命令行参数 server_priv_key.pem client_priv_key.pem
这2个证书是前面certs目录里面做的
官方这个程序有bug, 给出2个证书, 还要从屏幕上输入
if (OSSL_DECODER_from_fp(dctx, f) == 0) { /*< 在这里阻塞住了, 让在屏幕上输入东西, 让我输入啥啊 ?
关键是输入了, 回车也不返回程序.
先放这里, 等整明白了, 再来修正这个工程.
/*!
\file rsa_encode.c
\note openssl3.2 - 官方demo学习 - encode - rsa_encode.c
命令行参数 server_priv_key.pem client_priv_key.pem
这2个证书是前面certs目录里面做的
官方这个程序有bug, 给出2个证书, 还要从屏幕上输入
if (OSSL_DECODER_from_fp(dctx, f) == 0) { /*< 在这里阻塞住了, 让在屏幕上输入东西, 让我输入啥啊 ?
关键是输入了, 回车也不返回程序.
先放这里, 等整明白了, 再来修正这个工程.
*/
/*-
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/decoder.h>
#include <openssl/encoder.h>
#include <openssl/evp.h>
#include "my_openSSL_lib.h"
/*
* Example showing the encoding and decoding of RSA public and private keys. A
* PEM-encoded RSA key is read in from stdin, decoded, and then re-encoded and
* output for demonstration purposes. Both public and private keys are accepted.
*
* This can be used to load RSA keys from a file or save RSA keys to a file.
*/
/* A property query used for selecting algorithm implementations. */
static const char* propq = NULL;
/*
* Load a PEM-encoded RSA key from a file, optionally decrypting it with a
* supplied passphrase.
*/
static EVP_PKEY* load_key(OSSL_LIB_CTX* libctx, FILE* f, const char* passphrase)
{
int ret = 0;
EVP_PKEY* pkey = NULL;
OSSL_DECODER_CTX* dctx = NULL;
int selection = 0;
/*
* Create PEM decoder context expecting an RSA key.
*
* For raw (non-PEM-encoded) keys, change "PEM" to "DER".
*
* The selection argument here specifies whether we are willing to accept a
* public key, private key, or either. If it is set to zero, either will be
* accepted. If set to EVP_PKEY_KEYPAIR, a private key will be required, and
* if set to EVP_PKEY_PUBLIC_KEY, a public key will be required.
*/
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "RSA",
selection,
libctx, propq);
if (dctx == NULL) {
fprintf(stderr, "OSSL_DECODER_CTX_new_for_pkey() failed\n");
goto cleanup;
}
/*
* Set passphrase if provided; needed to decrypt encrypted PEM files.
* If the input is not encrypted, any passphrase provided is ignored.
*
* Alternative methods for specifying passphrases exist, such as a callback
* (see OSSL_DECODER_CTX_set_passphrase_cb(3)), which may be more useful for
* interactive applications which do not know if a passphrase should be
* prompted for in advance, or for GUI applications.
*/
if (passphrase != NULL) {
if (OSSL_DECODER_CTX_set_passphrase(dctx,
(const unsigned char*)passphrase,
strlen(passphrase)) == 0) {
fprintf(stderr, "OSSL_DECODER_CTX_set_passphrase() failed\n");
goto cleanup;
}
}
/* Do the decode, reading from file. */
if (OSSL_DECODER_from_fp(dctx, f) == 0) { /*< 在这里阻塞住了, 让在屏幕上输入东西, 让我输入啥啊 ? */
fprintf(stderr, "OSSL_DECODER_from_fp() failed\n");
goto cleanup;
}
ret = 1;
cleanup:
OSSL_DECODER_CTX_free(dctx);
/*
* pkey is created by OSSL_DECODER_CTX_new_for_pkey, but we
* might fail subsequently, so ensure it's properly freed
* in this case.
*/
if (ret == 0) {
EVP_PKEY_free(pkey);
pkey = NULL;
}
return pkey;
}
/*
* Store an RSA public or private key to a file using PEM encoding.
*
* If a passphrase is supplied, the file is encrypted, otherwise
* it is unencrypted.
*/
static int store_key(EVP_PKEY* pkey, FILE* f, const char* passphrase)
{
int ret = 0;
int selection;
OSSL_ENCODER_CTX* ectx = NULL;
/*
* Create a PEM encoder context.
*
* For raw (non-PEM-encoded) output, change "PEM" to "DER".
*
* The selection argument controls whether the private key is exported
* (EVP_PKEY_KEYPAIR), or only the public key (EVP_PKEY_PUBLIC_KEY). The
* former will fail if we only have a public key.
*
* Note that unlike the decode API, you cannot specify zero here.
*
* Purely for the sake of demonstration, here we choose to export the whole
* key if a passphrase is provided and the public key otherwise.
*/
selection = (passphrase != NULL)
? EVP_PKEY_KEYPAIR
: EVP_PKEY_PUBLIC_KEY;
ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", NULL, propq);
if (ectx == NULL) {
fprintf(stderr, "OSSL_ENCODER_CTX_new_for_pkey() failed\n");
goto cleanup;
}
/*
* Set passphrase if provided; the encoded output will then be encrypted
* using the passphrase.
*
* Alternative methods for specifying passphrases exist, such as a callback
* (see OSSL_ENCODER_CTX_set_passphrase_cb(3), just as for OSSL_DECODER_CTX;
* however you are less likely to need them as you presumably know whether
* encryption is desired in advance.
*
* Note that specifying a passphrase alone is not enough to cause the
* key to be encrypted. You must set both a cipher and a passphrase.
*/
if (passphrase != NULL) {
/* Set cipher. AES-128-CBC is a reasonable default. */
if (OSSL_ENCODER_CTX_set_cipher(ectx, "AES-128-CBC", propq) == 0) {
fprintf(stderr, "OSSL_ENCODER_CTX_set_cipher() failed\n");
goto cleanup;
}
/* Set passphrase. */
if (OSSL_ENCODER_CTX_set_passphrase(ectx,
(const unsigned char*)passphrase,
strlen(passphrase)) == 0) {
fprintf(stderr, "OSSL_ENCODER_CTX_set_passphrase() failed\n");
goto cleanup;
}
}
/* Do the encode, writing to the given file. */
if (OSSL_ENCODER_to_fp(ectx, f) == 0) {
fprintf(stderr, "OSSL_ENCODER_to_fp() failed\n");
goto cleanup;
}
ret = 1;
cleanup:
OSSL_ENCODER_CTX_free(ectx);
return ret;
}
int main(int argc, char** argv)
{
int ret = EXIT_FAILURE;
OSSL_LIB_CTX* _ossl_lib_ctx = NULL;
EVP_PKEY* _evp_pkey = NULL;
const char* passphrase_in = NULL, * passphrase_out = NULL;
/* usage: rsa_encode <passphrase-in> <passphrase-out> */
if (argc > 1 && argv[1][0])
passphrase_in = argv[1];
if (argc > 2 && argv[2][0])
passphrase_out = argv[2];
/* Decode PEM key from stdin and then PEM encode it to stdout. */
_evp_pkey = load_key(_ossl_lib_ctx, stdin, passphrase_in);
if (_evp_pkey == NULL) {
fprintf(stderr, "Failed to decode key\n");
goto cleanup;
}
if (store_key(_evp_pkey, stdout, passphrase_out) == 0) {
fprintf(stderr, "Failed to encode key\n");
goto cleanup;
}
ret = EXIT_SUCCESS;
cleanup:
EVP_PKEY_free(_evp_pkey);
OSSL_LIB_CTX_free(_ossl_lib_ctx);
return ret;
}