0 /* See LICENSE file for copyright and license details. */

1 #if defined(__OpenBSD__) || defined(__FreeBSD__)

2 #undef _POSIX_C_SOURCE

3 #include <stdlib.h>

4 #endif

5 #include <string.h>

6 #include <errno.h>

7 #include <fcntl.h>

8 #ifdef __linux__

9 #include <sys/random.h>

10 #endif

11 #include <openssl/pem.h>

12 #include "util.h"

13 #include "server.h"

14 #include "log.h"

15

16 int cert_create(const char* crt, const char* key) {

17 FILE* f = NULL;

18 int fd, id, ret = 1;

19

20 EVP_PKEY* pkey;

21 RSA* rsa;

22 BIGNUM* bne;

23 X509* x509;

24

25 pkey = EVP_PKEY_new();

26 rsa = RSA_new();

27 bne = BN_new();

28 x509 = X509_new();

29

30 if (BN_set_word(bne, 65537) != 1) goto failed;

31 if (RSA_generate_key_ex(rsa, 2048, bne, NULL) != 1) goto failed;

32

33 EVP_PKEY_assign_RSA(pkey, rsa);

34 #ifdef __linux__

35 if (getrandom(&id, sizeof(id), GRND_RANDOM) != sizeof(id))

36 goto failed;

37 #else

38 arc4random_buf(&id, sizeof(id));

39 #endif

40 if (ASN1_INTEGER_set(X509_get_serialNumber(x509), id) != 1)

41 goto failed;

42

43 X509_gmtime_adj(X509_getm_notBefore(x509), 0);

44 X509_gmtime_adj(X509_getm_notAfter(x509), 157680000L);

45

46 if (X509_set_pubkey(x509, pkey) != 1) goto failed;

47 if (X509_sign(x509, pkey, EVP_sha1()) == 0) goto failed;

48

49 /* Key */

50 fd = open(key, O_CREAT|O_WRONLY, 0600);

51 if (fd < 0) {

52 log_error("Failed to open %s : %s", key, strerror(errno));

53 goto skip_error;

54 }

55 f = fdopen(fd, "wb");

56 if (!f) {

57 log_error("Failed to write to %s : %s", key, strerror(errno));

58 goto skip_error;

59 }

60 if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL) != 1)

61 goto failed;

62 fclose(f);

63

64 /* Certificate */

65 fd = open(crt, O_CREAT|O_WRONLY, 0600);

66 if (fd < 0) {

67 log_error("Failed to open %s", crt);

68 goto skip_error;

69 }

70 f = fdopen(fd, "wb");

71 if (!f) {

72 log_error("Failed to write to %s", crt);

73 goto skip_error;

74 }

75 if (PEM_write_X509(f, x509) != 1)

76 goto failed;

77 fclose(f);

78

79 f = NULL;

80 ret = 0;

81 goto skip_error;

82 failed:

83 log_error("Failed to generate certificate");

84 skip_error:

85 if (f) fclose(f);

86 BN_free(bne);

87 EVP_PKEY_free(pkey);

88 X509_free(x509);

89 return ret;

90 }

91