void start_gen_radius_cert(void) { if (nvram_match("cert_running", "1") && pidof("openssl") > 0) return; //already running prep(); gen_cert("/jffs/etc/freeradius/certs/server.cnf", TYPE_SERVER, nvram_safe_get("radius_common"), nvram_safe_get("radius_passphrase")); gen_cert("/jffs/etc/freeradius/certs/ca.cnf", TYPE_CA, nvram_safe_get("radius_common"), nvram_safe_get("radius_passphrase")); nvram_set("cert_running", "1"); //this takes a long time (depending from the cpu speed) system("cd /jffs/etc/freeradius/certs && ./bootstrap"); sysprintf("sed \"s/private_key_password = whatever/private_key_password = %s/g\" /etc/freeradius/eap.conf > /jffs/etc/freeradius/eap.conf", nvram_safe_get("radius_passphrase")); nvram_set("cert_running", "0"); }
struct dtls_context * create_dtls_context(const char *common) { if (common == NULL) return NULL; struct dtls_context *context = (struct dtls_context *)calloc(1, sizeof *context); if (context == NULL) return NULL; SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_CTX *ctx = SSL_CTX_new(DTLSv1_method()); if (ctx == NULL) goto ctx_err; context->ctx = ctx; // ALL:NULL:eNULL:aNULL if (SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1) goto ctx_err; SSL_CTX_set_read_ahead(ctx, 1); // for DTLS SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_certificate_cb); EVP_PKEY *key = gen_key(); if (key == NULL) goto ctx_err; SSL_CTX_use_PrivateKey(ctx, key); X509 *cert = gen_cert(key, common, 365); if (cert == NULL) goto ctx_err; SSL_CTX_use_certificate(ctx, cert); if (SSL_CTX_check_private_key(ctx) != 1) goto ctx_err; unsigned int len; unsigned char buf[BUFFER_SIZE]; X509_digest(cert, EVP_sha256(), buf, &len); char *p = context->fingerprint; for (int i = 0; i < len; ++i) { snprintf(p, 4, "%02X:", buf[i]); p += 3; } *(p - 1) = 0; if (0) { ctx_err: SSL_CTX_free(ctx); free(context); context = NULL; } return context; }
SSL_CTX * InitCTX (void) { SSL_METHOD *method; X509 *cert; EVP_PKEY *key; SSL_library_init (); OpenSSL_add_all_algorithms (); /* Load cryptos, et.al. */ SSL_load_error_strings (); /* Bring in and register error messages */ method = SSLv3_server_method (); ctx = SSL_CTX_new (method); /* Create new context */ if (ctx == NULL) { #ifdef DEBUG ERR_print_errors_fp (stderr); #endif abort (); } SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); if (gen_cert (&cert, &key) == 0) { #ifdef DEBUG printf ("Error w/ gen_cert()\n"); #endif exit (1); } if (SSL_CTX_use_certificate (ctx, cert) != 1) { #ifdef DEBUG fprintf (stderr, "SSL_CTX_use_certificate failed.\n"); #endif exit (1); } if (SSL_CTX_use_PrivateKey (ctx, key) != 1) { #ifdef DEBUG fprintf (stderr, "SSL_CTX_use_PrivateKey failed.\n"); #endif exit (1); } X509_free (cert); EVP_PKEY_free (key); return ctx; }
int main(int argc, char *argv[]) { char *cmd; if (argc < 2) usage(argv[0]); //call nvram_get or nvram_set if ((cmd = strrchr(argv[0], '/')) != NULL) cmd++; else cmd = argv[0]; if (!strncmp(cmd, "nvram_get", 10)) return ra_nv_get(argc, argv); else if (!strncmp(cmd, "nvram_set", 10)) return ra_nv_set(argc, argv); if (argc == 2) { if (!strncmp(argv[1], "rt2860_nvram_show", 18)) nvram_show(RT2860_NVRAM); #if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI)|| \ defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE) else if (!strncmp(argv[1], "rtdev_nvram_show", 17)) nvram_show(RTDEV_NVRAM); #endif #ifdef CONFIG_DUAL_IMAGE else if (!strncmp(argv[1], "uboot_nvram_show", 17)) nvram_show(UBOOT_NVRAM); #endif #ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT else if (!strncmp(argv[1], "cert_nvram_show", 16)) nvram_show(CERT_NVRAM); #endif #ifdef CONFIG_RT2860V2_AP_WAPI else if (!strncmp(argv[1], "wapi_nvram_show", 16)) nvram_show(WAPI_NVRAM); #endif else usage(argv[0]); } else if (argc == 3) { /* TODO: <cmd> gen 2860ap */ if (!strncasecmp(argv[1], "gen", 4) || !strncasecmp(argv[1], "make_wireless_config", 21)) { if (!strncmp(argv[2], "2860", 5) || !strncasecmp(argv[2], "rt2860", 7)) //b-compatible gen_config(RT2860_NVRAM); #if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \ defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE) else if (!strncasecmp(argv[2], "rtdev", 6)) gen_config(RTDEV_NVRAM); #endif #ifdef CONFIG_DUAL_IMAGE else if (!strncasecmp(argv[2], "uboot", 6)) printf("No support of gen command of uboot parameter.\n"); #endif #ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT else if (!strncmp(argv[2], "cert", 5)) gen_cert(CERT_NVRAM); #endif #ifdef CONFIG_RT2860V2_AP_WAPI else if (!strncmp(argv[2], "wapi", 5)) gen_cert(WAPI_NVRAM); #endif else usage(argv[0]); } else if (!strncasecmp(argv[1], "show", 5)) { if (!strncmp(argv[2], "2860", 5) || !strncasecmp(argv[2], "rt2860", 7)) //b-compatible nvram_show(RT2860_NVRAM); #if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \ defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE) else if (!strncasecmp(argv[2], "rtdev", 6)) nvram_show(RTDEV_NVRAM); #endif #ifdef CONFIG_DUAL_IMAGE else if (!strncasecmp(argv[2], "uboot", 6)) nvram_show(UBOOT_NVRAM); #endif #ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT else if (!strncasecmp(argv[2], "cert", 5)) nvram_show(CERT_NVRAM); #endif #ifdef CONFIG_RT2860V2_AP_WAPI else if (!strncasecmp(argv[2], "wapi", 5)) nvram_show(WAPI_NVRAM); #endif else usage(argv[0]); } else if(!strncasecmp(argv[1], "clear", 6)) { if (!strncmp(argv[2], "2860", 5) || !strncasecmp(argv[2], "rt2860", 7)) //b-compatible nvram_clear(RT2860_NVRAM); #if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \ defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE) else if (!strncasecmp(argv[2], "rtdev", 6)) nvram_clear(RTDEV_NVRAM); #endif #ifdef CONFIG_DUAL_IMAGE else if (!strncasecmp(argv[2], "uboot", 6)) nvram_clear(UBOOT_NVRAM); #endif #ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT else if (!strncasecmp(argv[2], "cert", 5)) nvram_clear(CERT_NVRAM); #endif #ifdef CONFIG_RT2860V2_AP_WAPI else if (!strncasecmp(argv[2], "wapi", 5)) nvram_clear(WAPI_NVRAM); #endif else usage(argv[0]); } else usage(argv[0]); } else if (argc == 4) { if (!strncasecmp(argv[1], "renew", 6)) { if (!strncmp(argv[2], "2860", 5) || !strncasecmp(argv[2], "rt2860", 7)) //b-compatible renew_nvram(RT2860_NVRAM, argv[3]); #if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \ defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE) else if (!strncasecmp(argv[2], "rtdev", 6)) renew_nvram(RTDEV_NVRAM, argv[3]); #endif #ifdef CONFIG_DUAL_IMAGE else if (!strncasecmp(argv[2], "uboot", 6)) printf("No support of renew command of uboot parameter.\n"); #endif } else usage(argv[0]); } else usage(argv[0]); return 0; }