fgerlits commented on code in PR #1656:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1656#discussion_r1325627316
##########
libminifi/src/utils/tls/CertificateUtils.cpp:
##########
@@ -87,6 +92,73 @@ X509_unique_ptr convertWindowsCertificate(const
PCCERT_CONTEXT certificate) {
return X509_unique_ptr{d2i_X509(nullptr, &certificate_binary,
certificate_length)};
}
+struct OSSL_PARAM_BLD_deleter {
+ void operator()(OSSL_PARAM_BLD* param_builder) const {
OSSL_PARAM_BLD_free(param_builder); }
+};
+using OSSL_PARAM_BLD_unique_ptr = std::unique_ptr<OSSL_PARAM_BLD,
OSSL_PARAM_BLD_deleter>;
+
+struct OSSL_PARAM_deleter {
+ void operator()(OSSL_PARAM* params) const { OSSL_PARAM_free(params); }
+};
+using OSSL_PARAM_unique_ptr = std::unique_ptr<OSSL_PARAM, OSSL_PARAM_deleter>;
+
+struct EVP_PKEY_CTX_deleter {
+ void operator()(EVP_PKEY_CTX* pkey_context) const {
EVP_PKEY_CTX_free(pkey_context); }
+};
+using EVP_PKEY_CTX_unique_ptr = std::unique_ptr<EVP_PKEY_CTX,
EVP_PKEY_CTX_deleter>;
+
+EVP_PKEY_unique_ptr convertWindowsRsaKeyPair(std::span<BYTE> data) {
+ //
https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob
+ auto const blob = reinterpret_cast<BCRYPT_RSAKEY_BLOB *>(data.data());
+
+ if (blob->Magic == BCRYPT_RSAFULLPRIVATE_MAGIC) {
+ OSSL_PARAM_BLD_unique_ptr param_builder{OSSL_PARAM_BLD_new()};
+
+ // n is the modulus common to both public and private key
+ auto const n = BN_bin2bn(data.data() + sizeof(BCRYPT_RSAKEY_BLOB) +
blob->cbPublicExp, blob->cbModulus, nullptr);
+ // e is the public exponent
+ auto const e = BN_bin2bn(data.data() + sizeof(BCRYPT_RSAKEY_BLOB),
blob->cbPublicExp, nullptr);
+ // d is the private exponent
+ auto const d = BN_bin2bn(data.data() + sizeof(BCRYPT_RSAKEY_BLOB) +
blob->cbPublicExp + blob->cbModulus + blob->cbPrime1
+ + blob->cbPrime2 + blob->cbPrime1 +
blob->cbPrime2 + blob->cbPrime1, blob->cbModulus, nullptr);
Review Comment:
I have changed to `const auto*` in 8d0abc4911011858731bfce5f113075775906172.
I have also added some error checking in
a3c010fc2d3c72d7103e948933bbfcbdfda690fa.
In the longer term, instead of further polishing this turd, I would prefer
to convert the Windows key-pair blob to an X.509/DER byte sequence, and create
an OpenSSL EVP_PKEY object from that. That should happen in a separate pull
request, when I (or others) figure out how to do it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
