mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-25 06:25:04 +00:00
Deleted OpenSSL that uses deprecated functions.
This commit is contained in:
parent
c83b601f90
commit
b19c68622d
3 changed files with 28 additions and 86 deletions
2
utils.c
2
utils.c
|
@ -295,7 +295,7 @@ int adduser(const char *uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("\nCreating RSA key...\n");
|
printf("\nCreating RSA key...\n");
|
||||||
key = xs_rsa_genkey(4096);
|
key = xs_evp_genkey(4096);
|
||||||
printf("Done.\n");
|
printf("Done.\n");
|
||||||
|
|
||||||
xs *kfn = xs_fmt("%s/key.json", basedir);
|
xs *kfn = xs_fmt("%s/key.json", basedir);
|
||||||
|
|
90
xs_openssl.h
90
xs_openssl.h
|
@ -11,9 +11,7 @@ xs_str *_xs_digest(const xs_val *input, int size, const char *digest, int as_hex
|
||||||
#define xs_sha256_hex(input, size) _xs_digest(input, size, "sha256", 1)
|
#define xs_sha256_hex(input, size) _xs_digest(input, size, "sha256", 1)
|
||||||
#define xs_sha256_base64(input, size) _xs_digest(input, size, "sha256", 0)
|
#define xs_sha256_base64(input, size) _xs_digest(input, size, "sha256", 0)
|
||||||
|
|
||||||
xs_dict *xs_rsa_genkey(int bits);
|
xs_dict *xs_evp_genkey(int bits);
|
||||||
xs_str *xs_rsa_sign(const char *secret, const char *mem, int size);
|
|
||||||
int xs_rsa_verify(const char *pubkey, const char *mem, int size, const char *b64sig);
|
|
||||||
xs_str *xs_evp_sign(const char *secret, const char *mem, int size);
|
xs_str *xs_evp_sign(const char *secret, const char *mem, int size);
|
||||||
int xs_evp_verify(const char *pubkey, const char *mem, int size, const char *b64sig);
|
int xs_evp_verify(const char *pubkey, const char *mem, int size, const char *b64sig);
|
||||||
|
|
||||||
|
@ -47,26 +45,30 @@ xs_str *_xs_digest(const xs_val *input, int size, const char *digest, int as_hex
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
xs_dict *xs_rsa_genkey(int bits)
|
xs_dict *xs_evp_genkey(int bits)
|
||||||
/* generates an RSA keypair */
|
/* generates an RSA keypair using the EVP interface */
|
||||||
{
|
{
|
||||||
BIGNUM *bne;
|
|
||||||
RSA *rsa;
|
|
||||||
xs_dict *keypair = NULL;
|
xs_dict *keypair = NULL;
|
||||||
|
EVP_PKEY_CTX *ctx;
|
||||||
|
EVP_PKEY *pkey = NULL;
|
||||||
|
|
||||||
|
if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
if (EVP_PKEY_keygen_init(ctx) <= 0 ||
|
||||||
|
EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0 ||
|
||||||
|
EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
||||||
|
goto end;
|
||||||
|
|
||||||
if ((bne = BN_new()) != NULL) {
|
|
||||||
if (BN_set_word(bne, RSA_F4) == 1) {
|
|
||||||
if ((rsa = RSA_new()) != NULL) {
|
|
||||||
if (RSA_generate_key_ex(rsa, bits, bne, NULL) == 1) {
|
|
||||||
BIO *bs = BIO_new(BIO_s_mem());
|
BIO *bs = BIO_new(BIO_s_mem());
|
||||||
BIO *bp = BIO_new(BIO_s_mem());
|
BIO *bp = BIO_new(BIO_s_mem());
|
||||||
BUF_MEM *sptr;
|
BUF_MEM *sptr;
|
||||||
BUF_MEM *pptr;
|
BUF_MEM *pptr;
|
||||||
|
|
||||||
PEM_write_bio_RSAPrivateKey(bs, rsa, NULL, NULL, 0, 0, NULL);
|
PEM_write_bio_PrivateKey(bs, pkey, NULL, NULL, 0, 0, NULL);
|
||||||
BIO_get_mem_ptr(bs, &sptr);
|
BIO_get_mem_ptr(bs, &sptr);
|
||||||
|
|
||||||
PEM_write_bio_RSA_PUBKEY(bp, rsa);
|
PEM_write_bio_PUBKEY(bp, pkey);
|
||||||
BIO_get_mem_ptr(bp, &pptr);
|
BIO_get_mem_ptr(bp, &pptr);
|
||||||
|
|
||||||
keypair = xs_dict_new();
|
keypair = xs_dict_new();
|
||||||
|
@ -76,72 +78,12 @@ xs_dict *xs_rsa_genkey(int bits)
|
||||||
|
|
||||||
BIO_free(bs);
|
BIO_free(bs);
|
||||||
BIO_free(bp);
|
BIO_free(bp);
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
end:
|
||||||
return keypair;
|
return keypair;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
xs_str *xs_rsa_sign(const char *secret, const char *mem, int size)
|
|
||||||
/* signs a memory block (secret is in PEM format) */
|
|
||||||
{
|
|
||||||
xs_str *signature = NULL;
|
|
||||||
BIO *b;
|
|
||||||
RSA *rsa;
|
|
||||||
unsigned char *sig;
|
|
||||||
unsigned int sig_len;
|
|
||||||
|
|
||||||
/* un-PEM the key */
|
|
||||||
b = BIO_new_mem_buf(secret, strlen(secret));
|
|
||||||
rsa = PEM_read_bio_RSAPrivateKey(b, NULL, NULL, NULL);
|
|
||||||
|
|
||||||
/* alloc space */
|
|
||||||
sig = xs_realloc(NULL, RSA_size(rsa));
|
|
||||||
|
|
||||||
if (RSA_sign(NID_sha256, (unsigned char *)mem, size, sig, &sig_len, rsa) == 1)
|
|
||||||
signature = xs_base64_enc((char *)sig, sig_len);
|
|
||||||
|
|
||||||
BIO_free(b);
|
|
||||||
RSA_free(rsa);
|
|
||||||
xs_free(sig);
|
|
||||||
|
|
||||||
return signature;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int xs_rsa_verify(const char *pubkey, const char *mem, int size, const char *b64sig)
|
|
||||||
/* verifies a base64 block, returns non-zero on ok */
|
|
||||||
{
|
|
||||||
int r = 0;
|
|
||||||
BIO *b;
|
|
||||||
RSA *rsa;
|
|
||||||
|
|
||||||
/* un-PEM the key */
|
|
||||||
b = BIO_new_mem_buf(pubkey, strlen(pubkey));
|
|
||||||
rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);
|
|
||||||
|
|
||||||
if (rsa != NULL) {
|
|
||||||
xs *sig = NULL;
|
|
||||||
int s_size;
|
|
||||||
|
|
||||||
/* de-base64 */
|
|
||||||
sig = xs_base64_dec(b64sig, &s_size);
|
|
||||||
|
|
||||||
if (sig != NULL)
|
|
||||||
r = RSA_verify(NID_sha256, (unsigned char *)mem, size,
|
|
||||||
(unsigned char *)sig, s_size, rsa);
|
|
||||||
}
|
|
||||||
|
|
||||||
BIO_free(b);
|
|
||||||
RSA_free(rsa);
|
|
||||||
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
xs_str *xs_evp_sign(const char *secret, const char *mem, int size)
|
xs_str *xs_evp_sign(const char *secret, const char *mem, int size)
|
||||||
/* signs a memory block (secret is in PEM format) */
|
/* signs a memory block (secret is in PEM format) */
|
||||||
{
|
{
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
/* fe95bda22e514fa188c50438cce0eee0c6919911 */
|
/* b4afa5f823a998a263159ebfe9be67b81a8cc774 */
|
||||||
|
|
Loading…
Reference in a new issue