Re: Password callback

Dan Kegel Tue, 28 Nov 2000 15:55:28 -0800
Isaac Foraker wrote:
> 
> Can anyone point me to documentation describing what a password callback
> should look like as set up by this function?
> 
> void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
> 
> I found this callback definition:
> 
> int cbPasswd(char *buf, int size, int rwflag, void *userdata);
> 
> What does each parameter do?

Here's some code that works for me... I don't use set_default_passwd_cb,
though.
- Dan

#include "errno.h"
#include "SSLContext.h"
#include <string.h>
 
// Callback function needed to pass passphrase to OpenSSL
// Assume passphrase passed in as app_context (last arg to PEM_read_bio...)
int getpassphrase_callback(char *buf, int buflen, int verify, void *app_context)
{
    (void) verify;
    const char *phrase = (const char *)app_context;
    if (buflen < (int)strlen(phrase)+1)
        return -1;
    LOG_DEBUG_STATIC(("getpassphrase_callback: returning passphrase '%s' to 
OpenSSL\n", phrase));
    strcpy(buf, phrase);
    return strlen(phrase);
}
 
/**
  Set the given SSL_CTX's private key to the given PEM file, using the given 
passphrase.
  @param ctx The ssl context to modify.
  @param file The name of the PEM file containing the desired private key.
  @param passphrase The nul-terminated ASCII passphrase for the given private key file.
  @return 0 on success, Unix error code on failure.
 */    

int my_use_RSAPrivateKey_file(SSL_CTX * ctx, const char *file,
                                      const char *passphrase)
{
    int err;
    int ret;
    BIO *in;
    RSA *rsa = NULL;
 
    // Stolen straight from OpenSSL's code.  Removed non-RSA code... should put it 
back?
 
    in = BIO_new(BIO_s_file_internal());
    if (in == NULL) {
        LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't creat bio\n"));
        err = ENOMEM;
        goto end;
    }
 
    if (BIO_read_filename(in, file) <= 0) {
        LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't open file %s\n",
                          file));
        err = errno;
        goto end;
    }
 
    rsa = PEM_read_bio_RSAPrivateKey(in, NULL, getpassphrase_callback, (void 
*)passphrase);
 
    if (rsa == NULL) {
        LOG_ERROR_STATIC(("SSLContext_use_RSAPrivateKey_file: can't read private key 
from the file %s\n",
                          file));
        goto end;
    }
    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
    RSA_free(rsa);
 
    if (ret < 1)
        err = EINVAL;
    else
        err = 0;
 
  end:
    if (in != NULL)
        BIO_free(in);
    return err;
}
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Password callback

Reply via email to
