1000 void* listen_sslctx_create(char* key, char* pem, char* verifypem)
1008 	if(!key || key[0] == 0) {
1009 		log_err("error: no tls-service-key file specified");
1028 	if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) {
1029 		log_err("error for private key file: %s", key);
1035 		log_err("error for key file: %s", key);
1053 	(void)key; (void)pem; (void)verifypem;
1148 void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert)
1178 	if(key && key[0]) {
1185 		if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) {
1186 			log_err("error in client private key %s", key);
1187 			log_crypto_err("error in key file");
1192 			log_err("error in client key %s", key);
1221 	(void)key; (void)pem; (void)verifypem; (void)wincert;
1420 			log_err("could not read tls-session-ticket-key %s: %s", p->str, strerror(errno));
1428 			log_err("tls-session-ticket-key %s is %d bytes, must be 80 bytes", p->str, (int)n);
1432 		verbose(VERB_OPS, "read tls-session-ticket-key: %s", p->str);
1439 	/* terminate array with NULL key name entry */
1518 		struct tls_session_ticket_key *key;
1520 		for(key = ticket_keys; key->key_name != NULL; key++) {
1521 			if (!memcmp(key_name, key->key_name, 16)) {
1526 		if(key->key_name == NULL) {
1533 			key->hmac_key, 32);
1543 		if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) {
1548 		HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL);
1550 		if (EVP_DecryptInit_ex(evp_sctx, cipher, NULL, key->aes_key, iv) != 1) {
1555 		return (key == ticket_keys) ? 1 : 2;
1572 	struct tls_session_ticket_key *key;
1574 	for(key = ticket_keys; key->key_name != NULL; key++) {
1575 		/* wipe key data from memory*/
1577 		explicit_bzero(key->key_name, 80);
1579 		memset(key->key_name, 0xdd, 80);
1581 		free(key->key_name);

Indexes created Thu May 16 13:05:45 MDT 2024