EVP_PKEY* create_rsa_key(void) { RSA *pRSA = NULL; EVP_PKEY* pKey = NULL; pRSA = RSA_generate_key(2048,RSA_3,gen_callback,NULL); pKey = EVP_PKEY_new(); if(pRSA && pKey && EVP_PKEY_assign_RSA(pKey,pRSA)) { /* pKey owns pRSA from now */ if(RSA_check_key(pRSA) <= 0) { fprintf(stderr,"RSA_check_key failed.\n"); handle_openssl_error(); EVP_PKEY_free(pKey); pKey = NULL; } } else { handle_openssl_error(); if(pRSA) { RSA_free(pRSA); pRSA = NULL; } if(pKey) { EVP_PKEY_free(pKey); pKey = NULL; } } return pKey; }
ssize_t net_con_ssl_accept(struct net_connection* con) { struct net_ssl_openssl* handle = get_handle(con); handle->state = tls_st_accepting; ssize_t ret; ret = SSL_accept(handle->ssl); LOG_PROTO("SSL_accept() ret=%d", ret); if (ret > 0) { net_con_update(con, NET_EVENT_READ); handle->state = tls_st_connected; return ret; } return handle_openssl_error(con, ret, tls_st_accepting); }
ssize_t net_ssl_send(struct net_connection* con, const void* buf, size_t len) { struct net_ssl_openssl* handle = get_handle(con); uhub_assert(handle->state == tls_st_connected); ERR_clear_error(); ssize_t ret = SSL_write(handle->ssl, buf, len); add_io_stats(handle); LOG_PROTO("SSL_write(con=%p, buf=%p, len=" PRINTF_SIZE_T ") => %d", con, buf, len, ret); if (ret > 0) handle->ssl_write_events = 0; else ret = handle_openssl_error(con, ret, 0); net_ssl_update(con, handle->events); // Update backend only return ret; }
int generate_rsa(void) { int iRet = EXIT_SUCCESS; EVP_PKEY* pPrivKey = NULL; EVP_PKEY* pPubKey = NULL; FILE* pFile = NULL; const EVP_CIPHER* pCipher = NULL; init_openssl(); pPrivKey = create_rsa_key(); pPubKey = create_rsa_key(); if(pPrivKey && pPubKey) {/* Save the keys */ if((pFile = fopen("privkey.pem","wt")) && (pCipher = EVP_aes_256_cbc())) { if(!PEM_write_PrivateKey(pFile,pPrivKey,pCipher, (unsigned char*)pcszPassphrase, (int)strlen(pcszPassphrase),NULL,NULL)) { fprintf(stderr,"PEM_write_PrivateKey failed.\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } fclose(pFile); pFile = NULL; if(iRet == EXIT_SUCCESS) { if((pFile = fopen("pubkey.pem","wt")) && PEM_write_PUBKEY(pFile,pPubKey)) fprintf(stderr,"Both keys saved.\n"); else { handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } } } else { fprintf(stderr,"Cannot create \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; if(pFile) { fclose(pFile); pFile = NULL; } } if(iRet == EXIT_SUCCESS) {/* Read the keys */ EVP_PKEY_free(pPrivKey); pPrivKey = NULL; EVP_PKEY_free(pPubKey); pPubKey = NULL; if((pFile = fopen("privkey.pem","rt")) && (pPrivKey = PEM_read_PrivateKey(pFile,NULL,passwd_callback,(void*)pcszPassphrase))) { fprintf(stderr,"Private key read.\n"); } else { fprintf(stderr,"Cannot read \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } if((pFile = fopen("pubkey.pem","rt")) && (pPubKey = PEM_read_PUBKEY(pFile,NULL,NULL,NULL))) { fprintf(stderr,"Public key read.\n"); } else { fprintf(stderr,"Cannot read \"pubkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } char msg[2048/8]; // Get rid of the newline int session_seed = rand(); sprintf(msg, "%d", session_seed); // Encrypt the message } } if(pPrivKey) { EVP_PKEY_free(pPrivKey); pPrivKey = NULL; } if(pPubKey) { EVP_PKEY_free(pPubKey); pPubKey = NULL; } cleanup_openssl(); return iRet; }