Exemple #1
0
static LUA_FUNCTION(openssl_crl_read)
{
  BIO * in = load_bio_object(L, 1);
  int fmt = luaL_checkoption(L, 2, "auto", format);

  X509_CRL *crl = NULL;

  if (fmt == FORMAT_AUTO || fmt == FORMAT_PEM)
  {
    crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
    BIO_reset(in);
  }
  if ((fmt == FORMAT_AUTO && crl == NULL) || fmt == FORMAT_DER)
  {
    crl = d2i_X509_CRL_bio(in, NULL);
    BIO_reset(in);
  }
  BIO_free(in);

  if (crl)
  {
    PUSH_OBJECT(crl, "openssl.x509_crl");
    return 1;
  }
  return 0;
}
Exemple #2
0
static LUA_FUNCTION(openssl_csr_read)
{
  BIO * in = load_bio_object(L, 1);
  int fmt = luaL_checkoption(L, 2, "auto", format);
  X509_REQ * csr = NULL;

  if (fmt == FORMAT_AUTO)
  {
    fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM;
  }

  if (fmt == FORMAT_PEM)
  {
    csr = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
    BIO_reset(in);
  }else
  if (fmt == FORMAT_DER)
  {
    csr = d2i_X509_REQ_bio(in, NULL);
    BIO_reset(in);
  }
  BIO_free(in);

  if (csr)
  {
    PUSH_OBJECT(csr, "openssl.x509_req");
    return 1;
  }
  return openssl_pushresult(L, 0);
}
Exemple #3
0
int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
			   u8 *in_data, size_t in_len,
			   u8 *out_data, size_t out_len)
{
	int res;

	if (conn == NULL)
		return -1;

	BIO_reset(conn->ssl_in);
	BIO_reset(conn->ssl_out);
	res = SSL_write(conn->ssl, in_data, in_len);
	if (res < 0) {
		wpa_printf(MSG_INFO, "TLS: Encryption failed - SSL_write: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		return res;
	}

	res = BIO_read(conn->ssl_out, out_data, out_len);
	if (res < 0) {
		wpa_printf(MSG_INFO, "TLS: Encryption failed - BIO_read: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		return res;
	}

	return res;
}
Exemple #4
0
static void resetEncoder(Gzb64* gzb64)
{
    int zret = deflateReset(& gzb64->gz_encode_strm);
	if(zret < 0) zerr(zret);
	zret = BIO_reset(gzb64->encode_output_buffer);
	zret = BIO_reset(gzb64->b64_encoder);
	gzb64->encoded_last_chunk = false;
	if(DEBUG) printf("Encoder reset\n");
}
Exemple #5
0
u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
			      const u8 *in_data, size_t in_len,
			      size_t *out_len)
{
	int res;
	u8 *out_data;

	if (in_data &&
	    BIO_write(conn->ssl_in, in_data, in_len) < 0) {
		wpa_printf(MSG_INFO, "TLS: Handshake failed - BIO_write: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		return NULL;
	}

	res = SSL_connect(conn->ssl);
	if (res != 1) {
		int err = SSL_get_error(conn->ssl, res);
		if (err == SSL_ERROR_WANT_READ)
			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
				   "more data");
		else if (err == SSL_ERROR_WANT_WRITE)
			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
				   "write");
		else {
			wpa_printf(MSG_INFO, "SSL: SSL_connect: %s",
				   ERR_error_string(ERR_get_error(), NULL));
			return NULL;
		}
	}

	res = BIO_ctrl_pending(conn->ssl_out);
	wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
	out_data = malloc(res == 0 ? 1 : res);
	if (out_data == NULL) {
		wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
			   "handshake output (%d bytes)", res);
		BIO_reset(conn->ssl_out);
		*out_len = 0;
		return NULL;
	}
	res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res);
	if (res < 0) {
		wpa_printf(MSG_INFO, "TLS: Handshake failed - BIO_read: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		BIO_reset(conn->ssl_out);
		*out_len = 0;
		return NULL;
	}
	*out_len = res;
	return out_data;
}
Exemple #6
0
void tls__reset(tr_uv_tcp_transport_t* tt)
{
    int ret;
    QUEUE* q;

    tr_uv_tls_transport_t* tls = (tr_uv_tls_transport_t* )tt;

    pc_lib_log(PC_LOG_DEBUG, "tls__reset - reset ssl");
    if (!SSL_clear(tls->tls)) {
        pc_lib_log(PC_LOG_WARN, "tls__reset - ssl clear error: %s",
                ERR_error_string(ERR_get_error(), NULL));
    }

    ret = BIO_reset(tls->in);
    assert(ret == 1);

    ret = BIO_reset(tls->out);
    assert(ret == 1);

    // write should retry remained, insert it to writing queue
    // then tcp__reset will recycle it.
    if (tls->should_retry) {
        pc_lib_log(PC_LOG_DEBUG, "tls__reset - move should retry wi to writing queue, seq_num: %u, req_id: %u",
                tls->should_retry->seq_num, tls->should_retry->req_id);

        QUEUE_INIT(&tls->should_retry->queue);
        QUEUE_INSERT_TAIL(&tt->writing_queue, &tls->should_retry->queue);

        tls->should_retry = NULL;
    } 

    if (tls->retry_wb) {
        pc_lib_free(tls->retry_wb);
        tls->retry_wb = NULL;
        tls->retry_wb_len = 0;
    }

    // tcp reset will recycle following write item
    while(!QUEUE_EMPTY(&tls->when_tcp_is_writing_queue)) {
        q = QUEUE_HEAD(&tls->when_tcp_is_writing_queue);
        QUEUE_REMOVE(q);
        QUEUE_INIT(q);

        QUEUE_INSERT_TAIL(&tt->writing_queue, q);
    }
    
    tcp__reset(tt);
}
Exemple #7
0
void *module_url_main(void *args)
{
   BIO *bio_data = NULL;
   char *dataptr;
   long datalen;
   fd_set rfds;
   struct timeval tv;

   debugme("Module URL started\n");

   do {
      if(!(bio_data = BIO_new(BIO_s_mem()))) break;

      while(MODULE_URL.status != MODULE_STOPPING) {
         do {
            if(timemark(MODULE_URL_INDEX, &begin, &end)) break;

            url_firefox();
            url_chrome();
            url_opera();
            url_web();

            for(listp = list; listp; listp = listp->next) {
               debugme("URL %u %d %s %s\n", listp->time, listp->browser, listp->url, listp->title);
               if(BIO_putfiletime(bio_data, listp->time) == -1) break;
               if(BIO_puti32(bio_data, EVIDENCE_VERSION) == -1) break;
               if(BIO_puts16n(bio_data, listp->url) == -1) break;
               if(BIO_puti32(bio_data, listp->browser) == -1) break;
               if(BIO_puts16n(bio_data, listp->title) == -1) break;
               if(BIO_putsep(bio_data) == -1) break;
            }
            if(listp) break;

            if(!(datalen = BIO_get_mem_data(bio_data, &dataptr))) break;
            evidence_write(EVIDENCE_TYPE_URL, NULL, 0, dataptr, (int)datalen);
         } while(0);
         BIO_reset(bio_data);

         for(listp = list; listp;) {
            list = listp;
            listp = listp->next;
            if(list->url) free(list->url);
            if(list->title) free(list->title);
            free(list);
         }
         list = NULL;

         FD_ZERO(&rfds);
         FD_SET(MODULE_URL.event, &rfds);
         tv.tv_sec = 60;
         tv.tv_usec = 0;
         select(MODULE_URL.event + 1, &rfds, NULL, NULL, &tv);
      }
   } while(0);
   if(bio_data) BIO_free(bio_data);

   debugme("Module URL stopped\n");

   return NULL;
}
Exemple #8
0
HTTPScode
https_recv(struct https_request *req, int *code, const char **body, int *len,
        int msecs)
{
        int n, err;
        
        if (BIO_reset(req->body) != 1) {
                ctx->errstr = _SSL_strerror();
                return (HTTPS_ERR_LIB);
        }
        /* Read loop sentinel set by parser in __on_message_done() */
        while (!req->done) {
                while ((n = BIO_read(req->cbio, ctx->parse_buf,
                            sizeof(ctx->parse_buf))) <= 0) {
                        if ((n = _BIO_wait(req->cbio, msecs)) != 1) {
                                ctx->errstr = n ? _SSL_strerror() :
                                    "Connection closed";
                                return (HTTPS_ERR_SERVER);
                        }
                }
                if ((err = http_parser_execute(req->parser,
                            &ctx->parse_settings, ctx->parse_buf, n)) != n) {
                        ctx->errstr = http_errno_description(err);
                        return (HTTPS_ERR_SERVER);
                }
        }
        *len = BIO_get_mem_data(req->body, (char **)body);
        *code = req->parser->status_code;
        
        return (HTTPS_OK);
}
Exemple #9
0
static int fetch_data_from_bio(SSL *s, char **out)
{
    int i;
    BIO *bio = SSL_get_wbio(s);
    if (!bio) {
      fprintf(stderr, "Couldn't get write BIO for SSL object!\n");
      fflush(stderr);
      return -1;
    }
    char *crypted_data;
    long crypted_data_len = BIO_get_mem_data(bio, &crypted_data);
    *out = malloc(crypted_data_len);
    if (!*out) {
        return -1;
    }

    memcpy(*out, crypted_data, crypted_data_len);

    if (BIO_reset(bio) <= 0) {
      fprintf(stderr, "fetch_data_from_bio: BIO_reset returned <= 0\n");
      fflush(stderr);
      return -1;
    }
    i = crypted_data_len;

    return i; 
}
Exemple #10
0
static int openssl_ocsp_request_parse(lua_State*L)
{
  OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request");
  int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
  OCSP_REQINFO *inf = req->tbsRequest;
  OCSP_SIGNATURE *sig = req->optionalSignature;

  BIO* bio = BIO_new(BIO_s_mem());
  int i, num;
  lua_newtable(L);
  AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer);
  if (inf->requestorName)
  {
    opensl_push_general_name(L, inf->requestorName, utf8);
    lua_setfield(L, -2, "requestorName");
  }
  num = sk_OCSP_ONEREQ_num(inf->requestList);
  lua_newtable(L);
  for (i = 0; i < num; i++)
  {
    OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i);
    OCSP_CERTID *a = one->reqCert;
    lua_newtable(L);
    {
      openssl_push_x509_algor(L, a->hashAlgorithm);
      lua_setfield(L, -2, "hashAlgorithm");

      PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash);
      lua_setfield(L, -2, "issuerNameHash");

      PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash);
      lua_setfield(L, -2, "issuerKeyHash");

      PUSH_ASN1_INTEGER(L, a->serialNumber);
      lua_setfield(L, -2, "serialNumber");
    }
    lua_rawseti(L, -2, i + 1);
  }
  lua_setfield(L, -2, "requestList");

  if (inf->requestExtensions){
    STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions);
    PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension");
    lua_setfield(L,-2, "extensions");
  }

  if (sig)
  {
    BIO_reset(bio);
    X509_signature_print(bio, sig->signatureAlgorithm, sig->signature);
    for (i = 0; i < sk_X509_num(sig->certs); i++)
    {
      X509_print(bio, sk_X509_value(sig->certs, i));
      PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i));
    }
  }

  BIO_free(bio);
  return 1;
}
Exemple #11
0
OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
                                            apr_interval_time_t timeout,
                                            OCSP_REQUEST *request,
                                            conn_rec *c, apr_pool_t *p)
{
    OCSP_RESPONSE *response = NULL;
    apr_socket_t *sd;
    BIO *bio;

    bio = serialize_request(request, uri);
    if (bio == NULL) {
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01989)
                      "could not serialize OCSP request");
        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
        return NULL;
    }

    sd = send_request(bio, uri, timeout, c, p);
    if (sd == NULL) {
        /* Errors already logged. */
        BIO_free(bio);
        return NULL;
    }

    /* Clear the BIO contents, ready for the response. */
    (void)BIO_reset(bio);

    response = read_response(sd, bio, c, p);

    apr_socket_close(sd);
    BIO_free(bio);

    return response;
}
Exemple #12
0
static long crlfbuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
	{
	long ret;

	if (b->next_bio == NULL) return(0);
	switch(cmd)
		{
    case BIO_CTRL_RESET:
    {
		BIO_CRLFBUFFER_CTX *ctx;
		ctx=(BIO_CRLFBUFFER_CTX *)b->ptr;
		ctx->ibuf_len=0;
		ctx->ibuf_off=0;
		ctx->got_cr=0;
		if (b->next_bio)
			BIO_reset(b->next_bio);
    	break;
    }
    case BIO_C_DO_STATE_MACHINE:
		BIO_clear_retry_flags(b);
		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
		BIO_copy_next_retry(b);
		break;
	case BIO_CTRL_DUP:
		ret=0L;
		break;
	default:
		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
		}
	return(ret);
	}
Exemple #13
0
LIBSSH2_API int libssh2_publickey_is_privatekey(const char *keypath, const char *passphrase)
{
    int       st;
    BIO*      bp;
    EVP_PKEY* pk;

    bp = BIO_new_file(keypath, "r");
    if (bp == NULL) {
        return -1;
    }
    if (!EVP_get_cipherbyname("des")) {
        /* If this cipher isn't loaded it's a pretty good indication that none
         * are.  I have *NO DOUBT* that there's a better way to deal with this
         * ($#&%#$(%$#( Someone buy me an OpenSSL manual and I'll read up on
         * it.
         */
        OpenSSL_add_all_ciphers();
    }
    BIO_reset(bp);
    pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
    BIO_free(bp);

    if (pk == NULL) {
        /* _libssh2_error(session, */
        /*                LIBSSH2_ERROR_FILE, */
        /*                "Wrong passphrase or invalid/unrecognized " */
        /*                "private key file format"); */
        return -1;
    }

    return 1;
}
Exemple #14
0
static void resetDecoder(Gzb64* gzb64)
{
	int zret = inflateReset(& gzb64->gz_decode_strm);
	if(zret < 0) zerr(zret);
	zret = BIO_reset(gzb64->b64_decoder);
	gzb64->decoded_last_chunk = false;
	if(DEBUG) printf("Decoder reset\n");
}
Exemple #15
0
static LUA_FUNCTION(openssl_pkcs7_read)
{
  BIO* bio = load_bio_object(L, 1);
  int fmt = luaL_checkoption(L, 2, "auto", format);
  PKCS7 *p7 = NULL;
  BIO* ctx = NULL;

  if (fmt == FORMAT_AUTO)
  {
    fmt = bio_is_der(bio) ? FORMAT_DER : FORMAT_PEM;
  }

  if (fmt == FORMAT_DER)
  {
    p7 = d2i_PKCS7_bio(bio, NULL);
    BIO_reset(bio);
  }
  else if (fmt == FORMAT_PEM)
  {
    p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL);
    BIO_reset(bio);
  }
  else if (fmt == FORMAT_SMIME)
  {
    p7 = SMIME_read_PKCS7(bio, &ctx);
  }

  BIO_free(bio);
  if (p7)
  {
    PUSH_OBJECT(p7, "openssl.pkcs7");
    if (ctx)
    {
      BUF_MEM* mem;
      BIO_get_mem_ptr(ctx, &mem);
      lua_pushlstring(L, mem->data, mem->length);
      BIO_free(ctx);
      return 2;
    }
    return 1;
  }
  return openssl_pushresult(L, 0);
}
Exemple #16
0
int  bio_is_der(BIO* bio)
{
  byte head[1];
  int len = BIO_read(bio, head, sizeof(head));
  (void)BIO_reset(bio);
  if (len == sizeof(head) && head[0] == 0x30)
    return 1;

  return 0;
}
Exemple #17
0
u8 * tls_connection_server_handshake(void *ssl_ctx,
				     struct tls_connection *conn,
				     const u8 *in_data, size_t in_len,
				     size_t *out_len)
{
	int res;
	u8 *out_data;
	char buf[10];

	if (in_data &&
	    BIO_write(conn->ssl_in, in_data, in_len) < 0) {
		wpa_printf(MSG_INFO, "TLS: Handshake failed - BIO_write: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		return NULL;
	}

	res = SSL_read(conn->ssl, buf, sizeof(buf));
	if (res >= 0) {
		wpa_printf(MSG_DEBUG, "SSL: Unexpected data from SSL_read "
			   "(res=%d)", res);
	}

	res = BIO_ctrl_pending(conn->ssl_out);
	wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
	out_data = malloc(res == 0 ? 1 : res);
	if (out_data == NULL) {
		wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
			   "handshake output (%d bytes)", res);
		BIO_reset(conn->ssl_out);
		*out_len = 0;
		return NULL;
	}
	res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res);
	if (res < 0) {
		wpa_printf(MSG_INFO, "TLS: Handshake failed - BIO_read: %s",
			   ERR_error_string(ERR_get_error(), NULL));
		BIO_reset(conn->ssl_out);
		*out_len = 0;
		return NULL;
	}
	*out_len = res;
	return out_data;
}
Exemple #18
0
int main(int argc, char **argv)
{
    X509  *x509 = NULL;
    BIO   *bio  = NULL;
    has_t *crt  = NULL;
    char  *json = NULL; 
    size_t l;

    openssl_init();

    if ((bio = BIO_new(BIO_s_file())) == NULL) {
        return -1;
    }

    if(argc < 2) {
        BIO_set_fp(bio, stdin, BIO_NOCLOSE);
    } else {
        BIO_read_filename(bio, argv[1]);
    }
    
    /* Format DER */
    if((x509 = d2i_X509_bio(bio, NULL)) == NULL) {
        ERR_clear_error();
        BIO_reset(bio);
        /* Format PEM */
        x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
    }

    if(!x509) {
        fprintf(stderr, "Error loading certificate\n");
        return -1;
    }

    if((crt = has_x509_new(x509)) == NULL) {
        fprintf(stderr, "Error converting certificate\n");
        return -1;
    } 

    if(has_json_serialize(crt, &json, &l, HAS_JSON_SERIALIZE_PRETTY) == 0) {
        printf("%s\n", json);
        free(json);
    } else {
        fprintf(stderr, "Error serializing certificate\n");
        return -1;        
    }

    has_free(crt);
    X509_free(x509);
    BIO_free(bio);

    openssl_cleanup();

    return 0;
}
Exemple #19
0
void WTConnection::disconnect(void)
{
	if(!this->connecting && !this->connected)
	{
		return;
	};
	
	this->connecting = false;
	this->connected = false;

	if(this->socket != 0)
		close_portable(this->socket);
#ifndef NO_SSL
	if(this->ssl_socket != NULL)
	{
		if(BIO_reset(this->ssl_socket) != 0)
			warning_error("failed to reset socket");
		BIO_free_all(this->ssl_socket);
		this->ssl_socket = NULL;
		this->ssl = NULL;
	};
	if(this->ssl_ctx != NULL)
	{
		SSL_CTX_free(this->ssl_ctx);
		this->ssl_ctx = NULL;
	};
#endif
	delegate_status(WTHTTP_Closed);

	if(this->addr_info != NULL)
	{
		freeaddrinfo(this->addr_info);
		this->addr_info = NULL;
	};

	if(this->uri != NULL)
	{
		free(this->uri);
		this->uri = NULL;
	};

	if(this->domain != NULL)
	{
		free(this->domain);
		this->domain = NULL;
	};

	if(this->protocol != NULL)
	{
		free(this->protocol);
		this->protocol = NULL;
	};
}
Exemple #20
0
/*
  At first the arguments are read and passed. Then the ssl context is gotten
  by calling 'BIO_get_ssl(client, &ssl)'. Afterwards the ssl handshake is 
  performed and the certificate verified. Then the line is read from the certificate. 
  This value is mapped to 'organizationalUnitName'.
  An example usage of the connection is shown and then the connectino will be
  terminated.
 */
void* handleConn(void *argsv){
  connArgs* args = (connArgs*) argsv;
  MessageHandler* msgHandler = args->msgHandler;
  BIO* client = args->conn;
  SSL* ssl;

  BIO_get_ssl(client, &ssl);

  /*ssl handshake*/
  msgHandler->debug("performing ssl handshake");
  if(BIO_do_handshake(client) != 1){
    string fail("handshake failed\nSSL_ERROR: ");
    fail.append(ERR_reason_error_string(ERR_get_error()));
    msgHandler->log(fail);
  } else
    msgHandler->log("handshake successful");

  /*verifying the certificate*/
  X509* peerCert;

  if(SSL_get_verify_result(ssl) != X509_V_OK){
    string error("verification failed\nSSL_Error: ");
    error.append(ERR_reason_error_string(ERR_get_error()));
    msgHandler->error(error, CRITICAL);
  } else {
    msgHandler->debug("verification successful");
    peerCert  = SSL_get_peer_certificate(ssl);
  }

  msgHandler->debug("trying to get the line");
  /*getting the line*/
  char lineN[6];
  X509_NAME* name = X509_get_subject_name(peerCert);
  X509_NAME_get_text_by_NID(name, NID_organizationalUnitName, lineN, 6);
  string line("line is: ");
  line.append(lineN);
  msgHandler->debug(line);

  /*example use of the connection (echoing the incoming msg)*/
  char buffer[1024];
  bzero(buffer, 1024);
  SSL_read(ssl, buffer, 1024);
  string debug("message received: ");
  debug.append(buffer);
  msgHandler->debug(debug);
  SSL_write(ssl, buffer, 1024);

  /*closing the connection*/
  BIO_reset(client);
  X509_free(peerCert);
  return NULL;
}
Exemple #21
0
RSAKeyImpl::RSAKeyImpl(std::istream* pPublicKeyStream,
	std::istream* pPrivateKeyStream,
	const std::string& privateKeyPassphrase): KeyPairImpl("rsa", KT_RSA_IMPL),
		_pRSA(0)
{
	poco_assert_dbg(_pRSA == 0);

	_pRSA = RSA_new();
	if (pPublicKeyStream)
	{
		std::string publicKeyData;
		Poco::StreamCopier::copyToString(*pPublicKeyStream, publicKeyData);
		BIO* bio = BIO_new_mem_buf(const_cast<char*>(publicKeyData.data()), static_cast<int>(publicKeyData.size()));
		if (!bio) throw Poco::IOException("Cannot create BIO for reading public key");
		RSA* publicKey = PEM_read_bio_RSAPublicKey(bio, &_pRSA, 0, 0);
		if (!publicKey)
		{
			int rc = BIO_reset(bio);
			// BIO_reset() normally returns 1 for success and 0 or -1 for failure. 
			// File BIOs are an exception, they return 0 for success and -1 for failure.
			if (rc != 1) throw Poco::FileException("Failed to load public key");
			publicKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0);
		}
		BIO_free(bio);
		if (!publicKey)
		{
			freeRSA();
			throw Poco::FileException("Failed to load public key");
		}
	}

	if (pPrivateKeyStream)
	{
		std::string privateKeyData;
		Poco::StreamCopier::copyToString(*pPrivateKeyStream, privateKeyData);
		BIO* bio = BIO_new_mem_buf(const_cast<char*>(privateKeyData.data()), static_cast<int>(privateKeyData.size()));
		if (!bio) throw Poco::IOException("Cannot create BIO for reading private key");
		RSA* privateKey = 0;
		if (privateKeyPassphrase.empty())
			privateKey = PEM_read_bio_RSAPrivateKey(bio, &_pRSA, 0, 0);
		else
			privateKey = PEM_read_bio_RSAPrivateKey(bio, &_pRSA, 0, const_cast<char*>(privateKeyPassphrase.c_str()));
		BIO_free(bio);
		if (!privateKey)
		{
			freeRSA();
			throw Poco::FileException("Failed to load private key");
		}
	}
}
Exemple #22
0
static int test_printf(void) {
  /* Test a short output, a very long one, and various sizes around
   * 256 (the size of the buffer) to ensure edge cases are correct. */
  static const size_t kLengths[] = { 5, 250, 251, 252, 253, 254, 1023 };
  BIO *bio;
  char string[1024];
  int ret;
  const uint8_t *contents;
  size_t i, len;

  bio = BIO_new(BIO_s_mem());
  if (!bio) {
    fprintf(stderr, "BIO_new failed\n");
    return 0;
  }

  for (i = 0; i < sizeof(kLengths) / sizeof(kLengths[0]); i++) {
    if (kLengths[i] >= sizeof(string)) {
      fprintf(stderr, "Bad test string length\n");
      return 0;
    }
    memset(string, 'a', sizeof(string));
    string[kLengths[i]] = '\0';

    ret = BIO_printf(bio, "test %s", string);
    if (ret != 5 + kLengths[i]) {
      fprintf(stderr, "BIO_printf failed: %d\n", ret);
      return 0;
    }
    if (!BIO_mem_contents(bio, &contents, &len)) {
      fprintf(stderr, "BIO_mem_contents failed\n");
      return 0;
    }
    if (len != 5 + kLengths[i] ||
        strncmp((const char *)contents, "test ", 5) != 0 ||
        strncmp((const char *)contents + 5, string, kLengths[i]) != 0) {
      fprintf(stderr, "Contents did not match: %.*s\n", (int)len, contents);
      return 0;
    }

    if (!BIO_reset(bio)) {
      fprintf(stderr, "BIO_reset failed\n");
      return 0;
    }
  }

  BIO_free(bio);
  return 1;
}
Exemple #23
0
static int openssl_ssl_session_read(lua_State*L)
{
  BIO *in = load_bio_object(L, 1);
  SSL_SESSION* ss = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
  if (!ss)
  {
    BIO_reset(in);
    ss = d2i_SSL_SESSION_bio(in, NULL);
  }
  BIO_free(in);
  if (ss)
  {
    PUSH_OBJECT(ss, "openssl.ssl_session");
    return 1;
  }
  return openssl_pushresult(L, 0);
}
Exemple #24
0
  bool TLSEncryption::load_certificate(const char* certificate_buf)
  {
        if (!certificate_buf) return false;
        bool result = false;
         
#if defined(SSL_LIB_OPENSSL)        

        X509 *cert = NULL;
        EVP_PKEY *pkey = NULL;
        BIO *bio_buffer; 
        //create readonly memory BIO
        if (!(bio_buffer = BIO_new_mem_buf((void*)certificate_buf, -1))) return false; //certificate_buf should be null terminated;  
             
        //load PEM cert from buffer
        if(PEM_read_bio_X509(bio_buffer, &cert, 0, NULL))
        {             
                result = (SSL_CTX_use_certificate(m_ctx, cert) == SSL_SUCCESS);                
                X509_free(cert);
                BIO_reset(bio_buffer);
        }                 
        
        //load PEM private key from buffer
        if(result && PEM_read_bio_PrivateKey(bio_buffer, &pkey, 0, NULL)) 
        {
                result = (SSL_CTX_use_PrivateKey(m_ctx, pkey) == SSL_SUCCESS);                                               
                EVP_PKEY_free(pkey);
        }
             
        BIO_free(bio_buffer);   
        
#elif defined(SSL_LIB_CYASSL)   

        uint certificate_buf_len = strlen(certificate_buf);
        if (CyaSSL_CTX_use_certificate_buffer(m_ctx, (const unsigned char*)certificate_buf, 
                        certificate_buf_len, SSL_FILETYPE_PEM) == SSL_SUCCESS) {
                
                result = (CyaSSL_CTX_use_PrivateKey_buffer(m_ctx, (const unsigned char*)certificate_buf, 
                        certificate_buf_len, SSL_FILETYPE_PEM) == SSL_SUCCESS);        
        }      
                 
#endif  

        return result; 
  }
Exemple #25
0
int dtls_netsock_write(NETIO_SOCK_T *pnetsock, const unsigned char *pDataIn, unsigned int lenIn,
                       unsigned char *pDataOut, unsigned int lenOut) {
  int rc = 0;
  int code = 0;
  long sz0, sz;
  char *p = NULL;

  if(!pnetsock || !pDataIn || !pDataOut || !pnetsock->ssl.pCtxt || !pnetsock->ssl.pDtlsCtxt || !pnetsock->ssl.pBioWr) {
     return -1;
  }

  pthread_mutex_lock(&((STREAM_DTLS_CTXT_T *) pnetsock->ssl.pDtlsCtxt)->mtx);

  if((rc = SSL_write(pnetsock->ssl.pCtxt, pDataIn, lenIn)) < 0) {
    code = SSL_get_error(pnetsock->ssl.pCtxt, rc);
    LOG(X_DEBUG("DTLS SSL_write for len:%d, rc:%d, code:%d"), lenIn, rc, code);
  }

  sz0 = BIO_get_mem_data(pnetsock->ssl.pBioWr, &p);

  if((rc = BIO_read(pnetsock->ssl.pBioWr, pDataOut, lenOut)) < 0){
    LOG(X_ERROR("DTLS BIO_read (output data) failed with %d for %d -> %d bytes: %s"), 
                rc, lenIn, lenOut, ERR_reason_error_string(ERR_get_error()));
    rc = -1;
  } else {
    //LOG(X_DEBUG("DTLS BIO_read for lenIn:%d -> lenOut:%d/%d (buf:%d)"), lenIn, rc, sz0, lenOut);
  }

  if(rc >= 0) {

    if(!BIO_eof(pnetsock->ssl.pBioWr)) {
      sz = BIO_get_mem_data(pnetsock->ssl.pBioWr, &p);
      LOG(X_WARNING("DTLS output BIO discarding unread %lu/%ld bytes"), sz, sz0); 
    }

    (void) BIO_reset(pnetsock->ssl.pBioWr);

  }

  pthread_mutex_unlock(&((STREAM_DTLS_CTXT_T *) pnetsock->ssl.pDtlsCtxt)->mtx);

  return rc;
}
Exemple #26
0
static void tls__write_to_tcp(tr_uv_tls_transport_t* tls)
{
    QUEUE* q;
    char* ptr;
    size_t len;
    uv_buf_t buf;
    tr_uv_wi_t* wi = NULL;
    tr_uv_tcp_transport_t* tt = (tr_uv_tcp_transport_t*)tls;

    if (tt->is_writing)
        return;

    len = BIO_pending(tls->out);

    if (len == 0) {
        assert(QUEUE_EMPTY(&tls->when_tcp_is_writing_queue));
        uv_async_send(&tt->write_async);
        return ;
    } 

    while(!QUEUE_EMPTY(&tls->when_tcp_is_writing_queue)) {
        q = QUEUE_HEAD(&tls->when_tcp_is_writing_queue);
        QUEUE_REMOVE(q);
        QUEUE_INIT(q);

        wi = (tr_uv_wi_t* )QUEUE_DATA(q, tr_uv_wi_t, queue);
        pc_lib_log(PC_LOG_DEBUG, "tls__write_to_tcp - move wi from when tcp is writing queue to writing queue,"
                " seq_num: %u, req_id: %u", wi->seq_num, wi->req_id);

        QUEUE_INSERT_TAIL(&tt->writing_queue, q);
    }

    BIO_get_mem_data(tls->out, &ptr);

    buf.base = ptr;
    buf.len = len;

    // TODO: error handling
    tt->write_req.data = tls;
    uv_write(&tt->write_req, (uv_stream_t* )&tt->socket, &buf, 1, tls__write_done_cb);
    BIO_reset(tls->out);
    tt->is_writing = 1;
}
Exemple #27
0
X509 *https_open_cert(s8 *filepath)
{
	X509 *cert	   = NULL;
	BIO  *bio_cert = NULL;
	
	bio_cert = BIO_new_file(filepath, "r");
	if (!bio_cert)
	{
		return NULL;
	}
	cert = PEM_read_bio_X509(bio_cert, NULL, NULL, NULL);
	if (!cert)
	{
		(void)BIO_reset(bio_cert);
		cert = d2i_X509_bio(bio_cert, NULL);
	}
	BIO_free(bio_cert);

	return cert;   
}
Exemple #28
0
void* handleConn(void *argsv){
  connArgs* args = (connArgs*) argsv;
  BIO* client = args->conn;

  char* testBuf = new char[1024];

  BIO_do_handshake(client);

  sleep(3);
  bzero(testBuf, 1024);
  BIO_read(client, testBuf, 1024);

  BIO_write(client, testBuf, 1024);

  cout << "client: " << testBuf << endl;

  BIO_reset(client);  

  return NULL;
}
Exemple #29
0
/*
 * call-seq:
 *    Session.new(SSLSocket | string) => session
 *
 * === Parameters
 * +SSLSocket+ is an OpenSSL::SSL::SSLSocket
 * +string+ must be a DER or PEM encoded Session.
*/
static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
{
	SSL_SESSION *ctx = NULL;
	VALUE obj;
	unsigned char *p;

	if (RDATA(self)->data)
		ossl_raise(eSSLSession, "SSL Session already initialized");

	if (rb_obj_is_instance_of(arg1, cSSLSocket)) {
		SSL *ssl;

		Data_Get_Struct(arg1, SSL, ssl);

		if ((ctx = SSL_get1_session(ssl)) == NULL)
			ossl_raise(eSSLSession, "no session available");
	} else {
		BIO *in = ossl_obj2bio(arg1);

		ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);

		if (!ctx) {
			BIO_reset(in);
			ctx = d2i_SSL_SESSION_bio(in, NULL);
		}

		BIO_free(in);

		if (!ctx)
			ossl_raise(rb_eArgError, "unknown type");
	}

	/* should not happen */
	if (ctx == NULL)
		ossl_raise(eSSLSession, "ctx not set - internal error");

	RDATA(self)->data = ctx;

	return self;
}
Exemple #30
0
static VALUE 
ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
{
    BIO *in;
    X509_CRL *crl;
    VALUE arg;

    if (rb_scan_args(argc, argv, "01", &arg) == 0) {
	return self;
    }
    arg = ossl_to_der_if_possible(arg);
    in = ossl_obj2bio(arg);
    crl = PEM_read_bio_X509_CRL(in, (X509_CRL **)&DATA_PTR(self), NULL, NULL);
    if (!crl) {
	BIO_reset(in);
	crl = d2i_X509_CRL_bio(in, (X509_CRL **)&DATA_PTR(self));
    }
    BIO_free(in);
    if (!crl) ossl_raise(eX509CRLError, NULL);

    return self;
}