void manager::init(actor_system_config&) { CAF_LOG_TRACE(""); ERR_load_crypto_strings(); OPENSSL_add_all_algorithms_conf(); SSL_library_init(); SSL_load_error_strings(); if (authentication_enabled()) { if (system().config().openssl_certificate.size() == 0) CAF_RAISE_ERROR("No certificate configured for SSL endpoint"); if (system().config().openssl_key.size() == 0) CAF_RAISE_ERROR("No private key configured for SSL endpoint"); } #if OPENSSL_VERSION_NUMBER < 0x10100000L std::lock_guard<std::mutex> lock{init_mutex}; ++init_count; if (init_count == 1) { mutexes = std::vector<std::mutex>(CRYPTO_num_locks()); CRYPTO_set_locking_callback(locking_function); CRYPTO_set_dynlock_create_callback(dynlock_create); CRYPTO_set_dynlock_lock_callback(dynlock_lock); CRYPTO_set_dynlock_destroy_callback(dynlock_destroy); // OpenSSL's default thread ID callback should work, so don't set our own. } #endif }
ikptr ikrt_openssl_add_all_algorithms_conf (ikpcb * pcb) { #ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS_CONF OPENSSL_add_all_algorithms_conf(); return IK_VOID; #else feature_failure(__func__); #endif }
int CCertificateRequestGenerator::Generate() //Generate certificate request and write into a file { FILE* fp = NULL; char* pbPassword = NULL; EVP_PKEY* pKey = NULL; X509_REQ* pReq = NULL; X509_NAME* pSubj = NULL; const EVP_MD* pDigest = NULL; DWORD bytesWritten; struct entry_pack* pEntPack = NULL; int retFunc = FAIL; //Get command prompt handle HANDLE hndl = GetStdHandle(STD_OUTPUT_HANDLE); OPENSSL_add_all_algorithms_conf(); ERR_load_crypto_strings(); //First read private key from key file if(!(fp = _tfopen(m_privateKeyFile, _T("r")))) { PrintErrorInfo("Error reading key file!", EGeneric, constparams); WriteConsole(hndl, m_privateKeyFile, wcslen(m_privateKeyFile), &bytesWritten, 0); return retFunc; } if(m_password[0] != 0) { DWORD len = 0; len = _tcslen(m_password); pbPassword = MakeMBCSString(m_password, CP_UTF8, len); pKey = PEM_read_PrivateKey(fp, NULL, NULL, pbPassword); delete pbPassword; } else { pKey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); } fclose(fp); fp = NULL; if(!pKey) { PrintErrorInfo("Error reading private key in key file!", EOPENSSL, constparams); return retFunc; } try { //Create a new cert request and add the public key into it if(!(pReq = X509_REQ_new())) { PrintErrorInfo("Error creating X509 request object!", EOPENSSL, constparams); throw EOPENSSL; } X509_REQ_set_pubkey(pReq, pKey); //Now create DN name entries and assign them to request if(!(pSubj = X509_NAME_new())) { PrintErrorInfo("Error creating X509 name object!", EOPENSSL, constparams); throw EOPENSSL; } //Format DN string DoFormatted(m_dname, &pEntPack); if(pEntPack->num == 0) { PrintErrorInfo("Error formatting Distinguished Name!", EGeneric, constparams); throw EGeneric; } for (int i = 0; i < pEntPack->num; i++) { int nid = 0; DWORD lent = 0; X509_NAME_ENTRY *pEnt = NULL; LPSTR pbMBSTRUTF8 = NULL; if((pEntPack->entries[i].value == NULL) || (pEntPack->entries[i].key == NULL)) { PrintErrorInfo("Error in Distinguished Name construction!", EGeneric, constparams); throw EGeneric; } if((nid = OBJ_txt2nid(pEntPack->entries[i].key)) == NID_undef) { PrintErrorInfo("Error finding NID for a DN entry!", EOPENSSL, constparams); throw EOPENSSL; } lent = _tcslen(pEntPack->entries[i].value); pbMBSTRUTF8 = MakeMBCSString(pEntPack->entries[i].value, CP_UTF8, lent); if(lent > 64) //OpenSSL does not accept a string longer than 64 { if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)"dummy", 5))) { PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams); throw EOPENSSL; } pEnt->value->data = (unsigned char *)malloc(lent+1); for(DWORD j=0; j<lent; j++ ) { pEnt->value->data[j] = pbMBSTRUTF8[j]; } pEnt->value->length = lent; } else if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)pbMBSTRUTF8, lent))) { PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams); throw EOPENSSL; } if(X509_NAME_add_entry(pSubj, pEnt, -1, 0) != 1) { PrintErrorInfo("Error adding entry to X509 Name!", EOPENSSL, constparams); throw EOPENSSL; } delete pbMBSTRUTF8; }//for SYMBIAN_FREE_MEM(pEntPack); if(X509_REQ_set_subject_name(pReq, pSubj) != 1) { PrintErrorInfo("Error adding subject to request!", EOPENSSL, constparams); throw EOPENSSL; } //Find the correct digest and sign the request if(EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA) { pDigest = EVP_dss1(); } else if(EVP_PKEY_type(pKey->type) == EVP_PKEY_RSA) { pDigest = EVP_sha1(); } else { PrintErrorInfo("Error checking private key type!", EOPENSSL, constparams); throw EOPENSSL; } if(!(X509_REQ_sign(pReq, pKey, pDigest))) { PrintErrorInfo("Error signing request!", EOPENSSL, constparams); throw EOPENSSL; } if(!(fp = _tfopen(m_RequestFile, _T("w")))) { PrintErrorInfo("Error writing to request file!",EGeneric,constparams); throw EGeneric; } if(PEM_write_X509_REQ(fp, pReq) != 1) { PrintErrorInfo("Error while writing to request file!", EOPENSSL, constparams); throw EOPENSSL; } //Free variables EVP_PKEY_free(pKey); X509_NAME_free(pSubj); X509_REQ_free(pReq); fclose(fp); _tprintf(_T("\nCreated request: ")); WriteConsole(hndl, m_RequestFile, wcslen(m_RequestFile), &bytesWritten, 0); retFunc = SUCCESS; } catch (...) { if(pKey) { EVP_PKEY_free(pKey); } if(pSubj) { X509_NAME_free(pSubj); } if(pReq) { X509_REQ_free(pReq); } SYMBIAN_FREE_MEM(pEntPack); } return retFunc; }
int CDSAKeyGenerator::Generate() //Generate a DSA key with pre-determined length { unsigned char* pbSeed = NULL; DSA* pDSAParams = NULL; FILE* fp = NULL; LPSTR pbPassword = NULL; const _TCHAR* pPrivKeyFile = NULL; int retVal = FAIL; int retFunc = FAIL; pPrivKeyFile = GetPrivateKeyFile(); if(!pPrivKeyFile) { PrintErrorInfo("Bad parameter error!", EGeneric, constparams); return 0; } OPENSSL_add_all_algorithms_conf(); ERR_load_crypto_strings(); int dwKeyLength = 0; dwKeyLength = GetKeyLength(); try { retVal = GenerateSeed(dwKeyLength, &pbSeed); if(retVal != SUCCESS) { throw EMSCrypto; } //Generate DSA params (p,q and g) _tprintf(_T("\nGenerating DSA key .")); pDSAParams = DSA_generate_parameters(dwKeyLength, pbSeed, dwKeyLength, NULL, NULL, DSAKeyStatus, NULL); if(!pDSAParams) { PrintErrorInfo("Error generating DSA key params!", EOPENSSL, constparams); throw EOPENSSL; } //Generate DSA key retVal = DSA_generate_key(pDSAParams); if(!retVal) { PrintErrorInfo("DSA key generation failed!", EOPENSSL, constparams); throw EOPENSSL; } _tprintf(_T("Generated!\n")); //Create a key file fp = _tfopen(pPrivKeyFile, _T("w")); if(!fp) { PrintErrorInfo("Error creating key file!", EGeneric, constparams); throw EOPENSSL; } //Write generated DSA key to the key file if(m_bPassword) { DWORD len = 0; len = _tcslen(GetPassword()); pbPassword = MakeMBCSString(GetPassword(), CP_UTF8, len); retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, EVP_des_ede3_cbc(), (unsigned char *) pbPassword, len, NULL, NULL); delete pbPassword; } else if(m_bAsk) { retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, EVP_des_ede3_cbc(), NULL, 0, NULL, NULL); } else { _tprintf(_T("\n")); retVal = PEM_write_DSAPrivateKey(fp, pDSAParams, NULL , NULL, 0, NULL, NULL); } if(!retVal) { PrintErrorInfo("Error writing to key file", EOPENSSL, constparams); throw EOPENSSL; } //Free variables DSA_free(pDSAParams); fclose(fp); SYMBIAN_FREE_MEM(pbSeed); //Get command prompt handle HANDLE hndl = 0; hndl = GetStdHandle(STD_OUTPUT_HANDLE); _tprintf(_T("\nCreated key: ")); DWORD bytesWritten; WriteConsole(hndl, pPrivKeyFile, wcslen(pPrivKeyFile), &bytesWritten, NULL); retFunc = SUCCESS; } catch (...) { //Delete dsa params if(pDSAParams) { DSA_free(pDSAParams); } if (fp) { fclose(fp); } SYMBIAN_FREE_MEM(pbSeed); } return retFunc; }