int keygen_init(void) { m_bignumber = BN_new(); if(!m_bignumber) { fprintf(stderr, "Failed to init bignumber\n"); return -1; } m_rsa=RSA_new(); if(!m_rsa) { fprintf(stderr, "Failed to create RSA context\n"); return -1; } if(!BN_set_word(m_bignumber, RSA_F4) || !RSA_generate_key_ex(m_rsa,RSA_KEY_BITS,m_bignumber,NULL)) { fprintf(stderr, "Failed to generate RSA key\n"); return -1; } m_evpkey=EVP_PKEY_new(); if(!EVP_PKEY_set1_RSA(m_evpkey, m_rsa)) { fprintf(stderr, "Unable to convert RSA key to EVP key\n"); return -1; } m_p8info=EVP_PKEY2PKCS8(m_evpkey); if(!m_p8info) { fprintf(stderr, "Failed to convert EVP to PKCS8\n"); return -1; } return 0; }
int ccn_keypair_from_rsa(int public_only, RSA *private_key_rsa, PyObject **py_private_key_ccn, PyObject **py_public_key_ccn) { struct ccn_pkey *private_key = NULL, *public_key = NULL; PyObject *py_private_key = NULL, *py_public_key = NULL; unsigned int err; int r; RSA *public_key_rsa; if (!public_only && py_private_key_ccn) { private_key = (struct ccn_pkey *) EVP_PKEY_new(); JUMP_IF_NULL(private_key, openssl_error); py_private_key = CCNObject_New(PKEY_PRIV, private_key); JUMP_IF_NULL(py_private_key, error); r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa); JUMP_IF_NEG(r, openssl_error); } if (py_public_key_ccn) { public_key = (struct ccn_pkey *) EVP_PKEY_new(); JUMP_IF_NULL(public_key, openssl_error); py_public_key = CCNObject_New(PKEY_PUB, public_key); JUMP_IF_NULL(py_public_key, error); public_key_rsa = RSAPublicKey_dup(private_key_rsa); JUMP_IF_NULL(public_key_rsa, openssl_error); r = EVP_PKEY_set1_RSA((EVP_PKEY *) public_key, public_key_rsa); RSA_free(public_key_rsa); JUMP_IF_NULL(r, error); } if (py_private_key_ccn) { *py_private_key_ccn = public_only ? (Py_INCREF(Py_None), Py_None) : py_private_key; } if (py_public_key_ccn) *py_public_key_ccn = py_public_key; return 0; openssl_error: err = ERR_get_error(); PyErr_Format(g_PyExc_CCNKeyError, "Unable to generate keypair from the key:" " %s", ERR_reason_error_string(err)); error: if (!py_public_key && public_key) ccn_pubkey_free(public_key); Py_XDECREF(py_public_key); if (!py_private_key && private_key) ccn_pubkey_free(private_key); Py_XDECREF(py_private_key); return -1; }
// Encode into PKCS#8 DER ByteString OSSLRSAPrivateKey::PKCS8Encode() { ByteString der; if (rsa == NULL) return der; EVP_PKEY* pkey = EVP_PKEY_new(); if (pkey == NULL) return der; if (!EVP_PKEY_set1_RSA(pkey, rsa)) { EVP_PKEY_free(pkey); return der; } PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey); EVP_PKEY_free(pkey); if (p8inf == NULL) return der; int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL); if (len < 0) { PKCS8_PRIV_KEY_INFO_free(p8inf); return der; } der.resize(len); unsigned char* priv = &der[0]; int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv); PKCS8_PRIV_KEY_INFO_free(p8inf); if (len2 != len) der.wipe(); return der; }
/* * Build an EVP_PKEY object */ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key) { EVP_PKEY *pk; RSA *rsa; rsa = pkcs11_get_rsa(key); if (rsa == NULL) return NULL; pk = EVP_PKEY_new(); if (pk == NULL) { RSA_free(rsa); return NULL; } EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */ if (key->isPrivate) RSA_set_method(rsa, PKCS11_get_rsa_method()); /* TODO: Retrieve the RSA private key object attributes instead, * unless the key has the "sensitive" attribute set */ #if OPENSSL_VERSION_NUMBER < 0x01010000L /* RSA_FLAG_SIGN_VER is no longer needed since OpenSSL 1.1 */ rsa->flags |= RSA_FLAG_SIGN_VER; #endif RSA_set_ex_data(rsa, rsa_ex_index, key); RSA_free(rsa); /* Drops our reference to it */ return pk; }
static EVP_PKEY * generate_private_key (void) { RSA *rsa = RSA_new(); BIGNUM *bn = BN_new(); EVP_PKEY *pkey; /* * create an RSA keypair and assign them to a PKEY and return it. */ BN_set_word(bn, 0x10001); RSA_generate_key_ex(rsa, 1024, bn, NULL); pkey = EVP_PKEY_new(); if (pkey==NULL) { printf("\nError allocating PKEY structure for new key pair\n"); return NULL; } if (!EVP_PKEY_set1_RSA(pkey, rsa)) { printf("\nError assigning RSA key pair to PKEY structure\n"); return NULL; } RSA_free(rsa); BN_free(bn); return (pkey); }
static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) { const grpc_json *key_prop; RSA *rsa = NULL; EVP_PKEY *result = NULL; GPR_ASSERT(kty != NULL && json != NULL); if (strcmp(kty, "RSA") != 0) { gpr_log(GPR_ERROR, "Unsupported key type %s.", kty); goto end; } rsa = RSA_new(); if (rsa == NULL) { gpr_log(GPR_ERROR, "Could not create rsa key."); goto end; } for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) { if (strcmp(key_prop->key, "n") == 0) { rsa->n = bignum_from_base64(validate_string_field(key_prop, "n")); if (rsa->n == NULL) goto end; } else if (strcmp(key_prop->key, "e") == 0) { rsa->e = bignum_from_base64(validate_string_field(key_prop, "e")); if (rsa->e == NULL) goto end; } } if (rsa->e == NULL || rsa->n == NULL) { gpr_log(GPR_ERROR, "Missing RSA public key field."); goto end; } result = EVP_PKEY_new(); EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */ end: if (rsa != NULL) RSA_free(rsa); return result; }
void openssl_evp_comsign() { RSA *rsa; EVP_PKEY *evpKey; EVP_MD_CTX mdctx; unsigned int i, len; char ins[MAX1_LEN] = "openssl signature"; unsigned char outs[MAX1_LEN]; OpenSSL_add_all_algorithms(); rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL); evpKey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(evpKey, rsa); EVP_MD_CTX_init(&mdctx); EVP_SignInit_ex(&mdctx, EVP_md5(), NULL); EVP_SignUpdate(&mdctx, ins, strlen(ins)); EVP_SignFinal(&mdctx, outs, &len, evpKey); printf("\nEVP_COMSignature(%s) = ", ins); for (i = 0; i < len; i++) printf("0x%02x ", outs[i]); printf("\n"); EVP_MD_CTX_cleanup(&mdctx); EVP_MD_CTX_init(&mdctx); EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL); EVP_VerifyUpdate(&mdctx, ins, strlen(ins)); if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1) printf("EVP_COMVerify OK!\n"); EVP_MD_CTX_cleanup(&mdctx); EVP_PKEY_free(evpKey); RSA_free(rsa); }
/* creates a self-signed certificate for a key */ X509 * ship_create_selfsigned_cert(char *subject, int ttl, RSA* signer_key) { X509 *x = 0, *ret = 0; X509_NAME *tmp = 0; EVP_PKEY *pr_key = 0; ASSERT_TRUE(x = X509_new(), err); ASSERT_TRUE(pr_key = EVP_PKEY_new(), err); ASSERT_TRUE(EVP_PKEY_set1_RSA(pr_key, signer_key), err); ASSERT_TRUE(X509_set_version(x, 2), err); /* version 3 certificate */ ASN1_INTEGER_set(X509_get_serialNumber(x), 0); ASSERT_TRUE(X509_gmtime_adj(X509_get_notBefore(x), 0), err); ASSERT_TRUE(X509_gmtime_adj(X509_get_notAfter(x), (long)ttl), err); ASSERT_TRUE(tmp = X509_get_subject_name(x), err); ASSERT_TRUE(X509_NAME_add_entry_by_txt(tmp, "CN", MBSTRING_ASC, (unsigned char*)subject, -1, -1, 0), err); ASSERT_TRUE(X509_set_subject_name(x, tmp), err); ASSERT_TRUE(X509_set_pubkey(x, pr_key), err); ASSERT_TRUE(X509_sign(x, pr_key, EVP_sha1()), err); ret = x; x = NULL; err: if (x) X509_free(x); if (pr_key) EVP_PKEY_free(pr_key); return ret; }
static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebuf, const char *nbuf) { struct st_neverbleed_rsa_exdata_t *exdata; RSA *rsa; EVP_PKEY *pkey; if ((exdata = malloc(sizeof(*exdata))) == NULL) { fprintf(stderr, "no memory\n"); abort(); } exdata->nb = nb; exdata->key_index = key_index; rsa = RSA_new_method(nb->engine); RSA_set_ex_data(rsa, 0, exdata); if (BN_hex2bn(&rsa->e, ebuf) == 0) { fprintf(stderr, "failed to parse e:%s\n", ebuf); abort(); } if (BN_hex2bn(&rsa->n, nbuf) == 0) { fprintf(stderr, "failed to parse n:%s\n", nbuf); abort(); } rsa->flags |= RSA_FLAG_EXT_PKEY; pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); return pkey; }
bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){ RSA* rsa = parDeClaves; EVP_PKEY* pk = EVP_PKEY_new(); EVP_MD_CTX ctx; EVP_PKEY_set1_RSA(pk,parDeClaves); EVP_MD_CTX_init(&ctx); M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/); EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL); while(!mensaje.eof()){ unsigned char buffer[tamanio_de_buffer_default]; mensaje.read((char*)buffer,tamanio_de_buffer_default); EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount()); mensaje.peek(); } int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk); EVP_MD_CTX_cleanup(&ctx); // El free esta en el constructor de ParDeClaves no puede // liberarse aca //FIPS_rsa_free(pk.pkey.rsa); EVP_PKEY_free(pk); return ok==1; }
static EVP_PKEY *pki_generate_keyring() { jlog(L_DEBUG, "pki_generate_keyring"); EVP_PKEY *keyring; RSA *rsa_keys; // create a new keyring keyring = EVP_PKEY_new(); // generate RSA type public and private keys rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL); // if the keys are not usable, give it another try if (RSA_check_key(rsa_keys) != 1) { RSA_free(rsa_keys); rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL); // we are in serious problem here if (RSA_check_key(rsa_keys) != 1) { RSA_free(rsa_keys); return NULL; } } // add the RSA keys into the keyring EVP_PKEY_set1_RSA(keyring, rsa_keys); RSA_free(rsa_keys); return keyring; }
bool Certificate::verifySignature(RSA *key) { bool res = false; if (!key) return false; if (verified) return true; EVP_PKEY *pkey = EVP_PKEY_new(); if (!pkey) { HAGGLE_ERR("Could not allocate EVP_PKEY\n"); writeErrors(""); return false; } EVP_PKEY_set1_RSA(pkey, key); res = verifySignature(pkey); EVP_PKEY_free(pkey); return res; }
BOOL rsautil_rsa_to_privkeyblob(RSA *rsa, PBYTE *blob, DWORD *cbBlob) { BOOL status = FALSE; BIO *out; EVP_PKEY *pk; int ret; char *ptr; if(pk = EVP_PKEY_new()) { if(out = BIO_new(BIO_s_mem())) { EVP_PKEY_set1_RSA(pk, rsa); ret = i2b_PrivateKey_bio(out, pk); if(ret > 0) { *cbBlob = BIO_get_mem_data(out, &ptr); if(*blob = (PBYTE) LocalAlloc(LPTR, *cbBlob)) { status = TRUE; RtlCopyMemory(*blob, ptr, *cbBlob); } } else /**/; BIO_free(out); } EVP_PKEY_free(pk); } return status; }
PyObject * _pyndn_privatekey_dup(const struct ndn_pkey *key) { RSA *private_key_rsa; PyObject *py_private_key = NULL; struct ndn_pkey *private_key; unsigned int err; int r; private_key = (struct ndn_pkey *) EVP_PKEY_new(); JUMP_IF_NULL(private_key, openssl_error); py_private_key = NDNObject_New(PKEY_PRIV, private_key); if (!py_private_key) { EVP_PKEY_free((EVP_PKEY *) private_key); goto error; } private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) key); JUMP_IF_NULL(private_key_rsa, openssl_error); r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa); RSA_free(private_key_rsa); JUMP_IF_NEG(r, openssl_error); return py_private_key; openssl_error: err = ERR_get_error(); PyErr_Format(g_PyExc_NDNKeyError, "Unable to generate keypair from the key:" " %s", ERR_reason_error_string(err)); error: Py_XDECREF(py_private_key); return NULL; }
static EVP_PKEY *load_example_rsa_key(void) { EVP_PKEY *ret = NULL; const unsigned char *derp = kExampleRSAKeyDER; EVP_PKEY *pkey = NULL; RSA *rsa = NULL; if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { return NULL; } pkey = EVP_PKEY_new(); if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { goto out; } ret = pkey; pkey = NULL; out: EVP_PKEY_free(pkey); RSA_free(rsa); return ret; }
EVPPKey EVPPKey::createFromRSAKey(const RSAKey& key) { boost::shared_ptr<EVP_PKEY> _pkey(EVP_PKEY_new(), EVP_PKEY_free); EXCEPTION_ASSERT(_pkey, Exception::bad_function_call, "Unable to create a EVP_PKEY structure"); EVP_PKEY_set1_RSA(_pkey.get(), key.d_rsa.get()); return EVPPKey(_pkey, key.hasPrivateCompound()); }
static EVP_PKEY* ssls_dup_PrivateRSA_ENV_PKEY( EVP_PKEY* src ) { EVP_PKEY* pDupKey = EVP_PKEY_new(); RSA* pRSA = EVP_PKEY_get1_RSA(src); RSA* pRSADupKey = RSAPrivateKey_dup(pRSA); RSA_free(pRSA); EVP_PKEY_set1_RSA(pDupKey, pRSADupKey); RSA_free(pRSADupKey); return(pDupKey); }
int dnskey_build_pkey(struct rr_dnskey *rr) { if (rr->pkey_built) return rr->pkey ? 1 : 0; rr->pkey_built = 1; if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { RSA *rsa; EVP_PKEY *pkey; unsigned int e_bytes; unsigned char *pk; int l; rsa = RSA_new(); if (!rsa) goto done; pk = (unsigned char *)rr->pubkey.data; l = rr->pubkey.length; e_bytes = *pk++; l--; if (e_bytes == 0) { if (l < 2) /* public key is too short */ goto done; e_bytes = (*pk++) << 8; e_bytes += *pk++; l -= 2; } if (l < e_bytes) /* public key is too short */ goto done; rsa->e = BN_bin2bn(pk, e_bytes, NULL); pk += e_bytes; l -= e_bytes; rsa->n = BN_bin2bn(pk, l, NULL); pkey = EVP_PKEY_new(); if (!pkey) goto done; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto done; rr->pkey = pkey; } done: if (!rr->pkey) { moan(rr->rr.file_name, rr->rr.line, "error building pkey"); } return rr->pkey ? 1 : 0; }
int RSA_print(BIO *bp, const RSA *x, int off) { EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); return ret; }
void setRsaKeys(char *rsaprivKeyPath,char *rsapubKeyPath,char *rsapubKeyPath2) { SSL_load_error_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); sKey = EVP_PKEY_new(); pKey = EVP_PKEY_new(); pKey2 = EVP_PKEY_new(); priv = getRsaFp( rsaprivKeyPath ); pub = getRsaFp2( rsapubKeyPath ); pub2 = getRsaFp2( rsapubKeyPath2 ); EVP_PKEY_set1_RSA( sKey, priv ); EVP_PKEY_set1_RSA( pKey, pub ); EVP_PKEY_set1_RSA( pKey2, pub2 ); }
/* Creates an X509 certificate request (1st stage). */ EXPORT int MakeCertificateRequest(unsigned char *reqbuf, int *reqlen, char *x500dn, unsigned char *rsabuf, int rsalen) { EVP_PKEY *pkey = NULL; RSA *rsa = NULL; unsigned char *p = NULL; int ret = OPENSSLCA_NO_ERR; if (reqbuf == NULL || reqlen == NULL || x500dn == NULL || rsabuf == NULL || rsalen == 0) return OPENSSLCA_ERR_ARGS; /* Decode RSA public key from DER format */ if ((rsa = RSA_new()) == NULL) { ret = OPENSSLCA_ERR_RSA_NEW; goto err; } p = rsabuf; if (d2i_RSAPublicKey(&rsa, &p, rsalen) == NULL) { ret = OPENSSLCA_ERR_RSA_DECODE; goto err; } /* Add RSA to EVP_PKEY */ if ((pkey = EVP_PKEY_new()) == NULL) { ret = OPENSSLCA_ERR_KEY_NEW; goto err; } if (!EVP_PKEY_set1_RSA(pkey, rsa)) { ret = OPENSSLCA_ERR_KEY_ASSIGN; goto err; } #ifdef _DEBUG { FILE *fp = fopen(DBG_PATH("rsa.bin"), "wb"); if (fp != NULL) { i2d_RSAPublicKey_fp(fp, rsa); fclose(fp); } } #endif ret = MakeCertificateRequest2(reqbuf, reqlen, x500dn, pkey); err: print_err("MakeCertificateRequest()", ret); if (rsa) RSA_free(rsa); if (pkey) EVP_PKEY_free(pkey); return ret; }
Qt::HANDLE QSmartCard::key() { RSA *rsa = RSAPublicKey_dup( (RSA*)d->t.authCert().publicKey().handle() ); if ( !rsa ) return 0; RSA_set_method( rsa, &d->method ); rsa->flags |= RSA_FLAG_SIGN_VER; RSA_set_app_data( rsa, d ); EVP_PKEY *key = EVP_PKEY_new(); EVP_PKEY_set1_RSA( key, rsa ); RSA_free( rsa ); return Qt::HANDLE(key); }
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int bitlen, int ispub) { const unsigned char *pin = *in; EVP_PKEY *ret = NULL; BIGNUM *e = NULL, *n = NULL, *d = NULL; RSA *rsa = NULL; unsigned int nbyte, hnbyte; nbyte = (bitlen + 7) >> 3; hnbyte = (bitlen + 15) >> 4; rsa = RSA_new(); ret = EVP_PKEY_new(); if (rsa == NULL || ret == NULL) goto memerr; e = BN_new(); if (e == NULL) goto memerr; if (!BN_set_word(e, read_ledword(&pin))) goto memerr; if (!read_lebn(&pin, nbyte, &n)) goto memerr; if (!ispub) { BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; if (!read_lebn(&pin, hnbyte, &p)) goto memerr; if (!read_lebn(&pin, hnbyte, &q)) goto memerr; if (!read_lebn(&pin, hnbyte, &dmp1)) goto memerr; if (!read_lebn(&pin, hnbyte, &dmq1)) goto memerr; if (!read_lebn(&pin, hnbyte, &iqmp)) goto memerr; if (!read_lebn(&pin, nbyte, &d)) goto memerr; RSA_set0_factors(rsa, p, q); RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); } RSA_set0_key(rsa, e, n, d); EVP_PKEY_set1_RSA(ret, rsa); RSA_free(rsa); *in = pin; return ret; memerr: PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); RSA_free(rsa); EVP_PKEY_free(ret); return NULL; }
EVP_PKEY* CreateRsaKey(const_RsaDevice d) { BN_CTX* ctx = IntegerGroup_GetCtx(RsaParams_GetGroup(d->params)); // phi(n) = (p-1)(q-1) BIGNUM *phi_n, *pm, *qm; phi_n = BN_new(); CHECK_CALL(phi_n); CHECK_CALL(pm = BN_dup(d->p)); CHECK_CALL(qm = BN_dup(d->q)); CHECK_CALL(BN_sub_word(pm, 1)); CHECK_CALL(BN_sub_word(qm, 1)); CHECK_CALL(BN_mul(phi_n, pm, qm, ctx)); EVP_PKEY *evp = EVP_PKEY_new(); RSA *rsa = RSA_new(); CHECK_CALL(evp); CHECK_CALL(rsa); CHECK_CALL(rsa->n = BN_dup(d->n)); // public modulus CHECK_CALL(rsa->e = BN_new()); // public exponent BN_set_word(rsa->e, RsaEncryptionExponent); rsa->d = BN_new(); // private exponent CHECK_CALL(rsa->d); CHECK_CALL(BN_mod_inverse(rsa->d, rsa->e, phi_n, ctx)); CHECK_CALL(rsa->p = BN_dup(d->p)); // secret prime factor CHECK_CALL(rsa->q = BN_dup(d->q)); // secret prime factor rsa->dmp1 = BN_new(); // d mod (p-1) CHECK_CALL(rsa->dmp1); CHECK_CALL(BN_mod(rsa->dmp1, rsa->d, pm, ctx)); rsa->dmq1 = BN_new(); // d mod (q-1) CHECK_CALL(rsa->dmq1); CHECK_CALL(BN_mod(rsa->dmq1, rsa->d, qm, ctx)); rsa->iqmp = BN_new(); // q^-1 mod p CHECK_CALL(rsa->iqmp); CHECK_CALL(BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx)); CHECK_CALL(EVP_PKEY_set1_RSA(evp, rsa)); ASSERT(RSA_check_key(rsa)); BN_clear_free(phi_n); BN_clear_free(pm); BN_clear_free(qm); return evp; }
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen, int ispub) { const unsigned char *p = *in; EVP_PKEY *ret = NULL; RSA *rsa = NULL; unsigned int nbyte, hnbyte; nbyte = (bitlen + 7) >> 3; hnbyte = (bitlen + 15) >> 4; rsa = RSA_new(); ret = EVP_PKEY_new(); if (!rsa || !ret) goto memerr; rsa->e = BN_new(); if (!rsa->e) goto memerr; if (!BN_set_word(rsa->e, read_ledword(&p))) goto memerr; if (!read_lebn(&p, nbyte, &rsa->n)) goto memerr; if (!ispub) { if (!read_lebn(&p, hnbyte, &rsa->p)) goto memerr; if (!read_lebn(&p, hnbyte, &rsa->q)) goto memerr; if (!read_lebn(&p, hnbyte, &rsa->dmp1)) goto memerr; if (!read_lebn(&p, hnbyte, &rsa->dmq1)) goto memerr; if (!read_lebn(&p, hnbyte, &rsa->iqmp)) goto memerr; if (!read_lebn(&p, nbyte, &rsa->d)) goto memerr; } EVP_PKEY_set1_RSA(ret, rsa); RSA_free(rsa); *in = p; return ret; memerr: PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); if (rsa) RSA_free(rsa); if (ret) EVP_PKEY_free(ret); return NULL; }
int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) { EVP_PKEY *pktmp; int ret; if(!a) return 0; pktmp = EVP_PKEY_new(); if(!pktmp) { ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_RSA(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); EVP_PKEY_free(pktmp); return ret; }
int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { EVP_PKEY *k; int ret; k = EVP_PKEY_new(); if (!k) return 0; EVP_PKEY_set1_RSA(k, x); ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); EVP_PKEY_free(k); return ret; }
int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp) { EVP_PKEY *pktmp; int ret; if (!a) return 0; pktmp = EVP_PKEY_new(); if (!pktmp) { OPENSSL_PUT_ERROR(X509, i2d_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_RSA(pktmp, (RSA*) a); ret = i2d_PUBKEY(pktmp, pp); EVP_PKEY_free(pktmp); return ret; }
bool parcSelfSignedCertificate_CreateRSACertificate(const char *subjectname, unsigned keylength, unsigned validityDays, X509 *cert, RSA *rsa, EVP_PKEY *private_key) { int res; bool return_value = false; BIGNUM *pub_exp; pub_exp = BN_new(); BN_set_word(pub_exp, RSA_F4); res = 1; if (RSA_generate_key_ex(rsa, keylength, pub_exp, NULL)) { if (EVP_PKEY_set1_RSA(private_key, rsa)) { if (X509_set_version(cert, 2)) { // 2 => X509v3 return_value = true; } } } if (return_value) { // add serial number if (_addRandomSerial(cert) == true) { if (_addValidityPeriod(cert, validityDays) == true) { if (X509_set_pubkey(cert, private_key) == 1) { if (_addSubjectName(cert, subjectname) == true) { if (_addExtensions(cert) == true) { if (_addKeyIdentifier(cert) == true) { // The certificate is complete, sign it. if (X509_sign(cert, private_key, EVP_sha256())) { return_value = true; } else { printf("error: (%d) %s\n", res, ERR_lib_error_string(res)); } } } } } } } } ERR_print_errors_fp(stdout); BN_free(pub_exp); return return_value; }
static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) { EVP_MD_CTX ctx; EVP_PKEY *pkey; bool ret = false; pkey = EVP_PKEY_new(); if (!pkey) return ret; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail; EVP_VerifyInit(&ctx, EVP_sha256()); if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail; if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true; _fail: EVP_PKEY_free(pkey); return ret; }