4 files changed, 97 insertions, 13 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index f026da52b5..01d1610e3f 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.10 2014/08/05 12:46:16 jsing Exp $ */
+/* $OpenBSD: ressl.c,v 1.11 2014/08/06 01:54:01 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -21,6 +21,11 @@
 #include <stdlib.h>
 #include <unistd.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
 #include <ressl.h>
 #include "ressl_internal.h"
@@ -97,21 +102,78 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config)
 int
 ressl_configure_keypair(struct ressl *ctx)
 {
-        if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,
+        EVP_PKEY *pkey = NULL;
-            SSL_FILETYPE_PEM) != 1) {
+        X509 *cert = NULL;
-                ressl_set_error(ctx, "failed to load certificate");
+        BIO *bio = NULL;
-                return (1);
+        if (ctx->config->cert_mem != NULL) {
+                if ((bio = BIO_new_mem_buf(ctx->config->cert_mem,
+                    ctx->config->cert_len)) == NULL) {
+                        ressl_set_error(ctx, "failed to create buffer");
+                        goto err;
+                }
+                if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
+                        ressl_set_error(ctx, "failed to read certificate");
+                        goto err;
+                }
+                if (SSL_CTX_use_certificate(ctx->ssl_ctx, cert) != 1) {
+                        ressl_set_error(ctx, "failed to load certificate");
+                        goto err;
+                }
+                BIO_free(bio);
+                bio = NULL;
+                X509_free(cert);
+                cert = NULL;
        }
-        if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,
+        if (ctx->config->key_mem != NULL) {
-            SSL_FILETYPE_PEM) != 1) {
+                if ((bio = BIO_new_mem_buf(ctx->config->key_mem,
-                ressl_set_error(ctx, "failed to load private key");
+                    ctx->config->key_len)) == NULL) {
-                return (1);
+                        ressl_set_error(ctx, "failed to create buffer");
+                        goto err;
+                }
+                if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
+                    NULL)) == NULL) {
+                        ressl_set_error(ctx, "failed to read private key");
+                        goto err;
+                }
+                if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) {
+                        ressl_set_error(ctx, "failed to load private key");
+                        goto err;
+                }
+                BIO_free(bio);
+                bio = NULL;
+                EVP_PKEY_free(pkey);
+                pkey = NULL;
        }
+        if (ctx->config->cert_file != NULL) {
+                if (SSL_CTX_use_certificate_file(ctx->ssl_ctx,
+                    ctx->config->cert_file, SSL_FILETYPE_PEM) != 1) {
+                        ressl_set_error(ctx, "failed to load certificate file");
+                        goto err;
+                }
+        }
+        if (ctx->config->key_file != NULL) {
+                if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx,
+                    ctx->config->key_file, SSL_FILETYPE_PEM) != 1) {
+                        ressl_set_error(ctx, "failed to load private key file");
+                        goto err;
+                }
+        }
        if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
                ressl_set_error(ctx, "private/public key mismatch");
-                return (1);
+                goto err;
        }
        return (0);
+err:
+        EVP_PKEY_free(pkey);
+        X509_free(cert);
+        BIO_free(bio);
+        return (1);
 }
 void
diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
index b9ae809be4..0b437c4ad9 100644
--- a/src/lib/libressl/ressl.h
+++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.h,v 1.10 2014/08/05 12:46:16 jsing Exp $ */
+/* $OpenBSD: ressl.h,v 1.11 2014/08/06 01:54:01 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -34,8 +34,12 @@ void ressl_config_free(struct ressl_config *config);
 void ressl_config_set_ca_file(struct ressl_config *config, char *ca_file);
 void ressl_config_set_ca_path(struct ressl_config *config, char *ca_path);
 void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file);
+void ressl_config_set_cert_mem(struct ressl_config *config, char *cert,
+    size_t len);
 void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers);
 void ressl_config_set_key_file(struct ressl_config *config, char *key_file);
+void ressl_config_set_key_mem(struct ressl_config *config, char *key,
+    size_t len);
 void ressl_config_set_verify_depth(struct ressl_config *config,
    int verify_depth);
diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
index 60307d66b3..133ef81b02 100644
--- a/src/lib/libressl/ressl_config.c
+++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -70,6 +70,13 @@ ressl_config_set_cert_file(struct ressl_config *config, char *cert_file)
 }
 void
+ressl_config_set_cert_mem(struct ressl_config *config, char *cert, size_t len)
+{
+        config->cert_mem = cert;
+        config->cert_len = len;
+}
+void
 ressl_config_set_ciphers(struct ressl_config *config, char *ciphers)
 {
        config->ciphers = ciphers;
@@ -82,6 +89,13 @@ ressl_config_set_key_file(struct ressl_config *config, char *key_file)
 }
 void
+ressl_config_set_key_mem(struct ressl_config *config, char *key, size_t len)
+{
+        config->key_mem = key;
+        config->key_len = len;
+}
+void
 ressl_config_set_verify_depth(struct ressl_config *config, int verify_depth)
 {
        config->verify_depth = verify_depth;
diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h
index b7158bce9a..3f667526ad 100644
--- a/src/lib/libressl/ressl_internal.h
+++ b/src/lib/libressl/ressl_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_internal.h,v 1.8 2014/08/05 12:46:16 jsing Exp $ */
+/* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -29,8 +29,12 @@ struct ressl_config {
        const char *ca_file;
        const char *ca_path;
        const char *cert_file;
+        char *cert_mem;
+        size_t cert_len;
        const char *ciphers;
        const char *key_file;
+        char *key_mem;
+        size_t key_len;
        int verify;
        int verify_depth;
 };

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index f026da52b5..01d1610e3f 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl.c,v 1.10 2014/08/05 12:46:16 jsing Exp $ */	1	/* $OpenBSD: ressl.c,v 1.11 2014/08/06 01:54:01 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -21,6 +21,11 @@
21	#include <stdlib.h>	21	#include <stdlib.h>
22	#include <unistd.h>	22	#include <unistd.h>
23		23
		24	#include <openssl/bio.h>
		25	#include <openssl/evp.h>
		26	#include <openssl/pem.h>
		27	#include <openssl/x509.h>
		28
24	#include <ressl.h>	29	#include <ressl.h>
25	#include "ressl_internal.h"	30	#include "ressl_internal.h"
26		31
@@ -97,21 +102,78 @@ ressl_configure(struct ressl ctx, struct ressl_config config)
97	int	102	int
98	ressl_configure_keypair(struct ressl *ctx)	103	ressl_configure_keypair(struct ressl *ctx)
99	{	104	{
100	if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,	105	EVP_PKEY *pkey = NULL;
101	SSL_FILETYPE_PEM) != 1) {	106	X509 *cert = NULL;
102	ressl_set_error(ctx, "failed to load certificate");	107	BIO *bio = NULL;
103	return (1);	108
		109	if (ctx->config->cert_mem != NULL) {
		110	if ((bio = BIO_new_mem_buf(ctx->config->cert_mem,
		111	ctx->config->cert_len)) == NULL) {
		112	ressl_set_error(ctx, "failed to create buffer");
		113	goto err;
		114	}
		115	if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
		116	ressl_set_error(ctx, "failed to read certificate");
		117	goto err;
		118	}
		119	if (SSL_CTX_use_certificate(ctx->ssl_ctx, cert) != 1) {
		120	ressl_set_error(ctx, "failed to load certificate");
		121	goto err;
		122	}
		123	BIO_free(bio);
		124	bio = NULL;
		125	X509_free(cert);
		126	cert = NULL;
104	}	127	}
105	if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,	128	if (ctx->config->key_mem != NULL) {
106	SSL_FILETYPE_PEM) != 1) {	129	if ((bio = BIO_new_mem_buf(ctx->config->key_mem,
107	ressl_set_error(ctx, "failed to load private key");	130	ctx->config->key_len)) == NULL) {
108	return (1);	131	ressl_set_error(ctx, "failed to create buffer");
		132	goto err;
		133	}
		134	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
		135	NULL)) == NULL) {
		136	ressl_set_error(ctx, "failed to read private key");
		137	goto err;
		138	}
		139	if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) {
		140	ressl_set_error(ctx, "failed to load private key");
		141	goto err;
		142	}
		143	BIO_free(bio);
		144	bio = NULL;
		145	EVP_PKEY_free(pkey);
		146	pkey = NULL;
109	}	147	}
		148
		149	if (ctx->config->cert_file != NULL) {
		150	if (SSL_CTX_use_certificate_file(ctx->ssl_ctx,
		151	ctx->config->cert_file, SSL_FILETYPE_PEM) != 1) {
		152	ressl_set_error(ctx, "failed to load certificate file");
		153	goto err;
		154	}
		155	}
		156	if (ctx->config->key_file != NULL) {
		157	if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx,
		158	ctx->config->key_file, SSL_FILETYPE_PEM) != 1) {
		159	ressl_set_error(ctx, "failed to load private key file");
		160	goto err;
		161	}
		162	}
		163
110	if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {	164	if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
111	ressl_set_error(ctx, "private/public key mismatch");	165	ressl_set_error(ctx, "private/public key mismatch");
112	return (1);	166	goto err;
113	}	167	}
		168
114	return (0);	169	return (0);
		170
		171	err:
		172	EVP_PKEY_free(pkey);
		173	X509_free(cert);
		174	BIO_free(bio);
		175
		176	return (1);
115	}	177	}
116		178
117	void	179	void


diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h index b9ae809be4..0b437c4ad9 100644 --- a/src/lib/libressl/ressl.h +++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl.h,v 1.10 2014/08/05 12:46:16 jsing Exp $ */	1	/* $OpenBSD: ressl.h,v 1.11 2014/08/06 01:54:01 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -34,8 +34,12 @@ void ressl_config_free(struct ressl_config *config);
34	void ressl_config_set_ca_file(struct ressl_config config, char ca_file);	34	void ressl_config_set_ca_file(struct ressl_config config, char ca_file);
35	void ressl_config_set_ca_path(struct ressl_config config, char ca_path);	35	void ressl_config_set_ca_path(struct ressl_config config, char ca_path);
36	void ressl_config_set_cert_file(struct ressl_config config, char cert_file);	36	void ressl_config_set_cert_file(struct ressl_config config, char cert_file);
		37	void ressl_config_set_cert_mem(struct ressl_config config, char cert,
		38	size_t len);
37	void ressl_config_set_ciphers(struct ressl_config config, char ciphers);	39	void ressl_config_set_ciphers(struct ressl_config config, char ciphers);
38	void ressl_config_set_key_file(struct ressl_config config, char key_file);	40	void ressl_config_set_key_file(struct ressl_config config, char key_file);
		41	void ressl_config_set_key_mem(struct ressl_config config, char key,
		42	size_t len);
39	void ressl_config_set_verify_depth(struct ressl_config *config,	43	void ressl_config_set_verify_depth(struct ressl_config *config,
40	int verify_depth);	44	int verify_depth);
41		45


diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c index 60307d66b3..133ef81b02 100644 --- a/src/lib/libressl/ressl_config.c +++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl_config.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */	1	/* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -70,6 +70,13 @@ ressl_config_set_cert_file(struct ressl_config config, char cert_file)
70	}	70	}
71		71
72	void	72	void
		73	ressl_config_set_cert_mem(struct ressl_config config, char cert, size_t len)
		74	{
		75	config->cert_mem = cert;
		76	config->cert_len = len;
		77	}
		78
		79	void
73	ressl_config_set_ciphers(struct ressl_config config, char ciphers)	80	ressl_config_set_ciphers(struct ressl_config config, char ciphers)
74	{	81	{
75	config->ciphers = ciphers;	82	config->ciphers = ciphers;
@@ -82,6 +89,13 @@ ressl_config_set_key_file(struct ressl_config config, char key_file)
82	}	89	}
83		90
84	void	91	void
		92	ressl_config_set_key_mem(struct ressl_config config, char key, size_t len)
		93	{
		94	config->key_mem = key;
		95	config->key_len = len;
		96	}
		97
		98	void
85	ressl_config_set_verify_depth(struct ressl_config *config, int verify_depth)	99	ressl_config_set_verify_depth(struct ressl_config *config, int verify_depth)
86	{	100	{
87	config->verify_depth = verify_depth;	101	config->verify_depth = verify_depth;


diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h index b7158bce9a..3f667526ad 100644 --- a/src/lib/libressl/ressl_internal.h +++ b/src/lib/libressl/ressl_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl_internal.h,v 1.8 2014/08/05 12:46:16 jsing Exp $ */	1	/* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -29,8 +29,12 @@ struct ressl_config {
29	const char *ca_file;	29	const char *ca_file;
30	const char *ca_path;	30	const char *ca_path;
31	const char *cert_file;	31	const char *cert_file;
		32	char *cert_mem;
		33	size_t cert_len;
32	const char *ciphers;	34	const char *ciphers;
33	const char *key_file;	35	const char *key_file;
		36	char *key_mem;
		37	size_t key_len;
34	int verify;	38	int verify;
35	int verify_depth;	39	int verify_depth;
36	};	40	};