本文整理汇总了C++中RSA_free函数的典型用法代码示例。如果您正苦于以下问题:C++ RSA_free函数的具体用法?C++ RSA_free怎么用?C++ RSA_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了RSA_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: hostupdate_h
bool hostupdate_h(connection_t *c) {
/* FIXME: Whoah! Even more!! */
char rawfile[MAX_STRING_SIZE];
char rawhost[MAX_STRING_SIZE], b64host[MAX_STRING_SIZE];
char rawdgst[MAX_STRING_SIZE], b64dgst[MAX_STRING_SIZE];
char updname[MAX_STRING_SIZE], hosttoupd[MAX_STRING_SIZE];
char *fname;
FILE *fp;
size_t slen, dlen, rlen;
RSA *updkey;
/* We ignore host files updates, maybe for reason */
if (ignorenetupdates() || ignorehostsupdates()) return true;
/* handle received host data, check sign, (over)write on disk */
if (sscanf(c->buffer,
"%*d " MAX_STRING " " MAX_STRING " " MAX_STRING " %zd %zd " MAX_STRING,
updname, hosttoupd, b64host, &slen, &dlen, b64dgst) != 6) {
logger(LOG_ERR, "Got bad %s from %s (%s)", "HOSTUPDATE", c->name, c->hostname);
return false;
}
/* verify the originating node is permitted to send updates */
if (dontverifyupdatepermission()) goto _next;
if(!getconf_bool_node_offline(updname, "HostsFilesMaster")) {
ifdebug(PROTOCOL) logger(LOG_WARNING,
"Ignoring hosts update request originating from %s [which came from %s (%s)]",
updname, c->name, c->hostname);
return true;
}
/* some other sanity checks */
_next: if (!isvalidfname(updname)) {
logger(LOG_ERR,
"Got bogus updater name \"%s\" from %s (%s) (from: %s)",
updname, c->name, c->hostname, updname);
return false;
}
if (!isvalidfname(hosttoupd)) {
logger(LOG_ERR,
"Got bogus update name \"%s\" from %s (%s) (from: %s)",
hosttoupd, c->name, c->hostname, updname);
return false;
}
if (slen >= MAX_STRING_SIZE || dlen >= MAX_STRING_SIZE) {
logger(LOG_ERR,
"HOSTUPDATE string sizes for %s are bigger than buffer can fit (%zd, %zd)",
hosttoupd, slen, dlen);
return false;
}
/* verify it */
if (dontverifyupdatesignature()) goto _out;
if (!read_rsa_public_key_offline(updname, &updkey)) {
logger(LOG_ERR, "Could not find public key for %s", updname);
return true;
}
base64_decode(b64dgst, rawdgst, sizeof(rawdgst)-1);
snprintf(rawhost, sizeof(rawhost), "%s %s %s %zd %zd",
updname, hosttoupd, b64host, slen, dlen);
rlen = strlen(rawhost);
if (!EVP_verify(updkey, rawdgst, dlen, rawhost, rlen)) {
logger(LOG_WARNING,
"Ignoring hosts update request with bad signature from %s for %s"
" [which came from %s (%s)]",
updname, hosttoupd, c->name, c->hostname);
RSA_free(updkey);
return true;
}
RSA_free(updkey);
/* neighbours return us our own packets */
_out: if (!strcmp(updname, myself->name)) return true;
/* All right, let's start updating */
xasprintf(&fname, "%s/hosts/%s", confbase, hosttoupd);
/* Tell others if needed */
if (!dontforwardhostsupdates()) {
exceptmasters = true;
forward_request(c);
}
/* Check if it's a START marker */
if (!strcmp(updname, hosttoupd) && !strcmp(b64host, "START")) {
/* Run pre-update script (embedded devices do remount,rw fs for example)
We really need to run this once, so that's why there are START and END markers */
run_script("hostsupdate-before");
/* That's it folks! Waiting for files to arrive */
free(fname);
return true;
}
//.........这里部分代码省略.........
示例2: printf
char *js_public_encrypt(const char *plain_text, const char *public_key_path) {
RSA *rsa_publicKey = NULL;
FILE *fp_publicKey;
int rsa_public_len;
if ((fp_publicKey = fopen(public_key_path, "r")) == NULL) {
printf("Could not open %s\n", public_key_path);
return '\0';
}
if ((rsa_publicKey = PEM_read_RSA_PUBKEY(fp_publicKey, NULL, NULL, NULL)) == NULL) {
printf("Error loading RSA Public Key File.");
return '\0';
}
fclose(fp_publicKey);
rsa_public_len = RSA_size(rsa_publicKey);
printf("RSA public length: %d\n", rsa_public_len);
// 11 bytes is overhead required for encryption
int chunk_length = rsa_public_len - 11;
// plain text length
int plain_char_len = strlen(plain_text);
// calculate the number of chunks
int num_of_chunks = (strlen(plain_text) / chunk_length) + 1;
int total_cipher_length = 0;
// the output size is (total number of chunks) x (the key length)
int encrypted_size = (num_of_chunks * rsa_public_len);
unsigned char *cipher_data = malloc(encrypted_size + 1);
char *err = NULL;
for (int i = 0; i < plain_char_len; i += chunk_length) {
// take out chunk of plain text
unsigned char *plain_chunk = malloc(chunk_length + 1);
memcpy(&plain_chunk[0], &plain_text[i], chunk_length);
printf("Plain chunk: %s\n", plain_chunk);
unsigned char *result_chunk = malloc(rsa_public_len + 1);
int result_length = RSA_public_encrypt(chunk_length, plain_chunk, result_chunk, rsa_publicKey, RSA_PKCS1_PADDING);
printf("Encrypted Result chunk: %s\nEncrypted Chunk length: %d\n", result_chunk, result_length);
if (result_length == -1) {
ERR_load_CRYPTO_strings();
fprintf(stderr, "Error %s\n", ERR_error_string(ERR_get_error(), err));
fprintf(stderr, "Error %s\n", err);
}
memcpy(&cipher_data[total_cipher_length], &result_chunk[0], result_length);
total_cipher_length += result_length;
}
printf("Total cipher length: %d\n", total_cipher_length);
RSA_free(rsa_publicKey);
size_t total_len = 0;
char *encrypted = base64_encode(cipher_data, encrypted_size, &total_len);
printf("Final result: %s\n Final result length: %zu\n", encrypted, total_len);
return encrypted;
}示例3: RSA_free
RSA_Helper::~RSA_Helper(){
if(key){
RSA_free(key);
CRYPTO_cleanup_all_ex_data();
}
}示例4: int_rsa_free
static void int_rsa_free(EVP_PKEY *pkey)
{
RSA_free(pkey->pkey.rsa);
}示例5: westcos_pkcs15init_generate_key
//.........这里部分代码省略.........
BIO *mem = NULL;
sc_file_t *prkf = NULL;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
return SC_ERROR_NOT_SUPPORTED;
}
#if OPENSSL_VERSION_NUMBER>=0x00908000L
rsa = RSA_new();
bn = BN_new();
mem = BIO_new(BIO_s_mem());
if(rsa == NULL || bn == NULL || mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
#else
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL);
if (!rsa)
#endif
{
r = SC_ERROR_UNKNOWN;
goto out;
}
RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
if(pubkey != NULL)
{
if(!i2d_RSAPublicKey_bio(mem, rsa))
{
r = SC_ERROR_UNKNOWN;
goto out;
}
lg = BIO_get_mem_data(mem, &p);
pubkey->algorithm = SC_ALGORITHM_RSA;
r = sc_pkcs15_decode_pubkey(p15card->card->ctx, pubkey, p, lg);
if (r < 0)
goto out;
}
(void) BIO_reset(mem);
if(!i2d_RSAPrivateKey_bio(mem, rsa))
{
r = SC_ERROR_UNKNOWN;
goto out;
}
lg = BIO_get_mem_data(mem, &p);
/* Get the private key file */
r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf);
if (r < 0)
{
char pbuf[SC_MAX_PATH_STRING_SIZE];
r = sc_path_print(pbuf, sizeof(pbuf), &key_info->path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
goto out;
}
prkf->size = lg;
r = sc_pkcs15init_create_file(profile, p15card, prkf);
if(r) goto out;
r = sc_pkcs15init_update_file(profile, p15card, prkf, p, lg);
if(r) goto out;
out:
if(mem)
BIO_free(mem);
if(bn)
BN_free(bn);
if(rsa)
RSA_free(rsa);
sc_file_free(prkf);
return r;
#endif
}示例6: opensslrsa_todns
static isc_result_t
opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_region_t r;
unsigned int e_bytes;
unsigned int mod_bytes;
isc_result_t ret;
RSA *rsa;
#if USE_EVP
EVP_PKEY *pkey;
#endif
#if USE_EVP
REQUIRE(key->keydata.pkey != NULL);
#else
REQUIRE(key->keydata.rsa != NULL);
#endif
#if USE_EVP
pkey = key->keydata.pkey;
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
#else
rsa = key->keydata.rsa;
#endif
isc_buffer_availableregion(data, &r);
e_bytes = BN_num_bytes(rsa->e);
mod_bytes = BN_num_bytes(rsa->n);
if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
if (r.length < 1)
DST_RET(ISC_R_NOSPACE);
isc_buffer_putuint8(data, (isc_uint8_t) e_bytes);
isc_region_consume(&r, 1);
} else {
if (r.length < 3)
DST_RET(ISC_R_NOSPACE);
isc_buffer_putuint8(data, 0);
isc_buffer_putuint16(data, (isc_uint16_t) e_bytes);
isc_region_consume(&r, 3);
}
if (r.length < e_bytes + mod_bytes)
DST_RET(ISC_R_NOSPACE);
BN_bn2bin(rsa->e, r.base);
isc_region_consume(&r, e_bytes);
BN_bn2bin(rsa->n, r.base);
isc_buffer_add(data, e_bytes + mod_bytes);
ret = ISC_R_SUCCESS;
err:
#if USE_EVP
if (rsa != NULL)
RSA_free(rsa);
#endif
return (ret);
}示例7: opensslrsa_tofile
//.........这里部分代码省略.........
#endif
for (i = 0; i < 8; i++) {
bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
if (bufs[i] == NULL) {
result = ISC_R_NOMEMORY;
goto fail;
}
}
i = 0;
priv.elements[i].tag = TAG_RSA_MODULUS;
priv.elements[i].length = BN_num_bytes(rsa->n);
BN_bn2bin(rsa->n, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
priv.elements[i].length = BN_num_bytes(rsa->e);
BN_bn2bin(rsa->e, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
if (rsa->d != NULL) {
priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
priv.elements[i].length = BN_num_bytes(rsa->d);
BN_bn2bin(rsa->d, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (rsa->p != NULL) {
priv.elements[i].tag = TAG_RSA_PRIME1;
priv.elements[i].length = BN_num_bytes(rsa->p);
BN_bn2bin(rsa->p, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (rsa->q != NULL) {
priv.elements[i].tag = TAG_RSA_PRIME2;
priv.elements[i].length = BN_num_bytes(rsa->q);
BN_bn2bin(rsa->q, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (rsa->dmp1 != NULL) {
priv.elements[i].tag = TAG_RSA_EXPONENT1;
priv.elements[i].length = BN_num_bytes(rsa->dmp1);
BN_bn2bin(rsa->dmp1, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (rsa->dmq1 != NULL) {
priv.elements[i].tag = TAG_RSA_EXPONENT2;
priv.elements[i].length = BN_num_bytes(rsa->dmq1);
BN_bn2bin(rsa->dmq1, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (rsa->iqmp != NULL) {
priv.elements[i].tag = TAG_RSA_COEFFICIENT;
priv.elements[i].length = BN_num_bytes(rsa->iqmp);
BN_bn2bin(rsa->iqmp, bufs[i]);
priv.elements[i].data = bufs[i];
i++;
}
if (key->engine != NULL) {
priv.elements[i].tag = TAG_RSA_ENGINE;
priv.elements[i].length = strlen(key->engine) + 1;
priv.elements[i].data = (unsigned char *)key->engine;
i++;
}
if (key->label != NULL) {
priv.elements[i].tag = TAG_RSA_LABEL;
priv.elements[i].length = strlen(key->label) + 1;
priv.elements[i].data = (unsigned char *)key->label;
i++;
}
priv.nelements = i;
result = dst__privstruct_writefile(key, &priv, directory);
fail:
#if USE_EVP
RSA_free(rsa);
#endif
for (i = 0; i < 8; i++) {
if (bufs[i] == NULL)
break;
isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n));
}
return (result);
}示例8: ca_imsg
void
ca_imsg(struct mproc *p, struct imsg *imsg)
{
RSA *rsa;
const void *from = NULL;
unsigned char *to = NULL;
struct msg m;
const char *pkiname;
size_t flen, tlen, padding;
struct pki *pki;
int ret = 0;
uint64_t id;
int v;
if (p->proc == PROC_PARENT) {
switch (imsg->hdr.type) {
case IMSG_CONF_START:
return;
case IMSG_CONF_END:
ca_init();
/* Start fulfilling requests */
mproc_enable(p_pony);
return;
}
}
if (p->proc == PROC_CONTROL) {
switch (imsg->hdr.type) {
case IMSG_CTL_VERBOSE:
m_msg(&m, imsg);
m_get_int(&m, &v);
m_end(&m);
log_verbose(v);
return;
case IMSG_CTL_PROFILE:
m_msg(&m, imsg);
m_get_int(&m, &v);
m_end(&m);
profiling = v;
return;
}
}
if (p->proc == PROC_PONY) {
switch (imsg->hdr.type) {
case IMSG_CA_PRIVENC:
case IMSG_CA_PRIVDEC:
m_msg(&m, imsg);
m_get_id(&m, &id);
m_get_string(&m, &pkiname);
m_get_data(&m, &from, &flen);
m_get_size(&m, &tlen);
m_get_size(&m, &padding);
m_end(&m);
pki = dict_get(env->sc_pki_dict, pkiname);
if (pki == NULL || pki->pki_pkey == NULL ||
(rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL)
fatalx("ca_imsg: invalid pki");
if ((to = calloc(1, tlen)) == NULL)
fatalx("ca_imsg: calloc");
switch (imsg->hdr.type) {
case IMSG_CA_PRIVENC:
ret = RSA_private_encrypt(flen, from, to, rsa,
padding);
break;
case IMSG_CA_PRIVDEC:
ret = RSA_private_decrypt(flen, from, to, rsa,
padding);
break;
}
m_create(p, imsg->hdr.type, 0, 0, -1);
m_add_id(p, id);
m_add_int(p, ret);
if (ret > 0)
m_add_data(p, to, (size_t)ret);
m_close(p);
free(to);
RSA_free(rsa);
return;
}
}
errx(1, "ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type));
}示例9: kn_decode_key
//.........这里部分代码省略.........
{
if (ptr != (unsigned char *) NULL)
free(ptr);
DSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
}
if (ptr != (unsigned char *) NULL)
free(ptr);
return 0;
}
/* RSA-PKCS1-HEX */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
(internalencoding == INTERNAL_ENC_PKCS1))
{
dc->dec_key = RSA_new();
if (dc->dec_key == (RSA *) NULL)
{
keynote_errno = ERROR_MEMORY;
return -1;
}
kk = dc->dec_key;
if (keytype == KEYNOTE_PRIVATE_KEY)
{
if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
if (RSA_blinding_on ((RSA *) kk, NULL) != 1)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_MEMORY;
return -1;
}
}
else
{
if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
{
if (ptr != (unsigned char *) NULL)
free(ptr);
RSA_free(kk);
keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
return -1;
}
}
if (ptr != (unsigned char *) NULL)
free(ptr);
return 0;
}
/* X509 Cert */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) &&示例10: generate_response
static gchar*
generate_response(const gchar *nouce, const gchar *userid,
const gchar *password, const gchar *publickey, const gchar *aeskey_raw)
{
gchar *psdhex = hash_password_v4(userid, password);
gchar modulus[257];
gchar exponent[7];
gint ret, flen;
BIGNUM *bnn, *bne;
guchar *out;
guchar *nonce, *aeskey, *psd, *res;
gint nonce_len, aeskey_len, psd_len;
RSA *r = RSA_new();
memset(modulus, 0, sizeof(modulus));
memset(exponent, 0, sizeof(exponent));
memcpy(modulus, publickey, 256);
memcpy(exponent, publickey + 256, 6);
nonce = (guchar*)g_malloc0(strlen(nouce) + 1);
memcpy(nonce, (guchar*)nouce, strlen(nouce));
nonce_len = strlen(nouce);
psd = strtohex(psdhex, &psd_len);
aeskey = strtohex(aeskey_raw, &aeskey_len);
res = (guchar*)g_malloc0(nonce_len + aeskey_len + psd_len + 1);
memcpy(res, nonce, nonce_len);
memcpy(res + nonce_len, psd, psd_len);
memcpy(res + nonce_len + psd_len, aeskey, aeskey_len);
bnn = BN_new();
bne = BN_new();
BN_hex2bn(&bnn, modulus);
BN_hex2bn(&bne, exponent);
r->n = bnn; r->e = bne; r->d = NULL;
RSA_print_fp(stdout, r, 5);
flen = RSA_size(r);
out = (guchar*)g_malloc0(flen);
hybrid_debug_info("fetion", "start encrypting response");
ret = RSA_public_encrypt(nonce_len + aeskey_len + psd_len,
res, out, r, RSA_PKCS1_PADDING);
if (ret < 0) {
hybrid_debug_info("fetion", "encrypt response failed!");
g_free(res);
g_free(aeskey);
g_free(psd);
g_free(nonce);
return NULL;
}
RSA_free(r);
hybrid_debug_info("fetion", "encrypting reponse success");
g_free(res);
g_free(aeskey);
g_free(psd);
g_free(nonce);
return hextostr(out , ret);
}示例11: printf
char *js_private_encrypt(const char *plain_text, const char *private_key_path) {
RSA *rsa_privateKey = NULL;
FILE *fp_privateKey;
int rsa_private_len;
if ((fp_privateKey = fopen(private_key_path, "r")) == NULL) {
printf("Could not open %s\n", private_key_path);
return '\0';
}
if ((rsa_privateKey = PEM_read_RSAPrivateKey(fp_privateKey, NULL, NULL, NULL)) == NULL) {
fclose(fp_privateKey);
printf("Error loading RSA Private Key File.");
return '\0';
}
fclose(fp_privateKey);
rsa_private_len = RSA_size(rsa_privateKey);
printf("RSA private length: %d\n", rsa_private_len);
// 11 bytes is overhead required for encryption
int chunk_length = rsa_private_len - 11;
// plain text length
int plain_char_len = (int)strlen(plain_text);
// calculate the number of chunks
int num_of_chunks = (int)(strlen(plain_text) / chunk_length) + 1;
int total_cipher_length = 0;
// the output size is (total number of chunks) x (the key length)
int encrypted_size = (num_of_chunks * rsa_private_len);
unsigned char *cipher_data = malloc(encrypted_size + 1);
char *err = NULL;
for (int i = 0; i < plain_char_len; i += chunk_length) {
// get the remaining character count from the plain text
int remaining_char_count = plain_char_len - i;
// this len is the number of characters to encrypt, thus take the minimum between the chunk count & the remaining characters
// this must less than rsa_private_len - 11
int len = JSMIN(remaining_char_count, chunk_length);
unsigned char *plain_chunk = malloc(len + 1);
// take out chunk of plain text
memcpy(&plain_chunk[0], &plain_text[i], len);
printf("Plain chunk: %s\n", plain_chunk);
unsigned char *result_chunk = malloc(rsa_private_len + 1);
int result_length = RSA_private_encrypt(len, plain_chunk, result_chunk, rsa_privateKey, RSA_PKCS1_PADDING);
printf("Encrypted Result chunk: %s\nEncrypted Chunk length: %d\n", result_chunk, result_length);
free(plain_chunk);
if (result_length == -1) {
ERR_load_CRYPTO_strings();
fprintf(stderr, "Error %s\n", ERR_error_string(ERR_get_error(), err));
fprintf(stderr, "Error %s\n", err);
}
memcpy(&cipher_data[total_cipher_length], &result_chunk[0], result_length);
total_cipher_length += result_length;
free(result_chunk);
}
printf("Total cipher length: %d\n", total_cipher_length);
RSA_free(rsa_privateKey);
size_t total_len = 0;
char *encrypted = base64_encode(cipher_data, encrypted_size, &total_len);
printf("Final result: %s\n Final result length: %zu\n", encrypted, total_len);
free(cipher_data);
return encrypted;
}示例12: MAIN
//.........这里部分代码省略.........
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto err;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
rsa = RSA_new();
if (!rsa)
goto err;
if (use_x931)
{
BIGNUM *pubexp;
pubexp = BN_new();
if (!BN_set_word(pubexp, f4))
goto err;
if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
goto err;
BN_free(pubexp);
}
else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
/* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
l=0L;
for (i=0; i<rsa->e->top; i++)
{
#ifndef SIXTY_FOUR_BIT
l<<=BN_BITS4;
l<<=BN_BITS4;
#endif
l+=rsa->e->d[i];
}
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
(pem_password_cb *)password_callback,&cb_data))
goto err;
}
ret=0;
err:
if (bn) BN_free(bn);
if (rsa) RSA_free(rsa);
if (out) BIO_free_all(out);
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
}示例13: gen_cert
int
gen_cert (X509 ** cert, EVP_PKEY ** key)
{
RSA *rsa;
X509_NAME *subj;
X509_EXTENSION *ext;
X509V3_CTX ctx;
const char *commonName = "localhost";
char dNSName[128];
int rc;
*cert = NULL;
*key = NULL;
/* Generate a private key. */
*key = EVP_PKEY_new ();
if (*key == NULL) {
#ifdef DEBUG
fprintf (stderr, "Error generating key.\n");
#endif
exit (1);
}
do {
rsa = RSA_generate_key (DEFAULT_KEY_BITS, RSA_F4, NULL, NULL);
if (rsa == NULL) {
#ifdef DEBUG
fprintf (stderr, "Error generating RSA key.\n");
#endif
exit (1);
}
rc = RSA_check_key (rsa);
}
while (rc == 0);
if (rc == -1) {
#ifdef DEBUG
fprintf (stderr, "Error generating RSA key.\n");
#endif
exit (1);
}
if (EVP_PKEY_assign_RSA (*key, rsa) == 0) {
RSA_free (rsa);
#ifdef DEBUG
fprintf (stderr, "Error with EVP and PKEY.\n");
#endif
exit (1);
}
/* Generate a certificate. */
*cert = X509_new ();
if (*cert == NULL) {
#ifdef DEBUG
fprintf (stderr, "Couldn't generate 509 cert.\n");
#endif
exit (1);
}
if (X509_set_version (*cert, 2) == 0) { /* Version 3. */
#ifdef DEBUG
fprintf (stderr, "Couldn't set x509 version.\n");
#endif
exit (1);
}
/* Set the commonName. */
subj = X509_get_subject_name (*cert);
if (X509_NAME_add_entry_by_txt (subj, "commonName", MBSTRING_ASC,
(unsigned char *) commonName, -1, -1,
0) == 0) {
#ifdef DEBUG
fprintf (stderr, "Couldn't set common name.\n");
#endif
exit (1);
}
/* Set the dNSName. */
rc = snprintf (dNSName, sizeof (dNSName), "DNS:%s", commonName);
if (rc < 0 || rc >= sizeof (dNSName)) {
#ifdef DEBUG
fprintf (stderr, "Unable to set dns name.\n");
#endif
exit (1);
}
X509V3_set_ctx (&ctx, *cert, *cert, NULL, NULL, 0);
ext = X509V3_EXT_conf (NULL, &ctx, "subjectAltName", dNSName);
if (ext == NULL) {
#ifdef DEBUG
fprintf (stderr, "Unable to get subjectaltname.\n");
#endif
exit (1);
}
if (X509_add_ext (*cert, ext, -1) == 0) {
#ifdef DEBUG
fprintf (stderr, "x509_add_ext error.\n");
#endif
exit (1);
}
/* Set a comment. */
ext = X509V3_EXT_conf (NULL, &ctx, "nsComment", CERTIFICATE_COMMENT);
if (ext == NULL) {
//.........这里部分代码省略.........
示例14: confupdate_h
bool confupdate_h(connection_t *c) {
char updname[MAX_STRING_SIZE];
char rawconf[MAX_STRING_SIZE], b64conf[MAX_STRING_SIZE];
char rawdgst[MAX_STRING_SIZE], b64dgst[MAX_STRING_SIZE];
node_t *n;
char *fname, *tname;
FILE *fp;
int x;
size_t slen, dlen, rlen;
RSA *updkey;
/* Guard ourselves against updates */
if (ignorenetupdates() || ignoreconfupdates()) return true;
if (sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING " %zd %zd " MAX_STRING,
updname, b64conf, &slen, &dlen, b64dgst) != 5) {
logger(LOG_ERR, "Got bad %s from %s (%s)", "CONFUPDATE", c->name, c->hostname);
return false;
}
if (dontverifyupdatepermission()) goto _next;
if(!getconf_bool_node_offline(updname, "ConfFileMaster")) {
ifdebug(PROTOCOL) logger(LOG_WARNING,
"Ignoring config update request originating from %s [which came from %s (%s)]",
updname, c->name, c->hostname);
return true;
}
_next: if (!isvalidfname(updname)) {
logger(LOG_ERR, "Got bogus updater name \"%s\" from %s (%s) (from: %s)",
updname, c->name, c->hostname, updname);
return false;
}
if (slen >= MAX_STRING_SIZE || dlen >= MAX_STRING_SIZE) {
logger(LOG_ERR,
"CONFUPDATE string sizes are bigger than buffer can fit (%zd, %zd)",
slen, dlen);
return false;
}
if (dontverifyupdatesignature()) goto _out;
if (!read_rsa_public_key_offline(updname, &updkey)) {
logger(LOG_ERR, "Could not find public key for %s", updname);
return true;
}
base64_decode(b64dgst, rawdgst, sizeof(rawdgst)-1);
snprintf(rawconf, sizeof(rawconf), "%s %s %zd %zd", updname, b64conf, slen, dlen);
rlen = strlen(rawconf);
if (!EVP_verify(updkey, rawdgst, dlen, rawconf, rlen)) {
logger(LOG_WARNING,
"Ignoring config update request with bad signature"
" from %s [which came from %s (%s)]",
updname, c->name, c->hostname);
RSA_free(updkey);
return true;
}
RSA_free(updkey);
_out: if (!strcmp(updname, myself->name)) return true;
if (!dontforwardconfupdates()) {
exceptmasters = true;
forward_request(c);
}
if (!strcmp(b64conf, "START")) {
run_script("confupdate-before");
return true;
}
else if (!strcmp(b64conf, "END")) {
run_script("confupdate-after");
schedulereload();
return true;
}
xasprintf(&fname, "%s/tinc.conf", confbase);
fp = fopen(fname, "w");
if (!fp) {
logger(LOG_ERR, "Could not update %s: %s", fname, strerror(errno));
free(fname);
return true;
}
/* Save variables which are sensitive */
for (x = 0; confvarstopreserve[x]; x++) {
if(get_config_string(lookup_config(config_tree,
confvarstopreserve[x]), &tname)) {
fprintf(fp, "%s = %s\n", confvarstopreserve[x], tname);
free(tname);
}
}
//.........这里部分代码省略.........
示例15: opensslrsa_compare
static isc_boolean_t
opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
int status;
RSA *rsa1 = NULL, *rsa2 = NULL;
#if USE_EVP
EVP_PKEY *pkey1, *pkey2;
#endif
#if USE_EVP
pkey1 = key1->keydata.pkey;
pkey2 = key2->keydata.pkey;
/*
* The pkey reference will keep these around after
* the RSA_free() call.
*/
if (pkey1 != NULL) {
rsa1 = EVP_PKEY_get1_RSA(pkey1);
RSA_free(rsa1);
}
if (pkey2 != NULL) {
rsa2 = EVP_PKEY_get1_RSA(pkey2);
RSA_free(rsa2);
}
#else
rsa1 = key1->keydata.rsa;
rsa2 = key2->keydata.rsa;
#endif
if (rsa1 == NULL && rsa2 == NULL)
return (ISC_TRUE);
else if (rsa1 == NULL || rsa2 == NULL)
return (ISC_FALSE);
status = BN_cmp(rsa1->n, rsa2->n) ||
BN_cmp(rsa1->e, rsa2->e);
if (status != 0)
return (ISC_FALSE);
#if USE_EVP
if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 ||
(rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) {
if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 ||
(rsa2->flags & RSA_FLAG_EXT_PKEY) == 0)
return (ISC_FALSE);
/*
* Can't compare private parameters, BTW does it make sense?
*/
return (ISC_TRUE);
}
#endif
if (rsa1->d != NULL || rsa2->d != NULL) {
if (rsa1->d == NULL || rsa2->d == NULL)
return (ISC_FALSE);
status = BN_cmp(rsa1->d, rsa2->d) ||
BN_cmp(rsa1->p, rsa2->p) ||
BN_cmp(rsa1->q, rsa2->q);
if (status != 0)
return (ISC_FALSE);
}
return (ISC_TRUE);
}