int main()
{
puzzle solution(42);
std::cout << "before: " << solution.get_x() << '\n';
STEAL(solution, x) = 666;
std::cout << "after: " << solution.get_x() << std::endl;
}
CMapInfo & CMapInfo::operator=(CMapInfo &&tmp)
{
STEAL(mapHeader);
STEAL(campaignHeader);
STEAL(scenarioOpts);
STEAL(fileURI);
STEAL(date);
STEAL(playerAmnt);
STEAL(humanPlayers);
STEAL(actualHumanPlayers);
STEAL(isRandomMap);
return *this;
}
CMapInfo::CMapInfo(CMapInfo && tmp):
scenarioOpts(nullptr), playerAmnt(0), humanPlayers(0),
actualHumanPlayers(0), isRandomMap(false)
{
std::swap(scenarioOpts, tmp.scenarioOpts);
STEAL(mapHeader);
STEAL(campaignHeader);
STEAL(fileURI);
STEAL(date);
STEAL(playerAmnt);
STEAL(humanPlayers);
STEAL(actualHumanPlayers);
STEAL(isRandomMap);
}
static BIO *
start_tls(SSL_CTX *ctx)
{
AUTO(BIO, sio);
SSL *ssl;
sio = BIO_new_ssl(ctx, 0);
if (sio == NULL)
return NULL;
if (BIO_get_ssl(sio, &ssl) <= 0)
return NULL;
if (SSL_set_fd(ssl, SD_LISTEN_FDS_START) <= 0)
return NULL;
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
return STEAL(sio);
}
static STACK_OF(X509_INFO) *
load_decryption_certs_keys(const char *dirname)
{
AUTO_STACK(X509_INFO, infos);
AUTO(DIR, dir);
if (dirname == NULL)
return NULL;
infos = sk_X509_INFO_new_null();
if (infos == NULL)
return NULL;
dir = opendir(dirname);
if (dir == NULL)
return NULL;
for (struct dirent *de = readdir(dir); de != NULL; de = readdir(dir)) {
char path[strlen(dirname) + strlen(de->d_name) + 2];
AUTO(FILE, file);
if (!deo_isreg(dirname, de))
continue;
strcpy(path, dirname);
strcat(path, "/");
strcat(path, de->d_name);
file = fopen(path, "r");
if (file == NULL)
return NULL;
if (PEM_X509_INFO_read(file, infos, NULL, NULL) == NULL)
return NULL;
}
if (sk_X509_INFO_num(infos) == 0)
return NULL;
return STEAL(infos);
}
ctx *
ctx_init(const char *tls, const char *enc, const char *dec)
{
const int ops = SSL_OP_NO_COMPRESSION | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
AUTO(EVP_PKEY, prv);
AUTO(FILE, file);
AUTO(ctx, ctx);
if (tls == NULL || enc == NULL || dec == NULL)
return NULL;
ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
memset(ctx, 0, sizeof(*ctx));
ctx->ctx = SSL_CTX_new(SSLv23_server_method());
if (ctx->ctx == NULL)
return NULL;
if (SSL_CTX_set_options(ctx->ctx, ops) <= 0)
return NULL;
if (SSL_CTX_use_certificate_chain_file(ctx->ctx, tls) <= 0)
return NULL;
prv = load_prv(tls);
if (prv == NULL)
return NULL;
if (SSL_CTX_use_PrivateKey(ctx->ctx, prv) <= 0)
return NULL;
file = fopen(enc, "r");
if (file == NULL)
return NULL;
ctx->crt = sk_X509_new_null();
if (ctx->crt == NULL)
return NULL;
if (!deo_load(file, ctx->crt))
return NULL;
ctx->dec = load_decryption_certs_keys(dec);
if (ctx->dec == NULL)
return NULL;
/* Check to ensure that the TLS connection key is not also listed
* in the decryption keys. This prevents an attack where, upon
* misconfiguration, this service could be used to decrypt its own
* traffic. */
for (int i = 0; i < sk_X509_INFO_num(ctx->dec); i++) {
X509_INFO *info = sk_X509_INFO_value(ctx->dec, i);
if (info->x_pkey == NULL)
continue;
if (EVP_PKEY_cmp(prv, info->x_pkey->dec_pkey) == 1) {
fprintf(stderr, "TLS private key is exposed!\n");
return NULL;
}
}
return STEAL(ctx);
}
