Skip to content

Commit

Permalink
piv-tool: Update OpenSSL logging
Browse files Browse the repository at this point in the history
  • Loading branch information
@xhanulik
xhanulik committed Mar 20, 2024
1 parent d1a1180 commit 8dd1ae3
Showing 1 changed file with 76 additions and 28 deletions.
104 changes: 76 additions & 28 deletions src/tools/piv-tool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
#include "libopensc/cardctl.h"
#include "libopensc/cards.h"
#include "libopensc/asn1.h"
#include "libopensc/log.h"
#include "util.h"
#include "libopensc/sc-ossl-compat.h"

Expand Down Expand Up @@ -214,9 +215,9 @@ static int load_cert(const char * cert_id, const char * cert_file,
} else {
cert = PEM_read_X509(fp, &cert, NULL, NULL);
if(cert == NULL){
printf("file %s does not contain PEM-encoded certificate\n",
cert_file);
goto err;
sc_log_openssl(ctx);
printf("file %s does not contain PEM-encoded certificate\n", cert_file);
goto err;
}

derlen = i2d_X509(cert, NULL);
Expand Down Expand Up @@ -337,22 +338,27 @@ static int gen_key(const char * key_info)

#if OPENSSL_VERSION_NUMBER < 0x30000000L
evpkey = EVP_PKEY_new();
if (!evpkey) {
sc_log_openssl(ctx);
fprintf(stderr, "allocation of key failed\n");
return r;
}
#endif

if (keydata.key_bits > 0) { /* RSA key */
BIGNUM *newkey_n, *newkey_e;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA * newkey = NULL;
newkey = RSA_new();
if (newkey == NULL) {
RSA *newkey = RSA_new();
if (!newkey) {
sc_log_openssl(ctx);
EVP_PKEY_free(evpkey);
free(keydata.pubkey);
free(keydata.exponent);
fprintf(stderr, "gen_key RSA_new failed %d\n",r);
return -1;
}
#else
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY_CTX *cctx = NULL;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
#endif
Expand All @@ -369,31 +375,50 @@ static int gen_key(const char * key_info)
}

newkey_n = BN_bin2bn(keydata.pubkey, (int)keydata.pubkey_len, NULL);
newkey_e = BN_bin2bn(keydata.exponent, (int)keydata.exponent_len, NULL);
newkey_e = BN_bin2bn(keydata.exponent, (int)keydata.exponent_len, NULL);
free(keydata.pubkey);
keydata.pubkey_len = 0;
free(keydata.exponent);
keydata.exponent_len = 0;
if (!newkey_n || !newkey_e) {
sc_log_openssl(ctx);
EVP_PKEY_free(evpkey);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA_free(newkey);
#endif
fprintf(stderr, "conversion or key params failed %d\n", r);
return -1;
}

#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (RSA_set0_key(newkey, newkey_n, newkey_e, NULL) != 1) {
fprintf(stderr, "gen_key unable to set RSA values");
sc_log_openssl(ctx);
EVP_PKEY_free(evpkey);
RSA_free(newkey);
BN_free(newkey_n);
BN_free(newkey_e);
fprintf(stderr, "gen_key unable to set RSA values");
return -1;
}

if (verbose)
RSA_print_fp(stdout, newkey,0);
RSA_print_fp(stdout, newkey, 0);

EVP_PKEY_assign_RSA(evpkey, newkey);
if (EVP_PKEY_assign_RSA(evpkey, newkey) != 1) {
sc_log_openssl(ctx);
EVP_PKEY_free(evpkey);
RSA_free(newkey);
BN_free(newkey_n);
BN_free(newkey_e);
fprintf(stderr, "gen_key unable to set RSA values");
return -1;
}
#else
if (!(bld = OSSL_PARAM_BLD_new()) ||
OSSL_PARAM_BLD_push_BN(bld, "n", newkey_n) != 1 ||
OSSL_PARAM_BLD_push_BN(bld, "e", newkey_e) != 1 ||
!(params = OSSL_PARAM_BLD_to_param(bld))) {
sc_log_openssl(ctx);
OSSL_PARAM_BLD_free(bld);
BN_free(newkey_n);
BN_free(newkey_e);
Expand All @@ -403,32 +428,33 @@ static int gen_key(const char * key_info)
BN_free(newkey_n);
BN_free(newkey_e);

ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if (!ctx ||
EVP_PKEY_fromdata_init(ctx) != 1 ||
EVP_PKEY_fromdata(ctx, &evpkey, EVP_PKEY_KEYPAIR, params) != 1) {
fprintf(stderr, "gen_key unable to gen RSA");
EVP_PKEY_CTX_free(ctx);
cctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if (!cctx ||
EVP_PKEY_fromdata_init(cctx) != 1 ||
EVP_PKEY_fromdata(cctx, &evpkey, EVP_PKEY_KEYPAIR, params) != 1) {
sc_log_openssl(ctx);
EVP_PKEY_CTX_free(cctx);
OSSL_PARAM_free(params);
fprintf(stderr, "gen_key unable to gen RSA");
return -1;
}
if (verbose)
EVP_PKEY_print_public_fp(stdout, evpkey, 0, NULL);

EVP_PKEY_CTX_free(ctx);
EVP_PKEY_CTX_free(cctx);
OSSL_PARAM_free(params);
#endif
} else { /* EC key */
#if !defined(OPENSSL_NO_EC)
int i;
BIGNUM *x;
BIGNUM *y;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
EC_GROUP * ecgroup = NULL;
EC_POINT * ecpoint = NULL;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
EC_KEY * eckey = NULL;
#else
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY_CTX *cctx = NULL;
OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL;
size_t len = 0;
Expand All @@ -450,6 +476,17 @@ static int gen_key(const char * key_info)
i = (int)(keydata.ecpoint_len - 1)/2;
x = BN_bin2bn(keydata.ecpoint + 1, i, NULL);
y = BN_bin2bn(keydata.ecpoint + 1 + i, i, NULL) ;
if (!x || !y) {
sc_log_openssl(ctx);
free(keydata.ecpoint);
keydata.ecpoint_len = 0;
BN_free(x);
BN_free(y);
EVP_PKEY_free(evpkey);
EC_GROUP_free(ecgroup);
EC_POINT_free(ecpoint);
return -1;
}
r = EC_POINT_set_affine_coordinates(ecgroup, ecpoint, x, y, NULL);

free(keydata.ecpoint);
Expand All @@ -458,6 +495,7 @@ static int gen_key(const char * key_info)
BN_free(y);

if (r == 0) {
sc_log_openssl(ctx);
fprintf(stderr, "EC_POINT_set_affine_coordinates_GFp failed\n");
EVP_PKEY_free(evpkey);
EC_GROUP_free(ecgroup);
Expand All @@ -469,6 +507,7 @@ static int gen_key(const char * key_info)
r = EC_KEY_set_group(eckey, ecgroup);
EC_GROUP_free(ecgroup);
if (r == 0) {
sc_log_openssl(ctx);
fprintf(stderr, "EC_KEY_set_group failed\n");
EVP_PKEY_free(evpkey);
EC_POINT_free(ecpoint);
Expand All @@ -477,6 +516,7 @@ static int gen_key(const char * key_info)
r = EC_KEY_set_public_key(eckey, ecpoint);
EC_POINT_free(ecpoint);
if (r == 0) {
sc_log_openssl(ctx);
fprintf(stderr, "EC_KEY_set_public_key failed\n");
EVP_PKEY_free(evpkey);
return -1;
Expand All @@ -485,17 +525,23 @@ static int gen_key(const char * key_info)
if (verbose)
EC_KEY_print_fp(stdout, eckey, 0);

EVP_PKEY_assign_EC_KEY(evpkey, eckey);
if (EVP_PKEY_assign_EC_KEY(evpkey, eckey) != 1) {
sc_log_openssl(ctx);
EVP_PKEY_free(evpkey);
return -1;
}
#else
group_name = OBJ_nid2sn(nid);
len = EC_POINT_point2oct(ecgroup, ecpoint, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL);
if (!(buf = malloc(len))) {
sc_log_openssl(ctx);
fprintf(stderr, "EC_KEY_set_public_key out of memory\n");
EC_GROUP_free(ecgroup);
EC_POINT_free(ecpoint);
return -1;
}
if (EC_POINT_point2oct(ecgroup, ecpoint, POINT_CONVERSION_COMPRESSED, buf, len, NULL) == 0) {
sc_log_openssl(ctx);
fprintf(stderr, "EC_KEY_set_public_key failed\n");
EC_GROUP_free(ecgroup);
EC_POINT_free(ecpoint);
Expand All @@ -510,26 +556,28 @@ static int gen_key(const char * key_info)
OSSL_PARAM_BLD_push_utf8_string(bld, "group", group_name, strlen(group_name)) != 1 ||
OSSL_PARAM_BLD_push_octet_string(bld, "pub", buf, len) != 1 ||
!(params = OSSL_PARAM_BLD_to_param(bld))) {
sc_log_openssl(ctx);
OSSL_PARAM_BLD_free(bld);
free(buf);
return -1;
}
free(buf);
OSSL_PARAM_BLD_free(bld);

ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if (!ctx ||
EVP_PKEY_fromdata_init(ctx) != 1 ||
EVP_PKEY_fromdata(ctx, &evpkey, EVP_PKEY_KEYPAIR, params) != 1) {
cctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if (!cctx ||
EVP_PKEY_fromdata_init(cctx) != 1 ||
EVP_PKEY_fromdata(cctx, &evpkey, EVP_PKEY_KEYPAIR, params) != 1) {
sc_log_openssl(ctx);
fprintf(stderr, "gen_key unable to gen EC key");
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_CTX_free(cctx);
OSSL_PARAM_free(params);
return -1;
}
if (verbose)
EVP_PKEY_print_public_fp(stdout, evpkey, 0, NULL);

EVP_PKEY_CTX_free(ctx);
EVP_PKEY_CTX_free(cctx);
OSSL_PARAM_free(params);
#endif
#else /* OPENSSL_NO_EC */
Expand Down

0 comments on commit 8dd1ae3

Please sign in to comment.