3 files changed, 28 insertions, 86 deletions
diff --git a/utils.c b/utils.c
index cdfa2e6..24a6be6 100644
--- a/utils.c
+++ b/utils.c
@@ -295,7 +295,7 @@ int adduser(const char *uid)
    }
    printf("\nCreating RSA key...\n");
-    key = xs_rsa_genkey(4096);
+    key = xs_evp_genkey(4096);
    printf("Done.\n");
    xs *kfn = xs_fmt("%s/key.json", basedir);
diff --git a/xs_openssl.h b/xs_openssl.h
index 88da916..eef57ed 100644
--- a/xs_openssl.h
+++ b/xs_openssl.h
@@ -11,9 +11,7 @@ xs_str *_xs_digest(const xs_val *input, int size, const char *digest, int as_hex
 #define xs_sha256_hex(input, size)    _xs_digest(input, size, "sha256", 1)
 #define xs_sha256_base64(input, size) _xs_digest(input, size, "sha256", 0)
-xs_dict *xs_rsa_genkey(int bits);
+xs_dict *xs_evp_genkey(int bits);
-xs_str *xs_rsa_sign(const char *secret, const char *mem, int size);
-int xs_rsa_verify(const char *pubkey, const char *mem, int size, const char *b64sig);
 xs_str *xs_evp_sign(const char *secret, const char *mem, int size);
 int xs_evp_verify(const char *pubkey, const char *mem, int size, const char *b64sig);
@@ -47,98 +45,42 @@ xs_str *_xs_digest(const xs_val *input, int size, const char *digest, int as_hex
 }
-xs_dict *xs_rsa_genkey(int bits)
+xs_dict *xs_evp_genkey(int bits)
-/* generates an RSA keypair */
+/* generates an RSA keypair using the EVP interface */
 {
-    BIGNUM *bne;
-    RSA *rsa;
    xs_dict *keypair = NULL;
+    EVP_PKEY_CTX *ctx;
+    EVP_PKEY *pkey = NULL;
-    if ((bne = BN_new()) != NULL) {
+    if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
-        if (BN_set_word(bne, RSA_F4) == 1) {
+        goto end;
-            if ((rsa = RSA_new()) != NULL) {
-                if (RSA_generate_key_ex(rsa, bits, bne, NULL) == 1) {
-                    BIO *bs = BIO_new(BIO_s_mem());
-                    BIO *bp = BIO_new(BIO_s_mem());
-                    BUF_MEM *sptr;
-                    BUF_MEM *pptr;
-                    PEM_write_bio_RSAPrivateKey(bs, rsa, NULL, NULL, 0, 0, NULL);
+    if (EVP_PKEY_keygen_init(ctx) <= 0 ||
-                    BIO_get_mem_ptr(bs, &sptr);
+        EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0 ||
+        EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        goto end;
-                    PEM_write_bio_RSA_PUBKEY(bp, rsa);
+    BIO *bs = BIO_new(BIO_s_mem());
-                    BIO_get_mem_ptr(bp, &pptr);
+    BIO *bp = BIO_new(BIO_s_mem());
+    BUF_MEM *sptr;
+    BUF_MEM *pptr;
-                    keypair = xs_dict_new();
+    PEM_write_bio_PrivateKey(bs, pkey, NULL, NULL, 0, 0, NULL);
+    BIO_get_mem_ptr(bs, &sptr);
-                    keypair = xs_dict_append(keypair, "secret", sptr->data);
+    PEM_write_bio_PUBKEY(bp, pkey);
-                    keypair = xs_dict_append(keypair, "public", pptr->data);
+    BIO_get_mem_ptr(bp, &pptr);
-                    BIO_free(bs);
+    keypair = xs_dict_new();
-                    BIO_free(bp);
-                }
-            }
-        }
-    }
-    return keypair;    
-}
-xs_str *xs_rsa_sign(const char *secret, const char *mem, int size)
-/* signs a memory block (secret is in PEM format) */
-{
-    xs_str *signature = NULL;
-    BIO *b;
-    RSA *rsa;
-    unsigned char *sig;
-    unsigned int sig_len;
-    /* un-PEM the key */
-    b = BIO_new_mem_buf(secret, strlen(secret));
-    rsa = PEM_read_bio_RSAPrivateKey(b, NULL, NULL, NULL);
-    /* alloc space */
-    sig = xs_realloc(NULL, RSA_size(rsa));
-    if (RSA_sign(NID_sha256, (unsigned char *)mem, size, sig, &sig_len, rsa) == 1)
-        signature = xs_base64_enc((char *)sig, sig_len);
-    BIO_free(b);
-    RSA_free(rsa);
-    xs_free(sig);
-    return signature;
+    keypair = xs_dict_append(keypair, "secret", sptr->data);
-}
+    keypair = xs_dict_append(keypair, "public", pptr->data);
+    BIO_free(bs);
+    BIO_free(bp);
-int xs_rsa_verify(const char *pubkey, const char *mem, int size, const char *b64sig)
+end:
-/* verifies a base64 block, returns non-zero on ok */
+    return keypair;
-{
-    int r = 0;
-    BIO *b;
-    RSA *rsa;
-    /* un-PEM the key */
-    b = BIO_new_mem_buf(pubkey, strlen(pubkey));
-    rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);
-    if (rsa != NULL) {
-        xs *sig = NULL;
-        int s_size;
-        /* de-base64 */
-        sig = xs_base64_dec(b64sig,  &s_size);
-        if (sig != NULL)
-            r = RSA_verify(NID_sha256, (unsigned char *)mem, size,
-                           (unsigned char *)sig, s_size, rsa);
-    }
-    BIO_free(b);
-    RSA_free(rsa);
-    return r;
 }
diff --git a/xs_version.h b/xs_version.h
index 9fc844f..559fab6 100644
--- a/xs_version.h
+++ b/xs_version.h
@@ -1 +1 @@
-/* fe95bda22e514fa188c50438cce0eee0c6919911 */
+/* b4afa5f823a998a263159ebfe9be67b81a8cc774 */

diff --git a/utils.c b/utils.c index cdfa2e6..24a6be6 100644 --- a/utils.c +++ b/utils.c
@@ -295,7 +295,7 @@ int adduser(const char *uid)
295	}	295	}
296		296
297	printf("\nCreating RSA key...\n");	297	printf("\nCreating RSA key...\n");
298	key = xs_rsa_genkey(4096);	298	key = xs_evp_genkey(4096);
299	printf("Done.\n");	299	printf("Done.\n");
300		300
301	xs *kfn = xs_fmt("%s/key.json", basedir);	301	xs *kfn = xs_fmt("%s/key.json", basedir);


diff --git a/xs_openssl.h b/xs_openssl.h index 88da916..eef57ed 100644 --- a/xs_openssl.h +++ b/xs_openssl.h
@@ -11,9 +11,7 @@ xs_str _xs_digest(const xs_val input, int size, const char *digest, int as_hex
11	#define xs_sha256_hex(input, size) _xs_digest(input, size, "sha256", 1)	11	#define xs_sha256_hex(input, size) _xs_digest(input, size, "sha256", 1)
12	#define xs_sha256_base64(input, size) _xs_digest(input, size, "sha256", 0)	12	#define xs_sha256_base64(input, size) _xs_digest(input, size, "sha256", 0)
13		13
14	xs_dict *xs_rsa_genkey(int bits);	14	xs_dict *xs_evp_genkey(int bits);
15	xs_str xs_rsa_sign(const char secret, const char *mem, int size);
16	int xs_rsa_verify(const char pubkey, const char mem, int size, const char *b64sig);
17	xs_str xs_evp_sign(const char secret, const char *mem, int size);	15	xs_str xs_evp_sign(const char secret, const char *mem, int size);
18	int xs_evp_verify(const char pubkey, const char mem, int size, const char *b64sig);	16	int xs_evp_verify(const char pubkey, const char mem, int size, const char *b64sig);
19		17
@@ -47,98 +45,42 @@ xs_str _xs_digest(const xs_val input, int size, const char *digest, int as_hex
47	}	45	}
48		46
49		47
50	xs_dict *xs_rsa_genkey(int bits)	48	xs_dict *xs_evp_genkey(int bits)
51	/* generates an RSA keypair */	49	/* generates an RSA keypair using the EVP interface */
52	{	50	{
53	BIGNUM *bne;
54	RSA *rsa;
55	xs_dict *keypair = NULL;	51	xs_dict *keypair = NULL;
		52	EVP_PKEY_CTX *ctx;
		53	EVP_PKEY *pkey = NULL;
56		54
57	if ((bne = BN_new()) != NULL) {	55	if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
58	if (BN_set_word(bne, RSA_F4) == 1) {	56	goto end;
59	if ((rsa = RSA_new()) != NULL) {
60	if (RSA_generate_key_ex(rsa, bits, bne, NULL) == 1) {
61	BIO *bs = BIO_new(BIO_s_mem());
62	BIO *bp = BIO_new(BIO_s_mem());
63	BUF_MEM *sptr;
64	BUF_MEM *pptr;
65		57
66	PEM_write_bio_RSAPrivateKey(bs, rsa, NULL, NULL, 0, 0, NULL);	58	if (EVP_PKEY_keygen_init(ctx) <= 0 \|\|
67	BIO_get_mem_ptr(bs, &sptr);	59	EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0 \|\|
		60	EVP_PKEY_keygen(ctx, &pkey) <= 0)
		61	goto end;
68		62
69	PEM_write_bio_RSA_PUBKEY(bp, rsa);	63	BIO *bs = BIO_new(BIO_s_mem());
70	BIO_get_mem_ptr(bp, &pptr);	64	BIO *bp = BIO_new(BIO_s_mem());
		65	BUF_MEM *sptr;
		66	BUF_MEM *pptr;
71		67
72	keypair = xs_dict_new();	68	PEM_write_bio_PrivateKey(bs, pkey, NULL, NULL, 0, 0, NULL);
		69	BIO_get_mem_ptr(bs, &sptr);
73		70
74	keypair = xs_dict_append(keypair, "secret", sptr->data);	71	PEM_write_bio_PUBKEY(bp, pkey);
75	keypair = xs_dict_append(keypair, "public", pptr->data);	72	BIO_get_mem_ptr(bp, &pptr);
76		73
77	BIO_free(bs);	74	keypair = xs_dict_new();
78	BIO_free(bp);
79	}
80	}
81	}
82	}
83
84	return keypair;
85	}
86
87
88	xs_str xs_rsa_sign(const char secret, const char *mem, int size)
89	/* signs a memory block (secret is in PEM format) */
90	{
91	xs_str *signature = NULL;
92	BIO *b;
93	RSA *rsa;
94	unsigned char *sig;
95	unsigned int sig_len;
96
97	/* un-PEM the key */
98	b = BIO_new_mem_buf(secret, strlen(secret));
99	rsa = PEM_read_bio_RSAPrivateKey(b, NULL, NULL, NULL);
100
101	/* alloc space */
102	sig = xs_realloc(NULL, RSA_size(rsa));
103
104	if (RSA_sign(NID_sha256, (unsigned char *)mem, size, sig, &sig_len, rsa) == 1)
105	signature = xs_base64_enc((char *)sig, sig_len);
106
107	BIO_free(b);
108	RSA_free(rsa);
109	xs_free(sig);
110		75
111	return signature;	76	keypair = xs_dict_append(keypair, "secret", sptr->data);
112	}	77	keypair = xs_dict_append(keypair, "public", pptr->data);
113		78
		79	BIO_free(bs);
		80	BIO_free(bp);
114		81
115	int xs_rsa_verify(const char pubkey, const char mem, int size, const char *b64sig)	82	end:
116	/* verifies a base64 block, returns non-zero on ok */	83	return keypair;
117	{
118	int r = 0;
119	BIO *b;
120	RSA *rsa;
121
122	/* un-PEM the key */
123	b = BIO_new_mem_buf(pubkey, strlen(pubkey));
124	rsa = PEM_read_bio_RSA_PUBKEY(b, NULL, NULL, NULL);
125
126	if (rsa != NULL) {
127	xs *sig = NULL;
128	int s_size;
129
130	/* de-base64 */
131	sig = xs_base64_dec(b64sig, &s_size);
132
133	if (sig != NULL)
134	r = RSA_verify(NID_sha256, (unsigned char *)mem, size,
135	(unsigned char *)sig, s_size, rsa);
136	}
137
138	BIO_free(b);
139	RSA_free(rsa);
140
141	return r;
142	}	84	}
143		85
144		86


diff --git a/xs_version.h b/xs_version.h index 9fc844f..559fab6 100644 --- a/xs_version.h +++ b/xs_version.h
@@ -1 +1 @@
	/* fe95bda22e514fa188c50438cce0eee0c6919911 */		/* b4afa5f823a998a263159ebfe9be67b81a8cc774 */