int ssl_ctx_use_private_key(SSL_CTX *ctx, char *buf, off_t len) { int ret; BIO *in; EVP_PKEY *pkey; ret = 0; if ((in = BIO_new_mem_buf(buf, len)) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); return 0; } pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (pkey == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: if (in != NULL) BIO_free(in); return ret; }
int ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, char *buf, off_t len, X509 **x509ptr, EVP_PKEY **pkeyptr) { int ret = 0; EVP_PKEY *pkey = NULL; X509 *x509 = NULL; if (!ssl_load_pkey(data, datalen, buf, len, &x509, &pkey)) return (0); /* * Use the public key as the "private" key - the secret key * parameters are hidden in an extra process that will be * contacted by the RSA engine. The SSL/TLS library needs at * least the public key parameters in the current process. */ ret = SSL_CTX_use_PrivateKey(ctx, pkey); if (!ret) SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); if (pkeyptr != NULL) *pkeyptr = pkey; else if (pkey != NULL) EVP_PKEY_free(pkey); if (x509ptr != NULL) *x509ptr = x509; else if (x509 != NULL) X509_free(x509); return (ret); }
// memory is only valid for duration of callback; must be copied if queueing // is required DtlsSocketContext::DtlsSocketContext() { started = false; mSocket = NULL; receiver = NULL; DtlsSocketContext::Init(); ELOG_DEBUG("Creating Dtls factory, Openssl v %s", OPENSSL_VERSION_TEXT); mContext = SSL_CTX_new(DTLSv1_method()); assert(mContext); int r = SSL_CTX_use_certificate(mContext, mCert); assert(r == 1); r = SSL_CTX_use_PrivateKey(mContext, privkey); assert(r == 1); SSL_CTX_set_cipher_list(mContext, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); SSL_CTX_set_info_callback(mContext, SSLInfoCallback); SSL_CTX_set_verify(mContext, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSLVerifyCallback); // SSL_CTX_set_session_cache_mode(mContext, SSL_SESS_CACHE_OFF); // SSL_CTX_set_options(mContext, SSL_OP_NO_TICKET); // Set SRTP profiles r = SSL_CTX_set_tlsext_use_srtp(mContext, DefaultSrtpProfile); assert(r == 0); SSL_CTX_set_verify_depth(mContext, 2); SSL_CTX_set_read_ahead(mContext, 1); ELOG_DEBUG("DtlsSocketContext %p created", this); }
void SSLContext::loadPrivateKeyFromBufferPEM(folly::StringPiece pkey) { if (pkey.data() == nullptr) { throw std::invalid_argument("loadPrivateKey: <pkey> is nullptr"); } ssl::BioUniquePtr bio(BIO_new(BIO_s_mem())); if (bio == nullptr) { throw std::runtime_error("BIO_new: " + getErrors()); } int written = BIO_write(bio.get(), pkey.data(), pkey.size()); if (written <= 0 || static_cast<unsigned>(written) != pkey.size()) { throw std::runtime_error("BIO_write: " + getErrors()); } ssl::EvpPkeyUniquePtr key( PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); if (key == nullptr) { throw std::runtime_error("PEM_read_bio_PrivateKey: " + getErrors()); } if (SSL_CTX_use_PrivateKey(ctx_, key.get()) == 0) { throw std::runtime_error("SSL_CTX_use_PrivateKey: " + getErrors()); } }
/** * @brief load private key into the SSL context */ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; EVP_PKEY *pk; pk = d2i_PrivateKey(0, NULL, &d, len); if (!pk) { SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL"); goto failed1; } ret = SSL_CTX_use_PrivateKey(ctx, pk); if (!ret) { SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret); goto failed2; } return 1; failed2: EVP_PKEY_free(pk); failed1: return 0; }
void ContextImpl::setIdentity(const Certificate& cert) { if( ! cert.impl()->pkey() ) throw InvalidCertificate("invalid certificate"); if(_pkey) EVP_PKEY_free(_pkey); _pkey = 0; if(_x509) X509_free(_x509); _x509 = 0; _x509 = copyX509( cert.impl()->x509() ); _pkey = copyPrivateKey( cert.impl()->pkey() ); if( ! SSL_CTX_use_certificate(_ctx, _x509) ) { throw InvalidCertificate("invalid certificate"); } if( ! SSL_CTX_use_PrivateKey( _ctx, _pkey ) ) { throw InvalidCertificate("invalid certificate"); } // openssl will not check the private key of this context against the // certifictate. TO do so call SSL_CTX_check_private_key(_ctx) }
int CSSLClient::SSL_CTX_use_PrivateKey_file_pass(SSL_CTX *ctx,const char *pFileName,char *pPass) { EVP_PKEY *pkey = NULL; BIO *pBIO = NULL; pBIO = BIO_new(BIO_s_file()); BIO_read_filename(pBIO, pFileName); pkey = PEM_read_bio_PrivateKey(pBIO, NULL, NULL, pPass); if(pkey == NULL) { printf("PEM_read_bio_PrivateKey err"); return -1; } if (SSL_CTX_use_PrivateKey(ctx,pkey) <= 0) { printf("SSL_CTX_use_PrivateKey err\n"); return -1; } BIO_free(pBIO); return 1; }
bool VSslServer::setKeyCrtStuff(VError& error, SSL_CTX* ctx, EVP_PKEY* key, X509* crt) { LOG_ASSERT(key != NULL); LOG_ASSERT(crt != NULL); int res = SSL_CTX_use_certificate(ctx, crt); if (res <= 0) { error = VSslError(QString("SSL_CTX_use_certificate return %1").arg(res), VSslError::IN_SSL_CTX_USE_CERTIFICATE); return false; } res = SSL_CTX_use_PrivateKey(ctx, key); if (res <= 0) { error = VSslError(QString("SSL_CTX_use_PrivateKey return %1").arg(res), VSslError::SSL_CTX_USER_PRIVATEKEY); return false; } res = SSL_CTX_check_private_key(ctx); if (!res) { error = VSslError(QString("SSL_CTX_check_private_key return %1").arg(res), VSslError::SSL_CTX_CHECK_PRIVATEKEY); return false; } return true; }
bool SSLContext::Init(X509 *pCert, EVP_PKEY *pPrivatekey){ int nLockCt = CRYPTO_num_locks(); InitializeCryptoLocks(nLockCt); #ifdef _DEBUG CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_locking_callback (&ssl_lock_callback); CRYPTO_set_dynlock_create_callback (&ssl_lock_dyn_create_callback); CRYPTO_set_dynlock_lock_callback (&ssl_lock_dyn_callback); CRYPTO_set_dynlock_destroy_callback (&ssl_lock_dyn_destroy_callback); SSL_load_error_strings (); SSL_library_init (); // Initialize and verify SSL context. {{ const SSL_METHOD* meth = SSLv23_method(); m_pssl_ctx = SSL_CTX_new(meth); SSL_CTX_set_verify(m_pssl_ctx, SSL_VERIFY_NONE, nullptr); // }} #ifdef _SERVER SSL_CTX_set_options(m_pssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); #endif if( pCert ) SSL_CTX_use_certificate (m_pssl_ctx, pCert); if( pPrivatekey ) SSL_CTX_use_PrivateKey (m_pssl_ctx, pPrivatekey); return true; }
int SSL_CTX_use_PrivateKey_file_pass (SSL_CTX * ctx, char *filename, char *pass) { EVP_PKEY *pkey = NULL; BIO *key = NULL; key = BIO_new (BIO_s_file ()); BIO_read_filename (key, filename); pkey = PEM_read_bio_PrivateKey (key, NULL, NULL, pass); if (pkey == NULL) { printf ("PEM_read_bio_PrivateKey err"); return -1; } //加载客户端私钥 if (SSL_CTX_use_PrivateKey (ctx, pkey) <= 0) { printf ("SSL_CTX_use_PrivateKey err\n"); return -1; } BIO_free (key); return 1; }
int set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) { if (cert == NULL) return 1; if (SSL_CTX_use_certificate(ctx, cert) <= 0) { BIO_printf(bio_err, "error setting certificate\n"); ERR_print_errors(bio_err); return 0; } if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { BIO_printf(bio_err, "error setting private key\n"); ERR_print_errors(bio_err); return 0; } /* * Now we know that a key and cert have been set against the SSL * context */ if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, "Private key does not match the certificate public key\n"); return 0; } return 1; }
static CURLcode sslctxfun( CURL * curl, void * sslctx, void * parm ) { sslctxparm * p = (sslctxparm *) parm; SSL_CTX * ctx = (SSL_CTX *) sslctx ; if ( !SSL_CTX_use_certificate( ctx,p->usercert ) ) { BIO_printf( p->errorbio, "SSL_CTX_use_certificate problem\n" ); goto err; } if ( !SSL_CTX_use_PrivateKey( ctx,p->pkey ) ) { BIO_printf( p->errorbio, "SSL_CTX_use_PrivateKey\n" ); goto err; } if ( !SSL_CTX_check_private_key( ctx ) ) { BIO_printf( p->errorbio, "SSL_CTX_check_private_key\n" ); goto err; } SSL_CTX_set_quiet_shutdown( ctx,1 ); SSL_CTX_set_cipher_list( ctx,"RC4-MD5" ); SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY ); X509_STORE_add_cert( ctx->cert_store,sk_X509_value( p->ca,sk_X509_num( p->ca ) - 1 ) ); SSL_CTX_set_verify_depth( ctx,2 ); SSL_CTX_set_verify( ctx,SSL_VERIFY_PEER,NULL ); SSL_CTX_set_cert_verify_callback( ctx, ssl_app_verify_callback, parm ); return CURLE_OK ; err: ERR_print_errors( p->errorbio ); return CURLE_SSL_CERTPROBLEM; }
static int tls_sc_set_key(lua_State *L) { tls_sc_t *ctx; EVP_PKEY* key; BIO *bio; const char *passpharse = NULL; const char *keystr = NULL; size_t klen = 0; size_t plen = 0; ctx = getSC(L); keystr = luaL_checklstring(L, 2, &klen); passpharse = luaL_optlstring(L, 3, NULL, &plen); bio = str2bio(keystr, klen); if (!bio) { return luaL_error(L, "tls_sc_set_key: Failed to convert Key into a BIO"); } ERR_clear_error(); /* If the 3rd arg is NULL, the 4th arg is treated as a const char* istead of void* */ key = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void*)passpharse); if (!key) { return tls_fatal_error(L); } SSL_CTX_use_PrivateKey(ctx->ctx, key); EVP_PKEY_free(key); BIO_free(bio); return 0; }
static int use_inline_PrivateKey_file (SSL_CTX *ctx, const char *key_string) { BIO *in = NULL; EVP_PKEY *pkey = NULL; int ret = 0; in = BIO_new_mem_buf ((char *)key_string, -1); if (!in) goto end; pkey = PEM_read_bio_PrivateKey (in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (!pkey) goto end; ret = SSL_CTX_use_PrivateKey (ctx, pkey); end: if (pkey) EVP_PKEY_free (pkey); if (in) BIO_free (in); return ret; }
int useCertFile(SSL_CTX* ctx, const char* path, const char* passphrase, const char* cacertfile) { FILE *p12_file; PKCS12 *p12_cert = NULL; EVP_PKEY *pkey; X509 *x509_cert; p12_file = fopen(path, "r"); if (!p12_file) { timestamp_f(stderr); perror(path); return -1; } d2i_PKCS12_fp(p12_file, &p12_cert); fclose(p12_file); if (!PKCS12_parse(p12_cert, passphrase, &pkey, &x509_cert, NULL)) { int error = ERR_get_error(); timestamp_f(stderr); fprintf(stderr, "failed to parse p12 file; error %d\n", error); PKCS12_free(p12_cert); return -1; } PKCS12_free(p12_cert); if (!SSL_CTX_use_certificate(ctx, x509_cert)) { int error = ERR_get_error(); timestamp_f(stderr); fprintf(stderr, "failed to set cert for SSL context; error %d\n", error); X509_free(x509_cert); EVP_PKEY_free(pkey); return -1; } X509_free(x509_cert); if (!SSL_CTX_use_PrivateKey(ctx, pkey)) { int error = ERR_get_error(); timestamp_f(stderr); fprintf(stderr, "failed to set private key for SSL context; error %d\n", error); EVP_PKEY_free(pkey); return -1; } EVP_PKEY_free(pkey); if (cacertfile && *cacertfile && !SSL_CTX_load_verify_locations(ctx, cacertfile, NULL)) { timestamp_f(stderr); fprintf(stderr, "failed to load root cert for verification from %s\n", cacertfile); return -1; } return 0; }
struct dtls_context * create_dtls_context(const char *common) { if (common == NULL) return NULL; struct dtls_context *context = (struct dtls_context *)calloc(1, sizeof *context); if (context == NULL) return NULL; SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_CTX *ctx = SSL_CTX_new(DTLSv1_method()); if (ctx == NULL) goto ctx_err; context->ctx = ctx; // ALL:NULL:eNULL:aNULL if (SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1) goto ctx_err; SSL_CTX_set_read_ahead(ctx, 1); // for DTLS SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_certificate_cb); EVP_PKEY *key = gen_key(); if (key == NULL) goto ctx_err; SSL_CTX_use_PrivateKey(ctx, key); X509 *cert = gen_cert(key, common, 365); if (cert == NULL) goto ctx_err; SSL_CTX_use_certificate(ctx, cert); if (SSL_CTX_check_private_key(ctx) != 1) goto ctx_err; unsigned int len; unsigned char buf[BUFFER_SIZE]; X509_digest(cert, EVP_sha256(), buf, &len); char *p = context->fingerprint; for (int i = 0; i < len; ++i) { snprintf(p, 4, "%02X:", buf[i]); p += 3; } *(p - 1) = 0; if (0) { ctx_err: SSL_CTX_free(ctx); free(context); context = NULL; } return context; }
static int load_tpm_certificate(struct openconnect_info *vpninfo) { ENGINE *e; EVP_PKEY *key; UI_METHOD *meth = NULL; int ret = 0; ENGINE_load_builtin_engines(); e = ENGINE_by_id("tpm"); if (!e) { vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) || !ENGINE_set_default_RAND(e)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n")); openconnect_report_ssl_errors(vpninfo); ENGINE_free(e); return -EINVAL; } if (vpninfo->cert_password) { if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password), vpninfo->cert_password, NULL, 0)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM SRK password\n")); openconnect_report_ssl_errors(vpninfo); } vpninfo->cert_password = NULL; free(vpninfo->cert_password); } else { /* Provide our own UI method to handle the PIN callback. */ meth = create_openssl_ui(vpninfo); } key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL); if (meth) UI_destroy_method(meth); if (!key) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM private key\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; goto out; } if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) { vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; } EVP_PKEY_free(key); out: ENGINE_finish(e); ENGINE_free(e); return ret; }
__declspec(dllexport) void ILibWrapper_InitializeDTLS() { ctx = SSL_CTX_new(DTLSv1_method()); SSL_CTX_use_certificate(ctx, selftlscert.x509); SSL_CTX_use_PrivateKey(ctx,selftlscert.pkey); int l = 32; X509_digest(selftlscert.x509, EVP_get_digestbyname("sha256"), (unsigned char*)tlsServerCertThumbprint, (unsigned int*)&l); }
bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) { // 1 is the documented success return code. if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 || SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { LogSSLErrors("Configuring key and certificate"); return false; } return true; }
SSL_CTX * evssl_init() { DH *dh; SSL_CTX *ctx; SSL_load_error_strings(); SSL_library_init(); RAND_poll(); if ((passport = pki_passport_load_from_file(cfg->cert, cfg->pkey, cfg->tcert)) == NULL) { return NULL; } if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { jlog(L_ERROR, "SSL_CTX_new failed"); return NULL; } if ((dh = get_dh_1024()) == NULL) { jlog(L_ERROR, "get_dh_1024 failed"); goto out; } if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) { jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed"); goto out; } //SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384"); if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) { jlog(L_ERROR, "SSL_CTX_set_cipher failed"); goto out; } SSL_CTX_set_cert_store(ctx, passport->cacert_store); if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) { jlog(L_ERROR, "SSL_CTX_use_certificate failed"); goto out; } if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) { jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed"); goto out; } DH_free(dh); return ctx; out: DH_free(dh); SSL_CTX_free(ctx); return NULL; }
int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file #if ENABLE_INLINE_FILES , const char *priv_key_file_inline #endif ) { int status; SSL_CTX *ssl_ctx = NULL; BIO *in = NULL; EVP_PKEY *pkey = NULL; int ret = 1; ASSERT(NULL != ctx); ssl_ctx = ctx->ctx; #if ENABLE_INLINE_FILES if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline) in = BIO_new_mem_buf ((char *)priv_key_file_inline, -1); else #endif /* ENABLE_INLINE_FILES */ in = BIO_new_file (priv_key_file, "r"); if (!in) goto end; pkey = PEM_read_bio_PrivateKey (in, NULL, ssl_ctx->default_passwd_callback, ssl_ctx->default_passwd_callback_userdata); if (!pkey) goto end; if (!SSL_CTX_use_PrivateKey (ssl_ctx, pkey)) { #ifdef ENABLE_MANAGEMENT if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT)) management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file); goto end; } warn_if_group_others_accessible (priv_key_file); /* Check Private Key */ if (!SSL_CTX_check_private_key (ssl_ctx)) msg (M_SSLERR, "Private key does not match the certificate"); ret = 0; end: if (pkey) EVP_PKEY_free (pkey); if (in) BIO_free (in); return ret; }
static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm) { SSL_CTX* ctx = (SSL_CTX*)sslctx; if(!SSL_CTX_use_certificate(ctx, g_Cert)) printf("SSL_CTX_use_certificate problem\n"); if(!SSL_CTX_use_PrivateKey(ctx, g_PrivateKey)) printf("Use Key failed\n"); return CURLE_OK; }
bool SslContext::UseCertificate(String certdata, String pkeydata, bool cert_asn1) { ASSERT(ssl_ctx); if(IsNull(certdata) || IsNull(pkeydata)) return false; SslCertificate cert; SslKey pkey; if(!cert.Load(certdata, cert_asn1) || !pkey.Load(pkeydata)) return false; if(!SSL_CTX_use_certificate(ssl_ctx, cert) || !SSL_CTX_use_PrivateKey(ssl_ctx, pkey)) return false; if(!SSL_CTX_check_private_key(ssl_ctx)) return false; return true; }
SSL_CTX * InitCTX (void) { SSL_METHOD *method; X509 *cert; EVP_PKEY *key; SSL_library_init (); OpenSSL_add_all_algorithms (); /* Load cryptos, et.al. */ SSL_load_error_strings (); /* Bring in and register error messages */ method = SSLv3_server_method (); ctx = SSL_CTX_new (method); /* Create new context */ if (ctx == NULL) { #ifdef DEBUG ERR_print_errors_fp (stderr); #endif abort (); } SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); if (gen_cert (&cert, &key) == 0) { #ifdef DEBUG printf ("Error w/ gen_cert()\n"); #endif exit (1); } if (SSL_CTX_use_certificate (ctx, cert) != 1) { #ifdef DEBUG fprintf (stderr, "SSL_CTX_use_certificate failed.\n"); #endif exit (1); } if (SSL_CTX_use_PrivateKey (ctx, key) != 1) { #ifdef DEBUG fprintf (stderr, "SSL_CTX_use_PrivateKey failed.\n"); #endif exit (1); } X509_free (cert); EVP_PKEY_free (key); return ctx; }
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; EVP_PKEY *pkey; if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) { SSLerrorx(ERR_R_ASN1_LIB); return (0); } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); return (ret); }
int SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *file, int type) { int j, ret = 0; BIO *in; EVP_PKEY *pkey = NULL; in = BIO_new (BIO_s_file_internal ()); if (in == NULL) { SSLerr (SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename (in, file) <= 0) { SSLerr (SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey (in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio (in, NULL); } else { SSLerr (SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { SSLerr (SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); goto end; } ret = SSL_CTX_use_PrivateKey (ctx, pkey); EVP_PKEY_free (pkey); end: if (in != NULL) BIO_free (in); return (ret); }
static void Init() { ctx = SSL_CTX_new(SSLv23_method()); const uint8_t *bufp = kRSAPrivateKeyDER; RSA *privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); OPENSSL_assert(privkey != NULL); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, privkey); int ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); bufp = kCertificateDER; X509 *cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); OPENSSL_assert(cert != NULL); ret = SSL_CTX_use_certificate(ctx, cert); OPENSSL_assert(ret == 1); X509_free(cert); }
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *d, long len) { int ret; const uint8_t *p; EVP_PKEY *pkey; p = d; pkey = d2i_PrivateKey(type, NULL, &p, (long)len); if (pkey == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB); return 0; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); return ret; }
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, long len) { int ret; const unsigned char *p; EVP_PKEY *pkey; p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); return (0); } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); return (ret); }
SSLStream::SSLStream(Stream::ptr parent, bool client, bool own, SSL_CTX *ctx) : MutatingFilterStream(parent, own) { MORDOR_ASSERT(parent); clearSSLError(); if (ctx) m_ctx.reset(ctx, &nop<SSL_CTX *>); else m_ctx.reset(SSL_CTX_new(client ? SSLv23_client_method() : SSLv23_server_method()), &SSL_CTX_free); if (!m_ctx) { MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("SSL_CTX_new"); ; } // Auto-generate self-signed server cert if (!ctx && !client) { std::shared_ptr<X509> cert; std::shared_ptr<EVP_PKEY> pkey; mkcert(cert, pkey, 1024, rand(), 365); SSL_CTX_use_certificate(m_ctx.get(), cert.get()); SSL_CTX_use_PrivateKey(m_ctx.get(), pkey.get()); } m_ssl.reset(SSL_new(m_ctx.get()), &SSL_free); if (!m_ssl) { MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("SSL_CTX_new"); ; } m_readBio = BIO_new(BIO_s_mem()); m_writeBio = BIO_new(BIO_s_mem()); if (!m_readBio || !m_writeBio) { if (m_readBio) BIO_free(m_readBio); if (m_writeBio) BIO_free(m_writeBio); MORDOR_ASSERT(hasOpenSSLError()); MORDOR_THROW_EXCEPTION(OpenSSLException(getOpenSSLErrorMessage())) // << boost::errinfo_api_function("BIO_new"); ; } BIO_set_mem_eof_return(m_readBio, -1); SSL_set_bio(m_ssl.get(), m_readBio, m_writeBio); }