本文整理汇总了C++中EVP_PKEY_CTX_free函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_PKEY_CTX_free函数的具体用法?C++ EVP_PKEY_CTX_free怎么用?C++ EVP_PKEY_CTX_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EVP_PKEY_CTX_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: sign_and_verify
static int sign_and_verify(int len)
{
/*
* Per FIPS 186-4, the hash is recommended to be the same length as q.
* If the hash is longer than q, the leftmost N bits are used; if the hash
* is shorter, then we left-pad (see appendix C.2.1).
*/
size_t sigLength;
int digestlen = BN_num_bytes(DSA_get0_q(dsakey));
int ok = 0;
unsigned char *dataToSign = OPENSSL_malloc(len);
unsigned char *paddedData = OPENSSL_malloc(digestlen);
unsigned char *signature = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
if (!TEST_ptr(dataToSign) ||
!TEST_ptr(paddedData) ||
!TEST_int_eq(RAND_bytes(dataToSign, len), 1))
goto end;
memset(paddedData, 0, digestlen);
if (len > digestlen)
memcpy(paddedData, dataToSign, digestlen);
else
memcpy(paddedData + digestlen - len, dataToSign, len);
if (!TEST_ptr(pkey = EVP_PKEY_new()))
goto end;
EVP_PKEY_set1_DSA(pkey, dsakey);
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
goto end;
if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1))
goto end;
if (EVP_PKEY_sign(ctx, NULL, &sigLength, dataToSign, len) != 1) {
TEST_error("Failed to get signature length, len=%d", len);
goto end;
}
if (!TEST_ptr(signature = OPENSSL_malloc(sigLength)))
goto end;
if (EVP_PKEY_sign(ctx, signature, &sigLength, dataToSign, len) != 1) {
TEST_error("Failed to sign, len=%d", len);
goto end;
}
/* Check that the signature is okay via the EVP interface */
if (!TEST_int_eq(EVP_PKEY_verify_init(ctx), 1))
goto end;
/* ... using the same data we just signed */
if (EVP_PKEY_verify(ctx, signature, sigLength, dataToSign, len) != 1) {
TEST_error("EVP verify with unpadded length %d failed\n", len);
goto end;
}
/* ... padding/truncating the data to the appropriate digest size */
if (EVP_PKEY_verify(ctx, signature, sigLength, paddedData, digestlen) != 1) {
TEST_error("EVP verify with length %d failed\n", len);
goto end;
}
/* Verify again using the raw DSA interface */
if (DSA_verify(0, dataToSign, len, signature, sigLength, dsakey) != 1) {
TEST_error("Verification with unpadded data failed, len=%d", len);
goto end;
}
if (DSA_verify(0, paddedData, digestlen, signature, sigLength, dsakey) != 1) {
TEST_error("verify with length %d failed\n", len);
goto end;
}
ok = 1;
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
OPENSSL_free(signature);
OPENSSL_free(paddedData);
OPENSSL_free(dataToSign);
return ok;
}
示例2: main
//.........这里部分代码省略.........
display_openssl_errors(__LINE__);
exit(1);
}
md_len = digest_len;
EVP_MD_CTX_destroy(md_ctx);
/* Sign the hash */
pkey_ctx = EVP_PKEY_CTX_new(private_key, e);
if (pkey_ctx == NULL) {
fprintf(stderr, "Could not create context\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_sign_init(pkey_ctx) <= 0) {
fprintf(stderr, "Could not init signature\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
fprintf(stderr, "Could not set padding\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) {
fprintf(stderr, "Could not set message digest algorithm\n");
display_openssl_errors(__LINE__);
exit(1);
}
sig_len = sizeof(sig);
if (EVP_PKEY_sign(pkey_ctx, sig, &sig_len, md,
EVP_MD_size(digest_algo)) <= 0) {
display_openssl_errors(__LINE__);
exit(1);
}
EVP_PKEY_CTX_free(pkey_ctx);
printf("Signature created\n");
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
pkey_ctx = EVP_PKEY_CTX_new(public_key, e);
if (pkey_ctx == NULL) {
fprintf(stderr, "Could not create context\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_verify_init(pkey_ctx) <= 0) {
fprintf(stderr, "Could not init verify\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
fprintf(stderr, "Could not set padding\n");
display_openssl_errors(__LINE__);
exit(1);
}
if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) {
fprintf(stderr, "Could not set message digest algorithm\n");
display_openssl_errors(__LINE__);
exit(1);
}
ret = EVP_PKEY_verify(pkey_ctx, sig, sig_len, md, md_len);
if (ret < 0) {
display_openssl_errors(__LINE__);
exit(1);
}
EVP_PKEY_CTX_free(pkey_ctx);
if (ret == 1) {
printf("Signature verified\n");
}
else {
printf("Verification failed\n");
display_openssl_errors(__LINE__);
exit(1);
}
#else /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */
printf("Unable to verify signature with %s\n", OPENSSL_VERSION_TEXT);
#endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */
ENGINE_finish(e);
CONF_modules_unload(1);
return 0;
}
示例3: cms_RecipientInfo_ktri_encrypt
static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyTransRecipientInfo *ktri;
CMS_EncryptedContentInfo *ec;
EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
size_t eklen;
int ret = 0;
if (ri->type != CMS_RECIPINFO_TRANS)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
ktri = ri->d.ktri;
ec = cms->d.envelopedData->encryptedContentInfo;
pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!pctx)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ek = OPENSSL_malloc(eklen);
if (ek == NULL)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
ek = NULL;
ret = 1;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
}
示例4: MAIN
//.........这里部分代码省略.........
if (!sigkey) {
/*
* load_[pub]key() has already printed an appropriate message
*/
goto end;
}
}
if (mac_name) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts) {
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n", macopt);
ERR_print_errors(bio_err);
goto mac_end;
}
}
}
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto mac_end;
}
r = 1;
mac_end:
if (mac_ctx)
EVP_PKEY_CTX_free(mac_ctx);
if (r == 0)
goto end;
}
if (non_fips_allow) {
EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd, &md_ctx);
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
if (hmac_key) {
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (!sigkey)
goto end;
}
if (sigkey) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (!r) {
BIO_printf(bio_err, "Error setting context\n");
示例5: BIO_printf
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
*pkeysize = EVP_PKEY_size(pkey);
if (!pkey)
goto end;
ctx = EVP_PKEY_CTX_new(pkey, e);
EVP_PKEY_free(pkey);
if (!ctx)
goto end;
switch (pkey_op) {
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
}
if (rv <= 0) {
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
end:
if (passin)
OPENSSL_free(passin);
return ctx;
}
示例6: ERROR_MSG
// Key factory
bool OSSLGOST::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* /*rng = NULL */)
{
// Check parameters
if ((ppKeyPair == NULL) ||
(parameters == NULL))
{
return false;
}
if (!parameters->areOfType(ECParameters::type))
{
ERROR_MSG("Invalid parameters supplied for GOST key generation");
return false;
}
ECParameters* params = (ECParameters*) parameters;
ByteString paramA = "06072a850302022301";
if (params->getEC() != paramA)
{
ERROR_MSG("unsupported parameters");
return false;
}
// Generate the key-pair
EVP_PKEY_CTX* ctx = NULL;
EVP_PKEY* pkey = NULL;
OSSLGOSTKeyPair* kp;
ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, NULL);
if (ctx == NULL)
{
ERROR_MSG("EVP_PKEY_CTX_new_id failed");
goto err;
}
if (EVP_PKEY_keygen_init(ctx) <= 0)
{
ERROR_MSG("EVP_PKEY_keygen_init failed");
goto err;
}
if (EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0)
{
ERROR_MSG("EVP_PKEY_CTX_ctrl_str failed");
goto err;
}
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{
ERROR_MSG("EVP_PKEY_keygen failed");
goto err;
}
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
// Create an asymmetric key-pair object to return
kp = new OSSLGOSTKeyPair();
((OSSLGOSTPublicKey*) kp->getPublicKey())->setFromOSSL(pkey);
((OSSLGOSTPrivateKey*) kp->getPrivateKey())->setFromOSSL(pkey);
*ppKeyPair = kp;
// Release the key
EVP_PKEY_free(pkey);
return true;
err:
if (ctx != NULL)
EVP_PKEY_CTX_free(ctx);
if (pkey != NULL)
EVP_PKEY_free(pkey);
return false;
}
示例7: EVP_PKEY_CTX_new
cjose_jwk_t *cjose_jwk_derive_ecdh_ephemeral_key(
cjose_jwk_t *jwk_self,
cjose_jwk_t *jwk_peer,
cjose_err *err)
{
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey_self = NULL;
EVP_PKEY *pkey_peer = NULL;
uint8_t *secret = NULL;
size_t secret_len = 0;
uint8_t *ephemeral_key = NULL;
size_t ephemeral_key_len = 0;
cjose_jwk_t *jwk_ephemeral_key = NULL;
// get EVP_KEY from jwk_self
if (!_cjose_jwk_evp_key_from_ec_key(jwk_self, &pkey_self, err))
{
goto _cjose_jwk_derive_shared_secret_fail;
}
// get EVP_KEY from jwk_peer
if (!_cjose_jwk_evp_key_from_ec_key(jwk_peer, &pkey_peer, err))
{
goto _cjose_jwk_derive_shared_secret_fail;
}
// create derivation context based on local key pair
ctx = EVP_PKEY_CTX_new(pkey_self, NULL);
if (NULL == ctx)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwk_derive_shared_secret_fail;
}
// initialize derivation context
if (1 != EVP_PKEY_derive_init(ctx))
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwk_derive_shared_secret_fail;
}
// provide the peer public key
if (1 != EVP_PKEY_derive_set_peer(ctx, pkey_peer))
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwk_derive_shared_secret_fail;
}
// determine buffer length for shared secret
if(1 != EVP_PKEY_derive(ctx, NULL, &secret_len))
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwk_derive_shared_secret_fail;
}
// allocate buffer for shared secret
secret = (uint8_t *)cjose_get_alloc()(secret_len);
if (NULL == secret)
{
CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
goto _cjose_jwk_derive_shared_secret_fail;
}
memset(secret, 0, secret_len);
// derive the shared secret
if (1 != (EVP_PKEY_derive(ctx, secret, &secret_len)))
{
CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
goto _cjose_jwk_derive_shared_secret_fail;
}
// HKDF of the DH shared secret (SHA256, no salt, no info, 256 bit expand)
ephemeral_key_len = 32;
ephemeral_key = (uint8_t *)cjose_get_alloc()(ephemeral_key_len);
if (!cjose_jwk_hkdf(EVP_sha256(), (uint8_t *)"", 0, (uint8_t *)"", 0,
secret, secret_len, ephemeral_key, ephemeral_key_len, err))
{
goto _cjose_jwk_derive_shared_secret_fail;
}
// create a JWK of the shared secret
jwk_ephemeral_key = cjose_jwk_create_oct_spec(
ephemeral_key, ephemeral_key_len, err);
if (NULL == jwk_ephemeral_key)
{
goto _cjose_jwk_derive_shared_secret_fail;
}
// happy path
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey_self);
EVP_PKEY_free(pkey_peer);
cjose_get_dealloc()(secret);
cjose_get_dealloc()(ephemeral_key);
return jwk_ephemeral_key;
// fail path
_cjose_jwk_derive_shared_secret_fail:
//.........这里部分代码省略.........
示例8: pkcs7_decrypt_rinfo
static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
{
EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
size_t eklen;
int ret = -1;
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pctx)
return -1;
if (EVP_PKEY_decrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
{
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0)
goto err;
ek = OPENSSL_malloc(eklen);
if (ek == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_decrypt(pctx, ek, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0)
{
ret = 0;
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
goto err;
}
ret = 1;
if (*pek)
{
OPENSSL_cleanse(*pek, *peklen);
OPENSSL_free(*pek);
}
*pek = ek;
*peklen = eklen;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (!ret && ek)
OPENSSL_free(ek);
return ret;
}
示例9: verify
int verify(const char* keypath, BIGNUM* nonce, const uint8_t* sig, size_t slen){
// Nonce
uint8_t* N;
size_t Nlen;
// Context and key
EVP_PKEY_CTX *verctx;
FILE* vkeyfh;
EVP_PKEY *vkey=NULL;
// Return codes and errors
int err_code, ret_val=1;
unsigned long vererr;
/*
* Open the public key of the client for verification
*/
vkeyfh = fopen(keypath,"r");
if(!vkeyfh)
{
fprintf(stderr, "%s: Cannot open the key file\n", __func__);
ret_val = 0;
goto exit_verify;
}
vkey = PEM_read_PUBKEY(vkeyfh, &vkey, NULL, NULL);
if(!vkey){
fprintf(stderr,"Cannot read verification key from file %s\n", keypath);
ret_val = 0;
fclose(vkeyfh);
goto exit_verify;
}
verctx = EVP_PKEY_CTX_new(vkey, NULL);
if (!verctx){
fprintf(stderr,"Cannot create a verify context\n");
ret_val = 0;
fclose(vkeyfh);
EVP_PKEY_free(vkey);
goto exit_verify;
}
if (EVP_PKEY_verify_init(verctx) <= 0){
fprintf(stderr,"Cannot initialize a verify context\n");
ret_val = 0;
goto cleanup_verify;
}
/*
* Convert the nonce in a string so that it can be verified
*/
N = malloc(BN_num_bytes(nonce));
if (N == NULL)
{
fprintf(stderr, "%s: Out of memory\n", __func__);
ret_val = 0;
goto cleanup_verify;
}
Nlen = BN_bn2bin(nonce, N);
/* Perform actual verify operation */
err_code = EVP_PKEY_verify(verctx, sig, slen, N, Nlen);
if( err_code != 1 ){
ERR_load_crypto_strings();
vererr = ERR_get_error();
fprintf(stderr,"The verify operation on the nonce has failed with code %lu. RET=%d\n",vererr,err_code);
fprintf(stderr,"%s\n", ERR_error_string(vererr, NULL));
ERR_free_strings();
ret_val = 0;
}
free(N);
cleanup_verify:
EVP_PKEY_CTX_free(verctx);
EVP_PKEY_free(vkey);
fclose(vkeyfh);
exit_verify:
return ret_val;
}
示例10: test_kdf_scrypt
static int test_kdf_scrypt(void)
{
int ret = 0;
EVP_PKEY_CTX *pctx;
unsigned char out[64];
size_t outlen = sizeof(out);
if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) {
TEST_error("EVP_PKEY_SCRYPT");
goto err;
}
if (EVP_PKEY_derive_init(pctx) <= 0) {
TEST_error("EVP_PKEY_derive_init");
goto err;
}
if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_pbe_pass");
goto err;
}
if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
TEST_error("EVP_PKEY_CTX_set1_scrypt_salt");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_N");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_r");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
TEST_error("EVP_PKEY_CTX_set_scrypt_p");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) {
TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) > 0) {
TEST_error("EVP_PKEY_derive should have failed");
goto err;
}
if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) {
TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
goto err;
}
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
TEST_error("EVP_PKEY_derive");
goto err;
}
{
const unsigned char expected[sizeof(out)] = {
0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
};
if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
goto err;
}
}
ret = 1;
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}
示例11: sign
uint8_t* sign(const char* keypath, const uint8_t* payload, const size_t plen, size_t* slen){
FILE* ckeyfh;
EVP_PKEY* ckey=NULL;
EVP_PKEY_CTX* sigctx;
uint8_t *sig;
// Load signing key
ckeyfh = fopen(keypath,"r");
if(!ckeyfh)
{
fprintf(stderr, "%s: Cannot open the key file\n", __func__);
sig = NULL;
goto exit_sign;
}
ckey = PEM_read_PrivateKey(ckeyfh, &ckey, NULL, NULL);
if(!ckey){
fprintf(stderr,"Cannot read signing key from file %s\n", keypath);
fclose(ckeyfh);
sig = NULL;
goto exit_sign;
}
// create signing context
sigctx = EVP_PKEY_CTX_new(ckey, NULL);
if (!sigctx){
fprintf(stderr,"Cannot create a signing context\n");
fclose(ckeyfh);
sig = NULL;
EVP_PKEY_free(ckey);
goto exit_sign;
}
if (EVP_PKEY_sign_init(sigctx) <= 0){
fprintf(stderr,"Cannot inizialize a signing context\n");
sig = NULL;
goto cleanup_sign;
}
// Ask the maximum signature size that will result in signing the payload
if (EVP_PKEY_sign(sigctx, NULL, slen, payload, plen ) <= 0)
{
fprintf(stderr, "%s: Cannot get signature size\n", __func__);
sig = NULL;
goto cleanup_sign;
}
sig = malloc(*slen);
if(!sig){
fprintf(stderr,"Out of memory\n");
goto cleanup_sign;
}
// Do the real signature
if (EVP_PKEY_sign(sigctx, sig, slen, payload, plen) <= 0){
ERR_load_crypto_strings();
fprintf(stderr,"Signing operation failed\n");
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
ERR_free_strings();
sig = NULL;
}
cleanup_sign:
fclose(ckeyfh);
EVP_PKEY_CTX_free(sigctx);
EVP_PKEY_free(ckey);
exit_sign:
return sig;
}
示例12: ORPV__verify_pss_sha1
static VALUE ORPV__verify_pss_sha1(VALUE self, VALUE vPubKey, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
enum ORPV_errors err = OK;
BIO * pkey_bio = NULL;
RSA * rsa_pub_key = NULL;
EVP_PKEY * pkey = NULL;
EVP_PKEY_CTX * pkey_ctx = NULL;
char * pub_key = NULL;
int verify_rval = -1, salt_len;
char ossl_err_strs[(OSSL_ERR_STR_LEN + 2) * ORPV_MAX_ERRS] = "";
if (ERR_peek_error()) {
err = EXTERNAL;
goto Cleanup;
}
vPubKey = StringValue(vPubKey);
vSig = StringValue(vSig);
vHashData = StringValue(vHashData);
salt_len = NUM2INT(vSaltLen);
if (RSTRING_LEN(vPubKey) > (long)INT_MAX) {
err = KEY_OVERFLOW;
goto Cleanup;
}
pub_key = malloc(RSTRING_LEN(vPubKey));
if (! pub_key) {
err = NOMEM;
goto Cleanup;
}
memcpy(pub_key, StringValuePtr(vPubKey), RSTRING_LEN(vPubKey));
pkey_bio = BIO_new_mem_buf(pub_key, (int)RSTRING_LEN(vPubKey));
rsa_pub_key = PEM_read_bio_RSA_PUBKEY(pkey_bio, NULL, NULL, NULL);
if (! rsa_pub_key) {
err = PUBKEY_PARSE;
goto Cleanup;
}
pkey = EVP_PKEY_new();
if (! pkey) {
err = PKEY_INIT;
goto Cleanup;
}
if (! EVP_PKEY_set1_RSA(pkey, rsa_pub_key)) {
err = RSA_ASSIGN;
goto Cleanup;
}
pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
if (! pkey_ctx) {
err = PKEY_CTX_INIT;
goto Cleanup;
}
if (EVP_PKEY_verify_init(pkey_ctx) <= 0) {
err = VERIFY_INIT;
goto Cleanup;
}
if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1()) <= 0) {
err = SET_SIG_MD;
goto Cleanup;
}
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
err = SET_PADDING;
goto Cleanup;
}
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len) <= 0) {
err = SET_SALTLEN;
goto Cleanup;
}
verify_rval = EVP_PKEY_verify(pkey_ctx,
(unsigned char*)StringValuePtr(vSig), (size_t)RSTRING_LEN(vSig),
(unsigned char*)StringValuePtr(vHashData), (size_t)RSTRING_LEN(vHashData));
Cleanup:
/*
* BIO * pkey_bio = NULL;
* RSA * rsa_pub_key = NULL;
* EVP_PKEY * pkey = NULL;
* EVP_PKEY_CTX * pkey_ctx = NULL;
* char * pub_key = NULL;
*/
if (pkey_ctx) EVP_PKEY_CTX_free(pkey_ctx);
if (pkey) EVP_PKEY_free(pkey);
if (rsa_pub_key) RSA_free(rsa_pub_key);
if (pkey_bio) BIO_free(pkey_bio);
if (pub_key) free(pub_key);
switch (err) {
case OK:
switch (verify_rval) {
case 1:
//.........这里部分代码省略.........
示例13: MAIN
//.........这里部分代码省略.........
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
goto end;
}
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (OPENSSL_TYPE__FILE_STDOUT, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param)
{
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
{
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param)
rv = PEM_write_bio_Parameters(out, pkey);
else if (outformat == FORMAT_PEM)
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
NULL, pass);
else if (outformat == FORMAT_ASN1)
rv = i2d_PrivateKey_bio(out, pkey);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (rv <= 0)
{
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
if (text)
{
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0)
{
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
}
}
ret = 0;
end:
if (pkey)
EVP_PKEY_free(pkey);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (out)
BIO_free_all(out);
BIO_free(in);
if (pass)
OPENSSL_free(pass);
return ret;
}
示例14: BIO_printf
//.........这里部分代码省略.........
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
case KEY_NONE:
break;
}
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
if (kdfalg != NULL) {
int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef) {
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
kdfalg);
goto end;
}
}
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
} else {
EC_KEY *eckey = NULL;
const EC_GROUP *group = NULL;
int nid;
if (pkey == NULL)
goto end;
/* SM2 needs a special treatment */
if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL
|| (group = EC_KEY_get0_group(eckey)) == NULL
|| (nid = EC_GROUP_get_curve_name(group)) == 0)
goto end;
if (nid == NID_sm2)
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
}
*pkeysize = EVP_PKEY_size(pkey);
ctx = EVP_PKEY_CTX_new(pkey, impl);
if (ppkey != NULL)
*ppkey = pkey;
EVP_PKEY_free(pkey);
}
if (ctx == NULL)
goto end;
switch (pkey_op) {
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
}
if (rv <= 0) {
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
end:
OPENSSL_free(passin);
return ctx;
}
示例15: gostr3410_verify_data
static CK_RV gostr3410_verify_data(const unsigned char *pubkey, int pubkey_len,
const unsigned char *params, int params_len,
unsigned char *data, int data_len,
unsigned char *signat, int signat_len)
{
EVP_PKEY *pkey;
EVP_PKEY_CTX *pkey_ctx = NULL;
EC_POINT *P;
BIGNUM *X, *Y;
ASN1_OCTET_STRING *octet;
const EC_GROUP *group = NULL;
char paramset[2] = "A";
int r = -1, ret_vrf = 0;
pkey = EVP_PKEY_new();
if (!pkey)
return CKR_HOST_MEMORY;
r = EVP_PKEY_set_type(pkey, NID_id_GostR3410_2001);
if (r == 1) {
pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkey_ctx) {
EVP_PKEY_free(pkey);
return CKR_HOST_MEMORY;
}
/* FIXME: fully check params[] */
if (params_len > 0 && params[params_len - 1] >= 1 &&
params[params_len - 1] <= 3) {
paramset[0] += params[params_len - 1] - 1;
r = EVP_PKEY_CTX_ctrl_str(pkey_ctx, "paramset", paramset);
}
else
r = -1;
if (r == 1)
r = EVP_PKEY_paramgen_init(pkey_ctx);
if (r == 1)
r = EVP_PKEY_paramgen(pkey_ctx, &pkey);
if (r == 1 && EVP_PKEY_get0(pkey) != NULL)
group = EC_KEY_get0_group(EVP_PKEY_get0(pkey));
r = -1;
if (group)
octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey, (long)pubkey_len);
if (group && octet) {
reverse(octet->data, octet->length);
Y = BN_bin2bn(octet->data, octet->length / 2, NULL);
X = BN_bin2bn((const unsigned char*)octet->data +
octet->length / 2, octet->length / 2, NULL);
ASN1_OCTET_STRING_free(octet);
P = EC_POINT_new(group);
if (P && X && Y)
r = EC_POINT_set_affine_coordinates_GFp(group,
P, X, Y, NULL);
BN_free(X);
BN_free(Y);
if (r == 1 && EVP_PKEY_get0(pkey) && P)
r = EC_KEY_set_public_key(EVP_PKEY_get0(pkey), P);
EC_POINT_free(P);
}
if (r == 1) {
r = EVP_PKEY_verify_init(pkey_ctx);
reverse(data, data_len);
if (r == 1)
ret_vrf = EVP_PKEY_verify(pkey_ctx, signat, signat_len,
data, data_len);
}
}
EVP_PKEY_CTX_free(pkey_ctx);
EVP_PKEY_free(pkey);
if (r != 1)
return CKR_GENERAL_ERROR;
return ret_vrf == 1 ? CKR_OK : CKR_SIGNATURE_INVALID;
}