void manager::init(actor_system_config&) {
CAF_LOG_TRACE("");
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_conf();
SSL_library_init();
SSL_load_error_strings();
if (authentication_enabled()) {
if (system().config().openssl_certificate.size() == 0)
CAF_RAISE_ERROR("No certificate configured for SSL endpoint");
if (system().config().openssl_key.size() == 0)
CAF_RAISE_ERROR("No private key configured for SSL endpoint");
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
std::lock_guard<std::mutex> lock{init_mutex};
++init_count;
if (init_count == 1) {
mutexes = std::vector<std::mutex>(CRYPTO_num_locks());
CRYPTO_set_locking_callback(locking_function);
CRYPTO_set_dynlock_create_callback(dynlock_create);
CRYPTO_set_dynlock_lock_callback(dynlock_lock);
CRYPTO_set_dynlock_destroy_callback(dynlock_destroy);
// OpenSSL's default thread ID callback should work, so don't set our own.
}
#endif
}
ikptr
ikrt_openssl_add_all_algorithms_conf (ikpcb * pcb)
{
#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS_CONF
OPENSSL_add_all_algorithms_conf();
return IK_VOID;
#else
feature_failure(__func__);
#endif
}
int CCertificateRequestGenerator::Generate()
//Generate certificate request and write into a file
{
FILE* fp = NULL;
char* pbPassword = NULL;
EVP_PKEY* pKey = NULL;
X509_REQ* pReq = NULL;
X509_NAME* pSubj = NULL;
const EVP_MD* pDigest = NULL;
DWORD bytesWritten;
struct entry_pack* pEntPack = NULL;
int retFunc = FAIL;
//Get command prompt handle
HANDLE hndl = GetStdHandle(STD_OUTPUT_HANDLE);
OPENSSL_add_all_algorithms_conf();
ERR_load_crypto_strings();
//First read private key from key file
if(!(fp = _tfopen(m_privateKeyFile, _T("r"))))
{
PrintErrorInfo("Error reading key file!", EGeneric, constparams);
WriteConsole(hndl, m_privateKeyFile, wcslen(m_privateKeyFile), &bytesWritten, 0);
return retFunc;
}
if(m_password[0] != 0)
{
DWORD len = 0;
len = _tcslen(m_password);
pbPassword = MakeMBCSString(m_password, CP_UTF8, len);
pKey = PEM_read_PrivateKey(fp, NULL, NULL, pbPassword);
delete pbPassword;
}
else
{
pKey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
}
fclose(fp); fp = NULL;
if(!pKey)
{
PrintErrorInfo("Error reading private key in key file!", EOPENSSL, constparams);
return retFunc;
}
try
{
//Create a new cert request and add the public key into it
if(!(pReq = X509_REQ_new()))
{
PrintErrorInfo("Error creating X509 request object!", EOPENSSL, constparams);
throw EOPENSSL;
}
X509_REQ_set_pubkey(pReq, pKey);
//Now create DN name entries and assign them to request
if(!(pSubj = X509_NAME_new()))
{
PrintErrorInfo("Error creating X509 name object!", EOPENSSL, constparams);
throw EOPENSSL;
}
//Format DN string
DoFormatted(m_dname, &pEntPack);
if(pEntPack->num == 0)
{
PrintErrorInfo("Error formatting Distinguished Name!", EGeneric, constparams);
throw EGeneric;
}
for (int i = 0; i < pEntPack->num; i++)
{
int nid = 0;
DWORD lent = 0;
X509_NAME_ENTRY *pEnt = NULL;
LPSTR pbMBSTRUTF8 = NULL;
if((pEntPack->entries[i].value == NULL) || (pEntPack->entries[i].key == NULL))
{
PrintErrorInfo("Error in Distinguished Name construction!", EGeneric, constparams);
throw EGeneric;
}
if((nid = OBJ_txt2nid(pEntPack->entries[i].key)) == NID_undef)
{
PrintErrorInfo("Error finding NID for a DN entry!", EOPENSSL, constparams);
throw EOPENSSL;
}
lent = _tcslen(pEntPack->entries[i].value);
pbMBSTRUTF8 = MakeMBCSString(pEntPack->entries[i].value, CP_UTF8, lent);
if(lent > 64) //OpenSSL does not accept a string longer than 64
{
if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)"dummy", 5)))
{
PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams);
throw EOPENSSL;
}
pEnt->value->data = (unsigned char *)malloc(lent+1);
for(DWORD j=0; j<lent; j++ )
{
pEnt->value->data[j] = pbMBSTRUTF8[j];
}
pEnt->value->length = lent;
}
else if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)pbMBSTRUTF8, lent)))
{
PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams);
throw EOPENSSL;
}
if(X509_NAME_add_entry(pSubj, pEnt, -1, 0) != 1)
{
PrintErrorInfo("Error adding entry to X509 Name!", EOPENSSL, constparams);
throw EOPENSSL;
}
delete pbMBSTRUTF8;
}//for
SYMBIAN_FREE_MEM(pEntPack);
if(X509_REQ_set_subject_name(pReq, pSubj) != 1)
{
PrintErrorInfo("Error adding subject to request!", EOPENSSL, constparams);
throw EOPENSSL;
}
//Find the correct digest and sign the request
if(EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA)
{
pDigest = EVP_dss1();
}
else if(EVP_PKEY_type(pKey->type) == EVP_PKEY_RSA)
{
pDigest = EVP_sha1();
}
else
{
PrintErrorInfo("Error checking private key type!", EOPENSSL, constparams);
throw EOPENSSL;
}
if(!(X509_REQ_sign(pReq, pKey, pDigest)))
{
PrintErrorInfo("Error signing request!", EOPENSSL, constparams);
throw EOPENSSL;
}
if(!(fp = _tfopen(m_RequestFile, _T("w"))))
{
PrintErrorInfo("Error writing to request file!",EGeneric,constparams);
throw EGeneric;
}
if(PEM_write_X509_REQ(fp, pReq) != 1)
{
PrintErrorInfo("Error while writing to request file!", EOPENSSL, constparams);
throw EOPENSSL;
}
//Free variables
EVP_PKEY_free(pKey);
X509_NAME_free(pSubj);
X509_REQ_free(pReq);
fclose(fp);
_tprintf(_T("\nCreated request: "));
WriteConsole(hndl, m_RequestFile, wcslen(m_RequestFile), &bytesWritten, 0);
retFunc = SUCCESS;
}
catch (...)
{
if(pKey)
{
EVP_PKEY_free(pKey);
}
if(pSubj)
{
X509_NAME_free(pSubj);
}
if(pReq)
{
X509_REQ_free(pReq);
}
SYMBIAN_FREE_MEM(pEntPack);
}
return retFunc;
}
int CDSAKeyGenerator::Generate()
//Generate a DSA key with pre-determined length
{
unsigned char* pbSeed = NULL;
DSA* pDSAParams = NULL;
FILE* fp = NULL;
LPSTR pbPassword = NULL;
const _TCHAR* pPrivKeyFile = NULL;
int retVal = FAIL;
int retFunc = FAIL;
pPrivKeyFile = GetPrivateKeyFile();
if(!pPrivKeyFile)
{
PrintErrorInfo("Bad parameter error!", EGeneric, constparams);
return 0;
}
OPENSSL_add_all_algorithms_conf();
ERR_load_crypto_strings();
int dwKeyLength = 0;
dwKeyLength = GetKeyLength();
try
{
retVal = GenerateSeed(dwKeyLength, &pbSeed);
if(retVal != SUCCESS)
{
throw EMSCrypto;
}
//Generate DSA params (p,q and g)
_tprintf(_T("\nGenerating DSA key ."));
pDSAParams = DSA_generate_parameters(dwKeyLength, pbSeed, dwKeyLength, NULL, NULL, DSAKeyStatus, NULL);
if(!pDSAParams)
{
PrintErrorInfo("Error generating DSA key params!", EOPENSSL, constparams);
throw EOPENSSL;
}
//Generate DSA key
retVal = DSA_generate_key(pDSAParams);
if(!retVal)
{
PrintErrorInfo("DSA key generation failed!", EOPENSSL, constparams);
throw EOPENSSL;
}
_tprintf(_T("Generated!\n"));
//Create a key file
fp = _tfopen(pPrivKeyFile, _T("w"));
if(!fp)
{
PrintErrorInfo("Error creating key file!", EGeneric, constparams);
throw EOPENSSL;
}
//Write generated DSA key to the key file
if(m_bPassword)
{
DWORD len = 0;
len = _tcslen(GetPassword());
pbPassword = MakeMBCSString(GetPassword(), CP_UTF8, len);
retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, EVP_des_ede3_cbc(), (unsigned char *) pbPassword, len, NULL, NULL);
delete pbPassword;
}
else if(m_bAsk)
{
retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, EVP_des_ede3_cbc(), NULL, 0, NULL, NULL);
}
else
{
_tprintf(_T("\n"));
retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, NULL , NULL, 0, NULL, NULL);
}
if(!retVal)
{
PrintErrorInfo("Error writing to key file", EOPENSSL, constparams);
throw EOPENSSL;
}
//Free variables
DSA_free(pDSAParams);
fclose(fp);
SYMBIAN_FREE_MEM(pbSeed);
//Get command prompt handle
HANDLE hndl = 0;
hndl = GetStdHandle(STD_OUTPUT_HANDLE);
_tprintf(_T("\nCreated key: "));
DWORD bytesWritten;
WriteConsole(hndl, pPrivKeyFile, wcslen(pPrivKeyFile), &bytesWritten, NULL);
retFunc = SUCCESS;
}
catch (...)
{
//Delete dsa params
if(pDSAParams)
{
DSA_free(pDSAParams);
}
if (fp)
{
fclose(fp);
}
SYMBIAN_FREE_MEM(pbSeed);
}
return retFunc;
}
