From: jsing Date: Wed, 6 Aug 2014 01:54:01 +0000 (+0000) Subject: Add support for loading the public/private key from memory, rather than X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bc2ddfbde49ff9b1fb2d54aaadbaf1bcaa7081c5;p=openbsd Add support for loading the public/private key from memory, rather than directly from file. --- diff --git a/lib/libressl/ressl.c b/lib/libressl/ressl.c index f026da52b5a..01d1610e3f8 100644 --- a/lib/libressl/ressl.c +++ b/lib/libressl/ressl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl.c,v 1.10 2014/08/05 12:46:16 jsing Exp $ */ +/* $OpenBSD: ressl.c,v 1.11 2014/08/06 01:54:01 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -21,6 +21,11 @@ #include #include +#include +#include +#include +#include + #include #include "ressl_internal.h" @@ -97,21 +102,78 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config) int ressl_configure_keypair(struct ressl *ctx) { - if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file, - SSL_FILETYPE_PEM) != 1) { - ressl_set_error(ctx, "failed to load certificate"); - return (1); + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + BIO *bio = NULL; + + if (ctx->config->cert_mem != NULL) { + if ((bio = BIO_new_mem_buf(ctx->config->cert_mem, + ctx->config->cert_len)) == NULL) { + ressl_set_error(ctx, "failed to create buffer"); + goto err; + } + if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) { + ressl_set_error(ctx, "failed to read certificate"); + goto err; + } + if (SSL_CTX_use_certificate(ctx->ssl_ctx, cert) != 1) { + ressl_set_error(ctx, "failed to load certificate"); + goto err; + } + BIO_free(bio); + bio = NULL; + X509_free(cert); + cert = NULL; } - if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file, - SSL_FILETYPE_PEM) != 1) { - ressl_set_error(ctx, "failed to load private key"); - return (1); + if (ctx->config->key_mem != NULL) { + if ((bio = BIO_new_mem_buf(ctx->config->key_mem, + ctx->config->key_len)) == NULL) { + ressl_set_error(ctx, "failed to create buffer"); + goto err; + } + if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)) == NULL) { + ressl_set_error(ctx, "failed to read private key"); + goto err; + } + if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) { + ressl_set_error(ctx, "failed to load private key"); + goto err; + } + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; } + + if (ctx->config->cert_file != NULL) { + if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, + ctx->config->cert_file, SSL_FILETYPE_PEM) != 1) { + ressl_set_error(ctx, "failed to load certificate file"); + goto err; + } + } + if (ctx->config->key_file != NULL) { + if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, + ctx->config->key_file, SSL_FILETYPE_PEM) != 1) { + ressl_set_error(ctx, "failed to load private key file"); + goto err; + } + } + if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) { ressl_set_error(ctx, "private/public key mismatch"); - return (1); + goto err; } + return (0); + +err: + EVP_PKEY_free(pkey); + X509_free(cert); + BIO_free(bio); + + return (1); } void diff --git a/lib/libressl/ressl.h b/lib/libressl/ressl.h index b9ae809be46..0b437c4ad97 100644 --- a/lib/libressl/ressl.h +++ b/lib/libressl/ressl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl.h,v 1.10 2014/08/05 12:46:16 jsing Exp $ */ +/* $OpenBSD: ressl.h,v 1.11 2014/08/06 01:54:01 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -34,8 +34,12 @@ void ressl_config_free(struct ressl_config *config); void ressl_config_set_ca_file(struct ressl_config *config, char *ca_file); void ressl_config_set_ca_path(struct ressl_config *config, char *ca_path); void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file); +void ressl_config_set_cert_mem(struct ressl_config *config, char *cert, + size_t len); void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers); void ressl_config_set_key_file(struct ressl_config *config, char *key_file); +void ressl_config_set_key_mem(struct ressl_config *config, char *key, + size_t len); void ressl_config_set_verify_depth(struct ressl_config *config, int verify_depth); diff --git a/lib/libressl/ressl_config.c b/lib/libressl/ressl_config.c index 60307d66b3e..133ef81b02a 100644 --- a/lib/libressl/ressl_config.c +++ b/lib/libressl/ressl_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl_config.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */ +/* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -69,6 +69,13 @@ ressl_config_set_cert_file(struct ressl_config *config, char *cert_file) config->cert_file = cert_file; } +void +ressl_config_set_cert_mem(struct ressl_config *config, char *cert, size_t len) +{ + config->cert_mem = cert; + config->cert_len = len; +} + void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers) { @@ -81,6 +88,13 @@ ressl_config_set_key_file(struct ressl_config *config, char *key_file) config->key_file = key_file; } +void +ressl_config_set_key_mem(struct ressl_config *config, char *key, size_t len) +{ + config->key_mem = key; + config->key_len = len; +} + void ressl_config_set_verify_depth(struct ressl_config *config, int verify_depth) { diff --git a/lib/libressl/ressl_internal.h b/lib/libressl/ressl_internal.h index b7158bce9a4..3f667526ad2 100644 --- a/lib/libressl/ressl_internal.h +++ b/lib/libressl/ressl_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ressl_internal.h,v 1.8 2014/08/05 12:46:16 jsing Exp $ */ +/* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -29,8 +29,12 @@ struct ressl_config { const char *ca_file; const char *ca_path; const char *cert_file; + char *cert_mem; + size_t cert_len; const char *ciphers; const char *key_file; + char *key_mem; + size_t key_len; int verify; int verify_depth; };