static bool init_params(int *argc, char ***argv, struct main_params *params,
struct audio_params **p_audio)
{
struct audio_params *audio = NULL;
if (!get_opt_str(argc, argv, ¶ms->file, "file name"))
return false;
if (!get_opt_int(argc, argv, ¶ms->has_video, "video track count"))
return false;
if (!get_opt_int(argc, argv, ¶ms->tracks, "audio track count"))
return false;
if (params->has_video > 1 || params->has_video < 0) {
puts("Invalid number of video tracks\n");
return false;
}
if (params->tracks < 0) {
puts("Invalid number of audio tracks\n");
return false;
}
if (params->has_video == 0 && params->tracks == 0) {
puts("Must have at least 1 audio track or 1 video track\n");
return false;
}
if (params->has_video) {
if (!get_opt_str(argc, argv, ¶ms->vcodec, "video codec"))
return false;
if (!get_opt_int(argc, argv, ¶ms->vbitrate,"video bitrate"))
return false;
if (!get_opt_int(argc, argv, ¶ms->width, "video width"))
return false;
if (!get_opt_int(argc, argv, ¶ms->height, "video height"))
return false;
if (!get_opt_int(argc, argv, ¶ms->fps_num, "video fps num"))
return false;
if (!get_opt_int(argc, argv, ¶ms->fps_den, "video fps den"))
return false;
}
if (params->tracks) {
if (!get_opt_str(argc, argv, ¶ms->acodec, "audio codec"))
return false;
audio = calloc(1, sizeof(*audio) * params->tracks);
for (int i = 0; i < params->tracks; i++) {
if (!get_audio_params(&audio[i], argc, argv)) {
free(audio);
return false;
}
}
}
*p_audio = audio;
get_opt_str(argc, argv, ¶ms->muxer_settings, "muxer settings");
return true;
}
int unionfs_opt_proc(void *data, const char *arg, int key, struct fuse_args *outargs) {
(void)data;
int res = 0; // for general purposes
switch (key) {
case FUSE_OPT_KEY_NONOPT:
res = parse_branches(arg);
if (res > 0) return 0;
uopt.retval = 1;
return 1;
case KEY_DIRS:
// skip the "dirs="
res = parse_branches(arg+5);
if (res > 0) return 0;
uopt.retval = 1;
return 1;
case KEY_CHROOT:
uopt.chroot = get_opt_str(arg, "chroot");
return 0;
case KEY_COW:
uopt.cow_enabled = true;
return 0;
case KEY_DEBUG_FILE:
uopt.dbgpath = get_opt_str(arg, "debug_file");
uopt.debug = true;
return 0;
case KEY_HELP:
print_help(outargs->argv[0]);
fuse_opt_add_arg(outargs, "-ho");
uopt.doexit = 1;
return 0;
case KEY_HIDE_META_FILES:
case KEY_HIDE_METADIR:
uopt.hide_meta_files = true;
return 0;
case KEY_MAX_FILES:
set_max_open_files(arg);
return 0;
case KEY_NOINITGROUPS:
// option only for compatibility with older versions
return 0;
case KEY_STATFS_OMIT_RO:
uopt.statfs_omit_ro = true;
return 0;
case KEY_RELAXED_PERMISSIONS:
uopt.relaxed_permissions = true;
return 0;
case KEY_VERSION:
printf("unionfs-fuse version: "VERSION"\n");
#ifdef HAVE_XATTR
printf("(compiled with xattr support)\n");
#endif
uopt.doexit = 1;
return 1;
default:
uopt.retval = 1;
return 1;
}
}
NONSTATIC_INLINE void
copy_opt(struct document_options *o1, struct document_options *o2)
{
copy_struct(o1, o2);
o1->framename = stracpy(o2->framename);
o1->image_link.prefix = stracpy(get_opt_str("document.browse.images.image_link_prefix", NULL));
o1->image_link.suffix = stracpy(get_opt_str("document.browse.images.image_link_suffix", NULL));
}
Test::Result
PK_Signature_Generation_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> message = get_req_bin(vars, "Msg");
const std::vector<uint8_t> signature = get_req_bin(vars, "Signature");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
std::unique_ptr<Botan::RandomNumberGenerator> rng;
if(vars.count("Nonce"))
{
rng.reset(new Fixed_Output_RNG(get_req_bin(vars, "Nonce")));
}
Test::Result result(algo_name() + "/" + padding + " signature generation");
std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey)));
Botan::PK_Signer signer(*privkey, padding);
Botan::PK_Verifier verifier(*pubkey, padding);
const std::vector<uint8_t> generated_signature = signer.sign_message(message, rng ? *rng : Test::rng());
result.test_eq("generated signature matches KAT", generated_signature, signature);
result.test_eq("generated signature valid", verifier.verify_message(message, generated_signature), true);
check_invalid_signatures(result, verifier, message, signature);
result.test_eq("correct signature valid", verifier.verify_message(message, signature), true);
return result;
}
Test::Result
PK_Encryption_Decryption_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> plaintext = get_req_bin(vars, "Msg");
const std::vector<uint8_t> ciphertext = get_req_bin(vars, "Ciphertext");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
std::unique_ptr<Botan::RandomNumberGenerator> kat_rng;
if(vars.count("Nonce"))
{
kat_rng.reset(new Fixed_Output_RNG(get_req_bin(vars, "Nonce")));
}
Test::Result result(algo_name() + "/" + padding + " decryption");
std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
// instead slice the private key to work around elgamal test inputs
//std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey)));
Botan::PK_Encryptor_EME encryptor(*privkey, padding);
result.test_eq("encryption", encryptor.encrypt(plaintext, kat_rng ? *kat_rng : Test::rng()), ciphertext);
Botan::PK_Decryptor_EME decryptor(*privkey, padding);
result.test_eq("decryption", decryptor.decrypt(ciphertext), plaintext);
check_invalid_ciphertexts(result, decryptor, plaintext, ciphertext);
return result;
}
static void
init_gnutls(struct module *module)
{
int ret = gnutls_global_init();
unsigned char *ca_file = get_opt_str("connection.ssl.trusted_ca_file",
NULL);
if (ret < 0)
INTERNAL("GNUTLS init failed: %s", gnutls_strerror(ret));
ret = gnutls_anon_allocate_client_credentials(&anon_cred);
if (ret < 0)
INTERNAL("GNUTLS anon credentials alloc failed: %s",
gnutls_strerror(ret));
ret = gnutls_certificate_allocate_credentials(&xcred);
if (ret < 0)
INTERNAL("GNUTLS X509 credentials alloc failed: %s",
gnutls_strerror(ret));
/* Here, we should load certificate files etc. */
if (*ca_file) {
/* FIXME: check returned values. --witekfl */
gnutls_certificate_set_x509_trust_file(xcred, ca_file,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_flags(xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
}
std::string PK_Test::choose_padding(const VarMap& vars,
const std::string& pad_hdr)
{
if(pad_hdr != "")
return pad_hdr;
return get_opt_str(vars, "Padding", this->default_padding(vars));
}
/* Timer callback for @countdown. As explained in @install_timer,
* this function must erase the expired timer ID from all variables. */
static void
count_down(void *xxx)
{
struct keybinding *keybinding;
timer_duration--;
if (timer_duration) {
install_timer(&countdown, COUNT_DOWN_DELAY, count_down, NULL);
return;
} else {
countdown = TIMER_ID_UNDEF;
}
/* The expired timer ID has now been erased. */
keybinding = kbd_nm_lookup(KEYMAP_MAIN,
get_opt_str((const unsigned char *)"ui.timer.action", NULL));
if (keybinding) {
struct terminal *terminal;
struct term_event ev;
set_kbd_term_event(&ev, keybinding->kbd.key,
keybinding->kbd.modifier);
foreach (terminal, terminals) {
term_send_event(terminal, &ev);
}
}
Overlay* overlay_new()
{
Overlay *ov = malloc(sizeof(Overlay));
memset(ov, 0, sizeof(Overlay));
ov->nc_st = newwin(1,1,0,0);
ov->nc_sep = newwin(1,1,0,0);
ov->col_lbl = opt_color(OVERLAY_ACTIVE);
ov->col_text = opt_color(OVERLAY_LINE);
ov->col_ln = opt_color(OVERLAY_LINE);
ov->col_sep = opt_color(OVERLAY_SEP);
ov->col_arg = opt_color(OVERLAY_ARGS);
ov->col_bufno = opt_color(OVERLAY_BUFNO);
ov->col_prog = opt_color(OVERLAY_PROGRESS);
ov->col_fil = opt_color(OVERLAY_FILTER);
sep_char = get_opt_str("sepchar");
ov->arg = strdup(" ");
overlay_bufno(ov, 0);
memset(ov->name, ' ', SZ_LBL);
memset(ov->lineno, ' ', SZ_LN);
return ov;
}
Test::Result PK_Key_Agreement_Test::run_one_test(const std::string& header, const VarMap& vars)
{
const std::vector<uint8_t> shared = get_req_bin(vars, "K");
const std::string kdf = get_opt_str(vars, "KDF", default_kdf(vars));
Test::Result result(algo_name() + "/" + kdf +
(header.empty() ? header : " " + header) +
" key agreement");
std::unique_ptr<Botan::Private_Key> privkey = load_our_key(header, vars);
const std::vector<uint8_t> pubkey = load_their_key(header, vars);
const size_t key_len = get_opt_sz(vars, "OutLen", 0);
for(auto&& provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Key_Agreement> kas;
try
{
kas.reset(new Botan::PK_Key_Agreement(*privkey, kdf, provider));
result.test_eq(provider, "agreement", kas->derive_key(key_len, pubkey).bits_of(), shared);
}
catch(Botan::Lookup_Error&)
{
//result.test_note("Skipping key agreement with with " + provider);
}
}
return result;
}
Test::Result
PK_Signature_Verification_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> message = get_req_bin(vars, "Msg");
const std::vector<uint8_t> signature = get_req_bin(vars, "Signature");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
std::unique_ptr<Botan::Public_Key> pubkey = load_public_key(vars);
Test::Result result(algo_name() + "/" + padding + " signature verification");
for(auto&& verify_provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Verifier> verifier;
try
{
verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider));
result.test_eq("correct signature valid", verifier->verify_message(message, signature), true);
check_invalid_signatures(result, *verifier, message, signature);
}
catch(Botan::Lookup_Error&)
{
result.test_note("Skipping verifying with " + verify_provider);
}
}
return result;
}
static bool get_opt_int(int *p_argc, char ***p_argv, int *i, const char *opt)
{
char *str;
if (!get_opt_str(p_argc, p_argv, &str, opt)) {
return false;
}
*i = atoi(str);
return true;
}
static bool get_audio_params(struct audio_params *audio, int *argc,
char ***argv)
{
if (!get_opt_str(argc, argv, &audio->name, "audio track name"))
return false;
if (!get_opt_int(argc, argv, &audio->abitrate, "audio bitrate"))
return false;
if (!get_opt_int(argc, argv, &audio->sample_rate, "audio sample rate"))
return false;
if (!get_opt_int(argc, argv, &audio->channels, "audio channels"))
return false;
return true;
}
void Options::restore_window_position( MainWindow *wmain_p )
{
bool restore_pos = get_opt_bool( "RESTORE_WINDOW_POSITION", true );
if ( !restore_pos )
return ;
long nb_widget = get_opt_long( "WIDGET_NB_WIDGET", 0 );
for ( int i = 0; i < nb_widget; i++ )
{
QString name = "WORKSPACE" + QString::number( i );
QString type = get_opt_str( "TYPE_" + name, QString() );
if ( type == "SOURCEVIEW" )
{
QString source = get_opt_str( "SOURCE_" + name, QString::null ).toLatin1();
bool from_user_loaded = get_opt_bool( "SOURCE_USER_LOADED_" + name, false );
QMdiSubWindow *widget_p = wmain_p->openOCamlSource( source , from_user_loaded );
if ( widget_p )
{
restore_window_position( name, widget_p );
}
}
}
}
static enum evhook_status
goto_url_hook(va_list ap, void *data)
{
unsigned char **url = va_arg(ap, unsigned char **);
struct session *ses = va_arg(ap, struct session *);
unsigned char *uu = NULL;
unsigned char *arg = "";
unsigned char *argstart = *url + strcspn(*url, " :");
if (get_smart_enable() && *argstart) {
unsigned char bucket = *argstart;
*argstart = '\0';
uu = get_uri_rewrite_prefix(URI_REWRITE_SMART, *url);
*argstart = bucket;
arg = argstart + 1;
}
if (get_dumb_enable() && !uu && !*argstart)
uu = get_uri_rewrite_prefix(URI_REWRITE_DUMB, *url);
if (!uu
&& !strchr((const char *)*url, ':')
&& !strchr((const char *)*url, '.')
&& !strchr((const char *)*url, '/')) {
uu = get_opt_str("protocol.rewrite.default_template", NULL);
if (uu && *uu) {
arg = *url;
} else {
uu = NULL;
}
}
if (uu) {
struct uri *uri = ses && have_location(ses)
? cur_loc(ses)->vs.uri : NULL;
uu = rewrite_uri(uu, uri, arg);
if (uu) {
mem_free(*url);
*url = uu;
}
}
return EVENT_HOOK_STATUS_NEXT;
}
/* TODO: We could of course significantly simplify the calling convention by
* autogenerating most of the parameters from protocol name. Having a function
* exported by protocol/protocol.* dedicated to that would be nice too.
* --pasky */
static unsigned char *
get_protocol_proxy(unsigned char *opt,
unsigned char *env1, unsigned char *env2,
unsigned char *strip1, unsigned char *strip2)
{
unsigned char *proxy;
proxy = get_opt_str(opt, NULL);
if (!*proxy) proxy = (unsigned char *)getenv((const char *)env1);
if (!proxy || !*proxy) proxy = (unsigned char *)getenv((const char *)env2);
if (proxy && *proxy) {
proxy = strip_proxy_protocol(proxy, strip1, strip2);
}
return proxy;
}
Test::Result PK_Key_Agreement_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> shared = get_req_bin(vars, "K");
const std::string kdf = get_opt_str(vars, "KDF", default_kdf(vars));
Test::Result result(algo_name() + "/" + kdf + " key agreement");
std::unique_ptr<Botan::Private_Key> privkey = load_our_key(vars);
const std::vector<uint8_t> pubkey = load_their_key(vars);
const size_t key_len = get_opt_sz(vars, "OutLen", 0);
Botan::PK_Key_Agreement kas(*privkey, kdf);
result.test_eq("agreement", kas.derive_key(key_len, pubkey).bits_of(), shared);
return result;
}
Test::Result
PK_Signature_Verification_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> message = get_req_bin(vars, "Msg");
const std::vector<uint8_t> signature = get_req_bin(vars, "Signature");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
std::unique_ptr<Botan::Public_Key> pubkey = load_public_key(vars);
Test::Result result(algo_name() + "/" + padding + " signature verification");
Botan::PK_Verifier verifier(*pubkey, padding);
result.test_eq("correct signature valid", verifier.verify_message(message, signature), true);
check_invalid_signatures(result, verifier, message, signature);
return result;
}
static void
add_cookie_info_to_string(struct string *string, struct cookie *cookie,
struct terminal *term)
{
add_format_to_string(string, "\n%s: %s", _("Name", term), cookie->name);
add_format_to_string(string, "\n%s: %s", _("Value", term), cookie->value);
add_format_to_string(string, "\n%s: %s", _("Domain", term), cookie->domain);
add_format_to_string(string, "\n%s: %s", _("Path", term), cookie->path);
if (!cookie->expires) {
add_format_to_string(string, "\n%s: ", _("Expires", term));
add_to_string(string, _("at quit time", term));
#ifdef HAVE_STRFTIME
} else {
add_format_to_string(string, "\n%s: ", _("Expires", term));
add_date_to_string(string, get_opt_str((const unsigned char *)"ui.date_format", NULL), &cookie->expires);
#endif
}
add_format_to_string(string, "\n%s: %s", _("Secure", term),
_(cookie->secure ? N_("yes") : N_("no"), term));
}
static unsigned char *
get_cache_entry_info(struct listbox_item *item, struct terminal *term)
{
struct cache_entry *cached = item->udata;
struct string msg;
if (item->type == BI_FOLDER) return NULL;
if (!init_string(&msg)) return NULL;
add_to_string(&msg, _("URL", term));
add_to_string(&msg, ": ");
add_uri_to_string(&msg, cached->uri, URI_PUBLIC);
/* No need to use compare_uri() here we only want to check whether they
* point to the same URI. */
if (cached->proxy_uri != cached->uri) {
add_format_to_string(&msg, "\n%s: ", _("Proxy URL", term));
add_uri_to_string(&msg, cached->proxy_uri, URI_PUBLIC);
}
if (cached->redirect) {
add_format_to_string(&msg, "\n%s: ", _("Redirect", term));
add_uri_to_string(&msg, cached->redirect, URI_PUBLIC);
if (cached->redirect_get) {
add_to_string(&msg, " (GET)");
}
}
add_format_to_string(&msg, "\n%s: %" OFF_T_FORMAT, _("Size", term),
cached->length);
add_format_to_string(&msg, "\n%s: %" OFF_T_FORMAT, _("Loaded size", term),
cached->data_size);
if (cached->content_type) {
add_format_to_string(&msg, "\n%s: %s", _("Content type", term),
cached->content_type);
}
if (cached->last_modified) {
add_format_to_string(&msg, "\n%s: %s", _("Last modified", term),
cached->last_modified);
}
if (cached->etag) {
add_format_to_string(&msg, "\n%s: %s", "ETag",
cached->etag);
}
if (cached->ssl_info) {
add_format_to_string(&msg, "\n%s: %s", _("SSL Cipher", term),
cached->ssl_info);
}
if (cached->encoding_info) {
add_format_to_string(&msg, "\n%s: %s", _("Encoding", term),
cached->encoding_info);
}
if (cached->incomplete || !cached->valid) {
add_char_to_string(&msg, '\n');
add_to_string(&msg, _("Flags", term));
add_to_string(&msg, ": ");
if (cached->incomplete) {
add_to_string(&msg, _("incomplete", term));
add_char_to_string(&msg, ' ');
}
if (!cached->valid) add_to_string(&msg, _("invalid", term));
}
#ifdef HAVE_STRFTIME
if (cached->expire) {
time_t expires = timeval_to_seconds(&cached->max_age);
add_format_to_string(&msg, "\n%s: ", _("Expires", term));
add_date_to_string(&msg, get_opt_str("ui.date_format"), &expires);
}
#endif
#ifdef CONFIG_DEBUG
add_format_to_string(&msg, "\n%s: %d", "Refcount", get_object_refcount(cached));
add_format_to_string(&msg, "\n%s: %u", _("ID", term), cached->id);
if (cached->head && *cached->head) {
add_format_to_string(&msg, "\n%s:\n\n%s", _("Header", term),
cached->head);
}
#endif
return msg.source;
}
static struct uri *
get_proxy_worker(struct uri *uri, unsigned char *proxy,
struct connection_state *error_state)
{
unsigned char *protocol_proxy = NULL;
if (proxy) {
if (*proxy) {
proxy = strip_proxy_protocol(proxy, (unsigned char *)"http://", (unsigned char *)"ftp://");
return proxy_uri(uri, proxy, error_state);
}
/* "" from script_hook_get_proxy() */
return get_composed_uri(uri, URI_BASE);
}
switch (uri->protocol) {
case PROTOCOL_HTTP:
protocol_proxy = get_protocol_proxy((unsigned char *)"protocol.http.proxy.host",
(unsigned char *)"HTTP_PROXY", (unsigned char *)"http_proxy",
(unsigned char *)"http://", NULL);
break;
case PROTOCOL_HTTPS:
/* As Timo Lindfors explains, the communication between ELinks
* and the proxy server is never encrypted, altho the proxy
* might be used to transfer encrypted data between Web client
* and Web server. (Some proxy servers might allow encrypted
* communication between the Web client and the proxy
* but ELinks does not support that.) */
/* So, don't check whether the URI for the proxy begins
* with "https://" but rather check for "http://".
* Maybe we should allow either -- ELinks uses HTTP
* to communicate with the proxy when we use it for FTP, but we
* check for "ftp://" below; and what about 'be liberal in what
* you accept' (altho that is usually applied to data received
* from remote systems, not to user input)? -- Miciah */
protocol_proxy = get_protocol_proxy((unsigned char *)"protocol.https.proxy.host",
(unsigned char *)"HTTPS_PROXY", (unsigned char *)"https_proxy",
(unsigned char *)"http://", NULL);
break;
case PROTOCOL_FTP:
protocol_proxy = get_protocol_proxy((unsigned char *)"protocol.ftp.proxy.host",
(unsigned char *)"FTP_PROXY", (unsigned char *)"ftp_proxy",
(unsigned char *)"ftp://", (unsigned char *)"http://");
break;
}
if (protocol_proxy && *protocol_proxy) {
unsigned char *no_proxy;
unsigned char *slash = (unsigned char *)strchr((char *)protocol_proxy, '/');
if (slash) *slash = 0;
no_proxy = get_opt_str((const unsigned char *)"protocol.no_proxy", NULL);
if (!*no_proxy) no_proxy = (unsigned char *)getenv("NO_PROXY");
if (!no_proxy || !*no_proxy) no_proxy = (unsigned char *)getenv("no_proxy");
if (!proxy_probe_no_proxy(uri->host, no_proxy))
return proxy_uri(uri, protocol_proxy, error_state);
}
return get_composed_uri(uri, URI_BASE);
}
Test::Result
PK_Signature_Generation_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> message = get_req_bin(vars, "Msg");
const std::vector<uint8_t> signature = get_req_bin(vars, "Signature");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
Test::Result result(algo_name() + "/" + padding + " signature generation");
std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey)));
for(auto&& sign_provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Signer> signer;
try
{
signer.reset(new Botan::PK_Signer(*privkey, padding, Botan::IEEE_1363, sign_provider));
}
catch(Botan::Lookup_Error&)
{
//result.test_note("Skipping signing with " + sign_provider);
continue;
}
std::unique_ptr<Botan::RandomNumberGenerator> rng;
if(vars.count("Nonce"))
{
rng.reset(new Fixed_Output_RNG(get_req_bin(vars, "Nonce")));
}
const std::vector<uint8_t> generated_signature =
signer->sign_message(message, rng ? *rng : Test::rng());
if(sign_provider == "base")
{
result.test_eq("generated signature matches KAT", generated_signature, signature);
}
for(auto&& verify_provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Verifier> verifier;
try
{
verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider));
}
catch(Botan::Lookup_Error&)
{
//result.test_note("Skipping verifying with " + verify_provider);
continue;
}
if(!result.test_eq("generated signature valid",
verifier->verify_message(message, generated_signature), true))
{
result.test_failure("generated signature", generated_signature);
}
check_invalid_signatures(result, *verifier, message, signature);
result.test_eq("KAT signature valid", verifier->verify_message(message, signature), true);
}
}
return result;
}
/* Return -1 on error, 0 or success. */
int
ssl_connect(struct socket *socket)
{
int ret;
unsigned char *server_name;
struct connection *conn = (struct connection *)socket->conn;
/* TODO: Recode server_name to UTF-8. */
server_name = get_uri_string(conn->proxied_uri, URI_HOST);
if (!server_name) {
socket->ops->done(socket, connection_state(S_OUT_OF_MEM));
return -1;
}
/* RFC 3546 says literal IPv4 and IPv6 addresses are not allowed. */
if (is_ip_address(server_name, strlen((const char *)server_name)))
mem_free_set(&server_name, NULL);
if (init_ssl_connection(socket, server_name) == S_SSL_ERROR) {
mem_free_if(server_name);
socket->ops->done(socket, connection_state(S_SSL_ERROR));
return -1;
}
mem_free_if(server_name);
if (socket->no_tls)
ssl_set_no_tls(socket);
#ifdef USE_OPENSSL
SSL_set_fd((SSL *)socket->ssl, socket->fd);
if (get_opt_bool((const unsigned char *)"connection.ssl.cert_verify", NULL))
SSL_set_verify((SSL *)socket->ssl, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
if (get_opt_bool((const unsigned char *)"connection.ssl.client_cert.enable", NULL)) {
unsigned char *client_cert;
#ifdef CONFIG_NSS_COMPAT_OSSL
client_cert = get_opt_str(
(const unsigned char *)"connection.ssl.client_cert.nickname", NULL);
#else
client_cert = get_opt_str(
(const unsigned char *)"connection.ssl.client_cert.file", NULL);
#endif
if (!*client_cert) {
client_cert = (unsigned char *)getenv("X509_CLIENT_CERT");
if (client_cert && !*client_cert)
client_cert = NULL;
}
if (client_cert) {
#ifdef CONFIG_NSS_COMPAT_OSSL
SSL_CTX_use_certificate_chain_file(
(SSL *) socket->ssl,
(const char *)client_cert);
#else
SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
SSL_CTX_use_certificate_chain_file(ctx, (const char *)client_cert);
SSL_CTX_use_PrivateKey_file(ctx, (const char *)client_cert,
SSL_FILETYPE_PEM);
#endif
}
}
#elif defined(CONFIG_GNUTLS)
/* GnuTLS uses function pointers for network I/O. The default
* functions take a file descriptor, but it must be passed in
* as a pointer. GnuTLS uses the GNUTLS_INT_TO_POINTER and
* GNUTLS_POINTER_TO_INT macros for these conversions, but
* those are unfortunately not in any public header. So
* ELinks must just cast the pointer the best it can and hope
* that the conversions match. */
gnutls_transport_set_ptr(*((ssl_t *) socket->ssl),
(gnutls_transport_ptr_t) (longptr_T) socket->fd);
/* TODO: Some certificates fuss. --pasky */
#endif
ret = ssl_do_connect(socket);
switch (ret) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_READ2:
socket->ops->set_state(socket, connection_state(S_SSL_NEG));
set_handlers(socket->fd, (select_handler_T) ssl_want_read,
NULL, (select_handler_T) dns_exception, socket);
return -1;
case SSL_ERROR_NONE:
#ifdef CONFIG_GNUTLS
if (!get_opt_bool((const unsigned char *)"connection.ssl.cert_verify", NULL))
break;
if (!verify_certificates(socket))
#endif
break;
default:
if (ret != SSL_ERROR_NONE) {
/* DBG("sslerr %s", gnutls_strerror(ret)); */
socket->no_tls = !socket->no_tls;
}
connect_socket(socket, connection_state(S_SSL_ERROR));
return -1;
}
return 0;
}
Test::Result
PK_Encryption_Decryption_Test::run_one_test(const std::string&, const VarMap& vars)
{
const std::vector<uint8_t> plaintext = get_req_bin(vars, "Msg");
const std::vector<uint8_t> ciphertext = get_req_bin(vars, "Ciphertext");
const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
Test::Result result(algo_name() + "/" + padding + " decryption");
std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars);
// instead slice the private key to work around elgamal test inputs
//std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey)));
Botan::Public_Key* pubkey = privkey.get();
for(auto&& enc_provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Encryptor> encryptor;
try
{
encryptor.reset(new Botan::PK_Encryptor_EME(*pubkey, padding, enc_provider));
}
catch(Botan::Lookup_Error&)
{
//result.test_note("Skipping encryption with provider " + enc_provider);
continue;
}
std::unique_ptr<Botan::RandomNumberGenerator> kat_rng;
if(vars.count("Nonce"))
{
kat_rng.reset(new Fixed_Output_RNG(get_req_bin(vars, "Nonce")));
}
const std::vector<uint8_t> generated_ciphertext =
encryptor->encrypt(plaintext, kat_rng ? *kat_rng : Test::rng());
if(enc_provider == "base")
{
result.test_eq("generated ciphertext matches KAT", generated_ciphertext, ciphertext);
}
for(auto&& dec_provider : possible_pk_providers())
{
std::unique_ptr<Botan::PK_Decryptor> decryptor;
try
{
decryptor.reset(new Botan::PK_Decryptor_EME(*privkey, padding, dec_provider));
}
catch(Botan::Lookup_Error&)
{
//result.test_note("Skipping decryption with provider " + dec_provider);
continue;
}
result.test_eq("decryption of KAT", decryptor->decrypt(ciphertext), plaintext);
check_invalid_ciphertexts(result, *decryptor, plaintext, ciphertext);
result.test_eq("decryption of generated ciphertext",
decryptor->decrypt(generated_ciphertext), plaintext);
}
}
return result;
}
void
textarea_edit(int op, struct terminal *term_, struct form_state *fs_,
struct document_view *doc_view_, struct link *link_)
{
struct textarea_data *td = NULL;
assert ((op == 0 || op == 1) && term_);
if_assert_failed return;
if (op == 0 && get_cmd_opt_bool("anonymous")) {
info_box(term_, 0, N_("Error"), ALIGN_CENTER,
N_("You cannot launch an external"
" editor in the anonymous mode."));
return;
}
if (op == 0) {
unsigned char *ed;
unsigned char *ex;
assert(fs_ && doc_view_ && link_ && term_);
td = init_textarea_data(term_, fs_, doc_view_, link_);
if (!td)
return;
ed = get_opt_str("document.browse.forms.editor",
doc_view_->session);
if (!ed || !*ed) {
ed = getenv("EDITOR");
if (!ed || !*ed) ed = "vi";
}
ex = straconcat(ed, " ", td->fn, (unsigned char *) NULL);
if (!ex) {
unlink(td->fn);
done_textarea_data(td);
return;
}
td->term->textarea_data = td;
exec_on_terminal(td->term, ex, "", TERM_EXEC_FG);
mem_free(ex);
return;
} else if (op == 1) {
struct string file;
td = term_->textarea_data;
term_->textarea_data = NULL;
assert(td);
if (!td->fs || !init_string(&file)
|| !add_file_to_string(&file, td->fn)) {
done_textarea_data(td);
return;
}
if (file.length > td->fc_maxlength) {
file.source[td->fc_maxlength] = '\0';
/* Casting size_t fc_maxlength to unsigned int
* and formatting it with "%u" is safe,
* because fc_maxlength is smaller than
* file.length, which is an int. */
info_box(td->term, MSGBOX_FREE_TEXT, N_("Warning"),
ALIGN_CENTER,
msg_text(td->term,
N_("You have exceeded the textarea's"
" size limit: your input is %d"
" bytes, but the maximum is %u"
" bytes.\n\n"
"Your input has been truncated,"
" but you can still recover the"
" text that you entered from"
" this file: %s"), file.length,
(unsigned int) td->fc_maxlength, td->fn));
} else {
unlink(td->fn);
}
mem_free(td->fs->value);
td->fs->value = file.source;
td->fs->state = file.length;
if (td->doc_view && td->link)
draw_form_entry(td->term, td->doc_view, td->link);
}
done_textarea_data(td);
}
static unsigned char *
get_cache_entry_info(struct listbox_item *item, struct terminal *term)
{
struct cache_entry *cached = item->udata;
struct string msg;
if (item->type == BI_FOLDER) return NULL;
if (!init_string(&msg)) return NULL;
add_to_string(&msg, _("URL", term));
add_to_string(&msg, ": ");
add_uri_to_string(&msg, cached->uri, URI_PUBLIC);
/* No need to use compare_uri() here we only want to check whether they
* point to the same URI. */
if (cached->proxy_uri != cached->uri) {
add_format_to_string(&msg, "\n%s: ", _("Proxy URL", term));
add_uri_to_string(&msg, cached->proxy_uri, URI_PUBLIC);
}
if (cached->redirect) {
add_format_to_string(&msg, "\n%s: ", _("Redirect", term));
add_uri_to_string(&msg, cached->redirect, URI_PUBLIC);
if (cached->redirect_get) {
add_to_string(&msg, " (GET)");
}
}
add_format_to_string(&msg, "\n%s: %" OFF_PRINT_FORMAT, _("Size", term),
(off_print_T) cached->length);
add_format_to_string(&msg, "\n%s: %" OFF_PRINT_FORMAT, _("Loaded size", term),
(off_print_T) cached->data_size);
if (cached->content_type) {
add_format_to_string(&msg, "\n%s: %s", _("Content type", term),
cached->content_type);
}
if (cached->last_modified) {
add_format_to_string(&msg, "\n%s: %s", _("Last modified", term),
cached->last_modified);
}
if (cached->etag) {
add_format_to_string(&msg, "\n%s: %s", "ETag",
cached->etag);
}
if (cached->ssl_info) {
add_format_to_string(&msg, "\n%s: %s", _("SSL Cipher", term),
cached->ssl_info);
}
if (cached->encoding_info) {
add_format_to_string(&msg, "\n%s: %s", _("Encoding", term),
cached->encoding_info);
}
if (cached->incomplete || !cached->valid) {
add_char_to_string(&msg, '\n');
add_to_string(&msg, _("Flags", term));
add_to_string(&msg, ": ");
if (cached->incomplete) {
add_to_string(&msg, _("incomplete", term));
add_char_to_string(&msg, ' ');
}
if (!cached->valid) add_to_string(&msg, _("invalid", term));
}
#ifdef HAVE_STRFTIME
if (cached->expire) {
time_t expires = timeval_to_seconds(&cached->max_age);
add_format_to_string(&msg, "\n%s: ", _("Expires", term));
add_date_to_string(&msg, get_opt_str("ui.date_format", NULL), &expires);
}
#endif
add_format_to_string(&msg, "\n%s: ", _("Cache mode", term));
switch (cached->cache_mode) {
case CACHE_MODE_NEVER:
add_to_string(&msg, _("never use cache entry", term));
break;
case CACHE_MODE_ALWAYS:
add_to_string(&msg, _("always use cache entry", term));
break;
case CACHE_MODE_INCREMENT:
case CACHE_MODE_NORMAL:
case CACHE_MODE_CHECK_IF_MODIFIED:
case CACHE_MODE_FORCE_RELOAD:
/* Cache entries only use two values of enum cache_mode. */
INTERNAL("cached->cache_mode = %d", cached->cache_mode);
break;
}
#ifdef CONFIG_DEBUG
add_format_to_string(&msg, "\n%s: %d", "Refcount", get_object_refcount(cached));
add_format_to_string(&msg, "\n%s: %u", _("ID", term), cached->cache_id);
if (cached->head && *cached->head) {
add_format_to_string(&msg, "\n%s:\n\n%s", _("Header", term),
cached->head);
}
#endif
return msg.source;
}
