer_out_len) { FILE *fp; EVP_PKEY *pkey = 0; EVP_MD_CTX *ctx = 0; const EVP_MD *sha256_md = 0; unsigned int s = 0; PKCS12 *p12 = 0; X509 *cert = 0; OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(ctx); sha256_md = EVP_sha256(); EVP_SignInit(ctx, sha256_md); EVP_SignUpdate(ctx, input, strlen(input)); ERR_load_crypto_strings(); if (!(fp = fopen(private_key, "rb"))) { perror("Error opening file with private key"); return -1; } p12 = d2i_PKCS12_fp(fp, NULL); fclose (fp); if (!p12) { perror("Error reading PKCS#12 file"); return -1; } if (!PKCS12_parse(p12, "notasecret", &pkey, &cert, NULL)) { perror("Error parsing PKCS#12 file"); return -1; } s = EVP_PKEY_size(pkey); EVP_SignFinal(ctx, buffer_out, &s, pkey); *buffer_out_len = s; PKCS12_free(p12); EVP_MD_CTX_destroy(ctx); X509_free(cert); EVP_cleanup(); return 0; }
int isns_dsasig_sign(isns_security_t *ctx, isns_principal_t *peer, buf_t *pdu, struct isns_authblk *blk) { static unsigned char signature[1024]; unsigned int sig_len = sizeof(signature); EVP_MD_CTX *md_ctx; EVP_PKEY *pkey; const BIGNUM *priv_key = NULL; int err; if ((pkey = peer->is_key) == NULL) return 0; if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { isns_debug_message( "Incompatible public key (spi=%s)\n", peer->is_name); return 0; } if (EVP_PKEY_size(pkey) > sizeof(signature)) { isns_error("isns_dsasig_sign: signature buffer too small\n"); return 0; } DSA_get0_key(EVP_PKEY_get0_DSA(pkey), NULL, &priv_key); if (priv_key == NULL) { isns_error("isns_dsasig_sign: oops, seems to be a public key\n"); return 0; } isns_debug_auth("Signing messages with spi=%s, DSA/%u\n", peer->is_name, EVP_PKEY_bits(pkey)); md_ctx = EVP_MD_CTX_new(); EVP_SignInit(md_ctx, EVP_dss1()); isns_message_digest(md_ctx, pdu, blk); err = EVP_SignFinal(md_ctx, signature, &sig_len, pkey); EVP_MD_CTX_free(md_ctx); if (err == 0) { isns_dsasig_report_errors("EVP_SignFinal failed", isns_error); return 0; } blk->iab_sig = signature; blk->iab_sig_len = sig_len; return 1; }
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; int ret = -1; int i, j, max = 0; char *s = NULL; for (i = 0; i < npubk; i++) { if (pubk[i]->type != EVP_PKEY_RSA) { PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); goto err; } j = RSA_size(pubk[i]->pkey.rsa); if (j > max) max = j; } s = (char *)reallocarray(NULL, max, 2); if (s == NULL) { PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE); goto err; } EVP_EncodeInit(&ctx->encode); EVP_MD_CTX_init(&ctx->md); if (!EVP_SignInit(&ctx->md, md_type)) goto err; EVP_CIPHER_CTX_init(&ctx->cipher); ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); if (ret <= 0) goto err; /* base64 encode the keys */ for (i = 0; i < npubk; i++) { j = EVP_EncodeBlock((unsigned char *)s, ek[i], RSA_size(pubk[i]->pkey.rsa)); ekl[i] = j; memcpy(ek[i], s, j + 1); } ret = npubk; err: if (s != NULL) free(s); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); return (ret); }
AnsiString DKIM::_SignHash(AnsiString &privateKey, AnsiString &canonicalizedHeader, HashCreator::HashType hashType) { // Sign the hash. BIO *private_bio = BIO_new_mem_buf(privateKey.GetBuffer(), -1); if(private_bio == NULL) { ErrorManager::Instance()->ReportError(ErrorManager::Medium, 5309, "DKIM::_SignHash", "Unable to read the private key file into memory."); return ""; } EVP_PKEY *private_key = PEM_read_bio_PrivateKey(private_bio, NULL, NULL, NULL); if(private_key == NULL) { BIO_free(private_bio); ErrorManager::Instance()->ReportError(ErrorManager::Medium, 5310, "DKIM::_SignHash", "Unable to parse the private key file."); return ""; } BIO_free(private_bio); unsigned int siglen = EVP_PKEY_size(private_key); unsigned char *sig = (unsigned char*) OPENSSL_malloc(siglen); EVP_MD_CTX headerSigningContext; EVP_SignInit( &headerSigningContext, hashType == HashCreator::SHA256 ? EVP_sha256() : EVP_sha1()); String result; if (EVP_SignUpdate( &headerSigningContext, canonicalizedHeader.GetBuffer(), canonicalizedHeader.GetLength() ) == 1) { if (EVP_SignFinal( &headerSigningContext, sig, &siglen, private_key) == 1) { result = Base64::Encode((const char*) sig, siglen); } else { ErrorManager::Instance()->ReportError(ErrorManager::Medium, 5311, "DKIM::_SignHash", "Call to EVP_SignFinal failed."); } } else { ErrorManager::Instance()->ReportError(ErrorManager::Medium, 5312, "DKIM::_SignHash", "Call to EVP_SignUpdate failed."); } EVP_PKEY_free(private_key); EVP_MD_CTX_cleanup( &headerSigningContext ); OPENSSL_free(sig); return result; }
//-------------------------------------------------- // Calculates files SHA1-RSA signature // szFileName - file name // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int* nSigLen, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; byte buf[FILE_BUFSIZE]; int i; FILE *f = NULL; EVP_PKEY* pkey = NULL; RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { if((f = fopen(szFileName,"rb")) != NULL) { EVP_SignInit(&ctx, EVP_sha1()); for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; EVP_SignUpdate (&ctx, buf, (unsigned long)i); } err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; fclose(f); EVP_PKEY_free(pkey); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
AXIS2_EXTERN int AXIS2_CALL openssl_sig_sign(const axutil_env_t *env, openssl_pkey_t *prvkey, oxs_buffer_t *input_buf, oxs_buffer_t *output_buf) { unsigned char sig_buf[4096]; /*Enough for the signature*/ unsigned int sig_len; const EVP_MD* digest; EVP_MD_CTX md_ctx; EVP_PKEY* pkey = NULL; int err, ret; /*Get the key*/ /*open_pkey = oxs_sign_ctx_get_private_key(sign_ctx, env);*/ pkey = openssl_pkey_get_key(prvkey, env); if(!pkey){ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_SIGN_FAILED,"Cannot load the private key" ); } /*TODO: Set the digest according to the signature method*/ digest = EVP_sha1(); /*MD Ctx init*/ EVP_MD_CTX_init(&md_ctx); /*Sign init*/ ret = EVP_SignInit(&md_ctx, digest); AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[openssl][sig] Signing content %s", oxs_buffer_get_data(input_buf, env) ); EVP_SignUpdate (&md_ctx, oxs_buffer_get_data(input_buf, env), oxs_buffer_get_size(input_buf, env)); sig_len = sizeof(sig_buf); err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey); if (err != 1) { ERR_print_errors_fp (stderr); } /*Fill the output buffer*/ oxs_buffer_populate(output_buf, env, sig_buf, sig_len); EVP_MD_CTX_cleanup(&md_ctx); return sig_len; }
static bool EVP_sign(RSA *rsa, const char *data, size_t l, char *outsig, size_t *sigl) { EVP_MD_CTX ctx; EVP_PKEY *pkey; bool ret = false; pkey = EVP_PKEY_new(); if (!pkey) return false; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail; EVP_SignInit(&ctx, EVP_sha256()); if (!EVP_SignUpdate(&ctx, data, l)) goto _fail; if (!EVP_SignFinal(&ctx, outsig, sigl, pkey)) goto _fail; ret = true; _fail: EVP_PKEY_free(pkey); return ret; }
SM_MEDIA_HANDLE Flash2AppSMGenerateHashOpen(void) { SM_MEDIA_HANDLE h; h = (SM_MEDIA_HANDLE)malloc(sizeof(*h)); if (h) { /* Just load the crypto library error strings, * SSL_load_error_strings() loads the crypto AND the SSL ones */ /* SSL_load_error_strings();*/ //ERR_load_crypto_strings(); { FILE* fp; /* Read private key */ fp = fopen(KEYF, "r"); if (fp == NULL) { printf("error opening keyfile\n"); free(h); return NULL; } h->pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose(fp); } if (h->pkey == NULL) { printf("error reading key\n"); free(h); return NULL; } /* Do the signature */ EVP_SignInit(&h->md_ctx, SM_HASH_FUNCTION); } return h; }
void signMessage(int message, char* keyfile, unsigned char* signature) { int err; unsigned int sig_len; static char data[100]; EVP_MD_CTX md_ctx; EVP_PKEY* pkey; FILE * fp; X509 * x509; memset(&data, '\0', sizeof(data)); sprintf(data, "%d", message); ERR_load_crypto_strings(); /* Read private key */ fp = fopen(keyfile, "r"); if (fp == NULL) { perror("File error"); printf("Key file not found\n"); exit(1); } pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose(fp); if (pkey == NULL) { printf("Error in claiming private key\n"); ERR_print_errors_fp (stderr); exit(1); } /* Do the signature */ EVP_SignInit(&md_ctx, EVP_sha1()); EVP_SignUpdate(&md_ctx, data, strlen(data)); sig_len = sizeof(signature); err = EVP_SignFinal(&md_ctx, signature, &sig_len, pkey); if (err != 1) { printf("Error in signing\n"); ERR_print_errors_fp(stderr); exit(1); } EVP_PKEY_free(pkey); }
unsigned char * sign_it( EVP_PKEY * pkey, const EVP_MD * htype, char * data, int data_len, int * sig_len ) { EVP_MD_CTX md_ctx; unsigned char *sig = malloc( EVP_PKEY_size(pkey) ); *sig_len = EVP_PKEY_size(pkey); EVP_SignInit (&md_ctx, htype); EVP_SignUpdate (&md_ctx, data, data_len); if (EVP_SignFinal (&md_ctx, sig, sig_len, pkey) != 1) { free(sig); sig = 0; *sig_len = 0; ERR_print_errors_fp(stderr); } return sig; }
char * syslog_sign_buf(const char *buff, size_t len) { char buf[SIGN_MAX_LENGTH+1]; unsigned char sig_value[SIGN_B64SIGLEN_DSS]; unsigned char sig_b64[SIGN_B64SIGLEN_DSS]; unsigned sig_len = 0; char *signature; EVP_SignInit(sign_global_conf, sign_method); EVP_SignUpdate(sign_global_conf, buff, len); EVP_SignFinal(sign_global_conf, sig_value, &sig_len, eprivkey); b64_ntop(sig_value, sig_len, (char *)sig_b64, sizeof(sig_b64)); signature = strdup((char *)sig_b64); dprintf("sign_string_sign('%s') --> '%s'\n", buf, signature); return signature; }
/* This function signs the buffer passed as argument, returns the length of the signature * else -1 on error * It leaves the sign in **sign_buf (which is allocated) */ int sign_hello(unsigned char* hello_buf,unsigned int hello_len,unsigned char** sign_buf){ EVP_MD_CTX* ctx = NULL; unsigned int sign_len; EVP_PKEY* evp = EVP_PKEY_new(); FILE* fp; *sign_buf = NULL; ctx = (EVP_MD_CTX*)calloc(1,sizeof(EVP_MD_CTX)); EVP_MD_CTX_init(ctx); OpenSSL_add_all_algorithms(); if((fp=fopen(PRIV_KEY,"r"))==NULL){ goto fail; } if((evp=PEM_read_PrivateKey(fp,NULL,NULL,NULL))==NULL){ goto fail; } *sign_buf = (unsigned char*)calloc(1,EVP_PKEY_size(evp)); if(EVP_SignInit(ctx,EVP_sha512())==0){ goto fail; } if(EVP_SignUpdate(ctx,hello_buf,hello_len)==0){ goto fail; } if(EVP_SignFinal(ctx,*sign_buf,&sign_len,evp)==0){ goto fail; } EVP_MD_CTX_cleanup(ctx); free(ctx); EVP_PKEY_free(evp); return sign_len; fail: EVP_MD_CTX_cleanup(ctx); free(ctx); if (*sign_buf != NULL) { free(*sign_buf); } return -1; }
/* * call-seq: * pkey.sign(digest, data) -> String * * To sign the +String+ +data+, +digest+, an instance of OpenSSL::Digest, must * be provided. The return value is again a +String+ containing the signature. * A PKeyError is raised should errors occur. * Any previous state of the +Digest+ instance is irrelevant to the signature * outcome, the digest instance is reset to its initial state during the * operation. * * == Example * data = 'Sign me!' * digest = OpenSSL::Digest::SHA256.new * pkey = OpenSSL::PKey::RSA.new(2048) * signature = pkey.sign(digest, data) */ static VALUE ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) { EVP_PKEY *pkey; EVP_MD_CTX ctx; unsigned int buf_len; VALUE str; if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue) { ossl_raise(rb_eArgError, "Private key is needed."); } GetPKey(self, pkey); EVP_SignInit(&ctx, GetDigestPtr(digest)); StringValue(data); EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); str = rb_str_new(0, EVP_PKEY_size(pkey)+16); if (!EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey)) ossl_raise(ePKeyError, NULL); assert((long)buf_len <= RSTRING_LEN(str)); rb_str_set_len(str, buf_len); return str; }
/** Low-level signature operation. * \param key_count Number of keys in the \a source array. * \param source Array of keys. The keys must include private key data. * \param data Data to sign. * \return Array of signatures, one for each key, * or NULL if the operation failed. * \sa gale_crypto_verify_raw(), gale_crypto_sign() */ const struct gale_data *gale_crypto_sign_raw(int key_count, const struct gale_group *source, struct gale_data data) { int i; struct gale_data *output; RSA *rsa; EVP_MD_CTX *context = EVP_MD_CTX_new(); EVP_SignInit(context,EVP_md5()); EVP_SignUpdate(context,data.p,data.l); gale_create_array(output,key_count); for (i = 0; NULL != output && i < key_count; ++i) { EVP_PKEY *key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(key,RSA_new()); rsa = EVP_PKEY_get0_RSA(key); crypto_i_rsa(source[i],rsa); if (!crypto_i_private_valid(rsa)) { gale_alert(GALE_WARNING,G_("invalid private key"),0); output = NULL; goto cleanup; } output[i].p = gale_malloc(EVP_PKEY_size(key)); if (!EVP_SignFinal(context,output[i].p,&output[i].l,key)) { crypto_i_error(); output = NULL; goto cleanup; } cleanup: EVP_PKEY_free(key); } return output; }
//-------------------------------------------------- // Calculates input datas SHA1-RSA signature // data - input data // dlen - input data length // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int signData(const byte* data, int dlen, byte* pSigBuf, int* nSigLen, int nDigestType, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; EVP_PKEY* pkey; RETURN_IF_NULL_PARAM(data); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { EVP_SignInit(&ctx, EVP_sha1()); EVP_SignUpdate (&ctx, data, (unsigned long)dlen); err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; EVP_PKEY_free(pkey); } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
int main() { int err; int sig_len; unsigned char sig_buf[4096]; static char certfile[] = "cert.pem"; static char keyfile[] = "key.pem"; static char data[] = "I owe you..."; EVP_MD_CTX md_ctx; EVP_PKEY *pkey; FILE *fp; X509 *x509; /* * Just load the crypto library error strings, SSL_load_error_strings() * loads the crypto AND the SSL ones */ /* SSL_load_error_strings(); */ ERR_load_crypto_strings(); /* Read private key */ fp = fopen(keyfile, "r"); if (fp == NULL) exit(1); pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose(fp); if (pkey == NULL) { ERR_print_errors_fp(stderr); exit(1); } /* Do the signature */ EVP_SignInit(&md_ctx, EVP_sha1()); EVP_SignUpdate(&md_ctx, data, strlen(data)); sig_len = sizeof(sig_buf); err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey); if (err != 1) { ERR_print_errors_fp(stderr); exit(1); } EVP_PKEY_free(pkey); /* Read public key */ fp = fopen(certfile, "r"); if (fp == NULL) exit(1); x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (x509 == NULL) { ERR_print_errors_fp(stderr); exit(1); } /* Get public key - eay */ pkey = X509_get_pubkey(x509); if (pkey == NULL) { ERR_print_errors_fp(stderr); exit(1); } /* Verify the signature */ EVP_VerifyInit(&md_ctx, EVP_sha1()); EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data)); err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey); EVP_PKEY_free(pkey); if (err != 1) { ERR_print_errors_fp(stderr); exit(1); } printf("Signature Verified Ok.\n"); return (0); }
/* adds a Identity header field to msg return value: 1: success 0: else */ static int addIdentity(char * dateHF, struct sip_msg * msg) { #define IDENTITY_HDR_S "Identity: \"" #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) EVP_MD_CTX ctx; unsigned int siglen = 0; int b64len = 0; unsigned char * sig = NULL; char digestString[MAX_DIGEST]; str buf; if(!makeDigestString(digestString, dateHF, msg)) { LM_ERR("error making digest string\n"); return 0; } EVP_SignInit(&ctx, EVP_sha1()); EVP_SignUpdate(&ctx, digestString, strlen(digestString)); sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); if(!sig) { EVP_MD_CTX_cleanup(&ctx); LM_ERR("failed allocating memory\n"); return 0; } if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) { EVP_MD_CTX_cleanup(&ctx); pkg_free(sig); LM_ERR("error calculating signature\n"); return 0; } EVP_MD_CTX_cleanup(&ctx); /* ###Base64-encoding### */ /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ b64len = (((siglen + 2) / 3) * 4) + 1; buf.len = IDENTITY_HDR_L + b64len + 1 + CRLF_LEN; buf.s = pkg_malloc(buf.len); if(!buf.s) { pkg_free(sig); LM_ERR("error allocating memory\n"); return 0; } memcpy( buf.s, IDENTITY_HDR_S, IDENTITY_HDR_L); EVP_EncodeBlock((unsigned char*)(buf.s+IDENTITY_HDR_L), sig, siglen); memcpy( buf.s+IDENTITY_HDR_L+b64len, "\""CRLF, CRLF_LEN+1); pkg_free(sig); if ( id_add_header( msg, buf.s, buf.len )!=0) { pkg_free(buf.s); LM_ERR("failed to add Identity header\n"); return 0; } return 1; }
Eet_Error eet_identity_sign(FILE *fp, Eet_Key *key) { #ifdef HAVE_SIGNATURE Eet_Error err = EET_ERROR_NONE; struct stat st_buf; void *data; int fd; int head[3]; unsigned char *sign = NULL; unsigned char *cert = NULL; # ifdef HAVE_GNUTLS gnutls_datum_t datum = { NULL, 0 }; size_t sign_len = 0; size_t cert_len = 0; gnutls_datum_t signum = { NULL, 0 }; gnutls_privkey_t privkey; # else /* ifdef HAVE_GNUTLS */ # if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) EVP_MD_CTX *md_ctx; # else EVP_MD_CTX md_ctx; # endif unsigned int sign_len = 0; int cert_len = 0; # endif /* ifdef HAVE_GNUTLS */ /* A few check and flush pending write. */ if (!fp || !key || !key->certificate || !key->private_key) return EET_ERROR_BAD_OBJECT; if (!emile_cipher_init()) return EET_ERROR_NOT_IMPLEMENTED; /* Get the file size. */ fd = fileno(fp); if (fd < 0) return EET_ERROR_BAD_OBJECT; if (fstat(fd, &st_buf) < 0) return EET_ERROR_MMAP_FAILED; /* let's make mmap safe and just get 0 pages for IO erro */ eina_mmap_safety_enabled_set(EINA_TRUE); /* Map the file in memory. */ data = mmap(NULL, st_buf.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (data == MAP_FAILED) return EET_ERROR_MMAP_FAILED; # ifdef HAVE_GNUTLS datum.data = data; datum.size = st_buf.st_size; /* Get the signature length */ if (gnutls_privkey_init(&privkey) < 0) { err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0) { err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0) { err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } sign = signum.data; sign_len = signum.size; /* Get the certificate length */ if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert, &cert_len) && !cert_len) { err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } /* Get the certificate */ cert = malloc(cert_len); if (!cert || gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert, &cert_len)) { if (!cert) err = EET_ERROR_OUT_OF_MEMORY; else err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } # else /* ifdef HAVE_GNUTLS */ sign_len = EVP_PKEY_size(key->private_key); sign = malloc(sign_len); if (!sign) { err = EET_ERROR_OUT_OF_MEMORY; goto on_error; } /* Do the signature. */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) md_ctx = EVP_MD_CTX_new(); EVP_SignInit(md_ctx, EVP_sha1()); EVP_SignUpdate(md_ctx, data, st_buf.st_size); err = EVP_SignFinal(md_ctx, sign, (unsigned int *)&sign_len, key->private_key); EVP_MD_CTX_free(md_ctx); #else EVP_SignInit(&md_ctx, EVP_sha1()); EVP_SignUpdate(&md_ctx, data, st_buf.st_size); err = EVP_SignFinal(&md_ctx, sign, (unsigned int *)&sign_len, key->private_key); EVP_MD_CTX_cleanup(&md_ctx); #endif if (err != 1) { ERR_print_errors_fp(stdout); err = EET_ERROR_SIGNATURE_FAILED; goto on_error; } /* Give me the der (binary form for X509). */ cert_len = i2d_X509(key->certificate, &cert); if (cert_len < 0) { ERR_print_errors_fp(stdout); err = EET_ERROR_X509_ENCODING_FAILED; goto on_error; } # endif /* ifdef HAVE_GNUTLS */ /* Append the signature at the end of the file. */ head[0] = (int)htonl ((unsigned int)EET_MAGIC_SIGN); head[1] = (int)htonl ((unsigned int)sign_len); head[2] = (int)htonl ((unsigned int)cert_len); if (fwrite(head, sizeof(head), 1, fp) != 1) { err = EET_ERROR_WRITE_ERROR; goto on_error; } if (fwrite(sign, sign_len, 1, fp) != 1) { err = EET_ERROR_WRITE_ERROR; goto on_error; } if (fwrite(cert, cert_len, 1, fp) != 1) { err = EET_ERROR_WRITE_ERROR; goto on_error; } on_error: # ifdef HAVE_GNUTLS if (cert) free(cert); # else /* ifdef HAVE_GNUTLS */ if (cert) OPENSSL_free(cert); # endif /* ifdef HAVE_GNUTLS */ if (sign) free(sign); munmap(data, st_buf.st_size); return err; #else /* ifdef HAVE_SIGNATURE */ fp = NULL; key = NULL; return EET_ERROR_NOT_IMPLEMENTED; #endif /* ifdef HAVE_SIGNATURE */ }
//-------------------------------------------------- // Calculates file size // szFileName - file name // lFileLen - pointer to a buffer where to store the file length // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSize(const char* szFileName, long* lFileLen) { FILE* hFile = 0; #ifdef WIN32 int i = 0, err = ERR_OK; wchar_t *convFileName = 0; #endif RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(lFileLen); if(!szFileName || !strlen(szFileName)) return 0; #ifdef WIN32 err = utf82unicode((const char*)szFileName, (char**)&convFileName, &i); ddocDebug(3, "calculateFileSize", "Opening FILE: %s, conv-file: %s len: %d", szFileName, convFileName, i); if((hFile = _wfopen(convFileName,L"rb")) != NULL) { #else if((hFile = fopen(szFileName,"rb")) != NULL) { #endif fseek(hFile, 0, SEEK_END); (*lFileLen) = ftell(hFile); ddocDebug(3, "calculateFileSize", "Closing FILE: %s, size: %ld", szFileName, (*lFileLen)); fclose(hFile); } // if - fopen else SET_LAST_ERROR_RETURN_CODE(ERR_FILE_READ); #ifdef WIN32 if(convFileName) free(convFileName); #endif return ERR_OK; } //-------------------------------------------------- // Calculates files SHA1-RSA signature // szFileName - file name // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int* nSigLen, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; byte buf[FILE_BUFSIZE]; int i; FILE *f = NULL; EVP_PKEY* pkey = NULL; RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { if((f = fopen(szFileName,"rb")) != NULL) { EVP_SignInit(&ctx, EVP_sha1()); for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; EVP_SignUpdate (&ctx, buf, (unsigned long)i); } err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; fclose(f); EVP_PKEY_free(pkey); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { EVP_MD_CTX ctx; unsigned char *p,*buf_in=NULL,*buf_out=NULL; int i,inl=0,outl=0,outll=0; X509_ALGOR *a; for (i=0; i<2; i++) { if (i == 0) a=algor1; else a=algor2; if (a == NULL) continue; if (type->pkey_type == NID_dsaWithSHA1) { /* special case: RFC 2459 tells us to omit 'parameters' * with id-dsa-with-sha1 */ ASN1_TYPE_free(a->parameter); a->parameter = NULL; } else if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { ASN1_TYPE_free(a->parameter); if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; a->parameter->type=V_ASN1_NULL; } ASN1_OBJECT_free(a->algorithm); a->algorithm=OBJ_nid2obj(type->pkey_type); if (a->algorithm == NULL) { ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); goto err; } if (a->algorithm->length == 0) { ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); goto err; } } inl=i2d(data,NULL); buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); outll=outl=EVP_PKEY_size(pkey); buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); if ((buf_in == NULL) || (buf_out == NULL)) { outl=0; ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); goto err; } p=buf_in; i2d(data,&p); EVP_SignInit(&ctx,type); EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) { outl=0; ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); signature->data=buf_out; buf_out=NULL; signature->length=outl; /* In the interests of compatibility, I'll make sure that * the bit string has a 'not-used bits' value of 0 */ signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; err: OPENSSL_cleanse(&ctx,sizeof(ctx)); if (buf_in != NULL) { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); }