source-git / openssl-pkcs11

Clone
Source Code
GIT

Blame tests/check-privkey.c

c8 c8s master
  1.   c8s
  2.   tests
  3.   check-privkey.c
Blob History Raw
Packit Service 2ea82d 
/*
Packit Service 2ea82d 
* Copyright (C) 2019 Anderson Toshiyuki Sasaki
Packit Service 2ea82d 
* Copyright (C) 2019 Red Hat, Inc.
Packit Service 2ea82d 
*
Packit Service 2ea82d 
* This program is free software: you can redistribute it and/or modify
Packit Service 2ea82d 
* it under the terms of the GNU General Public License as published by
Packit Service 2ea82d 
* the Free Software Foundation, either version 3 of the License, or
Packit Service 2ea82d 
* (at your option) any later version.
Packit Service 2ea82d 
*
Packit Service 2ea82d 
* This program is distributed in the hope that it will be useful,
Packit Service 2ea82d 
* but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 2ea82d 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 2ea82d 
* GNU General Public License for more details.
Packit Service 2ea82d 
*
Packit Service 2ea82d 
* You should have received a copy of the GNU General Public License
Packit Service 2ea82d 
* along with this program.  If not, see <https://www.gnu.org/licenses/>.
Packit Service 2ea82d 
*/
Packit Service 2ea82d
Packit Service 2ea82d 
#include <stdio.h>
Packit Service 2ea82d 
#include <stdlib.h>
Packit Service 2ea82d 
#include <unistd.h>
Packit Service 2ea82d
Packit Service 2ea82d 
#include <openssl/engine.h>
Packit Service 2ea82d 
#include <openssl/conf.h>
Packit Service 2ea82d 
#include <openssl/evp.h>
Packit Service 2ea82d 
#include <openssl/x509.h>
Packit Service 2ea82d 
#include <openssl/pem.h>
Packit Service 2ea82d 
#include <openssl/err.h>
Packit Service 2ea82d
Packit Service 2ea82d 
static void usage(char *argv[])
Packit Service 2ea82d 
{
Packit Service 2ea82d 
	fprintf(stderr, "%s [certificate (PEM)] [private key URL] [module] [conf]\n", argv[0]);
Packit Service 2ea82d 
}
Packit Service 2ea82d
Packit Service 2ea82d 
static void display_openssl_errors(int l)
Packit Service 2ea82d 
{
Packit Service 2ea82d 
	const char *file;
Packit Service 2ea82d 
	char buf[120];
Packit Service 2ea82d 
	int e, line;
Packit Service 2ea82d
Packit Service 2ea82d 
	if (ERR_peek_error() == 0)
Packit Service 2ea82d 
		return;
Packit Service 2ea82d 
	fprintf(stderr, "At main.c:%d:\n", l);
Packit Service 2ea82d
Packit Service 2ea82d 
	while ((e = ERR_get_error_line(&file, &line))) {
Packit Service 2ea82d 
		ERR_error_string(e, buf);
Packit Service 2ea82d 
		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
Packit Service 2ea82d 
	}
Packit Service 2ea82d 
}
Packit Service 2ea82d
Packit Service 2ea82d 
int main(int argc, char *argv[])
Packit Service 2ea82d 
{
Packit Service 2ea82d 
	ENGINE *engine;
Packit Service 2ea82d 
	EVP_PKEY *pkey;
Packit Service 2ea82d 
	X509 *cert;
Packit Service 2ea82d 
	FILE *cert_fp;
Packit Service 2ea82d
Packit Service 2ea82d 
	const char *module, *efile, *certfile, *privkey;
Packit Service 2ea82d
Packit Service 2ea82d 
	int ret = 0;
Packit Service 2ea82d
Packit Service 2ea82d 
	if (argc < 4){
Packit Service 2ea82d 
		printf("Too few arguments\n");
Packit Service 2ea82d 
		usage(argv);
Packit Service 2ea82d 
		return 1;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	certfile = argv[1];
Packit Service 2ea82d 
	privkey = argv[2];
Packit Service 2ea82d 
	module = argv[3];
Packit Service 2ea82d 
	efile = argv[4];
Packit Service 2ea82d
Packit Service 2ea82d 
	cert_fp = fopen(certfile, "rb");
Packit Service 2ea82d 
	if (!cert_fp) {
Packit Service 2ea82d 
		fprintf(stderr, "Could not open file %s\n", certfile);
Packit Service 2ea82d 
		ret = 1;
Packit Service 2ea82d 
		goto end;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	cert = PEM_read_X509(cert_fp, NULL, NULL, NULL);
Packit Service 2ea82d 
	if (!cert) {
Packit Service 2ea82d 
		fprintf(stderr, "Could not read certificate file"
Packit Service 2ea82d 
				"(must be PEM format)\n");
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	if (cert_fp) {
Packit Service 2ea82d 
		fclose(cert_fp);
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	ret = CONF_modules_load_file(efile, "engines", 0);
Packit Service 2ea82d 
	if (ret <= 0) {
Packit Service 2ea82d 
		fprintf(stderr, "cannot load %s\n", efile);
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		exit(1);
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	ENGINE_add_conf_module();
Packit Service 2ea82d 
#if OPENSSL_VERSION_NUMBER>=0x10100000
Packit Service 2ea82d 
	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
Packit Service 2ea82d 
		| OPENSSL_INIT_ADD_ALL_DIGESTS \
Packit Service 2ea82d 
		| OPENSSL_INIT_LOAD_CONFIG, NULL);
Packit Service 2ea82d 
#else
Packit Service 2ea82d 
	OpenSSL_add_all_algorithms();
Packit Service 2ea82d 
	OpenSSL_add_all_digests();
Packit Service 2ea82d 
	ERR_load_crypto_strings();
Packit Service 2ea82d 
#endif
Packit Service 2ea82d 
	ERR_clear_error();
Packit Service 2ea82d
Packit Service 2ea82d 
	ENGINE_load_builtin_engines();
Packit Service 2ea82d
Packit Service 2ea82d 
	engine = ENGINE_by_id("pkcs11");
Packit Service 2ea82d 
	if (engine == NULL) {
Packit Service 2ea82d 
		printf("Could not get engine\n");
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		ret = 1;
Packit Service 2ea82d 
		goto end;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		exit(1);
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module, 0)) {
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		exit(1);
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	if (!ENGINE_init(engine)) {
Packit Service 2ea82d 
		printf("Could not initialize engine\n");
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		ret = 1;
Packit Service 2ea82d 
		goto end;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	pkey = ENGINE_load_private_key(engine, privkey, 0, 0);
Packit Service 2ea82d
Packit Service 2ea82d 
	if (pkey == NULL) {
Packit Service 2ea82d 
		printf("Could not load key\n");
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		ret = 1;
Packit Service 2ea82d 
		goto end;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	ENGINE_finish(engine);
Packit Service 2ea82d
Packit Service 2ea82d 
	ret = X509_check_private_key(cert, pkey);
Packit Service 2ea82d 
	if (!ret) {
Packit Service 2ea82d 
		printf("Could not check private key\n");
Packit Service 2ea82d 
		display_openssl_errors(__LINE__);
Packit Service 2ea82d 
		ret = 1;
Packit Service 2ea82d 
		goto end;
Packit Service 2ea82d 
	}
Packit Service 2ea82d
Packit Service 2ea82d 
	printf("Key and certificate matched\n");
Packit Service 2ea82d 
	ret = 0;
Packit Service 2ea82d
Packit Service 2ea82d 
	CONF_modules_unload(1);
Packit Service 2ea82d 
end:
Packit Service 2ea82d 
	X509_free(cert);
Packit Service 2ea82d 
	EVP_PKEY_free(pkey);
Packit Service 2ea82d
Packit Service 2ea82d 
	return ret;
Packit Service 2ea82d 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation