Hooray, this question I can answer. (Maybe someone can answer mine
now?)

I dont know if it is a bad way, cryptographically, but it works.

//The bio to handle a char *
static BIO *memory_buf_BIO(const char* buf, int len)
{
BIO* bio;
BUF_MEM* mem;

if (!buf)
return NULL;

if (len == -1)
len = strlen(buf);

bio = BIO_new(BIO_s_mem());
if (!bio)
return NULL;

mem = BUF_MEM_new();
if (!mem)
{
BIO_free(bio);
return NULL;
}

if (!BUF_MEM_grow(mem, len))
{
BUF_MEM_free(mem);
BIO_free(bio);
return NULL;
}

memcpy(mem->data, buf, len);
BIO_set_mem_buf(bio, mem, 0);
return bio;
}

//The password handler
static int ssl_key_password_callback(char* buf, int buf_size,
int x, void* password)
{
int len;
if (!password)
{
strcpy(buf, "");
return 0;
}

len = strlen((char*)password);
if (len >= buf_size)
len = buf_size-1;
memcpy(buf, (char*)password, len);
buf[len] = '\0';
return len;
}


//Defined earlier I assume, so used uninitialised
SSL *ssl;
SSL_CTX *ctx;

//This function is pulled from a couple of other functions and mangled
together
//in this email. It works in my code but may not compile if I miss out
a
//variable or something...
process_private_key(char *private_key,char *private_key_password)
{
EVP_PKEY *key=NULL;
BIO* bio = NULL;

if (private_key && *private_key)
{
//Extract private key

bio = memory_buf_BIO(private_key, -1);
if (bio)
{
if (private_key_password && *private_key_password)
{
key=PEM_read_bio_PrivateKey(bio,NULL,
ssl_key_password_callback,

(void*)private_key_password);
if (!key)
{
#ifdef SSL_DEBUG
printf("Bad Password\n");
#endif
return 0;
}
}
else
key=PEM_read_bio_PrivateKey(bio,NULL, NULL, NULL);

BIO_free(bio);
}
}

SSL_CTX_use_PrivateKey(ctx,key);

return 1;
}

BiGNoRm6969 wrote:
> Hi,
>
> I did not know about the function EVP_PKEY *PEM'_read_PrivateKey(FILE *fp,
> EVP_PKEY **pkey,pem_password_callback function *cb,void *u ) and it's
> exactly what I need to use (very similar situation like the author of this
> thread).
>
> However, how could I use the EVP_PKEY after that ? Is there an equivalent
> function to SSL_CTX_use_PrivateKey_file() to use that EVP_PKEY ?
>
> Also, after creating a key with openssl (with -passout parameter), is the
> certificate creation process is the same ? Will I have to enter the key's
> password during the certificate creation ?
>
>


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org