本文整理汇总了C++中EVP_PKEY_copy_parameters函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_PKEY_copy_parameters函数的具体用法?C++ EVP_PKEY_copy_parameters怎么用?C++ EVP_PKEY_copy_parameters使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EVP_PKEY_copy_parameters函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_set_cert
static int ssl_set_cert(CERT *c, X509 *x)
{
EVP_PKEY *pkey;
int i;
pkey = X509_get0_pubkey(x);
if (pkey == NULL) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
return (0);
}
i = ssl_cert_type(x, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
#ifndef OPENSSL_NO_EC
if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
#endif
if (c->pkeys[i].privatekey != NULL) {
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
* ignored. Some EVP_PKEY types cannot do this.
*/
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
RSA_METHOD_FLAG_NO_CHECK) ;
else
#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free current private
* key (when switching to a different cert & key, first this
* function should be used, then ssl_set_pkey
*/
EVP_PKEY_free(c->pkeys[i].privatekey);
c->pkeys[i].privatekey = NULL;
/* clear error queue */
ERR_clear_error();
}
}
X509_free(c->pkeys[i].x509);
X509_up_ref(x);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
return 1;
}示例2: ssl_set_cert
static int ssl_set_cert(CERT *c, X509 *x)
{
EVP_PKEY *pkey;
int i;
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
return (0);
}
i = ssl_cert_type(x, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
return (0);
}
if (c->pkeys[i].privatekey != NULL) {
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
* ignored. Some EVP_PKEY types cannot do this.
*/
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
RSA_METHOD_FLAG_NO_CHECK)) ;
else
#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free current private
* key (when switching to a different cert & key, first this
* function should be used, then ssl_set_pkey
*/
EVP_PKEY_free(c->pkeys[i].privatekey);
c->pkeys[i].privatekey = NULL;
/* clear error queue */
ERR_clear_error();
}
}
EVP_PKEY_free(pkey);
if (c->pkeys[i].x509 != NULL)
X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
c->valid = 0;
return (1);
}示例3: ssl_set_pkey
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
/* Special case for DH: check two DH certificate types for a match.
* This means for DH certificates we must set the certificate first.
*/
if (pkey->type == EVP_PKEY_DH)
{
X509 *x;
i = -1;
x = c->pkeys[SSL_PKEY_DH_RSA].x509;
if (x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_RSA;
x = c->pkeys[SSL_PKEY_DH_DSA].x509;
if (i == -1 && x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_DSA;
ERR_clear_error();
}
else
i=ssl_cert_type(NULL,pkey);
if (i < 0)
{
SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return(0);
}
if (c->pkeys[i].x509 != NULL)
{
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(c->pkeys[i].x509);
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/* Don't check the public/private key, this is mostly
* for smart cards. */
if ((pkey->type == EVP_PKEY_RSA) &&
(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
;
else
#endif
if (!X509_check_private_key(c->pkeys[i].x509,pkey))
{
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
return 0;
}
}
if (c->pkeys[i].privatekey != NULL)
EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
c->pkeys[i].privatekey=pkey;
c->key= &(c->pkeys[i]);
c->valid=0;
return(1);
}示例4: ssl_set_cert
static int
ssl_set_cert(CERT *c, X509 *x)
{
EVP_PKEY *pkey;
int i;
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
SSLerrorx(SSL_R_X509_LIB);
return (0);
}
i = ssl_cert_type(x, pkey);
if (i < 0) {
SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
return (0);
}
if (c->pkeys[i].privatekey != NULL) {
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
/*
* Don't check the public/private key, this is mostly
* for smart cards.
*/
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
RSA_METHOD_FLAG_NO_CHECK))
;
else
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free
* current private key (when switching to a different
* cert & key, first this function should be used,
* then ssl_set_pkey
*/
EVP_PKEY_free(c->pkeys[i].privatekey);
c->pkeys[i].privatekey = NULL;
/* clear error queue */
ERR_clear_error();
}
}
EVP_PKEY_free(pkey);
X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
c->valid = 0;
return (1);
}示例5: ssl_set_pkey
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
i = ssl_cert_type(NULL, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);
}
#ifndef OPENSSL_NO_GMTLS
if (i == SSL_PKEY_SM2 && c->pkeys[SSL_PKEY_SM2_ENC].x509)
i = SSL_PKEY_SM2_ENC;
#endif
if (c->pkeys[i].x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get0_pubkey(c->pkeys[i].x509);
if (pktmp == NULL) {
SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
* ignored. Some EVP_PKEY types cannot do this.
*/
EVP_PKEY_copy_parameters(pktmp, pkey);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
else
#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
return 0;
}
}
EVP_PKEY_free(c->pkeys[i].privatekey);
EVP_PKEY_up_ref(pkey);
c->pkeys[i].privatekey = pkey;
c->key = &(c->pkeys[i]);
return (1);
}示例6: pkey_dh_keygen
static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
DH *dh = NULL;
if (ctx->pkey == NULL) {
DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
return 0;
}
dh = DH_new();
if (!dh)
return 0;
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
return DH_generate_key(pkey->pkey.dh);
}示例7: pkey_dsa_keygen
static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
DSA *dsa = NULL;
if (ctx->pkey == NULL) {
DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
return 0;
}
dsa = DSA_new();
if (dsa == NULL)
return 0;
EVP_PKEY_assign_DSA(pkey, dsa);
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
return DSA_generate_key(pkey->pkey.dsa);
}示例8: ssl_set_pkey
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
i = ssl_cert_type(NULL, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);
}
if (c->pkeys[i].x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(c->pkeys[i].x509);
if (pktmp == NULL) {
SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
EVP_PKEY_free(pktmp);
return 0;
}
/*
* The return code from EVP_PKEY_copy_parameters is deliberately
* ignored. Some EVP_PKEY types cannot do this.
*/
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if ((pkey->type == EVP_PKEY_RSA) &&
(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
else
#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
return 0;
}
}
EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
c->pkeys[i].privatekey = pkey;
c->key = &(c->pkeys[i]);
return (1);
}示例9: pkey_ec_keygen
static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
EC_KEY *ec = NULL;
if (ctx->pkey == NULL)
{
ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
return 0;
}
ec = EC_KEY_new();
if (!ec)
return 0;
EVP_PKEY_assign_EC_KEY(pkey, ec);
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
return EC_KEY_generate_key(pkey->pkey.ec);
}示例10: ssl_set_pkey
static int
ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
i = ssl_cert_type(NULL, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);
}
if (c->pkeys[i].x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(c->pkeys[i].x509);
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error();
/*
* Don't check the public/private key, this is mostly
* for smart cards.
*/
if ((pkey->type == EVP_PKEY_RSA) &&
(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
;
else
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
return 0;
}
}
if (c->pkeys[i].privatekey != NULL)
EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
c->pkeys[i].privatekey = pkey;
c->key = &(c->pkeys[i]);
c->valid = 0;
return (1);
}示例11: sign
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
CONF *conf, char *section)
{
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_save_parameters(pktmp,1);
EVP_PKEY_free(pktmp);
if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
/* Lets just make it 12:00am GMT, Jan 1 1970 */
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
/* 28 days to be certified */
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
goto err;
if (!X509_set_pubkey(x,pkey)) goto err;
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (conf)
{
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return 1;
err:
ERR_print_errors(bio_err);
return 0;
}示例12: pkey_ec_keygen
static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
EC_KEY *ec = NULL;
EC_PKEY_CTX *dctx = ctx->data;
if (ctx->pkey == NULL && dctx->gen_group == NULL) {
ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
return 0;
}
ec = EC_KEY_new();
if (!ec)
return 0;
EVP_PKEY_assign_EC_KEY(pkey, ec);
if (ctx->pkey != NULL) {
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
} else {
if (!EC_KEY_set_group(ec, dctx->gen_group))
return 0;
}
return EC_KEY_generate_key(pkey->pkey.ec);
}示例13: pkey_GOST01cp_encrypt
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
size_t *out_len, const unsigned char *key,
size_t key_len)
{
GOST_KEY_TRANSPORT *gkt = NULL;
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
const struct gost_cipher_info *param = get_encryption_params(NULL);
unsigned char ukm[8], shared_key[32], crypted_key[44];
int ret = 0;
int key_is_ephemeral = 1;
gost_ctx cctx;
EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
if (data->shared_ukm) {
memcpy(ukm, data->shared_ukm, 8);
} else if (out) {
if (RAND_bytes(ukm, 8) <= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_RANDOM_GENERATOR_FAILURE);
return 0;
}
}
/* Check for private key in the peer_key of context */
if (sec_key) {
key_is_ephemeral = 0;
if (!gost_get0_priv_key(sec_key)) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
goto err;
}
} else {
key_is_ephemeral = 1;
if (out) {
sec_key = EVP_PKEY_new();
EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
EVP_PKEY_copy_parameters(sec_key, pubk);
if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
goto err;
}
}
}
if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS)
&& param == gost_cipher_list) {
param = gost_cipher_list + 1;
}
if (out) {
VKO_compute_key(shared_key, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
EVP_PKEY_get0(sec_key), ukm);
gost_init(&cctx, param->sblock);
keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key);
}
gkt = GOST_KEY_TRANSPORT_new();
if (!gkt) {
goto err;
}
if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) {
goto err;
}
if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) {
goto err;
}
if (!ASN1_OCTET_STRING_set
(gkt->key_info->encrypted_key, crypted_key + 8, 32)) {
goto err;
}
if (key_is_ephemeral) {
if (!X509_PUBKEY_set
(&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT,
GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
goto err;
}
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
if (key_is_ephemeral)
EVP_PKEY_free(sec_key);
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL)
<= 0) {
GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED);
goto err;
}
}
if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
ret = 1;
GOST_KEY_TRANSPORT_free(gkt);
return ret;
err:
if (key_is_ephemeral)
EVP_PKEY_free(sec_key);
GOST_KEY_TRANSPORT_free(gkt);
return -1;
}示例14: cert_stuff
//.........这里部分代码省略.........
file_type = do_file_type(cert_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
case SSL_FILETYPE_ASN1:
if (SSL_CTX_use_certificate_file(conn->ssl.ctx,
cert_file,
file_type) != 1) {
failf(data, "unable to set certificate file (wrong password?)");
return 0;
}
break;
case SSL_FILETYPE_ENGINE:
failf(data, "file type ENG for certificate not implemented");
return 0;
default:
failf(data, "not supported file type '%s' for certificate", cert_type);
return 0;
}
file_type = do_file_type(key_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
if (key_file == NULL)
/* cert & key can only be in PEM case in the same file */
key_file=cert_file;
case SSL_FILETYPE_ASN1:
if (SSL_CTX_use_PrivateKey_file(conn->ssl.ctx,
key_file,
file_type) != 1) {
failf(data, "unable to set private key file\n");
return 0;
}
break;
case SSL_FILETYPE_ENGINE:
#ifdef HAVE_OPENSSL_ENGINE_H
{ /* XXXX still needs some work */
EVP_PKEY *priv_key = NULL;
if (conn && conn->data && conn->data->engine) {
if (!key_file || !key_file[0]) {
failf(data, "no key set to load from crypto engine\n");
return 0;
}
priv_key = ENGINE_load_private_key(conn->data->engine,key_file,
data->set.key_passwd);
if (!priv_key) {
failf(data, "failed to load private key from crypto engine\n");
return 0;
}
if (SSL_CTX_use_PrivateKey(conn->ssl.ctx, priv_key) != 1) {
failf(data, "unable to set private key\n");
EVP_PKEY_free(priv_key);
return 0;
}
EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
}
else {
failf(data, "crypto engine not set, can't load private key\n");
return 0;
}
}
#else
failf(data, "file type ENG for private key not supported\n");
return 0;
#endif
break;
default:
failf(data, "not supported file type for private key\n");
return 0;
}
#endif
ssl=SSL_new(conn->ssl.ctx);
x509=SSL_get_certificate(ssl);
if (x509 != NULL)
EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
SSL_get_privatekey(ssl));
SSL_free(ssl);
/* If we are using DSA, we can copy the parameters from
* the private key */
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(conn->ssl.ctx)) {
failf(data, "Private key does not match the certificate public key");
return(0);
}
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
/* erase it now */
memset(global_passwd, 0, sizeof(global_passwd));
#endif
}
return(1);
}示例15: pkey_GOST94cp_encrypt
int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len )
{
GOST_KEY_TRANSPORT *gkt=NULL;
unsigned char shared_key[32], ukm[8],crypted_key[44];
const struct gost_cipher_info *param=get_encryption_params(NULL);
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx);
struct gost_pmeth_data *data = (gost_pmeth_data*)EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx;
int key_is_ephemeral=1;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */
if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list)
{
param= gost_cipher_list+1;
}
if (mykey)
{
/* If key already set, it is not ephemeral */
key_is_ephemeral=0;
if (!gost_get0_priv_key(mykey))
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR);
goto err;
}
}
else
{
/* Otherwise generate ephemeral key */
key_is_ephemeral = 1;
if (out)
{
mykey = EVP_PKEY_new();
EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk),DSA_new());
EVP_PKEY_copy_parameters(mykey,pubk);
if (!gost_sign_keygen((DSA*)EVP_PKEY_get0(mykey)))
{
goto err;
}
}
}
if (out)
make_cp_exchange_key(gost_get0_priv_key(mykey),pubk,shared_key);
if (data->shared_ukm)
{
TINYCLR_SSL_MEMCPY(ukm,data->shared_ukm,8);
}
else if (out)
{
if (RAND_bytes(ukm,8)<=0)
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_RANDOM_GENERATOR_FAILURE);
goto err;
}
}
if (out) {
gost_init(&cctx,param->sblock);
keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key);
}
gkt = GOST_KEY_TRANSPORT_new();
if (!gkt)
{
goto memerr;
}
if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv,
ukm,8))
{
goto memerr;
}
if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4))
{
goto memerr;
}
if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32))
{
goto memerr;
}
if (key_is_ephemeral) {
if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?mykey:pubk))
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
goto err;
}
if (out) EVP_PKEY_free(mykey);
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
*outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL);
if (*outlen == 0)
{
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
}
if (!key_is_ephemeral)
{
/* Set control "public key from client certificate used" */
//.........这里部分代码省略.........