这篇教程C++ EVP_PKEY_free函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中EVP_PKEY_free函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_PKEY_free函数的具体用法?C++ EVP_PKEY_free怎么用?C++ EVP_PKEY_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了EVP_PKEY_free函数的30个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: ocsp_main//.........这里部分代码省略......... if (resp_text) OCSP_RESPONSE_print(out, resp, 0); /* If running as responder don't verify our own response */ if (cbio) { if (--accept_count <= 0) { ret = 0; goto end; } BIO_free_all(cbio); cbio = NULL; OCSP_REQUEST_free(req); req = NULL; OCSP_RESPONSE_free(resp); resp = NULL; goto redo_accept; } if (ridx_filename) { ret = 0; goto end; } if (!store) { store = setup_verify(CAfile, CApath); if (!store) goto end; } if (vpmtouched) X509_STORE_set1_param(store, vpm); if (verify_certfile) { verify_other = load_certs(verify_certfile, FORMAT_PEM, NULL, NULL, "validator certificate"); if (!verify_other) goto end; } bs = OCSP_response_get1_basic(resp); if (!bs) { BIO_printf(bio_err, "Error parsing response/n"); goto end; } ret = 0; if (!noverify) { if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) { if (i == -1) BIO_printf(bio_err, "WARNING: no nonce in response/n"); else { BIO_printf(bio_err, "Nonce Verify error/n"); ret = 1; goto end; } } i = OCSP_basic_verify(bs, verify_other, store, verify_flags); if (i <= 0 && issuers) { i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER); if (i > 0) ERR_clear_error(); } if (i <= 0) { BIO_printf(bio_err, "Response Verify Failure/n"); ERR_print_errors(bio_err); ret = 1; } else BIO_printf(bio_err, "Response verify OK/n"); } print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage); end: ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); X509_VERIFY_PARAM_free(vpm); EVP_PKEY_free(key); EVP_PKEY_free(rkey); X509_free(cert); X509_free(rsigner); X509_free(rca_cert); free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); BIO_free(out); OCSP_REQUEST_free(req); OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); sk_OPENSSL_STRING_free(reqnames); sk_OCSP_CERTID_free(ids); sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); OPENSSL_free(thost); OPENSSL_free(tport); OPENSSL_free(tpath); return (ret);}
开发者ID:SpongeEdmund,项目名称:openssl,代码行数:101,
示例2: MAIN//.........这里部分代码省略......... if (cbio) { if (accept_count > 0) accept_count--; /* Redo if more connections needed */ if (accept_count) { BIO_free_all(cbio); cbio = NULL; OCSP_REQUEST_free(req); req = NULL; OCSP_RESPONSE_free(resp); resp = NULL; goto redo_accept; } goto end; } if (!store) store = setup_verify(bio_err, CAfile, CApath); if (!store) goto end; if (verify_certfile) { verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, NULL, e, "validator certificate"); if (!verify_other) goto end; } bs = OCSP_response_get1_basic(resp); if (!bs) { BIO_printf(bio_err, "Error parsing response/n"); goto end; } if (!noverify) { if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) { if (i == -1) BIO_printf(bio_err, "WARNING: no nonce in response/n"); else { BIO_printf(bio_err, "Nonce Verify error/n"); goto end; } } i = OCSP_basic_verify(bs, verify_other, store, verify_flags); if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0); if(i <= 0) { BIO_printf(bio_err, "Response Verify Failure/n"); ERR_print_errors(bio_err); } else BIO_printf(bio_err, "Response verify OK/n"); } if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) goto end; ret = 0;end: ERR_print_errors(bio_err); X509_free(signer); X509_STORE_free(store); EVP_PKEY_free(key); EVP_PKEY_free(rkey); X509_free(issuer); X509_free(cert); X509_free(rsigner); X509_free(rca_cert); free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); BIO_free(out); OCSP_REQUEST_free(req); OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); sk_OPENSSL_STRING_free(reqnames); sk_OCSP_CERTID_free(ids); sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); if (use_ssl != -1) { OPENSSL_free(host); OPENSSL_free(port); OPENSSL_free(path); } OPENSSL_EXIT(ret);}
开发者ID:crherar,项目名称:Admin,代码行数:101,
示例3: inet_ptonvoid DataPlaneServer::start() { server_addr.s6.sin6_family = AF_INET6; // we listen on public IP, which is the one stored in the DB. struct in6_addr servIp; inet_pton(AF_INET6, qSql->getLocalIP().toUtf8().data(), &servIp); server_addr.s6.sin6_addr = servIp; //in6addr_any; server_addr.s6.sin6_port = htons(DATAPLANEPORT); const int on = 1, off = 0; OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); ctx = SSL_CTX_new(DTLSv1_server_method()); SSL_CTX_set_cipher_list(ctx, DTLS_ENCRYPT); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); // get certificate and key from SQL & use them ConnectionInitiator* i = ConnectionInitiator::getInstance(); QSslCertificate cert = i->getLocalCertificate(); QByteArray certBytesPEM = cert.toPem(); char* x509buffer = certBytesPEM.data(); BIO *bi; bi = BIO_new_mem_buf(x509buffer, certBytesPEM.length()); X509 *x; x = PEM_read_bio_X509(bi, NULL, NULL, NULL); if (!SSL_CTX_use_certificate(ctx,x)) { qWarning() << "ERROR: no certificate found!"; UnixSignalHandler::termSignalHandler(0); } if (x != NULL) X509_free(x); if (bi != NULL) BIO_free(bi); QSslKey key = i->getPrivateKey(); QByteArray keyBytesPEM = key.toPem(); char* keyBuffer = keyBytesPEM.data(); bi = BIO_new_mem_buf(keyBuffer, keyBytesPEM.length()); EVP_PKEY *pkey; pkey = PEM_read_bio_PrivateKey(bi, NULL, NULL, NULL); if (!SSL_CTX_use_PrivateKey(ctx, pkey)) { qWarning() << "ERROR: no private key found!"; UnixSignalHandler::termSignalHandler(0); } if (pkey != NULL) EVP_PKEY_free(pkey); if (bi != NULL) BIO_free(bi); if (!SSL_CTX_check_private_key (ctx)) { qWarning() << "ERROR: invalid private key!"; UnixSignalHandler::termSignalHandler(0); } /* Client has to authenticate */ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback); SSL_CTX_set_read_ahead(ctx, 1); SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie); SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie); fd = socket(server_addr.ss.ss_family, SOCK_DGRAM, 0); if (fd < 0) { qWarning() << "Could not open SOCK_DGRAM"; UnixSignalHandler::termSignalHandler(0); }#ifdef WIN32 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const char*) &on, (socklen_t) sizeof(on));#else setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &on, (socklen_t) sizeof(on));#ifdef SO_REUSEPORT setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (const void*) &on, (socklen_t) sizeof(on));#endif#endif setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&off, sizeof(off)); bind(fd, (const struct sockaddr *) &server_addr, sizeof(struct sockaddr_in6)); notif = new QSocketNotifier(fd, QSocketNotifier::Read); connect(notif, SIGNAL(activated(int)), this, SLOT(readyRead(int)));}
开发者ID:LiTianjue,项目名称:friendsvpn,代码行数:85,
示例4: ca_validate_pubkeyintca_validate_pubkey(struct iked *env, struct iked_static_id *id, void *data, size_t len){ BIO *rawcert = NULL; RSA *peerrsa = NULL, *localrsa = NULL; EVP_PKEY *peerkey = NULL, *localkey = NULL; int ret = -1; FILE *fp = NULL; char idstr[IKED_ID_SIZE]; char file[MAXPATHLEN]; struct iked_id idp; if (len == 0 && data == NULL) return (-1); switch (id->id_type) { case IKEV2_ID_IPV4: case IKEV2_ID_FQDN: case IKEV2_ID_UFQDN: case IKEV2_ID_IPV6: break; default: /* Some types like ASN1_DN will not be mapped to file names */ return (-1); } bzero(&idp, sizeof(idp)); if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL) goto done; idp.id_type = id->id_type; idp.id_offset = id->id_offset; if (ikev2_print_id(&idp, idstr, sizeof(idstr)) == -1) goto done; if (len == 0) { /* Data is already an public key */ peerkey = (EVP_PKEY *)data; } else { if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) goto done; if ((peerrsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) goto sslerr; if ((peerkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(peerkey, peerrsa)) goto sslerr; } lc_string(idstr); if (strlcpy(file, IKED_PUBKEY_DIR, sizeof(file)) >= sizeof(file) || strlcat(file, idstr, sizeof(file)) >= sizeof(file)) goto done; if ((fp = fopen(file, "r")) == NULL) goto done; localkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL); if (localkey == NULL) { /* reading PKCS #8 failed, try PEM */ rewind(fp); localrsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); fclose(fp); if (localrsa == NULL) goto sslerr; if ((localkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(localkey, localrsa)) goto sslerr; } else { fclose(fp); } if (localkey == NULL) goto sslerr; if (!EVP_PKEY_cmp(peerkey, localkey)) goto done; log_debug("%s: valid public key in file %s", __func__, file); ret = 0; sslerr: if (ret != 0) ca_sslerror(__func__); done: ibuf_release(idp.id_buf); if (peerkey != NULL) EVP_PKEY_free(peerkey); if (localkey != NULL) EVP_PKEY_free(localkey); if (peerrsa != NULL) RSA_free(peerrsa); if (localrsa != NULL) RSA_free(localrsa); if (rawcert != NULL) BIO_free(rawcert); return (ret);}
开发者ID:SylvestreG,项目名称:bitrig,代码行数:100,
示例5: GetPrivateKey//.........这里部分代码省略......... { TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text/n")); X509_NAME_free(subj); goto ERR_REQ; } if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (uchar *)SubjName, -1))) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry/n")); X509_NAME_free(subj); goto ERR_REQ; } if(X509_NAME_add_entry(subj, ent, -1, 0) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject/n")); X509_NAME_ENTRY_free(ent); X509_NAME_free(subj); goto ERR_REQ; } //Finally add the subject to the request if(X509_REQ_set_subject_name (req, subj) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error setting subject in request/n")); X509_NAME_free(subj); goto ERR_REQ; } //Sign the request if(!(X509_REQ_sign(req, pkey, EVP_sha1()))) { TUTRACE((TUTRACE_ERR, "PROTO: Error signing request/n")); goto ERR_REQ; } //Now we need to serialize the request. So write it to a file and read it out if(!(fp = fopen("protofile", "w"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing/n")); err = TU_ERROR_FILEOPEN; goto ERR_REQ; } if(PEM_write_X509_REQ(fp, req) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error writing request to file/n")); err = TU_ERROR_FILEWRITE; fclose(fp); goto ERR_REQ; } fclose(fp); //now open it for reading in binary format if(!(fp = fopen("protofile", "rb"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading/n")); err = TU_ERROR_FILEOPEN; goto ERR_FILE; } //get the filesize fseek(fp, 0, SEEK_END); fsize = ftell(fp); if(fsize == -1) { TUTRACE((TUTRACE_ERR, "Couldn't determine file size/n")); err = TU_ERROR_FILEREAD; goto ERR_FILE; } //Allocate memory *Cert = (uchar *)malloc(fsize); if(!*Cert) { TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for cert buffer/n")); err = TU_ERROR_OUT_OF_MEMORY; goto ERR_FILE; } *CertLength = fsize; rewind(fp); fread(*Cert, 1, fsize, fp); err = TU_SUCCESS;ERR_FILE: if(fp) fclose(fp); remove("protofile");ERR_REQ: X509_REQ_free(req);ERR_PKEY: EVP_PKEY_free(pkey);EXIT: return err;}//GenerateCertRequest
开发者ID:okertanov,项目名称:Developer-Tools-for-UPnP-Technologies,代码行数:101,
示例6: print_stuff//.........这里部分代码省略......... sk_X509_value(sk,i)),buf,sizeof buf); BIO_printf(bio," i:%s/n",buf); if (c_showcerts) PEM_write_bio_X509(bio,sk_X509_value(sk,i)); } } BIO_printf(bio,"---/n"); peer=SSL_get_peer_certificate(s); if (peer != NULL) { BIO_printf(bio,"Server certificate/n"); if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), buf,sizeof buf); BIO_printf(bio,"subject=%s/n",buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf,sizeof buf); BIO_printf(bio,"issuer=%s/n",buf); } else BIO_printf(bio,"no peer certificate available/n"); sk2=SSL_get_client_CA_list(s); if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { BIO_printf(bio,"---/nAcceptable client certificate CA names/n"); for (i=0; i<sk_X509_NAME_num(sk2); i++) { xn=sk_X509_NAME_value(sk2,i); X509_NAME_oneline(xn,buf,sizeof(buf)); BIO_write(bio,buf,strlen(buf)); BIO_write(bio,"/n",1); } } else { BIO_printf(bio,"---/nNo client certificate CA names sent/n"); } p=SSL_get_shared_ciphers(s,buf,sizeof buf); if (p != NULL) { /* This works only for SSL 2. In later protocol * versions, the client does not know what other * ciphers (in addition to the one to be used * in the current connection) the server supports. */ BIO_printf(bio,"---/nCiphers common between both SSL endpoints:/n"); j=i=0; while (*p) { if (*p == ':') { BIO_write(bio,space,15-j%25); i++; j=0; BIO_write(bio,((i%3)?" ":"/n"),1); } else { BIO_write(bio,p,1); j++; } p++; } BIO_write(bio,"/n",1); } BIO_printf(bio,"---/nSSL handshake has read %ld bytes and written %ld bytes/n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); } BIO_printf(bio,((s->hit)?"---/nReused, ":"---/nNew, ")); c=SSL_get_current_cipher(s); BIO_printf(bio,"%s, Cipher is %s/n", SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); if (peer != NULL) { EVP_PKEY *pktmp; pktmp = X509_get_pubkey(peer); BIO_printf(bio,"Server public key is %d bit/n", EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); }#ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s/n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s/n", expansion ? SSL_COMP_get_name(expansion) : "NONE");#endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---/n"); if (peer != NULL) X509_free(peer); /* flush, or debugging output gets mixed with http response */ BIO_flush(bio);}
开发者ID:wingedboar,项目名称:rtl819x-toolchain,代码行数:101,
示例7: mainint main (){ int err; int sig_len; unsigned char sig_buf [4096]; static char certfile[] = "cert.pem"; static char keyfile[] = "key.pem"; static char data[] = "I owe you..."; EVP_MD_CTX md_ctx; EVP_PKEY * pkey; FILE * fp; X509 * x509; /* Just load the crypto library error strings, * SSL_load_error_strings() loads the crypto AND the SSL ones */ /* SSL_load_error_strings();*/ ERR_load_crypto_strings(); /* Read private key */ fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); fclose (fp); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } /* Do the signature */ EVP_SignInit (&md_ctx, EVP_sha1()); EVP_SignUpdate (&md_ctx, data, strlen(data)); sig_len = sizeof(sig_buf); err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey); if (err != 1) { ERR_print_errors_fp(stderr); exit (1); } EVP_PKEY_free (pkey); /* Read public key */ fp = fopen (certfile, "r"); if (fp == NULL) exit (1); x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose (fp); if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } /* Get public key - eay */ pkey=X509_get_pubkey(x509); if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } /* Verify the signature */ EVP_VerifyInit (&md_ctx, EVP_sha1()); EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); EVP_PKEY_free (pkey); if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } printf ("Signature Verified Ok./n"); return(0);}
开发者ID:LucidOne,项目名称:Rovio,代码行数:77,
示例8: tls1_P_hash/* seed1 through seed5 are virtually concatenated */static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed1, int seed1_len, const void *seed2, int seed2_len, const void *seed3, int seed3_len, const void *seed4, int seed4_len, const void *seed5, int seed5_len, unsigned char *out, int olen) { int chunk; size_t j; EVP_MD_CTX ctx, ctx_tmp; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len; int ret = 0; chunk=EVP_MD_size(md); OPENSSL_assert(chunk >= 0); EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx_tmp); EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err; if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) goto err; if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key)) goto err; if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) goto err; if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len)) goto err; if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len)) goto err; if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len)) goto err; if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len)) goto err; if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) goto err; for (;;) { /* Reinit mac contexts */ if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) goto err; if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key)) goto err; if (!EVP_DigestSignUpdate(&ctx,A1,A1_len)) goto err; if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len)) goto err; if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) goto err; if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len)) goto err; if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len)) goto err; if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len)) goto err; if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len)) goto err; if (olen > chunk) { if (!EVP_DigestSignFinal(&ctx,out,&j)) goto err; out+=j; olen-=j; /* calc the next A1 value */ if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len)) goto err; } else /* last one */ { if (!EVP_DigestSignFinal(&ctx,A1,&A1_len)) goto err; memcpy(out,A1,olen); break; } } ret = 1;err: EVP_PKEY_free(mac_key); EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx_tmp); OPENSSL_cleanse(A1,sizeof(A1)); return ret; }
开发者ID:1048046563,项目名称:node,代码行数:93,
示例9: tls1_change_cipher_state//.........这里部分代码省略......... (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms= &(p[ 0]); n=i+i; key= &(p[ n]); n+=j+j; iv= &(p[ n]); n+=k+k; exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; client_write=1; } else { n=i; ms= &(p[ n]); n+=i+j; key= &(p[ n]); n+=j+k; iv= &(p[ n]); n+=k; exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; client_write=0; } if (n > s->s3->tmp.key_block_length) { SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); goto err2; } memcpy(mac_secret,ms,i); if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER)) { mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,*mac_secret_size); EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key); EVP_PKEY_free(mac_key); }#ifdef TLS_DEBUGprintf("which = %04X/nmac key=",which);{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'/n'); }#endif if (is_export) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ if (!tls1_PRF(ssl_get_algorithm2(s), exp_label,exp_label_len, s->s3->client_random,SSL3_RANDOM_SIZE, s->s3->server_random,SSL3_RANDOM_SIZE, NULL,0,NULL,0, key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) goto err2; key=tmp1; if (k > 0) { if (!tls1_PRF(ssl_get_algorithm2(s), TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE, s->s3->client_random,SSL3_RANDOM_SIZE, s->s3->server_random,SSL3_RANDOM_SIZE, NULL,0,NULL,0, empty,0,iv1,iv2,k*2)) goto err2; if (client_write) iv=iv1; else iv= &(iv1[k]);
开发者ID:1048046563,项目名称:node,代码行数:67,
示例10: verify_canonrrset/** * Check a canonical sig+rrset and signature against a dnskey * @param buf: buffer with data to verify, the first rrsig part and the * canonicalized rrset. * @param algo: DNSKEY algorithm. * @param sigblock: signature rdata field from RRSIG * @param sigblock_len: length of sigblock data. * @param key: public key data from DNSKEY RR. * @param keylen: length of keydata. * @param reason: bogus reason in more detail. * @return secure if verification succeeded, bogus on crypto failure, * unchecked on format errors and alloc failures. */enum sec_statusverify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen, char** reason){ const EVP_MD *digest_type; EVP_MD_CTX ctx; int res, dofree = 0; EVP_PKEY *evp_key = NULL; if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { verbose(VERB_QUERY, "verify: failed to setup key"); *reason = "use of key for crypto failed"; EVP_PKEY_free(evp_key); return sec_status_bogus; } /* if it is a DSA signature in bind format, convert to DER format */ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && sigblock_len == 1+2*SHA_DIGEST_LENGTH) { if(!setup_dsa_sig(&sigblock, &sigblock_len)) { verbose(VERB_QUERY, "verify: failed to setup DSA sig"); *reason = "use of key for DSA crypto failed"; EVP_PKEY_free(evp_key); return sec_status_bogus; } dofree = 1; }#ifdef USE_ECDSA else if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) { /* EVP uses ASN prefix on sig, which is not in the wire data */ if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) { verbose(VERB_QUERY, "verify: failed to setup ECDSA sig"); *reason = "use of signature for ECDSA crypto failed"; EVP_PKEY_free(evp_key); return sec_status_bogus; } dofree = 1; }#endif /* USE_ECDSA */ /* do the signature cryptography work */ EVP_MD_CTX_init(&ctx); if(EVP_VerifyInit(&ctx, digest_type) == 0) { verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return sec_status_unchecked; } if(EVP_VerifyUpdate(&ctx, (unsigned char*)sldns_buffer_begin(buf), (unsigned int)sldns_buffer_limit(buf)) == 0) { verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return sec_status_unchecked; } res = EVP_VerifyFinal(&ctx, sigblock, sigblock_len, evp_key); if(EVP_MD_CTX_cleanup(&ctx) == 0) { verbose(VERB_QUERY, "verify: EVP_MD_CTX_cleanup failed"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); return sec_status_unchecked; } EVP_PKEY_free(evp_key); if(dofree) free(sigblock); if(res == 1) { return sec_status_secure; } else if(res == 0) { verbose(VERB_QUERY, "verify: signature mismatch"); *reason = "signature crypto failed"; return sec_status_bogus; } log_crypto_error("verify:", ERR_get_error()); return sec_status_unchecked;}
开发者ID:Alkzndr,项目名称:freebsd,代码行数:92,
示例11: BIO_printfstatic EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int engine_impl){ EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; ENGINE *impl = NULL; char *passin = NULL; int rv = -1; X509 *x; if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) || (pkey_op == EVP_PKEY_OP_DERIVE)) && (key_type != KEY_PRIVKEY && kdfalg == NULL)) { BIO_printf(bio_err, "A private key is needed for this operation/n"); goto end; } if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password/n"); goto end; } switch (key_type) { case KEY_PRIVKEY: pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key"); break; case KEY_PUBKEY: pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key"); break; case KEY_CERT: x = load_cert(keyfile, keyform, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); } break; case KEY_NONE: break; }#ifndef OPENSSL_NO_ENGINE if (engine_impl) impl = e;#endif if (kdfalg) { int kdfnid = OBJ_sn2nid(kdfalg); if (kdfnid == NID_undef) goto end; ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); } else { if (pkey == NULL) goto end; *pkeysize = EVP_PKEY_size(pkey); ctx = EVP_PKEY_CTX_new(pkey, impl); EVP_PKEY_free(pkey); } if (ctx == NULL) goto end; switch (pkey_op) { case EVP_PKEY_OP_SIGN: rv = EVP_PKEY_sign_init(ctx); break; case EVP_PKEY_OP_VERIFY: rv = EVP_PKEY_verify_init(ctx); break; case EVP_PKEY_OP_VERIFYRECOVER: rv = EVP_PKEY_verify_recover_init(ctx); break; case EVP_PKEY_OP_ENCRYPT: rv = EVP_PKEY_encrypt_init(ctx); break; case EVP_PKEY_OP_DECRYPT: rv = EVP_PKEY_decrypt_init(ctx); break; case EVP_PKEY_OP_DERIVE: rv = EVP_PKEY_derive_init(ctx); break; } if (rv <= 0) { EVP_PKEY_CTX_free(ctx); ctx = NULL; } end: OPENSSL_free(passin); return ctx;}
开发者ID:hydnoracoin,项目名称:Open-Source-Cryptocurrency-Exchange,代码行数:100,
示例12: OSSL_STOREerr/* * Key parameter decoder. */static OSSL_STORE_INFO *try_decode_params(const char *pem_name, const char *pem_header, const unsigned char *blob, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, void *ui_data){ OSSL_STORE_INFO *store_info = NULL; int slen = 0; EVP_PKEY *pkey = NULL; const EVP_PKEY_ASN1_METHOD *ameth = NULL; int ok = 0; if (pem_name != NULL) { if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) return NULL; *matchcount = 1; } if (slen > 0) { if ((pkey = EVP_PKEY_new()) == NULL) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); return NULL; } if (EVP_PKEY_set_type_str(pkey, pem_name, slen) && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL && ameth->param_decode != NULL && ameth->param_decode(pkey, &blob, len)) ok = 1; } else { int i; EVP_PKEY *tmp_pkey = NULL; for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { const unsigned char *tmp_blob = blob; if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); break; } ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL && ameth->param_decode != NULL && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); else pkey = tmp_pkey; tmp_pkey = NULL; (*matchcount)++; } } EVP_PKEY_free(tmp_pkey); if (*matchcount == 1) { ok = 1; } } if (ok) store_info = OSSL_STORE_INFO_new_PARAMS(pkey); if (store_info == NULL) EVP_PKEY_free(pkey); return store_info;}
开发者ID:EiffelSoftware,项目名称:EiffelStudio,代码行数:77,
示例13: d2i_PKCS8_PRIV_KEY_INFOstatic OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, const char *pem_header, const unsigned char *blob, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, void *ui_data){ OSSL_STORE_INFO *store_info = NULL; EVP_PKEY *pkey = NULL; const EVP_PKEY_ASN1_METHOD *ameth = NULL; if (pem_name != NULL) { if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); *matchcount = 1; if (p8inf != NULL) pkey = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); } else { int slen; if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, slen)) != NULL) { *matchcount = 1; pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); } } } else { int i; for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; const unsigned char *tmp_blob = blob; ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); if (tmp_pkey != NULL) { if (pkey != NULL) EVP_PKEY_free(tmp_pkey); else pkey = tmp_pkey; (*matchcount)++; } } if (*matchcount > 1) { EVP_PKEY_free(pkey); pkey = NULL; } } if (pkey == NULL) /* No match */ return NULL; store_info = OSSL_STORE_INFO_new_PKEY(pkey); if (store_info == NULL) EVP_PKEY_free(pkey); return store_info;}
开发者ID:EiffelSoftware,项目名称:EiffelStudio,代码行数:67,
示例14: STACK_OF/* * PKCS#12 decoder. It operates by decoding all of the blob content, * extracting all the interesting data from it and storing them internally, * then serving them one piece at a time. */static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, const char *pem_header, const unsigned char *blob, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, void *ui_data){ OSSL_STORE_INFO *store_info = NULL; STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; if (ctx == NULL) { /* Initial parsing */ PKCS12 *p12; int ok = 0; if (pem_name != NULL) /* No match, there is no PEM PKCS12 tag */ return NULL; if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { char *pass = NULL; char tpass[PEM_BUFSIZE]; EVP_PKEY *pkey = NULL; X509 *cert = NULL; STACK_OF(X509) *chain = NULL; *matchcount = 1; if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) { pass = ""; } else { if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, "PKCS12 import password", ui_data)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); goto p12_end; } if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); goto p12_end; } } if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { OSSL_STORE_INFO *osi_pkey = NULL; OSSL_STORE_INFO *osi_cert = NULL; OSSL_STORE_INFO *osi_ca = NULL; if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { ok = 1; osi_pkey = NULL; osi_cert = NULL; while(sk_X509_num(chain) > 0) { X509 *ca = sk_X509_value(chain, 0); if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { ok = 0; break; } osi_ca = NULL; (void)sk_X509_shift(chain); } } if (!ok) { OSSL_STORE_INFO_free(osi_ca); OSSL_STORE_INFO_free(osi_cert); OSSL_STORE_INFO_free(osi_pkey); sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(chain, X509_free); ctx = NULL; } *pctx = ctx; } } p12_end: PKCS12_free(p12); if (!ok) return NULL; } if (ctx != NULL) { *matchcount = 1; store_info = sk_OSSL_STORE_INFO_shift(ctx);//.........这里部分代码省略.........
开发者ID:EiffelSoftware,项目名称:EiffelStudio,代码行数:101,
示例15: verify_name/* * This function verifies the validity of the certificate and the matching of the * other part's name with the certificate. * It also checks the sign validity of a message. * It returns -1 on generic error, -3 on mismatching on certificate, 1 on success. * It closes the passed file pointer fp (which should have already been opened). * The last argument is used to distinguish if we are initializing or accepting * a connection and so which is the correct name to verify. * After verifying, It leaves the public parameter of DH and the nonce of the * other part respectively in **pub_buf (which is allocated) and *nonce. */int verify_name(FILE* fp,unsigned char *hello_buf,unsigned int hello_len,unsigned char *sign_buf,unsigned int sign_len,unsigned char** pub_buf,unsigned int *pubbuf_len,X509_STORE* str,int* nonce,int init){ int sheet_len,ret; uint32_t tmp; char read_mail[DIM_MAIL],temp_mail[DIM_MAIL],*cert_mail = NULL; X509_STORE_CTX* cert_ctx = NULL; EVP_PKEY* evp = EVP_PKEY_new(); EVP_MD_CTX* ctx = NULL; *pub_buf = NULL; if (!fp) { ret = -1; goto fail; } //We must come back to the start of fp rewind(fp); X509* cert = PEM_read_X509(fp,NULL,NULL,NULL); *pub_buf = NULL; //the following function is needed to correctly verify the certificate OpenSSL_add_all_algorithms(); if((cert_ctx=X509_STORE_CTX_new())==NULL){ ret = -1; goto fail; } if(X509_STORE_CTX_init(cert_ctx,str,cert,NULL)<=0){ ret = -1; goto fail; } if(X509_verify_cert(cert_ctx)==0){ //fprintf(stderr, "Error verifying certificate: %s/n", X509_verify_cert_error_string(X509_STORE_CTX_get_error(cert_ctx))); ret = -3; goto fail; } X509_STORE_CTX_cleanup(cert_ctx); X509_STORE_CTX_free(cert_ctx); cert_ctx = NULL; ctx = (EVP_MD_CTX*)calloc(1,sizeof(EVP_MD_CTX)); EVP_MD_CTX_init(ctx); evp = X509_get_pubkey(cert); if(EVP_VerifyInit(ctx,EVP_sha512())==0){ ret = -1; goto fail; } if(EVP_VerifyUpdate(ctx,hello_buf,hello_len)==0){ ret = -1; goto fail; } ret=EVP_VerifyFinal(ctx,sign_buf,sign_len,evp); if(ret == 0){ ret = -3; goto fail; } if (ret == -1) { goto fail; } rewind(fp); cert_mail = read_common_name(fp);//set it free later if(init == 1){ sscanf((char *)hello_buf,"%s%s",temp_mail,read_mail); } else{ sscanf((char *)hello_buf,"%s%s",read_mail,temp_mail); } sheet_len = strlen(temp_mail)+strlen(read_mail)+2; *pubbuf_len = hello_len - sheet_len; tmp = *((uint32_t *)(hello_buf+sheet_len)); *nonce = ntohl(tmp); sheet_len+=sizeof(tmp); *pub_buf = (unsigned char*)calloc(1,*pubbuf_len); memcpy(*pub_buf,hello_buf+sheet_len,*pubbuf_len); if(strlen(cert_mail)!=strlen(read_mail)){ ret = -3; goto fail; } if(strncmp(cert_mail,read_mail,strlen(cert_mail))!=0){ ret = -3; goto fail; } free(ctx); fclose(fp); EVP_PKEY_free(evp); free(cert_mail); return 1; fail: fclose(fp); if(cert_mail!=NULL){ free(cert_mail); } if(cert_ctx!=NULL){ X509_STORE_CTX_cleanup(cert_ctx); X509_STORE_CTX_free(cert_ctx); }//.........这里部分代码省略.........
开发者ID:bbeco,项目名称:secretchat,代码行数:101,
示例16: LoadPKCS12static BoolLoadPKCS12(SSL_CTX *ctx, const char *file){ char passbuf[256]; char *pass = NULL; PKCS12 *p12; EVP_PKEY *key = NULL; X509 *cert = NULL; BIO *input; int err_reason; int count = 0; const char *prompt = ASKPASS_PROMPT; /* read PKCS #12 from specified file */ if ((input = BIO_new_file(file, "r")) == NULL){ if (d2i_PKCS12_bio(input, &p12) == NULL) return FALSE; } p12 = d2i_PKCS12_bio(input, NULL); BIO_free(input); if (p12 == NULL) return FALSE; /* get key and cert from PKCS #12 */ for (;;){ if (PKCS12_parse(p12, pass, &key, &cert, NULL)) break; err_reason = ERR_GET_REASON(ERR_peek_error()); if (cert){ X509_free(cert); cert = NULL; } if (key){ EVP_PKEY_free(key); key = NULL; } if (err_reason != PKCS12_R_MAC_VERIFY_FAILURE){ Message("PKCS12_parse failure: %s", GetSSLErrorString()); break; } ERR_clear_error(); if (count >= 1) prompt = ASKPASS_PROMPT_RETRY; if ((pass = GetPasswordString(passbuf, sizeof(passbuf), prompt)) == NULL){ Message("PASSWORD input was canceled/n"); break; } count++; } //OPENSSL_cleanse(passbuf, sizeof(passbuf)); memset(passbuf, 0, sizeof(passbuf)); PKCS12_free(p12); /* set key and cert to SSL_CTX */ if (cert && key){ if (!SSL_CTX_use_certificate_with_check(ctx, cert)){ SSL_Error(_d("SSL_CTX_use_certificate failure:/n %s"), GetSSLErrorString()); return FALSE; } if (!SSL_CTX_use_PrivateKey(ctx, key)){ SSL_Error(_d("SSL_CTX_use_PrivateKey failure:/n %s"), GetSSLErrorString()); return FALSE; } if (!SSL_CTX_check_private_key(ctx)){ SSL_Error(_d("SSL_CTX_check_private_key failure:/n %s/n"), GetSSLErrorString()); return FALSE; } } else{ return FALSE; } return TRUE;}
开发者ID:authorNari,项目名称:panda,代码行数:66,
示例17: ServerTLSInitialize/** * @warning Make sure you've called CryptoInitialize() first! */bool ServerTLSInitialize(){ int ret; /* OpenSSL is needed for our new protocol over TLS. */ SSL_library_init(); SSL_load_error_strings(); assert(SSLSERVERCONTEXT == NULL); SSLSERVERCONTEXT = SSL_CTX_new(SSLv23_server_method()); if (SSLSERVERCONTEXT == NULL) { Log(LOG_LEVEL_ERR, "SSL_CTX_new: %s", ERR_reason_error_string(ERR_get_error())); goto err1; } /* Use only TLS v1 or later. TODO option for SSL_OP_NO_TLSv{1,1_1} */ SSL_CTX_set_options(SSLSERVERCONTEXT, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); /* * CFEngine is not a web server so we don't need many ciphers. We only * allow a safe but very common subset by default, extensible via * "allowciphers" in body server control. By default allow: * AES256-GCM-SHA384: most high-grade RSA-based cipher from TLSv1.2 * AES256-SHA: most backwards compatible but high-grade, from SSLv3 */ const char *cipher_list = SV.allowciphers; if (cipher_list == NULL) cipher_list ="AES256-GCM-SHA384:AES256-SHA"; ret = SSL_CTX_set_cipher_list(SSLSERVERCONTEXT, cipher_list); if (ret != 1) { Log(LOG_LEVEL_ERR, "No valid ciphers in cipher list: %s", cipher_list); } /* Never bother with retransmissions, SSL_write() should * always either write the whole amount or fail. */ SSL_CTX_set_mode(SSLSERVERCONTEXT, SSL_MODE_AUTO_RETRY); /* * Create cert into memory and load it into SSL context. */ if (PRIVKEY == NULL || PUBKEY == NULL) { Log(LOG_LEVEL_ERR, "No public/private key pair is loaded, create one with cf-key"); goto err2; } assert(SSLSERVERCERT == NULL); /* Generate self-signed cert valid from now to 50 years later. */ { X509 *x509 = X509_new(); X509_gmtime_adj(X509_get_notBefore(x509), 0); X509_time_adj(X509_get_notAfter(x509), 60*60*24*365*50, NULL); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, PRIVKEY); X509_NAME *name = X509_get_subject_name(x509); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const char *) "", -1, -1, 0); X509_set_issuer_name(x509, name); X509_set_pubkey(x509, pkey); const EVP_MD *md = EVP_get_digestbyname("sha384"); if (md == NULL) { Log(LOG_LEVEL_ERR, "Uknown digest algorithm %s", "sha384"); return false; } ret = X509_sign(x509, pkey, md); EVP_PKEY_free(pkey); SSLSERVERCERT = x509; if (ret <= 0) { Log(LOG_LEVEL_ERR, "Couldn't sign the public key for the TLS handshake: %s", ERR_reason_error_string(ERR_get_error())); goto err3; } } SSL_CTX_use_certificate(SSLSERVERCONTEXT, SSLSERVERCERT); ret = SSL_CTX_use_RSAPrivateKey(SSLSERVERCONTEXT, PRIVKEY); if (ret != 1) { Log(LOG_LEVEL_ERR, "Failed to use RSA private key: %s", ERR_reason_error_string(ERR_get_error()));//.........这里部分代码省略.........
开发者ID:cduclos,项目名称:core,代码行数:101,
示例18: mainint main(int argc, char **argv){ BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *scert = NULL; EVP_PKEY *skey = NULL; CMS_ContentInfo *cms = NULL; int ret = 1; /* * For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for * streaming detached set CMS_DETACHED|CMS_STREAM for streaming * non-detached set CMS_STREAM */ int flags = CMS_DETACHED | CMS_STREAM; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Read in signer certificate and private key */ tbio = BIO_new_file("signer.pem", "r"); if (!tbio) goto err; scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); BIO_reset(tbio); skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); if (!scert || !skey) goto err; /* Open content being signed */ in = BIO_new_file("sign.txt", "r"); if (!in) goto err; /* Sign content */ cms = CMS_sign(scert, skey, NULL, in, flags); if (!cms) goto err; out = BIO_new_file("smout.txt", "w"); if (!out) goto err; if (!(flags & CMS_STREAM)) BIO_reset(in); /* Write out S/MIME message */ if (!SMIME_write_CMS(out, cms, in, flags)) goto err; ret = 0; err: if (ret) { fprintf(stderr, "Error Signing Data/n"); ERR_print_errors_fp(stderr); } if (cms) CMS_ContentInfo_free(cms); if (scert) X509_free(scert); if (skey) EVP_PKEY_free(skey); if (in) BIO_free(in); if (out) BIO_free(out); if (tbio) BIO_free(tbio); return ret;}
开发者ID:1Project,项目名称:SafeBoardMessenger,代码行数:83,
示例19: MAIN//.........这里部分代码省略......... } }#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) else if (_kbhit())#else else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))#endif#elif defined (OPENSSL_SYS_NETWARE) else if (_kbhit())#else else if (FD_ISSET(fileno(stdin),&readfds))#endif { if (crlf) { int j, lf_num; i=read(fileno(stdin),cbuf,BUFSIZZ/2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) if (cbuf[j] == '/n') lf_num++; for (j = i-1; j >= 0; j--) { cbuf[j+lf_num] = cbuf[j]; if (cbuf[j] == '/n') { lf_num--; i++; cbuf[j+lf_num] = '/r'; } } assert(lf_num == 0); } else i=read(fileno(stdin),cbuf,BUFSIZZ); if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err,"DONE/n"); goto shut; } if ((!c_ign_eof) && (cbuf[0] == 'R')) { BIO_printf(bio_err,"RENEGOTIATING/n"); SSL_renegotiate(con); cbuf_len=0; } else { cbuf_len=i; cbuf_off=0;#ifdef CHARSET_EBCDIC ebcdic2ascii(cbuf, cbuf, i);#endif } write_ssl=1; read_tty=0; } }shut: SSL_shutdown(con); SHUTDOWN(SSL_get_fd(con)); ret=0;end: if(prexit) print_stuff(bio_c_out,con,1); if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); if (cert) X509_free(cert); if (key) EVP_PKEY_free(key); if (pass) OPENSSL_free(pass); if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out=NULL; } apps_shutdown(); OPENSSL_EXIT(ret);}
开发者ID:wingedboar,项目名称:rtl819x-toolchain,代码行数:101,
示例20: MAIN//.........这里部分代码省略......... BIO_printf(bio_err, "NB: options order may be important! See the manual page./n"); goto end; } if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_puts(bio_err, "Error getting password/n"); goto end; } if (outfile) { if (!(out = BIO_new_file (outfile, "wb"))) { BIO_printf(bio_err, "Can't open output file %s/n", outfile); goto end; } } else { out = BIO_new_fp (stdout, BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); }#endif } EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(ctx, bio_err); if (do_param) { if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { BIO_puts(bio_err, "Error generating parameters/n"); ERR_print_errors(bio_err); goto end; } } else { if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { BIO_puts(bio_err, "Error generating key/n"); ERR_print_errors(bio_err); goto end; } } if (do_param) rv = PEM_write_bio_Parameters(out, pkey); else if (outformat == FORMAT_PEM) rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass); else if (outformat == FORMAT_ASN1) rv = i2d_PrivateKey_bio(out, pkey); else { BIO_printf(bio_err, "Bad format specified for key/n"); goto end; } if (rv <= 0) { BIO_puts(bio_err, "Error writing key/n"); ERR_print_errors(bio_err); } if (text) { if (do_param) rv = EVP_PKEY_print_params(out, pkey, 0, NULL); else rv = EVP_PKEY_print_private(out, pkey, 0, NULL); if (rv <= 0) { BIO_puts(bio_err, "Error printing key/n"); ERR_print_errors(bio_err); } } ret = 0; end: if (pkey) EVP_PKEY_free(pkey); if (ctx) EVP_PKEY_CTX_free(ctx); if (out) BIO_free_all(out); BIO_free(in); if (pass) OPENSSL_free(pass); return ret; }
开发者ID:RyunosukeOno,项目名称:rayjack,代码行数:101,
示例21: LUA_FUNCTION/***sign x509_req object@function sign@tparam evp_pkey pkey private key which to sign x509_req object@tparam number|string|evp_md md message digest alg used to sign@treturn boolean result true for suceess*/static LUA_FUNCTION(openssl_csr_sign){ X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); if (auxiliar_getclassudata(L, "openssl.evp_pkey", 2)) { EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); const EVP_MD* md = get_digest(L, 3, "sha256"); int ret = 1; if (pubkey == NULL) { BIO* bio = BIO_new(BIO_s_mem()); if ((ret = i2d_PUBKEY_bio(bio, pkey)) == 1) { pubkey = d2i_PUBKEY_bio(bio, NULL); if (pubkey) { ret = X509_REQ_set_pubkey(csr, pubkey); EVP_PKEY_free(pubkey); } else { ret = 0; } } BIO_free(bio); } else { EVP_PKEY_free(pubkey); } if (ret == 1) ret = X509_REQ_sign(csr, pkey, md); return openssl_pushresult(L, ret); } else if (lua_isstring(L, 2)) { size_t siglen; unsigned char* sigdata = (unsigned char*)luaL_checklstring(L, 2, &siglen); const EVP_MD* md = get_digest(L, 3, NULL); ASN1_BIT_STRING *sig = NULL; X509_ALGOR *alg = NULL; luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!"); X509_REQ_get0_signature(csr, (const ASN1_BIT_STRING **)&sig, (const X509_ALGOR **)&alg); /* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */ X509_ALGOR_set0((X509_ALGOR *)alg, OBJ_nid2obj(EVP_MD_pkey_type(md)), V_ASN1_NULL, NULL); ASN1_BIT_STRING_set((ASN1_BIT_STRING *)sig, sigdata, siglen); /* * In the interests of compatibility, I'll make sure that the bit string * has a 'not-used bits' value of 0 */ sig->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); sig->flags |= ASN1_STRING_FLAG_BITS_LEFT; lua_pushboolean(L, 1); return 1; } else { int inl; unsigned char* tosign = NULL; luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!"); inl = i2d_re_X509_REQ_tbs(csr, &tosign); if (inl > 0 && tosign) { lua_pushlstring(L, (const char*)tosign, inl); OPENSSL_free(tosign); return 1; } return openssl_pushresult(L, 0); }}
开发者ID:fiendish,项目名称:lua-openssl,代码行数:83,
示例22: PKCS7_signatureVerify//.........这里部分代码省略......... !PKCS7_type_is_signedAndEnveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); goto err; } md_type=OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; for (;;) { if ((btmp == NULL) || ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } BIO_get_md_ctx(btmp,&mdc); if (mdc == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_INTERNAL_ERROR); goto err; } if (EVP_MD_CTX_type(mdc) == md_type) break; btmp=BIO_next(btmp); } /* mdc is the digest ctx that we want, unless there are attributes, * in which case the digest is the signed attributes */ memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); sk=si->auth_attr; if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { unsigned char md_dat[EVP_MAX_MD_SIZE]; unsigned int md_len; ASN1_OCTET_STRING *message_digest; EVP_DigestFinal(&mdc_tmp,md_dat,&md_len); message_digest=PKCS7_digest_from_attributes(sk); if (!message_digest) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data,md_dat,md_len))) {#if 0{int ii;for (ii=0; ii<message_digest->length; ii++) printf("%02X",message_digest->data[ii]); printf(" sent/n");for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc/n");}#endif PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); ret= -1; goto err; } EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type)); /* Note: when forming the encoding of the attributes we * shouldn't reorder them or this will break the signature. * This is done by using the IS_SEQUENCE flag. */ i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE, V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE); pp=OPENSSL_malloc(i); p=pp; i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE, V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE); EVP_VerifyUpdate(&mdc_tmp,pp,i); OPENSSL_free(pp); } os=si->enc_digest; pkey = X509_get_pubkey(x509); if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); EVP_PKEY_free(pkey); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); ret= -1; goto err; } else ret=1;err: return(ret); }
开发者ID:ahenroid,项目名称:ptptl-0.2,代码行数:101,
示例23: setProtocolvoid ContextImpl::assign(const ContextImpl& ctx){ // TODO: consider to create a new SSL_CTX if required setProtocol(ctx._protocol); setVerifyMode(ctx._verify); setVerifyDepth(ctx._verifyDepth); // copy certificates presented to peer if(_pkey) EVP_PKEY_free(_pkey); _pkey = 0; if(_x509) X509_free(_x509); _x509 = 0; if( ctx._x509 ) { _pkey = copyPrivateKey( ctx._pkey ); _x509 = copyX509( ctx._x509 ); if( ! SSL_CTX_use_certificate(_ctx, _x509) ) { throw InvalidCertificate("invalid certificate"); } if( ! SSL_CTX_use_PrivateKey( _ctx, _pkey ) ) { throw InvalidCertificate("invalid certificate"); } } _extraCerts.clear(); _extraCerts.reserve( ctx._extraCerts.size() ); for(std::vector<X509*>::const_iterator it = ctx._extraCerts.begin(); it != ctx._extraCerts.end(); ++it) { // NOTE: SSL_CTX_add_extra_chain_cert does not copy the X509 certificate, // or increase the refcount. We must copy it, because the SSL_CTX will // free it X509* extraX509 = copyX509(*it); X509AutoPtr x509Ptr(extraX509); if( ! SSL_CTX_add_extra_chain_cert( _ctx, extraX509 ) ) throw InvalidCertificate("invalid extra certificate"); _extraCerts.push_back(extraX509); x509Ptr.release(); } // copy trusted CA certificates for(std::vector<X509*>::iterator it = _caCerts.begin(); it != _caCerts.end(); ++it) { X509_free(*it); } _caCerts.clear(); _caCerts.reserve( ctx._caCerts.size() ); X509_STORE* store = X509_STORE_new(); X509StoreAutoPtr storePtr(store); for(std::vector<X509*>::const_iterator it = ctx._caCerts.begin(); it != ctx._caCerts.end(); ++it) { X509* x509 = copyX509(*it); X509AutoPtr x509Ptr(x509); if( ! X509_STORE_add_cert(store, x509) ) throw InvalidCertificate("untrusted certificate"); _caCerts.push_back(x509); x509Ptr.release(); } SSL_CTX_set_cert_store( _ctx, store ); storePtr.release();}
开发者ID:3Nigma,项目名称:frayon,代码行数:80,
示例24: STACK_OF//.........这里部分代码省略......... int keylen,ivlen; int jj,max; unsigned char *tmp; EVP_CIPHER_CTX *ctx; if ((btmp=BIO_new(BIO_f_cipher())) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); goto err; } BIO_get_cipher_ctx(btmp, &ctx); keylen=EVP_CIPHER_key_length(evp_cipher); ivlen=EVP_CIPHER_iv_length(evp_cipher); if (RAND_bytes(key,keylen) <= 0) goto err; xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); EVP_CipherInit(ctx, evp_cipher, key, iv, 1); if (ivlen > 0) { if (xalg->parameter == NULL) xalg->parameter=ASN1_TYPE_new(); if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) goto err; } /* Lets do the pub key stuff :-) */ max=0; for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri=sk_PKCS7_RECIP_INFO_value(rsk,i); if (ri->cert == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); goto err; } pkey=X509_get_pubkey(ri->cert); jj=EVP_PKEY_size(pkey); EVP_PKEY_free(pkey); if (max < jj) max=jj; } if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); goto err; } for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri=sk_PKCS7_RECIP_INFO_value(rsk,i); pkey=X509_get_pubkey(ri->cert); jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); EVP_PKEY_free(pkey); if (jj <= 0) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); OPENSSL_free(tmp); goto err; } M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } OPENSSL_free(tmp); memset(key, 0, keylen); if (out == NULL) out=btmp; else BIO_push(out,btmp); btmp=NULL; } if (bio == NULL) { if (p7->detached) bio=BIO_new(BIO_s_null()); else { if (PKCS7_type_is_signed(p7) && PKCS7_type_is_data(p7->d.sign->contents)) { ASN1_OCTET_STRING *os; os=p7->d.sign->contents->d.data; if (os->length > 0) bio = BIO_new_mem_buf(os->data, os->length); } if(bio == NULL) { bio=BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bio,0); } } } BIO_push(out,bio); bio=NULL; if (0) {err: if (out != NULL) BIO_free_all(out); if (btmp != NULL) BIO_free_all(btmp); out=NULL; } return(out); }
开发者ID:ahenroid,项目名称:ptptl-0.2,代码行数:101,
示例25: TUTRACE//.........这里部分代码省略......... if(!(fp = fopen(NAME_BUF, "rb"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening CA Cert file./n")); err = TU_ERROR_FILEOPEN; goto ERR_CERT; } //Now check the size of the file fseek(fp, 0, SEEK_END); CACertLength = (UINT32)ftell(fp); if(CACertLength == (UINT32) -1) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting CA Cert length./n")); fclose(fp); err = TU_ERROR_FILEREAD; goto ERR_CERT; } CACert = (uchar *)calloc(CACertLength , 1); if(!CACert) { TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for CA Cert./n")); fclose(fp); err = TU_ERROR_OUT_OF_MEMORY; goto ERR_CERT; } rewind(fp); if(CACertLength != fread(CACert, 1, CACertLength, fp)) { TUTRACE((TUTRACE_ERR, "PROTO: Error reading CA Cert./n")); fclose(fp); err = TU_ERROR_FILEREAD; goto ERR_CA; } fclose(fp); //Now construct the certificate chain - we simply lump all certs together //copy the current certificate and its length in the message buffer //Also, allocate space for a message length at the start of the buffer *message = (uchar *)malloc(sizeof(UINT32) + sizeof(serialLen) + serialLen + sizeof(CACertLength) + CACertLength); if(!*message) { TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory./n")); err = TU_ERROR_OUT_OF_MEMORY; goto ERR_CA; } //The structure of the message is: MessageLength|CertLen|Cert|CertLen|Cert... //The reason for having an extra message length is to help reassemble fragmented packets *msgLen = sizeof(UINT32) + sizeof(serialLen) + serialLen + sizeof(CACertLength) + CACertLength; msgPtr = *message; memcpy(msgPtr, msgLen, sizeof(UINT32)); msgPtr += sizeof(UINT32); memcpy(msgPtr, &serialLen, sizeof(serialLen)); msgPtr += sizeof(serialLen); memcpy(msgPtr, serialCert, serialLen); msgPtr += serialLen; memcpy(msgPtr, &CACertLength, sizeof(CACertLength)); msgPtr += sizeof(CACertLength); memcpy(msgPtr, CACert, CACertLength); //TBD: Add a serial number...get the context, then extract the serial # err = m_pDomainMgr->AddMember(pMemberInfo->Name, pMemberInfo->pDomain, (uchar *)&pMemberInfo->enrolleeAddr, NULL, &member); if(TU_SUCCESS != err) { TUTRACE((TUTRACE_ERR, "PROTO: Error Adding member./n")); free(*message); } else { //Finally, notify the UI of the new member pUpdateCB(pMemberInfo->Name, pMemberInfo->pDomain->Name); err = TU_SUCCESS; } ERR_CA: if(CACert) free(CACert);ERR_CERT: if(serialCert) free(serialCert);ERR_PKEY: EVP_PKEY_free(pkey);ERR_REQ: X509_REQ_free(req);EXIT: return err;}//HandleCertRequest
开发者ID:okertanov,项目名称:Developer-Tools-for-UPnP-Technologies,代码行数:101,
示例26: MAIN//.........这里部分代码省略......... signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, e, "signer certificate"); if (!signer) goto end; key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); if (!key) goto end; for(kparam = key_first; kparam; kparam = kparam->next) { if(kparam->idx == i) { tflags |= CMS_KEY_PARAM; break; } } si = CMS_add1_signer(cms, signer, key, sign_md, tflags); if (!si) goto end; if (kparam) { EVP_PKEY_CTX *pctx; pctx = CMS_SignerInfo_get0_pkey_ctx(si); if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } if (rr && !CMS_add1_ReceiptRequest(si, rr)) goto end; X509_free(signer); signer = NULL; EVP_PKEY_free(key); key = NULL; } /* If not streaming or resigning finalize structure */ if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { if (!CMS_final(cms, in, NULL, flags)) goto end; } } if (!cms) { BIO_printf(bio_err, "Error creating CMS structure/n"); goto end; } ret = 4; if (operation == SMIME_DECRYPT) { if (flags & CMS_DEBUG_DECRYPT) CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); if (secret_key) { if (!CMS_decrypt_set1_key(cms, secret_key, secret_keylen, secret_keyid, secret_keyidlen)) { BIO_puts(bio_err, "Error decrypting CMS using secret key/n"); goto end; }
开发者ID:Acidburn0zzz,项目名称:openssl,代码行数:67,
示例27: verifyOvCertificate/* * Check for: * - cert identity matching domain name * - cert is within validity perios * - digital sig is valid */verifyOvCertificate(ovStruct_t *ovP) { uchar *buff, *subj, *issuer; int version; const uchar *ptr, *tmpPtr; const uchar *data; size_t len, msgLen, totalCertLen, serverCertLen; size_t parsedLen = 0; size_t verifyCertLen; int count = 0;#define CERT_LEN_INDEX 1 // buff[0] points to Handshake Type - certificate buff = ovP->certBuff; len = ovP->certLen; msgLen = GET_BE16(&buff[CERT_LEN_INDEX+1]); totalCertLen = GET_BE16(&buff[CERT_LEN_INDEX+1+3]); serverCertLen = GET_BE16(&buff[CERT_LEN_INDEX+1+3+3]); log_info(fp, "/n Pkg Len = %d, Total Cert Len = %d", msgLen, totalCertLen); log_info(fp, "/n Server Certificate verification, Len: %d", serverCertLen); // Parse the Server Cert ptr = &buff[10]; X509 *cert = d2i_X509(NULL, &ptr, serverCertLen); if (cert == NULL) { log_info(fp, "/n d2i_X509 returns NULL for Cert verification"); return -1; } log_info(fp, "/n.........Server Certificate........................"); subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); version = ((int)X509_get_version(cert)) + 1; // 0 indexed log_info(fp, "/nSubject: %s, /nIssuer: %s, /n Version: %d", subj, issuer, version); // Get Public Key Algorith Name int pkey = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); if (pkey == NID_undef) { log_info (fp, "/n Cert Verify: unable to find signature algo"); goto clean; } char sigalgo[100]; const char * sslbuf = OBJ_nid2ln(pkey); if (strlen(sslbuf) > 100) { log_info (fp, "/n Cert Verify: len is greater than allocated"); goto clean; } strncpy(sigalgo, sslbuf, 100); log_info(fp, ", Public Key Algorithm Algorithm: %s", sigalgo); EVP_PKEY *public_key = X509_get_pubkey(cert); if (pkey == NID_rsaEncryption) { if (public_key == NULL) { log_info(fp, "/nunable to get public key from certificate"); return -1; } char *rsa_e_dec, *rsa_n_hex; ovP->rsa_key = public_key->pkey.rsa; // Both the following are printable strings and need to be freed // by caling OPENSSL_free() rsa_e_dec = BN_bn2dec(ovP->rsa_key->e); // RSA Exponent rsa_n_hex = BN_bn2hex(ovP->rsa_key->n); // RSA Modulus log_info(fp, "/n RSA Exponent = %s, /n RSA Modulus = %s", rsa_e_dec, rsa_n_hex); } EVP_PKEY_free(public_key);clean: OPENSSL_free(subj); OPENSSL_free(issuer); // Parse the Server Cert Chain ptr = &buff[10+serverCertLen]; // Set ptr to point to next Cert Len field parsedLen = serverCertLen+3; tmpPtr = ptr+3; while (parsedLen < totalCertLen) { log_info(fp, "/n.........Server Certificate Chain %d.............", count++); //printf("/n Len: Parsed: %d, Total: %d", parsedLen, totalCertLen); verifyCertLen = GET_BE16(&ptr[1]); log_info(fp, "/nCert Chain Len: %d", verifyCertLen); X509 *cert = d2i_X509(NULL, &tmpPtr, serverCertLen); if (cert == NULL) { log_info(fp, "/n d2i_X509 returns NULL for Cert verification chain"); return -1; } subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); log_info(fp, "/nSubject: %s", subj); OPENSSL_free(subj); ptr += verifyCertLen + 3; // Set ptr to point to next Cert Len field tmpPtr = ptr+3; parsedLen += verifyCertLen+3; } // End parsing Cert Chain log_info(fp, "/n..................................................");}
开发者ID:aseemsethi,项目名称:monitor,代码行数:93,
示例28: test_x509_check_cert_pkeystatic int test_x509_check_cert_pkey(void){ BIO *bio = NULL; X509 *x509 = NULL; X509_REQ *x509_req = NULL; EVP_PKEY *pkey = NULL; int ret = 0, type = 0, expected = 0, result = 0; /* * we check them first thus if fails we don't need to do * those PEM parsing operations. */ if (strcmp(t, "cert") == 0) { type = 1; } else if (strcmp(t, "req") == 0) { type = 2; } else { TEST_error("invalid 'type'"); goto failed; } if (strcmp(e, "ok") == 0) { expected = 1; } else if (strcmp(e, "failed") == 0) { expected = 0; } else { TEST_error("invalid 'expected'"); goto failed; } /* process private key */ if (!TEST_ptr(bio = BIO_new_file(k, "r"))) goto failed; if (!TEST_ptr(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))) goto failed; BIO_free(bio); /* process cert or cert request, use the same local var */ if (!TEST_ptr(bio = BIO_new_file(c, "r"))) goto failed; switch (type) { case 1: x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (x509 == NULL) { TEST_error("read PEM x509 failed"); goto failed; } result = X509_check_private_key(x509, pkey); break; case 2: x509_req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL); if (x509_req == NULL) { TEST_error("read PEM x509 req failed"); goto failed; } result = X509_REQ_check_private_key(x509_req, pkey); break; default: /* should never be here */ break; } if (!TEST_int_eq(result, expected)) { TEST_error("check private key: expected: %d, got: %d", expected, result); goto failed; } ret = 1;failed: BIO_free(bio); X509_free(x509); X509_REQ_free(x509_req); EVP_PKEY_free(pkey); return ret;}
开发者ID:hitched97,项目名称:openssl,代码行数:80,
示例29: DSA_newstatic EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int bitlen, int ispub){ const unsigned char *p = *in; EVP_PKEY *ret = NULL; DSA *dsa = NULL; BN_CTX *ctx = NULL; unsigned int nbyte; BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL; BIGNUM *pub_key = NULL; nbyte = (bitlen + 7) >> 3; dsa = DSA_new(); ret = EVP_PKEY_new(); if (dsa == NULL || ret == NULL) goto memerr; if (!read_lebn(&p, nbyte, &pbn)) goto memerr; if (!read_lebn(&p, 20, &qbn)) goto memerr; if (!read_lebn(&p, nbyte, &gbn)) goto memerr; if (ispub) { if (!read_lebn(&p, nbyte, &pub_key)) goto memerr; } else { if (!read_lebn(&p, 20, &priv_key)) goto memerr; /* Calculate public key */ pub_key = BN_new(); if (pub_key == NULL) goto memerr; if ((ctx = BN_CTX_new()) == NULL) goto memerr; if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx)) goto memerr; BN_CTX_free(ctx); ctx = NULL; } if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) goto memerr; pbn = qbn = gbn = NULL; if (!DSA_set0_key(dsa, pub_key, priv_key)) goto memerr; pub_key = priv_key = NULL; if (!EVP_PKEY_set1_DSA(ret, dsa)) goto memerr; DSA_free(dsa); *in = p; return ret; memerr: PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); DSA_free(dsa); BN_free(pbn); BN_free(qbn); BN_free(gbn); BN_free(pub_key); BN_free(priv_key); EVP_PKEY_free(ret); BN_CTX_free(ctx); return NULL;}
开发者ID:JCMais,项目名称:curl-for-windows,代码行数:71,
示例30: MAIN//.........这里部分代码省略......... goto end; } if (md == NULL) md = EVP_md5(); if (!EVP_DigestInit_ex(mctx, md, impl)) { BIO_printf(bio_err, "Error setting digest %s/n", pname); ERR_print_errors(bio_err); goto end; } } if(sigfile && sigkey) { BIO *sigbio; sigbio = BIO_new_file(sigfile, "rb"); siglen = EVP_PKEY_size(sigkey); sigbuf = OPENSSL_malloc(siglen); if(!sigbio) { BIO_printf(bio_err, "Error opening signature file %s/n", sigfile); ERR_print_errors(bio_err); goto end; } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if(siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s/n", sigfile); ERR_print_errors(bio_err); goto end; } } inp=BIO_push(bmd,in); if (md == NULL) { EVP_MD_CTX *tctx; BIO_get_md_ctx(bmd, &tctx); md = EVP_MD_CTX_md(tctx); } if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen,NULL,NULL,"stdin",bmd); } else { const char *md_name = NULL, *sig_name = NULL; if(!out_bin) { if (sigkey) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); if (ameth) EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } md_name = EVP_MD_name(md); } err = 0; for (i=0; i<argc; i++) { int r; if (BIO_read_filename(in,argv[i]) <= 0) { perror(argv[i]); err++; continue; } else r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, siglen,sig_name,md_name, argv[i],bmd); if(r) err=r; (void)BIO_reset(bmd); } }end: if (buf != NULL) { OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); if (passin) OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); if (sigopts) sk_OPENSSL_STRING_free(sigopts); if (macopts) sk_OPENSSL_STRING_free(macopts); if(sigbuf) OPENSSL_free(sigbuf); if (bmd != NULL) BIO_free(bmd); apps_shutdown(); OPENSSL_EXIT(err); }
开发者ID:rskinner,项目名称:oossl,代码行数:101,
注:本文中的EVP_PKEY_free函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。
C++ EVP_PKEY_get0函数代码示例
C++ EVP_PKEY_copy_parameters函数代码示例 |
