inline void validate_port(const std::string& port, const std::string& title, unsigned int *value = NULL) { if (!parse_number_validate<unsigned int>(port, 5, 1, 65535, value)) OPENVPN_THROW(option_error, "bad " << title << " number: " << port); }
ExternalPKIImpl(SSL_CTX* ssl_ctx, ::X509* cert, ExternalPKIBase* external_pki_arg) : external_pki(external_pki_arg), n_errors(0) { RSA *rsa = NULL; RSA_METHOD *rsa_meth = NULL; RSA *pub_rsa = NULL; const char *errtext = ""; /* allocate custom RSA method object */ rsa_meth = new RSA_METHOD; std::memset(rsa_meth, 0, sizeof(RSA_METHOD)); rsa_meth->name = "OpenSSLContext::ExternalPKIImpl private key RSA Method"; rsa_meth->rsa_pub_enc = rsa_pub_enc; rsa_meth->rsa_pub_dec = rsa_pub_dec; rsa_meth->rsa_priv_enc = rsa_priv_enc; rsa_meth->rsa_priv_dec = rsa_priv_dec; rsa_meth->init = NULL; rsa_meth->finish = rsa_finish; rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; rsa_meth->app_data = (char *)this; /* allocate RSA object */ rsa = RSA_new(); if (rsa == NULL) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); errtext = "RSA_new"; goto err; } /* get the public key */ if (cert->cert_info->key->pkey == NULL) /* NULL before SSL_CTX_use_certificate() is called */ { errtext = "pkey is NULL"; goto err; } pub_rsa = cert->cert_info->key->pkey->pkey.rsa; /* initialize RSA object */ rsa->n = BN_dup(pub_rsa->n); rsa->flags |= RSA_FLAG_EXT_PKEY; if (!RSA_set_method(rsa, rsa_meth)) { errtext = "RSA_set_method"; goto err; } /* bind our custom RSA object to ssl_ctx */ if (!SSL_CTX_use_RSAPrivateKey(ssl_ctx, rsa)) { errtext = "SSL_CTX_use_RSAPrivateKey"; goto err; } RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */ return; err: if (rsa) RSA_free(rsa); else { if (rsa_meth) free(rsa_meth); } OPENVPN_THROW(OpenSSLException, "OpenSSLContext::ExternalPKIImpl: " << errtext); }