Exemplo n.º 1
0
/* returns 0 if file found, -1 if no files or negative error */
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
{
    int ret = -1; /* default to no files found */

    if (name)
        *name = NULL;

    if (ctx == NULL || path == NULL) {
        return BAD_FUNC_ARG;
    }

    XMEMSET(ctx->name, 0, MAX_FILENAME_SZ);

#ifdef USE_WINDOWS_API
    XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ - 4);
    XSTRNCAT(ctx->name, "\\*", 3);

    ctx->hFind = FindFirstFileA(ctx->name, &ctx->FindFileData);
    if (ctx->hFind == INVALID_HANDLE_VALUE) {
        WOLFSSL_MSG("FindFirstFile for path verify locations failed");
        return BAD_PATH_ERROR;
    }

    do {
        if (ctx->FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
            XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 3);
            XSTRNCAT(ctx->name, "\\", 2);
            XSTRNCAT(ctx->name, ctx->FindFileData.cFileName, MAX_FILENAME_SZ/2);
            if (name)
                *name = ctx->name;
            return 0;
        }
    } while (FindNextFileA(ctx->hFind, &ctx->FindFileData));
#else
    ctx->dir = opendir(path);
    if (ctx->dir == NULL) {
        WOLFSSL_MSG("opendir path verify locations failed");
        return BAD_PATH_ERROR;
    }

    while ((ctx->entry = readdir(ctx->dir)) != NULL) {
        XSTRNCPY(ctx->name, path, MAX_FILENAME_SZ/2 - 2);
        XSTRNCAT(ctx->name, "/", 1);
        XSTRNCAT(ctx->name, ctx->entry->d_name, MAX_FILENAME_SZ/2);

        if (stat(ctx->name, &ctx->s) != 0) {
            WOLFSSL_MSG("stat on name failed");
            ret = BAD_PATH_ERROR;
            break;
        } else if (ctx->s.st_mode & S_IFREG) {
            if (name)
                *name = ctx->name;
            return 0;
        }
    }
#endif
    wc_ReadDirClose(ctx);

    return ret;
}
Exemplo n.º 2
0
static int build_http_request(const char* domainName, const char* path,
                                    int ocspReqSz, byte* buf, int bufSize)
{
    word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
    char ocspReqSzStr[6];

    domainNameLen = (word32)XSTRLEN(domainName);
    pathLen = (word32)XSTRLEN(path);
    ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);

    completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
    if (completeLen > (word32)bufSize)
        return 0;

    XSTRNCPY((char*)buf, "POST ", 5);
    buf += 5;
    XSTRNCPY((char*)buf, path, pathLen);
    buf += pathLen;
    XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
    buf += 17;
    XSTRNCPY((char*)buf, domainName, domainNameLen);
    buf += domainNameLen;
    XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
    buf += 18;
    XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
    buf += ocspReqSzStrLen;
    XSTRNCPY((char*)buf,
                      "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);

    return completeLen;
}
Exemplo n.º 3
0
int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
{
    if (ocsp != NULL) {
        int urlSz = (int)XSTRLEN(url);
        if (urlSz < (int)sizeof(ocsp->overrideUrl)) {
            XSTRNCPY(ocsp->overrideUrl, url, urlSz);
            return 1;
        }
    }

    return 0;
}
Exemplo n.º 4
0
struct pdfFile *loadFile( char *fname ) {
  FILE *inFile;
  uint8_t inBuf[MAX_BUF_SIZE];
  size_t rCount;
  struct pdfFile *ptrPdf;

  if ( ( ptrPdf = XMALLOC( sizeof( struct pdfFile ) ) ) EQ NULL ) {
    display( LOG_ERR, "Unable to allocate memory" );
    return NULL;
  }
  XMEMSET( ptrPdf, 0, sizeof( struct pdfFile ) );

  if ( ( ptrPdf->fname = XMALLOC( MAXNAMELEN ) ) EQ NULL ) {
      display( LOG_ERR, "Unable to allocate memory" );
      return NULL;
  }
  XSTRNCPY( ptrPdf->fname, fname, MAXNAMELEN-1 );

#ifdef DEBUG
  if ( config->debug >= 5 )
    display( LOG_DEBUG, "Loading [%s] into RAM", ptrPdf->fname );
#endif

  /* open file for read only */
  if ( ( inFile = fopen( ptrPdf->fname, "ro" ) ) EQ NULL ) {
    display( LOG_ERR, "Unable to open [%s] for read", ptrPdf->fname );
    return NULL;
  }

  /* read the file into ram */
  while( ( rCount = fread( inBuf, 1, sizeof( inBuf ), inFile ) ) > 0 ) {
    if ( ( ptrPdf->fileBuf = XREALLOC( ptrPdf->fileBuf, ptrPdf->fileSize + rCount ) ) EQ NULL ) {
      display( LOG_DEBUG, "Unable to grow file buffer" );
      return  NULL;
    }
    XMEMCPY( ptrPdf->fileBuf + ptrPdf->fileSize, inBuf, rCount );
    ptrPdf->fileSize += rCount;
  }

  /* close file */
  fclose( inFile );

#ifdef DEBUG
  if ( config->debug >= 5 )
    display( LOG_DEBUG, "Finished loading file into RAM" );
#endif

  /* done */
  return( ptrPdf );
}
Exemplo n.º 5
0
/* if the cipher suite on line is valid store in suite and return 1, else 0 */
static int IsValidCipherSuite(const char* line, char* suite)
{
    int  found = 0;
    int  valid = 0;

    const char* find = "-l ";
    const char* begin = strstr(line, find);
    const char* end;

    suite[0] = '\0';

    if (begin) {
        begin += 3;

        end = XSTRSTR(begin, " ");

        if (end) {
            long len = end - begin;
            if (len > MAX_SUITE_SZ) {
                printf("suite too long!\n");
                return 0;
            }
            XMEMCPY(suite, begin, len);
            suite[len] = '\0';
        }
        else
            XSTRNCPY(suite, begin, MAX_SUITE_SZ);

        suite[MAX_SUITE_SZ] = '\0';
        found = 1;
    }

    /* if QSH not enabled then do not use QSH suite */
    #ifdef HAVE_QSH
        if (XSTRNCMP(suite, "QSH", 3) == 0) {
            if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
                                                                 != SSL_SUCCESS)
            return 0;
        }
    #endif

    if (found) {
        if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
            valid = 1;
    }

    return valid;
}
Exemplo n.º 6
0
int parseFile( struct pdfFile *ptrPdf ) {
  struct pdfObject *tmpPtr;

  /* alloc base object */
  if ( ( ptrPdf->head = XMALLOC( sizeof( struct pdfObject ) ) ) EQ NULL ) {
    display( LOG_ERR, "Unable to allocate pdf object\n" );
    return FAILED;
  }
  XMEMSET( ptrPdf->head, 0, sizeof( struct pdfObject ) );
  ptrPdf->head->type = -1;

  XSTRNCPY( outFileName, ptrPdf->fname, MAXNAMELEN );

  parsePdfObj( 0, ptrPdf->fileBuf, ptrPdf->fileSize, PDF_TYPE_NONE, ptrPdf->head );

  showPdfObjects( ptrPdf->head );

  /* cleanup object tree */
  while ( ptrPdf->head != NULL ) {
    if ( ptrPdf->head->child != NULL ) {
      /* descend */
      ptrPdf->head = ptrPdf->head->child;
    } else if ( ptrPdf->head->next != NULL ) {
      /* empty this level */
      tmpPtr = ptrPdf->head;
#ifdef DEBUG
      if ( config->debug >= 3 )
	display( LOG_DEBUG, "Removing pdf object from memory chain [%s]", typeStrings[tmpPtr->type] );
#endif
      ptrPdf->head = ptrPdf->head->next;
      XFREE( tmpPtr );
    } else if ( ptrPdf->head->parent != NULL ) {
      /* ascend, removing the child */
      tmpPtr = ptrPdf->head;
#ifdef DEBUG
      if ( config->debug >= 3 )
	display( LOG_DEBUG, "Removing child pdf object from memory chain [%s]", typeStrings[tmpPtr->type] );
#endif
      ptrPdf->head->parent->child = NULL;
      ptrPdf->head = ptrPdf->head->parent;
      XFREE( tmpPtr );
    } else {
      /* at the root, time to stop */
      ptrPdf->head = NULL;
    }
  }
}
Exemplo n.º 7
0
Arquivo: crl.c Projeto: atigyi/wolfssl
/* Load CRL path files of type, SSL_SUCCESS on ok */
int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
{
    struct dirent* entry;
    DIR*           dir;
    int            ret = SSL_SUCCESS;
#ifdef WOLFSSL_SMALL_STACK
    char*          name;
#else
    char           name[MAX_FILENAME_SZ];
#endif

    WOLFSSL_ENTER("LoadCRL");
    if (crl == NULL)
        return BAD_FUNC_ARG;

    dir = opendir(path);
    if (dir == NULL) {
        WOLFSSL_MSG("opendir path crl load failed");
        return BAD_PATH_ERROR;
    }

#ifdef WOLFSSL_SMALL_STACK
    name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (name == NULL)
        return MEMORY_E;
#endif

    while ( (entry = readdir(dir)) != NULL) {
        struct stat s;

        XMEMSET(name, 0, MAX_FILENAME_SZ);
        XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
        XSTRNCAT(name, "/", 1);
        XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);

        if (stat(name, &s) != 0) {
            WOLFSSL_MSG("stat on name failed");
            continue;
        }
        if (s.st_mode & S_IFREG) {

            if (type == SSL_FILETYPE_PEM) {
                if (XSTRSTR(entry->d_name, ".pem") == NULL) {
                    WOLFSSL_MSG("not .pem file, skipping");
                    continue;
                }
            }
            else {
                if (XSTRSTR(entry->d_name, ".der") == NULL &&
                    XSTRSTR(entry->d_name, ".crl") == NULL) {

                    WOLFSSL_MSG("not .der or .crl file, skipping");
                    continue;
                }
            }

            if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
                                                               != SSL_SUCCESS) {
                WOLFSSL_MSG("CRL file load failed, continuing");
            }
        }
    }

#ifdef WOLFSSL_SMALL_STACK
    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

    if (monitor & WOLFSSL_CRL_MONITOR) {
        word32 pathLen;
        char* pathBuf;

        WOLFSSL_MSG("monitor path requested");

        pathLen = (word32)XSTRLEN(path);
        pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
        if (pathBuf) {
            XSTRNCPY(pathBuf, path, pathLen);
            pathBuf[pathLen] = '\0'; /* Null Terminate */

            if (type == SSL_FILETYPE_PEM) {
                crl->monitors[0].path = pathBuf;
                crl->monitors[0].type = SSL_FILETYPE_PEM;
            } else {
                crl->monitors[1].path = pathBuf;
                crl->monitors[1].type = SSL_FILETYPE_ASN1;
            }

            if (monitor & WOLFSSL_CRL_START_MON) {
                WOLFSSL_MSG("start monitoring requested");

                ret = StartMonitorCRL(crl);
            }
        }
        else {
            ret = MEMORY_E;
        }
    }

    closedir(dir);

    return ret;
}
Exemplo n.º 8
0
/* Load CRL path files of type, SSL_SUCCESS on ok */ 
int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
{
    struct dirent* entry;
    DIR*   dir;
    int    ret = SSL_SUCCESS;

    CYASSL_ENTER("LoadCRL");
    if (crl == NULL)
        return BAD_FUNC_ARG;

    dir = opendir(path);
    if (dir == NULL) {
        CYASSL_MSG("opendir path crl load failed");
        return BAD_PATH_ERROR;
    }
    while ( (entry = readdir(dir)) != NULL) {
        char name[MAX_FILENAME_SZ];
        struct stat s;

        XMEMSET(name, 0, sizeof(name));
        XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
        XSTRNCAT(name, "/", 1);
        XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);

        if (stat(name, &s) != 0) {
            CYASSL_MSG("stat on name failed");
            continue;
        }
        if (s.st_mode & S_IFREG) {

            if (type == SSL_FILETYPE_PEM) {
                if (strstr(entry->d_name, ".pem") == NULL) {
                    CYASSL_MSG("not .pem file, skipping");
                    continue;
                }
            }
            else {
                if (strstr(entry->d_name, ".der") == NULL &&
                    strstr(entry->d_name, ".crl") == NULL) {

                    CYASSL_MSG("not .der or .crl file, skipping");
                    continue;
                }
            }

            if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
                                                               != SSL_SUCCESS) {
                CYASSL_MSG("CRL file load failed, continuing");
            }
        }
    }

    if (monitor & CYASSL_CRL_MONITOR) {
        CYASSL_MSG("monitor path requested");

        if (type == SSL_FILETYPE_PEM) {
            crl->monitors[0].path = strdup(path);
            crl->monitors[0].type = SSL_FILETYPE_PEM;
            if (crl->monitors[0].path == NULL)
                ret = MEMORY_E;
        } else {
            crl->monitors[1].path = strdup(path);
            crl->monitors[1].type = SSL_FILETYPE_ASN1;
            if (crl->monitors[1].path == NULL)
                ret = MEMORY_E;
        }
      
        if (monitor & CYASSL_CRL_START_MON) {
            CYASSL_MSG("start monitoring requested");
    
            ret = StartMonitorCRL(crl);
       } 
    }
    
    closedir(dir);

    return ret;
}
Exemplo n.º 9
0
void wc_ErrorString(int error, char* buffer)
{
    XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
}
Exemplo n.º 10
0
int main(int argc, char *argv[]) {
  PRIVATE int pid = 0;
  PRIVATE int c = 0, i = 0, fds = 0, status = 0;
  int digit_optind = 0;
  PRIVATE struct passwd *pwd_ent;
  PRIVATE struct group *grp_ent;
  PRIVATE char **ptr;
  char *tmp_ptr = NULL;
  char *pid_file = NULL;
  char *user = NULL;
  char *group = NULL;
#ifdef LINUX
  struct rlimit rlim;

  getrlimit( RLIMIT_CORE, &rlim );
#ifdef DEBUG
  rlim.rlim_cur = rlim.rlim_max;
  printf( "DEBUG - RLIMIT_CORE: %ld\n", rlim.rlim_cur );
#else
  rlim.rlim_cur = 0; 
#endif
  setrlimit( RLIMIT_CORE, &rlim );
#endif

  /* setup config */
  config = ( Config_t * )XMALLOC( sizeof( Config_t ) );
  XMEMSET( config, 0, sizeof( Config_t ) );

  /* get real uid and gid, we may want to drop privs */
  config->gid = getgid();
  config->uid = getuid();

  while (1) {
    int this_option_optind = optind ? optind : 1;
#ifdef HAVE_GETOPT_LONG
    int option_index = 0;
    static struct option long_options[] = {
      {"atime", no_argument, 0, 'a' },
      {"debug", required_argument, 0, 'd' },
      {"exdir", required_argument, 0, 'e' },
      {"exfile", required_argument, 0, 'E' },
      {"help", no_argument, 0, 'h' },
      {"md5", no_argument, 0, 'm' },
      {"preserve", no_argument, 0, 'p' },
      {"quick", no_argument, 0, 'q' },
      {"sha256", no_argument, 0, 's' },
      {"version", no_argument, 0, 'v' },
      {"write", required_argument, 0, 'w' },
      {0, no_argument, 0, 0}
    };
    c = getopt_long(argc, argv, "ad:e:E:hmpqsvw:", long_options, &option_index);
#else
    c = getopt( argc, argv, "ad:e:E:hmpqsvw:" );
#endif

    if (c EQ -1)
      break;

    switch (c) {
      case 'a':
      /* enable atime change reporting */
      config->show_atime = TRUE;
      
    case 'p':
      if ( config->uid != 0 ) {
        fprintf( stderr, "ERR - Insufficient priviledges to preserve ATIME, aborting\n" );
        print_help();
        return( EXIT_FAILURE );
      }
      config->preserve_atime = TRUE;
      
      break;
        
      
    case 'd':
      /* show debig info */
      config->debug = atoi( optarg );
      config->mode = MODE_INTERACTIVE;
      break;

    case 'e':
      /* exclude a specific directory from the diff */
      if ( ( config->exclusions = (char **)XMALLOC( sizeof( char * ) * 2 ) ) EQ NULL ) {
        fprintf( stderr, "ERR - Unable to allocate memory for exclusion list\n" );
        return( EXIT_FAILURE );
      }
      if ( ( config->exclusions[0] = XMALLOC( MAXPATHLEN + 1 ) ) EQ NULL ) {
        fprintf( stderr, "ERR - Unable to allocate memory for exclusion list\n" );
        XFREE( config->exclusions );
        return( EXIT_FAILURE );
      }
      if ( optarg[0] != '/' ) {
        config->exclusions[0][0] = '/';
        XSTRNCPY( config->exclusions[0]+1, optarg, MAXPATHLEN - 1 );
      } else
        XSTRNCPY( config->exclusions[0], optarg, MAXPATHLEN );
      config->exclusions[1] = 0;
      break;
        
    case 'E':
      /* exclude a list of directories in the specific file */
      //if ( loadExclusions( optarg ) != TRUE )
      //  return( EXIT_FAILURE );
      //break;
      fprintf( stderr, "ERR - Feature not currently supported\n" );
      print_help();
      return( EXIT_SUCCESS );
      
    case 'h':
      /* show help info */
      print_help();
      return( EXIT_SUCCESS );

    case 'm':
      /* md5 hash files */
      config->hash = TRUE;
      config->md5_hash = TRUE;
      config->digest_size = 16;
      config->sha256_hash = FALSE;
      break;

    case 'q':
      /* do quick checks only */
      config->quick = TRUE;
      break;
      
    case 's':
      /* sha256 hash files */
      config->hash = TRUE;
      config->sha256_hash = TRUE;
      config->digest_size = 32;
      config->md5_hash = FALSE;
      break;

    case 'v':
      /* show the version */
      print_version();
      return( EXIT_SUCCESS );


    case 'w':
      /* define the dir to store logs in */
      if ( ( config->outfile = ( char * )XMALLOC( MAXPATHLEN + 1 ) ) EQ NULL ) {
        /* XXX problem */
      }
      XMEMSET( config->outfile, 0, MAXPATHLEN + 1 );
      XSTRNCPY( config->outfile, optarg, MAXPATHLEN );
      break;
      
    default:
      fprintf( stderr, "Unknown option code [0%o]\n", c);
    }
  }

  /* turn off quick mode if hash mode is enabled */
  if ( config->hash )
    config->quick = FALSE;

  /* check dirs and files for danger */

  if ( time( &config->current_time ) EQ -1 ) {
    fprintf( stderr, "ERR - Unable to get current time\n" );
    
    /* cleanup buffers */
    cleanup();
    return EXIT_FAILURE;
  }

  /* initialize program wide config options */
  config->hostname = (char *)XMALLOC( MAXHOSTNAMELEN+1 );

  /* get processor hostname */
  if ( gethostname( config->hostname, MAXHOSTNAMELEN ) != 0 ) {
    fprintf( stderr, "Unable to get hostname\n" );
    strncpy( config->hostname, "unknown", MAXHOSTNAMELEN );
  }

  /* setup gracefull shutdown */
  signal( SIGINT, sigint_handler );
  signal( SIGTERM, sigterm_handler );
  signal( SIGFPE, sigfpe_handler );
  signal( SIGILL, sigill_handler );
  signal( SIGSEGV, sigsegv_handler );
#ifndef MINGW
  signal( SIGHUP, sighup_handler );
  signal( SIGBUS, sigbus_handler );
#endif  

  /****
   *
   * lets get this party started
   *
   ****/

  show_info();
  if ( ( baseDir = (char *)XMALLOC( PATH_MAX ) ) EQ NULL ) {
    fprintf( stderr, "ERR - Unable to allocate memory for baseDir string\n" );
    cleanup();
    return( EXIT_FAILURE );
  }
  if ( ( compDir = (char *)XMALLOC( PATH_MAX ) ) EQ NULL ) {
    fprintf( stderr, "ERR - Unable to allocate memory for compDir string\n" );
    cleanup();
    return( EXIT_FAILURE );
  }

  compDirHash = initHash( 52 );

  while (optind < argc ) {
    if ( ( compDirLen = strlen( argv[optind] ) ) >= PATH_MAX ) {
      fprintf( stderr, "ERR - Argument too long\n" );
      if ( baseDirHash != NULL )
	freeHash( baseDirHash );
      freeHash( compDirHash );
      cleanup();
      return( EXIT_FAILURE );
    } else {
      strncpy( compDir, argv[optind++], PATH_MAX-1 );
      /* process directory tree */
      if ( processDir( compDir ) EQ FAILED ) {
	if ( baseDirHash != NULL  )
	  freeHash( baseDirHash );
        freeHash( compDirHash );
	cleanup();
	return( EXIT_FAILURE );
      }

      if ( baseDirHash != NULL ) {
	/* compare the old tree to the new tree to find missing files */
	if ( traverseHash( baseDirHash, findMissingFiles ) != TRUE ) {
	  freeHash( baseDirHash );
	  freeHash( compDirHash );
	  cleanup();
	  return( EXIT_FAILURE );
	}
      }

      /* Prep for next dir to compare */
      if ( baseDirHash != NULL )
	freeHash( baseDirHash );
      baseDirHash = compDirHash;
      compDirHash = initHash( getHashSize( baseDirHash ) );
      baseDirLen = compDirLen;
      strncpy( baseDir, compDir, compDirLen );
    }
  }

  if ( baseDirHash != NULL )
    freeHash( baseDirHash );
  if ( compDirHash != NULL )
    freeHash( compDirHash );

  /****
   *
   * we are done
   *
   ****/

  cleanup();

  return( EXIT_SUCCESS );
}
Exemplo n.º 11
0
void CTaoCryptErrorString(int error, char* buffer)
{
    XSTRNCPY(buffer, CTaoCryptGetErrorString(error), CYASSL_MAX_ERROR_SZ);
}
Exemplo n.º 12
0
Arquivo: io.c Projeto: terryxys/cyassl
static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
{
    struct sockaddr_storage addr;
    int sockaddr_len = sizeof(struct sockaddr_in);
    XMEMSET(&addr, 0, sizeof(addr));

    #ifdef HAVE_GETADDRINFO
    {
        struct addrinfo hints;
        struct addrinfo* answer = NULL;
        char strPort[6];

        XMEMSET(&hints, 0, sizeof(hints));
        hints.ai_family = AF_UNSPEC;
        hints.ai_socktype = SOCK_STREAM;
        hints.ai_protocol = IPPROTO_TCP;

        if (Word16ToString(strPort, port) == 0) {
            CYASSL_MSG("invalid port number for OCSP responder");
            return -1;
        }

        if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
            CYASSL_MSG("no addr info for OCSP responder");
            return -1;
        }

        sockaddr_len = answer->ai_addrlen;
        XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
        freeaddrinfo(answer);

    }
    #else /* HAVE_GETADDRINFO */
    {
        struct hostent* entry = gethostbyname(ip);
        struct sockaddr_in *sin = (struct sockaddr_in *)&addr;

        if (entry) {
            sin->sin_family = AF_INET;
            sin->sin_port = htons(port);
            XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
                                                               entry->h_length);
        }
        else {
            CYASSL_MSG("no addr info for OCSP responder");
            return -1;
        }
    }
    #endif /* HAVE_GETADDRINFO */

    *sockfd = socket(addr.ss_family, SOCK_STREAM, 0);
    #ifdef USE_WINDOWS_API
    if (*sockfd == INVALID_SOCKET) {
    #else /* USE_WINDOWS_API */
    if (*sockfd < 0) {
    #endif /* USE_WINDOWS_API */
        CYASSL_MSG("bad socket fd, out of fds?");
        return -1;
    }

    if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) {
        CYASSL_MSG("OCSP responder tcp connect failed");
        return -1;
    }

    return 0;
}


static int build_http_request(const char* domainName, const char* path,
                                    int ocspReqSz, byte* buf, int bufSize)
{
    word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
    char ocspReqSzStr[6];

    domainNameLen = (word32)XSTRLEN(domainName);
    pathLen = (word32)XSTRLEN(path);
    ocspReqSzStrLen = Word16ToString(ocspReqSzStr, ocspReqSz);

    completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
    if (completeLen > (word32)bufSize)
        return 0;

    XSTRNCPY((char*)buf, "POST ", 5);
    buf += 5;
    XSTRNCPY((char*)buf, path, pathLen);
    buf += pathLen;
    XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
    buf += 17;
    XSTRNCPY((char*)buf, domainName, domainNameLen);
    buf += domainNameLen;
    XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
    buf += 18;
    XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
    buf += ocspReqSzStrLen;
    XSTRNCPY((char*)buf,
                      "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);

    return completeLen;
}
Exemplo n.º 13
0
int wolfsslSetup(int argc, char** argv, char action)
{
    char     outNameE[256];     /* default outFile for encrypt */
    char     outNameD[256];     /* default outfile for decrypt */
    char     inName[256];       /* name of the in File if not provided */

    char*    name = NULL;       /* string of algorithm, mode, keysize */
    char*    alg = NULL;        /* algorithm from name */
    char*    mode = NULL;       /* mode from name */
    char*    out = outNameE;    /* default output file name */
    char*    in = inName;       /* default in data */
    byte*    pwdKey = NULL;     /* password for generating pwdKey */
    byte*    key = NULL;        /* user set key NOT PWDBASED */
    byte*    iv = NULL;         /* iv for initial encryption */


    int      size       =   0;  /* keysize from name */
    int      ret        =   0;  /* return variable */
    int      block      =   0;  /* block size based on algorithm */
    int      pwdKeyChk  =   0;  /* if a pwdKey has been provided */
    int      ivCheck    =   0;  /* if the user sets the IV explicitly */
    int      keyCheck   =   0;  /* if ivCheck is 1 this should be set also */
    int      inCheck    =   0;  /* if input has been provided */
    int      outCheck   =   0;  /* if output has been provided */
    int      i          =   0;  /* loop counter */
    int      eCheck     =   0;  /* if user is encrypting data */
    int      dCheck     =   0;  /* if user is decrypting data */
    int      inputHex   =   0;  /* if user is encrypting hexidecimal stuff */
    int      keyType    =   0;  /* tells Decrypt which key it will be using
                                 * 1 = password based key, 2 = user set key
                                 */
    word32   ivSize     =   0;  /* IV if provided should be 2*block */
    word32   numBits    =   0;  /* number of bits in argument from the user */

    if (action == 'e')
        eCheck = 1;
    if (action == 'd')
        dCheck = 1;

    for (i = 2; i < argc; i++) {
        if (strcmp(argv[i], "-help") == 0) {
            if (eCheck == 1) {
                /*wolfsslEncryptHelp*/
                wolfsslEncryptHelp();
                return 0;
            } else {
                /*wolfsslDecryptHelp*/
                wolfsslDecryptHelp();
                return 0;
            }
        }
    }

    name = argv[2];
    /* gets blocksize, algorithm, mode, and key size from name argument */
    block = wolfsslGetAlgo(name, &alg, &mode, &size);

    if (block != FATAL_ERROR) {
        pwdKey = (byte*) malloc(size);
        iv = (byte*) malloc(block);
        key = (byte*) malloc(size);

        /* Start at the third flag entered */
        i = 3;
        do {
            if (argv[i] == NULL){
                break;
            }
            else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) {
                /* output file */
                out = argv[i+1];
                outCheck = 1;
                i+=2;
                /* it is mandatory that this be set last */
                continue;
            }

            else if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) {
                 /* input file/text */
                in = argv[i+1];
                inCheck = 1;
                /* continue while out check not equal 1 */
                i+=2;
                continue;
            }

            else if (strcmp(argv[i], "-p") == 0 && argv[i+1] != NULL) {
                /* password pwdKey */
                XMEMCPY(pwdKey, argv[i+1], size);
                pwdKeyChk = 1;
                keyType = 1;
                i+=2;
                continue;
            }
            else if (strcmp(argv[i], "-x") == 0) {
                /* using hexidecimal format */
                inputHex = 1;
                i++;
                continue;
            }
            else if (strcmp(argv[i], "-V") == 0 && argv[i+1] != NULL) {
                /* iv for encryption */
                if (pwdKeyChk == 1) {
                    printf("Invalid option, attempting to use IV with password"
                           " based key.");
                    wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                    return FATAL_ERROR;
                }
                 ivSize = block*2;
                if (strlen(argv[i+1]) != ivSize) {
                    printf("Invalid IV. Must match algorithm block size.\n");
                    printf("Invalid IV size was: %d.\n",
                                                       (int) strlen(argv[i+1]));
                    printf("size of IV expected was: %d.\n", ivSize);
                    wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                    return FATAL_ERROR;
                }
                else {
                    char ivString[strlen(argv[i+1])];
                    XSTRNCPY(ivString, argv[i+1], XSTRLEN(argv[i+1]));
                    ret = wolfsslHexToBin(ivString, &iv, &ivSize,
                                            NULL, NULL, NULL,
                                            NULL, NULL, NULL,
                                            NULL, NULL, NULL);
                    if (ret != 0) {
                        printf("failed during conversion of IV, ret = %d\n",
                                                                           ret);
                        wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                        return -1;
                    }
                    ivCheck = 1;
                    i+=2;
                    continue;
                }
            }
            else if (strcmp(argv[i], "-K") == 0 && argv[i+1] != NULL) {
                /* 2 characters = 1 byte. 1 byte = 8 bits
                 * number of characters / 2 = bytes
                 * bytes * 8 = bits
                 */
                numBits = (int) (strlen(argv[i+1]) / 2 ) * 8;
                /* Key for encryption */
                if ((int)numBits != size) {
                    printf("Length of key provided was: %d.\n", numBits);
                    printf("Length of key expected was: %d.\n", size);
                    printf("Invalid Key. Must match algorithm key size.\n");
                    wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                    return FATAL_ERROR;
                }
                else {
                    char keyString[strlen(argv[i+1])];
                    XSTRNCPY(keyString, argv[i+1], XSTRLEN(argv[i+1]));
                    ret = wolfsslHexToBin(keyString, &key, &numBits,
                                            NULL, NULL, NULL,
                                            NULL, NULL, NULL,
                                            NULL, NULL, NULL);
                     if (ret != 0) {
                        printf("failed during conversion of Key, ret = %d\n",
                                                                           ret);
                        wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                        return -1;
                    }
                    keyCheck = 1;
                    keyType = 2;
                    i+=2;
                    continue;
                }
            }
            else {
                i++; continue;
            }

        }while(i < 15);

        if (pwdKeyChk == 0 && keyCheck == 0) {
            if (dCheck == 1) {
                printf("\nDECRYPT ERROR:\n");
                printf("Please type \"wolfssl -d -help\" for decryption usage."
                                                                        "\n\n");
                return 0;
            }
            /* if no pwdKey is provided */
            else {
                printf("No -p flag set, please enter a password to use for"
                " encrypting.\n");
                printf("Write your password down so you don't forget it.\n");
                ret = wolfsslNoEcho((char*)pwdKey, size);
                pwdKeyChk = 1;
            }
        }

        if (inCheck == 0 && eCheck == 1) {
            ret = 0;
            while (ret == 0) {
                printf("-i flag was not set, please enter a string or\n"
                       "file name to be encrypted: ");
                ret = (int) scanf("%s", inName);
            } 
            in = inName;
            /* if no input is provided */
            printf("Ok,  We will encrypt:\"%s\" for you.\n", inName);
            inCheck = 1;
        }

        if (eCheck == 1 && dCheck == 1) {
            printf("You want to encrypt and decrypt simultaneously? That is"
                    "not possible...\n");
            wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
            return FATAL_ERROR;
        }

        if (inCheck == 0 && dCheck == 1) {
            printf("We are so sorry but you must specify what it is you are "
                    "trying to decrypt.\n");
            wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
            return FATAL_ERROR;
        }

        if (ivCheck == 1) {
            if (keyCheck == 0) {
                printf("IV was explicitly set, but no -K <key> was set. User\n"
                    " needs to provide a non-password based key when setting"
                        " the IV.\n");
                wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
                return FATAL_ERROR;
            }
        }

        if (pwdKeyChk == 1 && keyCheck == 1) {
            XMEMSET(pwdKey, 0, size);
        }

        /* encryption function call */
        if (eCheck == 1) {

            printf("\n");
            if (outCheck == 0) {
                ret = 0;
                while (ret == 0) {
                    printf("Please enter a name for the output file: ");
                    ret = (int) scanf("%s", outNameE);
                    out = (ret > 0) ? outNameE : '\0';
                }
            }
            ret = wolfsslEncrypt(alg, mode, pwdKey, key, size, in, out,
                    iv, block, ivCheck, inputHex);
        }
        /* decryption function call */
        else if (dCheck == 1) {
            if (outCheck == 0) {
                ret = 0;
                while (ret == 0) {
                    printf("Please enter a name for the output file: ");
                    ret = (int) scanf("%s", outNameD);
                    out = (ret > 0) ? outNameD : '\0';
                }
            }
            ret = wolfsslDecrypt(alg, mode, pwdKey, key, size, in, out,
                    iv, block, keyType);
        }
        else {
            wolfsslHelp();
        }
        /* clear and free data */
        XMEMSET(key, 0, size);
        XMEMSET(pwdKey, 0, size);
        XMEMSET(iv, 0, block);
        wolfsslFreeBins(pwdKey, iv, key, NULL, NULL);
    }
    else
        ret = FATAL_ERROR;
    return ret;
}
/*
 * hash argument function
 */
int wolfsslHashSetup(int argc, char** argv)
{
    int     ret        =   0;   /* return variable, counter */
    int     i          =   0;   /* loop variable */
    char*   in;                 /* input variable */
    char*   out     =   NULL;   /* output variable */
    const char* algs[]  =   {   /* list of acceptable algorithms */
#ifndef NO_MD5
        "md5"
#endif
#ifndef NO_SHA
            , "sha"
#endif
#ifndef NO_SHA256
            , "sha256"
#endif
#ifdef WOLFSSL_SHA384
            , "sha384"
#endif
#ifdef WOLFSSL_SHA512
            , "sha512"
#endif
#ifdef HAVE_BLAKE2
            , "blake2b"
#endif
    };

    char*   alg;                /* algorithm being used */
    int     algCheck=   0;      /* acceptable algorithm check */
    int     inCheck =   0;      /* input check */
    int     size    =   0;      /* message digest size */

#ifdef HAVE_BLAKE2
    size = BLAKE_DIGEST_SIZE;
#endif

    /* help checking */
    if (argc == 2) {
        wolfsslHashHelp();
        return 0;
    }
    for (i = 2; i < argc; i++) {
        if (strcmp(argv[i], "-help") == 0) {
            wolfsslHashHelp();
            return 0;
        }
    }

    for (i = 0; i < (int) sizeof(algs)/(int) sizeof(algs[0]); i++) {
        /* checks for acceptable algorithms */
        if (strcmp(argv[2], algs[i]) == 0) {
            alg = argv[2];
            algCheck = 1;
        }
    }
    if (algCheck == 0) {
        printf("Invalid algorithm\n");
        return FATAL_ERROR;
    }

    for (i = 3; i < argc; i++) {
        if (strcmp(argv[i], "-i") == 0 && argv[i+1] != NULL) {
            /* input file/text */
            in = malloc(strlen(argv[i+1])+1);
            XSTRNCPY(in, &argv[i+1][0], XSTRLEN(&argv[i+1][0]));
            in[strlen(argv[i+1])] = '\0';
            inCheck = 1;
            i++;
        }
        else if (strcmp(argv[i], "-o") == 0 && argv[i+1] != NULL) {
            /* output file */
            out = argv[i+1];
            i++;
        }
        else if (strcmp(argv[i], "-s") == 0 && argv[i+1] != NULL) {
            /* size of output */
#ifndef HAVE_BLAKE2
            printf("Sorry, only to be used with Blake2b enabled\n");
#else
            size = atoi(argv[i+1]);
            if (size <= 0 || size > 64) {
                printf("Invalid size, Must be between 1-64. Using default.\n");
                size = BLAKE_DIGEST_SIZE;
            }
#endif
            i++;
        }
        else {
            printf("Unknown argument %s. Ignoring\n", argv[i]);
        }
    }
    if (inCheck == 0) {
        printf("Must have input as either a file or standard I/O\n");
        return FATAL_ERROR;
    }
    /* sets default size of algorithm */
#ifndef NO_MD5
    if (strcmp(alg, "md5") == 0)
        size = MD5_DIGEST_SIZE;
#endif

#ifndef NO_SHA
    if (strcmp(alg, "sha") == 0)
        size = SHA_DIGEST_SIZE;
#endif

#ifndef NO_SHA256
    if (strcmp(alg, "sha256") == 0)
        size = SHA256_DIGEST_SIZE;
#endif

#ifdef WOLFSSL_SHA384
    if (strcmp(alg, "sha384") == 0)
        size = SHA384_DIGEST_SIZE;
#endif

#ifdef WOLFSSL_SHA512
    if (strcmp(alg, "sha512") == 0)
        size = SHA512_DIGEST_SIZE;
#endif

    /* hashing function */
    wolfsslHash(in, out, alg, size);

    free(in);

    return ret;
}
Exemplo n.º 15
0
void CTaoCryptErrorString(int error, char* buffer)
{
    const int max = CYASSL_MAX_ERROR_SZ;   /* shorthand */

#ifdef NO_ERROR_STRINGS

    (void)error;
    XSTRNCPY(buffer, "no support for error strings built in", max);

#else

    switch (error) {

    case OPEN_RAN_E :        
        XSTRNCPY(buffer, "opening random device error", max);
        break;

    case READ_RAN_E :
        XSTRNCPY(buffer, "reading random device error", max);
        break;

    case WINCRYPT_E :
        XSTRNCPY(buffer, "windows crypt init error", max);
        break;

    case CRYPTGEN_E : 
        XSTRNCPY(buffer, "windows crypt generation error", max);
        break;

    case RAN_BLOCK_E : 
        XSTRNCPY(buffer, "random device read would block error", max);
        break;

    case BAD_MUTEX_E : 
        XSTRNCPY(buffer, "Bad mutex, operation failed", max);
        break;

    case MP_INIT_E :
        XSTRNCPY(buffer, "mp_init error state", max);
        break;

    case MP_READ_E :
        XSTRNCPY(buffer, "mp_read error state", max);
        break;

    case MP_EXPTMOD_E :
        XSTRNCPY(buffer, "mp_exptmod error state", max);
        break;

    case MP_TO_E :
        XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
        break;

    case MP_SUB_E :
        XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
        break;

    case MP_ADD_E :
        XSTRNCPY(buffer, "mp_add error state, can't add", max);
        break;

    case MP_MUL_E :
        XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
        break;

    case MP_MULMOD_E :
        XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
        break;

    case MP_MOD_E :
        XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
        break;

    case MP_INVMOD_E :
        XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
        break; 
        
    case MP_CMP_E :
        XSTRNCPY(buffer, "mp_cmp error state", max);
        break; 
        
    case MP_ZERO_E :
        XSTRNCPY(buffer, "mp zero result, not expected", max);
        break; 
        
    case MEMORY_E :
        XSTRNCPY(buffer, "out of memory error", max);
        break;

    case RSA_WRONG_TYPE_E :
        XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
        break; 

    case RSA_BUFFER_E :
        XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
                max);
        break; 

    case BUFFER_E :
        XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
        break; 

    case ALGO_ID_E :
        XSTRNCPY(buffer, "Setting Cert AlogID error", max);
        break; 

    case PUBLIC_KEY_E :
        XSTRNCPY(buffer, "Setting Cert Public Key error", max);
        break; 

    case DATE_E :
        XSTRNCPY(buffer, "Setting Cert Date validity error", max);
        break; 

    case SUBJECT_E :
        XSTRNCPY(buffer, "Setting Cert Subject name error", max);
        break; 

    case ISSUER_E :
        XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
        break; 

    case CA_TRUE_E :
        XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
        break; 

    case EXTENSIONS_E :
        XSTRNCPY(buffer, "Setting extensions error", max);
        break; 

    case ASN_PARSE_E :
        XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
        break;

    case ASN_VERSION_E :
        XSTRNCPY(buffer, "ASN version error, invalid number", max);
        break;

    case ASN_GETINT_E :
        XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
        break;

    case ASN_RSA_KEY_E :
        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
        break;

    case ASN_OBJECT_ID_E :
        XSTRNCPY(buffer, "ASN object id error, invalid id", max);
        break;

    case ASN_TAG_NULL_E :
        XSTRNCPY(buffer, "ASN tag error, not null", max);
        break;

    case ASN_EXPECT_0_E :
        XSTRNCPY(buffer, "ASN expect error, not zero", max);
        break;

    case ASN_BITSTR_E :
        XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
        break;

    case ASN_UNKNOWN_OID_E :
        XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
        break;

    case ASN_DATE_SZ_E :
        XSTRNCPY(buffer, "ASN date error, bad size", max);
        break;

    case ASN_BEFORE_DATE_E :
        XSTRNCPY(buffer, "ASN date error, current date before", max);
        break;

    case ASN_AFTER_DATE_E :
        XSTRNCPY(buffer, "ASN date error, current date after", max);
        break;

    case ASN_SIG_OID_E :
        XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
        break;

    case ASN_TIME_E :
        XSTRNCPY(buffer, "ASN time error, unkown time type", max);
        break;

    case ASN_INPUT_E :
        XSTRNCPY(buffer, "ASN input error, not enough data", max);
        break;

    case ASN_SIG_CONFIRM_E :
        XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
        break;

    case ASN_SIG_HASH_E :
        XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
        break;

    case ASN_SIG_KEY_E :
        XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
        break;

    case ASN_DH_KEY_E :
        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
        break;

    case ASN_NTRU_KEY_E :
        XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
        break;

    case ECC_BAD_ARG_E :
        XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
        break;

    case ASN_ECC_KEY_E :
        XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
        break;

    case ECC_CURVE_OID_E :
        XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
        break;

    case BAD_FUNC_ARG :
        XSTRNCPY(buffer, "Bad function argument", max);
        break;

    case NOT_COMPILED_IN :
        XSTRNCPY(buffer, "Feature not compiled in", max);
        break;

    case UNICODE_SIZE_E :
        XSTRNCPY(buffer, "Unicode password too big", max);
        break;

    case NO_PASSWORD :
        XSTRNCPY(buffer, "No password provided by user", max);
        break;

    case ALT_NAME_E :
        XSTRNCPY(buffer, "Alt Name problem, too big", max);
        break;

    case AES_GCM_AUTH_E:
        XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
        break;

    case AES_CCM_AUTH_E:
        XSTRNCPY(buffer, "AES-CCM Authentication check fail", max);
        break;

    case CAVIUM_INIT_E:
        XSTRNCPY(buffer, "Cavium Init type error", max);
        break;

    case COMPRESS_INIT_E:
        XSTRNCPY(buffer, "Compress Init error", max);
        break;

    case COMPRESS_E:
        XSTRNCPY(buffer, "Compress error", max);
        break;

    case DECOMPRESS_INIT_E:
        XSTRNCPY(buffer, "DeCompress Init error", max);
        break;

    case DECOMPRESS_E:
        XSTRNCPY(buffer, "DeCompress error", max);
        break;

    case BAD_ALIGN_E:
        XSTRNCPY(buffer, "Bad alignment error, no alloc help", max);
        break;

    case ASN_NO_SIGNER_E :
        XSTRNCPY(buffer, "ASN no signer error to confirm failure", max);
        break;

    case ASN_CRL_CONFIRM_E :
        XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max);
        break;

    case ASN_CRL_NO_SIGNER_E :
        XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max);
        break;

    case ASN_OCSP_CONFIRM_E :
        XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max);
        break;

    case BAD_ENC_STATE_E:
        XSTRNCPY(buffer, "Bad ecc encrypt state operation", max);
        break;

    case BAD_PADDING_E:
        XSTRNCPY(buffer, "Bad padding, message wrong length", max);
        break;

    case REQ_ATTRIBUTE_E:
        XSTRNCPY(buffer, "Setting cert request attributes error", max);
        break;

    case PKCS7_OID_E:
        XSTRNCPY(buffer, "PKCS#7 error: mismatched OID value", max);
        break;

    case PKCS7_RECIP_E:
        XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max);
        break;

    default:
        XSTRNCPY(buffer, "unknown error number", max);

    }

#endif /* NO_ERROR_STRINGS */

}
Exemplo n.º 16
0
void dl_ethernet( u_char *args, const struct pcap_pkthdr *header, const u_char *packet ) {
  const struct ether_header *ethernet_ptr;
  const char *payload;
  const char *tmp_ptr;
  const int size_ethernet = sizeof( struct ether_header );
  PRIVATE int bytes_sent;
  /* this is easier to read */
  PRIVATE char s_eth_addr_str[(ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN];
  PRIVATE char d_eth_addr_str[(ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN];
  /* libnet uses this format */
  PRIVATE u_char s_eth_addr[ETHER_ADDR_LEN];
  PRIVATE u_char d_eth_addr[ETHER_ADDR_LEN];
  PRIVATE struct tm pkt_time;
  PRIVATE int payload_size;
  /* pre-allocated traffic record */
  PRIVATE struct trafficRecord tr;
  PRIVATE struct trafficRecord *tr_tmp;
  PRIVATE struct tcpFlow *tf_ptr;

#ifdef DEBUG
  if ( config->debug >= 4 ) {
    display( LOG_DEBUG, "Packet of length [%d - %d]", header->caplen, header->len );
  }
#endif

  /* proto decode */
  ethernet_ptr = (struct ether_header*)(packet);

  /* convert packet time into something usable */
  localtime_r((const time_t*)&header->ts.tv_sec, &pkt_time);

#ifdef DEBUG
  if ( config->debug >= 5 ) {
    display( LOG_DEBUG, "Received at [%04d/%02d/%02d %02d:%02d:%02d.%06d]",
	     pkt_time.tm_year+1900,
	     pkt_time.tm_mon+1,
	     pkt_time.tm_mday,
	     pkt_time.tm_hour,
	     pkt_time.tm_min,
	     pkt_time.tm_sec,
	     header->ts.tv_usec );
  }

  /* ether_ntoa issue */
  XSTRNCPY( s_eth_addr_str, ether_ntoa((struct ether_addr *)ethernet_ptr->ether_shost), ((ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN)-1 );
  XSTRNCPY( d_eth_addr_str, ether_ntoa((struct ether_addr *)ethernet_ptr->ether_dhost), ((ETHER_ADDR_LEN*2)+ETHER_ADDR_LEN)-1 );

  /* parse ether source/dest */
  if ( config->debug >= 3 ) {
    display( LOG_INFO, "ETHER: %s -> %s", s_eth_addr_str, d_eth_addr_str );
  }
#endif

  /* clear traffic report */
  XMEMSET( &tr, 0, sizeof( tr ) );

  XMEMCPY( &tr.wireTime, &pkt_time, sizeof( pkt_time ) );
  tr.next = NULL;
  tr.prev = NULL;
  XMEMCPY( &tr.sMac, ethernet_ptr->ether_shost, ETHER_ADDR_LEN );
  XMEMCPY( &tr.dMac, ethernet_ptr->ether_dhost, ETHER_ADDR_LEN );
  tr.ethProto = ethernet_ptr->ether_type;

  if (ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_IP ) { /* IP */

#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "ETHER: type 0x%04x is an IP packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /* process packet */
    processIpPacket( header, size_ethernet, &tr, packet + size_ethernet );

    /* done with the packet, fall through */
  } else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_ARP ) { /* ARP */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x is an ARP packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /*
     * done with packet, fall through
     */
  } else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_REVARP ) { /* RARP */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x is an RARP packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /*
     * done with packet, fall through
     */
  } else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_PUP ) { /* PUP */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x is a Xerox PUP packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /*
     * done with packet, fall through
     */
  } else if ( ntohs( ethernet_ptr->ether_type ) EQ ETHERTYPE_TRAIL ) { /* Trailer */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x is a trailer packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /*
     * done with packet, fall through
     */
  } else if ( ntohs( ethernet_ptr->ether_type ) EQ 50 ) { /* ipSec */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x is an ipSec packet", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
    /*
     * done with packet, fall through
     */
  } else { /* Unknown */
#ifdef DEBUG
    if ( config->debug >= 7 ) {
      display( LOG_DEBUG, "Ethernet type 0x%04x unknown", ntohs( ethernet_ptr->ether_type ) );
    }
#endif
  }

  /* XXX add a timer check and purge tcp flow linked list of dead flows */

  /* cleanup, we will do nothing with this packet */
  return;
}
Exemplo n.º 17
0
void processUdpPacket( struct trafficRecord *tr, const u_char *packet ) {
  const struct udphdr *udp_ptr;
  const char *payload;
  const char *tmp_ptr;
  const int size_udp = sizeof( struct udphdr );

  PRIVATE int bytes_sent;
  PRIVATE u_int ip_hlen, ip_ver, ip_off, ip_offidx;
  PRIVATE int ip_len;
  PRIVATE char s_ip_addr_str[MAX_IP_ADDR_LEN+1];
  PRIVATE char d_ip_addr_str[MAX_IP_ADDR_LEN+1];
  PRIVATE struct in_addr addr;
  PRIVATE struct tm pkt_time;
  PRIVATE int payload_size;
  /* pre-allocated traffic record */
  PRIVATE struct trafficRecord *tr_tmp, *tmpTrPtr;
  PRIVATE struct tcpFlow *tf_ptr;
  time_t currentTime = time( NULL );

  /* process packet */

  /*
   * udp decode
   */

#ifdef DEBUG
  if ( config->debug >= 5 ) {
    display( LOG_DEBUG, "UDP packet" );
  }
#endif

  /* pointers are fun */
  udp_ptr = (struct udphdr*)( packet );

#ifdef BSD_DERIVED
  tr->sPort = ntohs( udp_ptr->uh_sport );
  tr->dPort = ntohs( udp_ptr->uh_dport );
#else
  tr->sPort = ntohs( udp_ptr->source );
  tr->dPort = ntohs( udp_ptr->dest );
#endif

#ifdef DEBUG
  if ( config->debug >= 3 ) {
    display( LOG_INFO, "UDP: S: %d D: %d", ntohs( tr->sPort ), ntohs( tr->dPort ) );
  }
#endif

  /*
   * write to log
   */
    
  XSTRNCPY( s_ip_addr_str, inet_ntoa( tr->sIp ), MAX_IP_ADDR_LEN );
  XSTRNCPY( d_ip_addr_str, inet_ntoa( tr->dIp ), MAX_IP_ADDR_LEN );
  fprintf( config->log_st, "[%04d/%02d/%02d %02d:%02d:%02d] %16s:%-5u -> %16s:%-5u UDP\n",
	   tr->wireTime.tm_year+1900,
	   tr->wireTime.tm_mon+1,
	   tr->wireTime.tm_mday,
	   tr->wireTime.tm_hour,
	   tr->wireTime.tm_min,
	   tr->wireTime.tm_sec,
	   s_ip_addr_str,
	   tr->sPort,
	   d_ip_addr_str,
	   tr->dPort
	   );

  /*
   * done with packet, fall through
   */
  
  /* cleanup, we will do nothing with this packet */
  return;
}