inline void validate_port(const std::string& port, const std::string& title, unsigned int *value = NULL)
{
if (!parse_number_validate<unsigned int>(port, 5, 1, 65535, value))
OPENVPN_THROW(option_error, "bad " << title << " number: " << port);
}
ExternalPKIImpl(SSL_CTX* ssl_ctx, ::X509* cert, ExternalPKIBase* external_pki_arg)
: external_pki(external_pki_arg), n_errors(0)
{
RSA *rsa = NULL;
RSA_METHOD *rsa_meth = NULL;
RSA *pub_rsa = NULL;
const char *errtext = "";
/* allocate custom RSA method object */
rsa_meth = new RSA_METHOD;
std::memset(rsa_meth, 0, sizeof(RSA_METHOD));
rsa_meth->name = "OpenSSLContext::ExternalPKIImpl private key RSA Method";
rsa_meth->rsa_pub_enc = rsa_pub_enc;
rsa_meth->rsa_pub_dec = rsa_pub_dec;
rsa_meth->rsa_priv_enc = rsa_priv_enc;
rsa_meth->rsa_priv_dec = rsa_priv_dec;
rsa_meth->init = NULL;
rsa_meth->finish = rsa_finish;
rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
rsa_meth->app_data = (char *)this;
/* allocate RSA object */
rsa = RSA_new();
if (rsa == NULL)
{
SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
errtext = "RSA_new";
goto err;
}
/* get the public key */
if (cert->cert_info->key->pkey == NULL) /* NULL before SSL_CTX_use_certificate() is called */
{
errtext = "pkey is NULL";
goto err;
}
pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
/* initialize RSA object */
rsa->n = BN_dup(pub_rsa->n);
rsa->flags |= RSA_FLAG_EXT_PKEY;
if (!RSA_set_method(rsa, rsa_meth))
{
errtext = "RSA_set_method";
goto err;
}
/* bind our custom RSA object to ssl_ctx */
if (!SSL_CTX_use_RSAPrivateKey(ssl_ctx, rsa))
{
errtext = "SSL_CTX_use_RSAPrivateKey";
goto err;
}
RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
return;
err:
if (rsa)
RSA_free(rsa);
else
{
if (rsa_meth)
free(rsa_meth);
}
OPENVPN_THROW(OpenSSLException, "OpenSSLContext::ExternalPKIImpl: " << errtext);
}