diff options
| author | jsing <> | 2014-08-06 01:54:01 +0000 |
|---|---|---|
| committer | jsing <> | 2014-08-06 01:54:01 +0000 |
| commit | 533b9cb6fe0524c31a25d947f525c859b4c84ff9 (patch) | |
| tree | 4078c1ca5f3aed03285687c8b675da3f2275e5c9 /src/lib/libressl/ressl.c | |
| parent | ae244416d2459b82c672fe5c98ec0ee712a706d1 (diff) | |
| download | openbsd-533b9cb6fe0524c31a25d947f525c859b4c84ff9.tar.gz openbsd-533b9cb6fe0524c31a25d947f525c859b4c84ff9.tar.bz2 openbsd-533b9cb6fe0524c31a25d947f525c859b4c84ff9.zip | |
Add support for loading the public/private key from memory, rather than
directly from file.
Diffstat (limited to 'src/lib/libressl/ressl.c')
| -rw-r--r-- | src/lib/libressl/ressl.c | 82 |
1 files changed, 72 insertions, 10 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index f026da52b5..01d1610e3f 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl.c,v 1.10 2014/08/05 12:46:16 jsing Exp $ */ | 1 | /* $OpenBSD: ressl.c,v 1.11 2014/08/06 01:54:01 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -21,6 +21,11 @@ | |||
| 21 | #include <stdlib.h> | 21 | #include <stdlib.h> |
| 22 | #include <unistd.h> | 22 | #include <unistd.h> |
| 23 | 23 | ||
| 24 | #include <openssl/bio.h> | ||
| 25 | #include <openssl/evp.h> | ||
| 26 | #include <openssl/pem.h> | ||
| 27 | #include <openssl/x509.h> | ||
| 28 | |||
| 24 | #include <ressl.h> | 29 | #include <ressl.h> |
| 25 | #include "ressl_internal.h" | 30 | #include "ressl_internal.h" |
| 26 | 31 | ||
| @@ -97,21 +102,78 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config) | |||
| 97 | int | 102 | int |
| 98 | ressl_configure_keypair(struct ressl *ctx) | 103 | ressl_configure_keypair(struct ressl *ctx) |
| 99 | { | 104 | { |
| 100 | if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file, | 105 | EVP_PKEY *pkey = NULL; |
| 101 | SSL_FILETYPE_PEM) != 1) { | 106 | X509 *cert = NULL; |
| 102 | ressl_set_error(ctx, "failed to load certificate"); | 107 | BIO *bio = NULL; |
| 103 | return (1); | 108 | |
| 109 | if (ctx->config->cert_mem != NULL) { | ||
| 110 | if ((bio = BIO_new_mem_buf(ctx->config->cert_mem, | ||
| 111 | ctx->config->cert_len)) == NULL) { | ||
| 112 | ressl_set_error(ctx, "failed to create buffer"); | ||
| 113 | goto err; | ||
| 114 | } | ||
| 115 | if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) { | ||
| 116 | ressl_set_error(ctx, "failed to read certificate"); | ||
| 117 | goto err; | ||
| 118 | } | ||
| 119 | if (SSL_CTX_use_certificate(ctx->ssl_ctx, cert) != 1) { | ||
| 120 | ressl_set_error(ctx, "failed to load certificate"); | ||
| 121 | goto err; | ||
| 122 | } | ||
| 123 | BIO_free(bio); | ||
| 124 | bio = NULL; | ||
| 125 | X509_free(cert); | ||
| 126 | cert = NULL; | ||
| 104 | } | 127 | } |
| 105 | if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file, | 128 | if (ctx->config->key_mem != NULL) { |
| 106 | SSL_FILETYPE_PEM) != 1) { | 129 | if ((bio = BIO_new_mem_buf(ctx->config->key_mem, |
| 107 | ressl_set_error(ctx, "failed to load private key"); | 130 | ctx->config->key_len)) == NULL) { |
| 108 | return (1); | 131 | ressl_set_error(ctx, "failed to create buffer"); |
| 132 | goto err; | ||
| 133 | } | ||
| 134 | if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, | ||
| 135 | NULL)) == NULL) { | ||
| 136 | ressl_set_error(ctx, "failed to read private key"); | ||
| 137 | goto err; | ||
| 138 | } | ||
| 139 | if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) { | ||
| 140 | ressl_set_error(ctx, "failed to load private key"); | ||
| 141 | goto err; | ||
| 142 | } | ||
| 143 | BIO_free(bio); | ||
| 144 | bio = NULL; | ||
| 145 | EVP_PKEY_free(pkey); | ||
| 146 | pkey = NULL; | ||
| 109 | } | 147 | } |
| 148 | |||
| 149 | if (ctx->config->cert_file != NULL) { | ||
| 150 | if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, | ||
| 151 | ctx->config->cert_file, SSL_FILETYPE_PEM) != 1) { | ||
| 152 | ressl_set_error(ctx, "failed to load certificate file"); | ||
| 153 | goto err; | ||
| 154 | } | ||
| 155 | } | ||
| 156 | if (ctx->config->key_file != NULL) { | ||
| 157 | if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, | ||
| 158 | ctx->config->key_file, SSL_FILETYPE_PEM) != 1) { | ||
| 159 | ressl_set_error(ctx, "failed to load private key file"); | ||
| 160 | goto err; | ||
| 161 | } | ||
| 162 | } | ||
| 163 | |||
| 110 | if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) { | 164 | if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) { |
| 111 | ressl_set_error(ctx, "private/public key mismatch"); | 165 | ressl_set_error(ctx, "private/public key mismatch"); |
| 112 | return (1); | 166 | goto err; |
| 113 | } | 167 | } |
| 168 | |||
| 114 | return (0); | 169 | return (0); |
| 170 | |||
| 171 | err: | ||
| 172 | EVP_PKEY_free(pkey); | ||
| 173 | X509_free(cert); | ||
| 174 | BIO_free(bio); | ||
| 175 | |||
| 176 | return (1); | ||
| 115 | } | 177 | } |
| 116 | 178 | ||
| 117 | void | 179 | void |