int main(int argc, char **argv) { if (argc > 2) { printf("usage: %s [passwd]\n", argv[0]); return -1; } BIO* bio_err; X509_REQ* req = NULL; EVP_PKEY* pkey = NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); mkreq(&req, &pkey, 1024, 0, 365); if (argc == 1) { mkcert(req, "rootkey.pem", "rootcert.pem", NULL); } else if (argc == 2) { mkcert(req, "rootkey.pem", "rootcert.pem", argv[1]); } RSA_print_fp(stdout, pkey->pkey.rsa, 0); X509_REQ_print_fp(stdout, req); PEM_write_X509_REQ(stdout, req); X509_REQ_free(req); EVP_PKEY_free(pkey); CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return 0; }
int main(int argc, char **argv) { BIO *bio_err; X509 *x509=NULL; EVP_PKEY *pkey=NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509,&pkey,512,0,365); RSA_print_fp(stdout,pkey->pkey.rsa,0); X509_print_fp(stdout,x509); PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL); PEM_write_X509(stdout,x509); X509_free(x509); EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return(0); }
int main(int argc, char **argv) { BIO *bio_err; X509 *x509=NULL; EVP_PKEY *pkey=NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509,&pkey,argv[1],1024,0,365); FILE* file = fopen(argv[2], "w"); PEM_write_PrivateKey(file,pkey,NULL,NULL,0,NULL, NULL); fclose(file); printf("Private key written to: %s\n", argv[2]); file = fopen(argv[3], "w"); X509_print_fp(file,x509); PEM_write_X509(file,x509); fclose(file); printf("Certificate written to: %s\n", argv[3]); X509_free(x509); EVP_PKEY_free(pkey); ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return(0); }
SSLStream::SSLStream(Stream::ptr parent, bool client, bool own, SSL_CTX *ctx) : MutatingFilterStream(parent, own) { MORDOR_ASSERT(parent); clearSSLError(); if (ctx) m_ctx.reset(ctx, &nop<SSL_CTX *>); else m_ctx.reset(SSL_CTX_new(client ? SSLv23_client_method() : SSLv23_server_method()), &SSL_CTX_free); if (!m_ctx) { MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("SSL_CTX_new"); ; } // Auto-generate self-signed server cert if (!ctx && !client) { std::shared_ptr<X509> cert; std::shared_ptr<EVP_PKEY> pkey; mkcert(cert, pkey, 1024, rand(), 365); SSL_CTX_use_certificate(m_ctx.get(), cert.get()); SSL_CTX_use_PrivateKey(m_ctx.get(), pkey.get()); } m_ssl.reset(SSL_new(m_ctx.get()), &SSL_free); if (!m_ssl) { MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("SSL_CTX_new"); ; } m_readBio = BIO_new(BIO_s_mem()); m_writeBio = BIO_new(BIO_s_mem()); if (!m_readBio || !m_writeBio) { if (m_readBio) BIO_free(m_readBio); if (m_writeBio) BIO_free(m_writeBio); MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("BIO_new"); ; } BIO_set_mem_eof_return(m_readBio, -1); SSL_set_bio(m_ssl.get(), m_readBio, m_writeBio); }
struct CertKeyPair generateCertKeyPair() { BIO *bio_err; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; PKCS12 *p12 = NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); mkcert(&x509, &pkey, NUM_BITS, SERIAL, NUM_YEARS); p12 = PKCS12_create("limelight", "GameStream", pkey, x509, NULL, 0, 0, 0, 0, 0); if (p12 == NULL) { printf("Error generating a valid PKCS12 certificate.\n"); } // Debug Print statements //RSA_print_fp(stdout, pkey->pkey.rsa, 0); //X509_print_fp(stdout, x509); //PEM_write_PUBKEY(stdout, pkey); //PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); //PEM_write_X509(stdout, x509); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); return (CertKeyPair){x509, pkey, p12}; }
bool OTLowLevelKeyData::MakeNewKeypair(int32_t nBits/*=1024*/) { // --------------------------------------- // OpenSSL_BIO bio_err = NULL; X509 * x509 = NULL; EVP_PKEY * pNewKey = NULL; // CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); // memory leak detection. Leaving this for now. // bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); // actually generate the things. // TODO THESE PARAMETERS...(mkcert) mkcert(&x509, &pNewKey, nBits, 0, 3650); // 3650=10 years. Todo hardcoded. // Note: 512 bit key CRASHES // 1024 is apparently a minimum requirement, if not an only requirement. // Will need to go over just what sorts of keys are involved here... todo. // ------------------------------------------------------------ if (NULL == x509) { OTLog::vError("%s: Failed attempting to generate new x509 cert.\n", __FUNCTION__); if (NULL != pNewKey) EVP_PKEY_free(pNewKey); pNewKey = NULL; return false; } // --------------------------------------------------------------- if (NULL == pNewKey) { OTLog::vError("%s: Failed attempting to generate new private key.\n", __FUNCTION__); if (NULL != x509) X509_free(x509); x509 = NULL; return false; } // --------------------------------------------------------------- // Below this point, x509 and pNewKey will need to be cleaned up properly. if (m_bCleanup) Cleanup(); m_bCleanup = true; dp->m_pKey = pNewKey; dp->m_pX509 = x509; // --------COMMENT THIS OUT FOR PRODUCTION -------- TODO security // (Debug only.) // RSA_print_fp(stdout, pNewKey->pkey.rsa, 0); // human readable // X509_print_fp(stdout, x509); // human readable // --------COMMENT THIS OUT FOR PRODUCTION -------- TODO security // (Debug only.) // write the private key, then the x509, to stdout. // OTPasswordData thePWData2("OTPseudonym::GenerateNym is calling PEM_write_PrivateKey..."); // // PEM_write_PrivateKey(stdout, pNewKey, EVP_des_ede3_cbc(), NULL, 0, OTAsymmetricKey::GetPasswordCallback(), &thePWData2); // PEM_write_X509(stdout, x509); // --------------------------------------------------------------- return true; }
SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix) { //BIO *bio_err; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; char *rsa = NULL, *pvt = NULL; FILE *fp; char *pem = NULL; if (switch_stristr(".pem", prefix)) { if (switch_is_file_path(prefix)) { pem = strdup(prefix); } else { pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); } if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) { goto end; } } else { if (switch_is_file_path(prefix)) { pvt = switch_mprintf("%s.key", prefix); rsa = switch_mprintf("%s.crt", prefix); } else { pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix); } if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) { goto end; } } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); //bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); mkcert(&x509, &pkey, 1024, 0, 36500); //RSA_print_fp(stdout, pkey->pkey.rsa, 0); //X509_print_fp(stdout, x509); if (pem) { if ((fp = fopen(pem, "w"))) { PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); PEM_write_X509(fp, x509); fclose(fp); } } else { if (pvt && (fp = fopen(pvt, "w"))) { PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); fclose(fp); } if (rsa && (fp = fopen(rsa, "w"))) { PEM_write_X509(fp, x509); fclose(fp); } } X509_free(x509); EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); //CRYPTO_mem_leaks(bio_err); //BIO_free(bio_err); end: switch_safe_free(pvt); switch_safe_free(rsa); switch_safe_free(pem); return(0); }