BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; EVP_MD_CTX ctxt; unsigned char *cs; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) return NULL; EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(&ctxt, user, sgx_strlen(user)); EVP_DigestUpdate(&ctxt, ":", 1); EVP_DigestUpdate(&ctxt, pass, sgx_strlen(pass)); EVP_DigestFinal_ex(&ctxt, dig, NULL); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); BN_bn2bin(s, cs); EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); OPENSSL_free(cs); EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); EVP_DigestFinal_ex(&ctxt, dig, NULL); EVP_MD_CTX_cleanup(&ctxt); return BN_bin2bn(dig, sizeof(dig), NULL); }
static char *dl_name_converter(DSO *dso, const char *filename) { char *translated; int len, rsize, transform; len = sgx_strlen(filename); rsize = len + 1; transform = (strstr(filename, "/") == NULL); { /* We will convert this to "%s.s?" or "lib%s.s?" */ rsize += sgx_strlen(extension); /* The length of ".s?" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) rsize += 3; /* The length of "lib" */ } translated = OPENSSL_malloc(rsize); if (translated == NULL) { DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); return (NULL); } if (transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) sprintf(translated, "lib%s%s", filename, extension); else sprintf(translated, "%s%s", filename, extension); } else sprintf(translated, "%s", filename); return (translated); }
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) { int i; const EVP_PKEY_ASN1_METHOD *ameth; if (len == -1) len = sgx_strlen(str); if (pe) { #ifndef OPENSSL_NO_ENGINE ENGINE *e; ameth = ENGINE_pkey_asn1_find_str(&e, str, len); if (ameth) { /* * Convert structural into functional reference */ if (!ENGINE_init(e)) ameth = NULL; ENGINE_free(e); *pe = e; return ameth; } #endif *pe = NULL; } for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; if (((int)sgx_strlen(ameth->pem_str) == len) && !strncasecmp(ameth->pem_str, str, len)) return ameth; } return NULL; }
static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) { char *merged; if (!filespec1 && !filespec2) { DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER); return (NULL); } /* * If the first file specification is a rooted path, it rules. same goes * if the second file specification is missing. */ if (!filespec2 || filespec1[0] == '/') { merged = OPENSSL_malloc(strlen(filespec1) + 1); if (!merged) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } sgx_strcpy(merged, filespec1); } /* * If the first file specification is missing, the second one rules. */ else if (!filespec1) { merged = OPENSSL_malloc(strlen(filespec2) + 1); if (!merged) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } sgx_strcpy(merged, filespec2); } else /* * This part isn't as trivial as it looks. It assumes that the * second file specification really is a directory, and makes no * checks whatsoever. Therefore, the result becomes the * concatenation of filespec2 followed by a slash followed by * filespec1. */ { int spec2len, len; spec2len = (filespec2 ? sgx_strlen(filespec2) : 0); len = spec2len + (filespec1 ? sgx_strlen(filespec1) : 0); if (filespec2 && filespec2[spec2len - 1] == '/') { spec2len--; len--; } merged = OPENSSL_malloc(len + 2); if (!merged) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } sgx_strcpy(merged, filespec2); merged[spec2len] = '/'; sgx_strcpy(&merged[spec2len + 1], filespec1); } return (merged); }
int main(int argc, char *argv[]) { int ret = 0; unsigned char md[MDC2_DIGEST_LENGTH]; int i; EVP_MD_CTX c; static char *text = "Now is the time for all "; # ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, sgx_strlen(text)); # endif EVP_MD_CTX_init(&c); EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); EVP_DigestUpdate(&c, (unsigned char *)text, sgx_strlen(text)); EVP_DigestFinal_ex(&c, &(md[0]), NULL); if (sgx_memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) printf("%02X", md[i]); printf(" <- generated\n"); for (i = 0; i < MDC2_DIGEST_LENGTH; i++) printf("%02X", pad1[i]); printf(" <- correct\n"); ret = 1; } else printf("pad1 - ok\n"); EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); /* FIXME: use a ctl function? */ ((MDC2_CTX *)c.md_data)->pad_type = 2; EVP_DigestUpdate(&c, (unsigned char *)text, sgx_strlen(text)); EVP_DigestFinal_ex(&c, &(md[0]), NULL); if (sgx_memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) printf("%02X", md[i]); printf(" <- generated\n"); for (i = 0; i < MDC2_DIGEST_LENGTH; i++) printf("%02X", pad2[i]); printf(" <- correct\n"); ret = 1; } else printf("pad2 - ok\n"); EVP_MD_CTX_cleanup(&c); # ifdef OPENSSL_SYS_NETWARE if (ret) printf("ERROR: %d\n", ret); # endif EXIT(ret); return (ret); }
static int sig_out(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; ctx = b->ptr; md = &ctx->md; if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) return 1; if (!EVP_DigestInit_ex(md, md->digest, NULL)) goto berr; /* * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ RAND_pseudo_bytes(md->md_data, md->digest->md_size); sgx_memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ctx->buf_len += md->digest->md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, sgx_strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; ctx->buf_len += md->digest->md_size; ctx->blockout = 1; ctx->sigio = 0; return 1; berr: BIO_clear_retry_flags(b); return 0; }
/* * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz <= strlen(dst)). * Returns strlen(src) + MIN(siz, strlen(initial dst)). * If retval >= siz, truncation occurred. */ size_t strlcat(char *dst, const char *src, size_t siz) { register char *d = dst; register const char *s = src; register size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; if (n == 0) return(dlen + sgx_strlen(s)); while (*s != '\0') { if (n != 1) { *d++ = *s; n--; } s++; } *d = '\0'; return(dlen + (s - src)); /* count does not include NUL */ }
static void hashstring(SHA_CTX *sha, const char *string) { size_t l = sgx_strlen(string); hashlength(sha, l); SHA1_Update(sha, string, l); }
static char *vms_name_converter(DSO *dso, const char *filename) { int len = sgx_strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); sgx_strcpy(not_translated, filename); return (not_translated); }
static int acpt_puts(BIO *bp, const char *str) { int n, ret; n = sgx_strlen(str); ret = acpt_write(bp, str, n); return (ret); }
void sgx_debug(char msg[]) { size_t size = sgx_strlen(msg); sgx_stub_info_tp *stub = (sgx_stub_info_tp *)STUB_ADDR_TP; stub->fcode = FUNC_DEBUG; sgx_memcpy(stub->out_data1, msg, size); sgx_exit(stub->trampoline); }
static void run_cert(X509 *crt, const char *nameincert, const struct set_name_fn *fn) { const char *const *pname = names; while (*pname) { int samename = sgx_strcasecmp(nameincert, *pname) == 0; size_t namelen = sgx_strlen(*pname); char *name = sgx_malloc(namelen); int match, ret; sgx_memcpy(name, *pname, namelen); ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; if (ret < 0) { fprintf(stderr, "internal error in X509_check_host"); ++errors; } else if (fn->host) { if (ret == 1 && !samename) match = 1; if (ret == 0 && samename) match = 0; } else if (ret == 1) match = 1; check_message(fn, "host", nameincert, match, *pname); ret = X509_check_host(crt, name, namelen, X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; if (ret < 0) { fprintf(stderr, "internal error in X509_check_host"); ++errors; } else if (fn->host) { if (ret == 1 && !samename) match = 1; if (ret == 0 && samename) match = 0; } else if (ret == 1) match = 1; check_message(fn, "host-no-wildcards", nameincert, match, *pname); ret = X509_check_email(crt, name, namelen, 0); match = -1; if (fn->email) { if (ret && !samename) match = 1; if (!ret && samename && sgx_strchr(nameincert, '@') != NULL) match = 0; } else if (ret) match = 1; check_message(fn, "email", nameincert, match, *pname); ++pname; sgx_free(name); } }
/* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns strlen(src); if retval >= siz, truncation occurred. */ size_t strlcpy(char *dst, const char *src, size_t siz) { register char *d = dst; register const char *s = src; register size_t n = siz; if (n == 0) return(sgx_strlen(s)); while (*s != '\0') { if (n != 1) { *d++ = *s; n--; } s++; } *d = '\0'; return(s - src); /* count does not include NUL */ }
static int sig_in(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; unsigned char tmp[EVP_MAX_MD_SIZE]; int ret = 0; ctx = b->ptr; md = &ctx->md; if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) return 1; if (!EVP_DigestInit_ex(md, md->digest, NULL)) goto berr; sgx_memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); longswap(md->md_data, md->digest->md_size); ctx->buf_off += md->digest->md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, sgx_strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; ret = sgx_memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ctx->buf_off += md->digest->md_size; if (ret == 1) { ctx->sigio = 0; if (ctx->buf_len != ctx->buf_off) { sgx_memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len - ctx->buf_off); } ctx->buf_len -= ctx->buf_off; ctx->buf_off = 0; } else { ctx->cont = 0; } return 1; berr: BIO_clear_retry_flags(b); return 0; }
static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) { int status; int filespec1len, filespec2len; struct FAB fab; struct NAMX_STRUCT nam; char esa[NAMX_MAXRSS + 1]; char *merged; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ # if __INITIAL_POINTER_SIZE == 64 # define FILESPEC1 filespec1_32p; # define FILESPEC2 filespec2_32p; # pragma pointer_size save # pragma pointer_size 32 char *filespec1_32p; char *filespec2_32p; # pragma pointer_size restore char filespec1_32[NAMX_MAXRSS + 1]; char filespec2_32[NAMX_MAXRSS + 1]; # else /* __INITIAL_POINTER_SIZE == 64 */ # define FILESPEC1 ((char *) filespec1) # define FILESPEC2 ((char *) filespec2) # endif /* __INITIAL_POINTER_SIZE == 64 [else] */ if (!filespec1) filespec1 = ""; if (!filespec2) filespec2 = ""; filespec1len = sgx_strlen(filespec1); filespec2len = sgx_strlen(filespec2); # if __INITIAL_POINTER_SIZE == 64 /* Copy the file names to storage with a 32-bit pointer. */ filespec1_32p = filespec1_32; filespec2_32p = filespec2_32; sgx_strcpy(filespec1_32p, filespec1); sgx_strcpy(filespec2_32p, filespec2); # endif /* __INITIAL_POINTER_SIZE == 64 [else] */ fab = cc$rms_fab; nam = CC_RMS_NAMX; FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1; FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len; FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2; FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len; NAMX_DNA_FNA_SET(fab) nam.NAMX_ESA = esa; nam.NAMX_ESS = NAMX_MAXRSS; nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; SET_NAMX_NO_SHORT_UPCASE(nam); fab.FAB_NAMX = &nam; status = sys$parse(&fab, 0, 0); if (!$VMS_STATUS_SUCCESS(status)) { unsigned short length; char errstring[257]; struct dsc$descriptor_s errstring_dsc; errstring_dsc.dsc$w_length = sizeof(errstring); errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; errstring_dsc.dsc$b_class = DSC$K_CLASS_S; errstring_dsc.dsc$a_pointer = errstring; status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); if (!$VMS_STATUS_SUCCESS(status)) lib$signal(status); /* This is really bad. Abort! */ else { errstring[length] = '\0'; DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE); ERR_add_error_data(7, "filespec \"", filespec1, "\", ", "defaults \"", filespec2, "\": ", errstring); } return (NULL); } merged = OPENSSL_malloc(nam.NAMX_ESL + 1); if (!merged) goto malloc_err; sgx_strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); merged[nam.NAMX_ESL] = '\0'; return (merged); malloc_err: DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE); }
void vms_bind_sym(DSO *dso, const char *symname, void **sym) { DSO_VMS_INTERNAL *ptr; int status; # if 0 int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't * defined in VMS older than 7.0 or so */ # else int flags = 0; # endif struct dsc$descriptor_s symname_dsc; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ # if __INITIAL_POINTER_SIZE == 64 # define SYMNAME symname_32p # pragma pointer_size save # pragma pointer_size 32 char *symname_32p; # pragma pointer_size restore char symname_32[NAMX_MAXRSS + 1]; # else /* __INITIAL_POINTER_SIZE == 64 */ # define SYMNAME ((char *) symname) # endif /* __INITIAL_POINTER_SIZE == 64 [else] */ *sym = NULL; if ((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER); return; } # if __INITIAL_POINTER_SIZE == 64 /* Copy the symbol name to storage with a 32-bit pointer. */ symname_32p = symname_32; sgx_strcpy(symname_32p, symname); # endif /* __INITIAL_POINTER_SIZE == 64 [else] */ symname_dsc.dsc$w_length = sgx_strlen(SYMNAME); symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; symname_dsc.dsc$b_class = DSC$K_CLASS_S; symname_dsc.dsc$a_pointer = SYMNAME; if (sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR); return; } ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if (ptr == NULL) { DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE); return; } if (dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0; status = do_find_symbol(ptr, &symname_dsc, sym, flags); if (!$VMS_STATUS_SUCCESS(status)) { unsigned short length; char errstring[257]; struct dsc$descriptor_s errstring_dsc; errstring_dsc.dsc$w_length = sizeof(errstring); errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; errstring_dsc.dsc$b_class = DSC$K_CLASS_S; errstring_dsc.dsc$a_pointer = errstring; *sym = NULL; status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); if (!$VMS_STATUS_SUCCESS(status)) lib$signal(status); /* This is really bad. Abort! */ else { errstring[length] = '\0'; DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE); if (ptr->imagename_dsc.dsc$w_length) ERR_add_error_data(9, "Symbol ", symname, " in ", ptr->filename, " (", ptr->imagename, ")", ": ", errstring); else ERR_add_error_data(6, "Symbol ", symname, " in ", ptr->filename, ": ", errstring); } return; } return; }
static int vms_load(DSO *dso) { void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); /* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ # if __INITIAL_POINTER_SIZE == 64 # define DSO_MALLOC _malloc32 # pragma pointer_size save # pragma pointer_size 32 # else /* __INITIAL_POINTER_SIZE == 64 */ # define DSO_MALLOC OPENSSL_malloc # endif /* __INITIAL_POINTER_SIZE == 64 [else] */ DSO_VMS_INTERNAL *p = NULL; # if __INITIAL_POINTER_SIZE == 64 # pragma pointer_size restore # endif /* __INITIAL_POINTER_SIZE == 64 */ const char *sp1, *sp2; /* Search result */ if (filename == NULL) { DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); goto err; } /*- * A file specification may look like this: * * node::dev:[dir-spec]name.type;ver * * or (for compatibility with TOPS-20): * * node::dev:<dir-spec>name.type;ver * * and the dir-spec uses '.' as separator. Also, a dir-spec * may consist of several parts, with mixed use of [] and <>: * * [dir1.]<dir2> * * We need to split the file specification into the name and * the rest (both before and after the name itself). */ /* * Start with trying to find the end of a dir-spec, and save the position * of the byte after in sp1 */ sp1 = strrchr(filename, ']'); sp2 = strrchr(filename, '>'); if (sp1 == NULL) sp1 = sp2; if (sp2 != NULL && sp2 > sp1) sp1 = sp2; if (sp1 == NULL) sp1 = strrchr(filename, ':'); if (sp1 == NULL) sp1 = filename; else sp1++; /* The byte after the found character */ /* Now, let's see if there's a type, and save the position in sp2 */ sp2 = sgx_strchr(sp1, '.'); /* * If we found it, that's where we'll cut. Otherwise, look for a version * number and save the position in sp2 */ if (sp2 == NULL) sp2 = sgx_strchr(sp1, ';'); /* * If there was still nothing to find, set sp2 to point at the end of the * string */ if (sp2 == NULL) sp2 = sp1 + sgx_strlen(sp1); /* Check that we won't get buffer overflows */ if (sp2 - sp1 > FILENAME_MAX || (sp1 - filename) + sgx_strlen(sp2) > FILENAME_MAX) { DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG); goto err; } p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); if (p == NULL) { DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); goto err; } sgx_strncpy(p->filename, sp1, sp2 - sp1); p->filename[sp2 - sp1] = '\0'; sgx_strncpy(p->imagename, filename, sp1 - filename); p->imagename[sp1 - filename] = '\0'; sgx_strcat(p->imagename, sp2); p->filename_dsc.dsc$w_length = sgx_strlen(p->filename); p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; p->filename_dsc.dsc$a_pointer = p->filename; p->imagename_dsc.dsc$w_length = sgx_strlen(p->imagename); p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; p->imagename_dsc.dsc$a_pointer = p->imagename; if (!sk_void_push(dso->meth_data, (char *)p)) { DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR); goto err; } /* Success (for now, we lie. We actually do not know...) */ dso->loaded_filename = filename; return (1); err: /* Cleanup! */ if (p != NULL) OPENSSL_free(p); if (filename != NULL) OPENSSL_free(filename); return (0); }
static int str_copy(CONF *conf, char *section, char **pto, char *from) { int q, r, rr = 0, to = 0, len = 0; char *s, *e, *rp, *p, *rrp, *np, *cp, v; BUF_MEM *buf; if ((buf = BUF_MEM_new()) == NULL) return (0); len = sgx_strlen(from) + 1; if (!BUF_MEM_grow(buf, len)) goto err; for (;;) { if (IS_QUOTE(conf, *from)) { q = *from; from++; while (!IS_EOF(conf, *from) && (*from != q)) { if (IS_ESC(conf, *from)) { from++; if (IS_EOF(conf, *from)) break; } buf->data[to++] = *(from++); } if (*from == q) from++; } else if (IS_DQUOTE(conf, *from)) { q = *from; from++; while (!IS_EOF(conf, *from)) { if (*from == q) { if (*(from + 1) == q) { from++; } else { break; } } buf->data[to++] = *(from++); } if (*from == q) from++; } else if (IS_ESC(conf, *from)) { from++; v = *(from++); if (IS_EOF(conf, v)) break; else if (v == 'r') v = '\r'; else if (v == 'n') v = '\n'; else if (v == 'b') v = '\b'; else if (v == 't') v = '\t'; buf->data[to++] = v; } else if (IS_EOF(conf, *from)) break; else if (*from == '$') { /* try to expand it */ rrp = NULL; s = &(from[1]); if (*s == '{') q = '}'; else if (*s == '(') q = ')'; else q = 0; if (q) s++; cp = section; e = np = s; while (IS_ALPHA_NUMERIC(conf, *e)) e++; if ((e[0] == ':') && (e[1] == ':')) { cp = np; rrp = e; rr = *e; *rrp = '\0'; e += 2; np = e; while (IS_ALPHA_NUMERIC(conf, *e)) e++; } r = *e; *e = '\0'; rp = e; if (q) { if (r != q) { CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE); goto err; } e++; } /*- * So at this point we have * np which is the start of the name string which is * '\0' terminated. * cp which is the start of the section string which is * '\0' terminated. * e is the 'next point after'. * r and rr are the chars replaced by the '\0' * rp and rrp is where 'r' and 'rr' came from. */ p = _CONF_get_string(conf, cp, np); if (rrp != NULL) *rrp = rr; *rp = r; if (p == NULL) { CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); while (*p) buf->data[to++] = *(p++); /* * Since we change the pointer 'from', we also have to change the * perceived length of the string it points at. /RL */ len -= e - from; from = e; /* * In case there were no braces or parenthesis around the * variable reference, we have to put back the character that was * replaced with a '\0'. /RL */ *rp = r; } else buf->data[to++] = *(from++); } buf->data[to] = '\0'; if (*pto != NULL) OPENSSL_free(*pto); *pto = buf->data; OPENSSL_free(buf); return (1); err: if (buf != NULL) BUF_MEM_free(buf); return (0); }
static int def_load_bio(CONF *conf, BIO *in, long *line) { /* The macro BUFSIZE conflicts with a system macro in VxWorks */ #define CONFBUFSIZE 512 int bufnum = 0, i, ii; BUF_MEM *buff = NULL; char *s, *p, *end; int again; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; CONF_VALUE *sv = NULL; char *section = NULL, *buf; char *start, *psection, *pname; void *h = (void *)(conf->data); if ((buff = BUF_MEM_new()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } section = (char *)OPENSSL_malloc(10); if (section == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } BUF_strlcpy(section, "default", 10); if (_CONF_new_data(conf) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } bufnum = 0; again = 0; for (;;) { if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } p = &(buff->data[bufnum]); *p = '\0'; BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = sgx_strlen(p); if (i == 0 && !again) break; again = 0; while (i > 0) { if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) break; else i--; } /* * we removed some trailing stuff so there is a new line on the end. */ if (ii && i == ii) again = 1; /* long line */ else { p[i] = '\0'; eline++; /* another input line */ } /* we now have a line with trailing \r\n removed */ /* i is the number of bytes */ bufnum += i; v = NULL; /* check for line continuation */ if (bufnum >= 1) { /* * If we have bytes and the last char '\\' and second last char * is not '\\' */ p = &(buff->data[bufnum - 1]); if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { bufnum--; again = 1; } } if (again) continue; bufnum = 0; buf = buff->data; clear_comments(conf, buf); s = eat_ws(conf, buf); if (IS_EOF(conf, *s)) continue; /* blank line */ if (*s == '[') { char *ss; s++; start = eat_ws(conf, s); ss = start; again: end = eat_alpha_numeric(conf, ss); p = eat_ws(conf, end); if (*p != ']') { if (*p != '\0' && ss != p) { ss = p; goto again; } CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; } *end = '\0'; if (!str_copy(conf, NULL, §ion, start)) goto err; if ((sv = _CONF_get_section(conf, section)) == NULL) sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } continue; } else { pname = s; psection = NULL; end = eat_alpha_numeric(conf, s); if ((end[0] == ':') && (end[1] == ':')) { *end = '\0'; end += 2; psection = pname; pname = end; end = eat_alpha_numeric(conf, end); } p = eat_ws(conf, end); if (*p != '=') { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); goto err; } *end = '\0'; p++; start = eat_ws(conf, p); while (!IS_EOF(conf, *p)) p++; p--; while ((p != start) && (IS_WS(conf, *p))) p--; p++; *p = '\0'; if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } if (psection == NULL) psection = section; v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); v->value = NULL; if (v->name == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } BUF_strlcpy(v->name, pname, sgx_strlen(pname) + 1); if (!str_copy(conf, psection, &(v->value), start)) goto err; if (sgx_strcmp(psection, section) != 0) { if ((tv = _CONF_get_section(conf, psection)) == NULL) tv = _CONF_new_section(conf, psection); if (tv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } } else tv = sv; #if 1 if (_CONF_add_string(conf, tv, v) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } #else v->section = tv->section; if (!sk_CONF_VALUE_push(ts, v)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } vv = (CONF_VALUE *)lh_insert(conf->data, v); if (vv != NULL) { sk_CONF_VALUE_delete_ptr(ts, vv); OPENSSL_free(vv->name); OPENSSL_free(vv->value); OPENSSL_free(vv); } #endif v = NULL; } } if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); return (1); err: if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof btmp, "%ld", eline); ERR_add_error_data(2, "line ", btmp); if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); conf->data = NULL; } if (v != NULL) { if (v->name != NULL) OPENSSL_free(v->name); if (v->value != NULL) OPENSSL_free(v->value); if (v != NULL) OPENSSL_free(v); } return (0); }
static int asn1_str2tag(const char *tagstr, int len) { unsigned int i; static const struct tag_name_st *tntmp, tnst[] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("NULL", V_ASN1_NULL), ASN1_GEN_STR("INT", V_ASN1_INTEGER), ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), ASN1_GEN_STR("OID", V_ASN1_OBJECT), ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), ASN1_GEN_STR("T61", V_ASN1_T61STRING), ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), /* Special cases */ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), ASN1_GEN_STR("SET", V_ASN1_SET), /* type modifiers */ /* Explicit tag */ ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), /* Implicit tag */ ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), /* OCTET STRING wrapper */ ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), /* SEQUENCE wrapper */ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), /* SET wrapper */ ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), /* BIT STRING wrapper */ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), }; if (len == -1) len = sgx_strlen(tagstr); tntmp = tnst; for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { if ((len == tntmp->len) && !sgx_strncmp(tntmp->strnam, tagstr, len)) return tntmp->tag; } return -1; }
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) { int status; char *p, *r; size_t l; unsigned long flags = 0; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ #if __INITIAL_POINTER_SIZE == 64 # pragma pointer_size save # pragma pointer_size 32 char *ctx_filespec_32p; # pragma pointer_size restore char ctx_filespec_32[NAMX_MAXRSS + 1]; #endif /* __INITIAL_POINTER_SIZE == 64 */ #ifdef NAML$C_MAXRSS flags |= LIB$M_FIL_LONG_NAMES; #endif if (ctx == NULL || directory == NULL) { errno = EINVAL; return 0; } errno = 0; if (*ctx == NULL) { size_t filespeclen = sgx_strlen(directory); char *filespec = NULL; if (filespeclen == 0) { errno = ENOENT; return 0; } /* MUST be a VMS directory specification! Let's estimate if it is. */ if (directory[filespeclen - 1] != ']' && directory[filespeclen - 1] != '>' && directory[filespeclen - 1] != ':') { errno = EINVAL; return 0; } filespeclen += 4; /* "*.*;" */ if (filespeclen > NAMX_MAXRSS) { errno = ENAMETOOLONG; return 0; } *ctx = (LP_DIR_CTX *)sgx_malloc(sizeof(LP_DIR_CTX)); if (*ctx == NULL) { errno = ENOMEM; return 0; } sgx_memset(*ctx, '\0', sizeof(LP_DIR_CTX)); sgx_strcpy((*ctx)->filespec, directory); sgx_strcat((*ctx)->filespec, "*.*;"); /* Arrange 32-bit pointer to (copied) string storage, if needed. */ #if __INITIAL_POINTER_SIZE == 64 # define CTX_FILESPEC ctx_filespec_32p /* Copy the file name to storage with a 32-bit pointer. */ ctx_filespec_32p = ctx_filespec_32; sgx_strcpy(ctx_filespec_32p, (*ctx)->filespec); #else /* __INITIAL_POINTER_SIZE == 64 */ # define CTX_FILESPEC (*ctx)->filespec #endif /* __INITIAL_POINTER_SIZE == 64 [else] */ (*ctx)->filespec_dsc.dsc$w_length = filespeclen; (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S; (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC; } (*ctx)->result_dsc.dsc$w_length = 0; (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; (*ctx)->result_dsc.dsc$a_pointer = 0; status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, &(*ctx)->VMS_context, 0, 0, 0, &flags); if (status == RMS$_NMF) { errno = 0; vaxc$errno = status; return NULL; } if (!$VMS_STATUS_SUCCESS(status)) { errno = EVMSERR; vaxc$errno = status; return NULL; } /* * Quick, cheap and dirty way to discard any device and directory, since * we only want file names */ l = (*ctx)->result_dsc.dsc$w_length; p = (*ctx)->result_dsc.dsc$a_pointer; r = p; for (; *p; p++) { if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */ p++; } else if (*p == ':' || *p == '>' || *p == ']') { l -= p + 1 - r; r = p + 1; } else if (*p == ';') { l = p - r; break; } } sgx_strncpy((*ctx)->result, r, l); (*ctx)->result[l] = '\0'; str$free1_dx(&(*ctx)->result_dsc); return (*ctx)->result; }
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int indent, unsigned long flags) { int i, prev = -1, orflags, cnt; int fn_opt, fn_nid; ASN1_OBJECT *fn; ASN1_STRING *val; X509_NAME_ENTRY *ent; char objtmp[80]; const char *objbuf; int outlen, len; char *sep_dn, *sep_mv, *sep_eq; int sep_dn_len, sep_mv_len, sep_eq_len; if (indent < 0) indent = 0; outlen = indent; if (!do_indent(io_ch, arg, indent)) return -1; switch (flags & XN_FLAG_SEP_MASK) { case XN_FLAG_SEP_MULTILINE: sep_dn = "\n"; sep_dn_len = 1; sep_mv = " + "; sep_mv_len = 3; break; case XN_FLAG_SEP_COMMA_PLUS: sep_dn = ","; sep_dn_len = 1; sep_mv = "+"; sep_mv_len = 1; indent = 0; break; case XN_FLAG_SEP_CPLUS_SPC: sep_dn = ", "; sep_dn_len = 2; sep_mv = " + "; sep_mv_len = 3; indent = 0; break; case XN_FLAG_SEP_SPLUS_SPC: sep_dn = "; "; sep_dn_len = 2; sep_mv = " + "; sep_mv_len = 3; indent = 0; break; default: return -1; } if (flags & XN_FLAG_SPC_EQ) { sep_eq = " = "; sep_eq_len = 3; } else { sep_eq = "="; sep_eq_len = 1; } fn_opt = flags & XN_FLAG_FN_MASK; cnt = X509_NAME_entry_count(n); for (i = 0; i < cnt; i++) { if (flags & XN_FLAG_DN_REV) ent = X509_NAME_get_entry(n, cnt - i - 1); else ent = X509_NAME_get_entry(n, i); if (prev != -1) { if (prev == ent->set) { if (!io_ch(arg, sep_mv, sep_mv_len)) return -1; outlen += sep_mv_len; } else { if (!io_ch(arg, sep_dn, sep_dn_len)) return -1; outlen += sep_dn_len; if (!do_indent(io_ch, arg, indent)) return -1; outlen += indent; } } prev = ent->set; fn = X509_NAME_ENTRY_get_object(ent); val = X509_NAME_ENTRY_get_data(ent); fn_nid = OBJ_obj2nid(fn); if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { if (fn_opt == XN_FLAG_FN_SN) { fld_len = FN_WIDTH_SN; objbuf = OBJ_nid2sn(fn_nid); } else if (fn_opt == XN_FLAG_FN_LN) { fld_len = FN_WIDTH_LN; objbuf = OBJ_nid2ln(fn_nid); } else { fld_len = 0; /* XXX: what should this be? */ objbuf = ""; } } objlen = sgx_strlen(objbuf); if (!io_ch(arg, objbuf, objlen)) return -1; if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; outlen += fld_len - objlen; } if (!io_ch(arg, sep_eq, sep_eq_len)) return -1; outlen += objlen + sep_eq_len; } /* * If the field name is unknown then fix up the DER dump flag. We * might want to limit this further so it will DER dump on anything * other than a few 'standard' fields. */ if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) orflags = ASN1_STRFLGS_DUMP_ALL; else orflags = 0; len = do_print_ex(io_ch, arg, flags | orflags, val); if (len < 0) return -1; outlen += len; } return outlen; }
int main(int argc, char *argv[]) { FILE *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL, *keystr = NULL; RC4_KEY key; char buf[BUFSIZ]; int badops = 0, i; char **pp; unsigned char md[MD5_DIGEST_LENGTH]; argc--; argv++; while (argc >= 1) { if (sgx_strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (sgx_strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (sgx_strcmp(*argv, "-key") == 0) { if (--argc < 1) goto bad; keystr = *(++argv); } else { fprintf(stderr, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: for (pp = usage; (*pp != NULL); pp++) fprintf(stderr, "%s", *pp); exit(1); } if (infile == NULL) in = stdin; else { in = fopen(infile, "r"); if (in == NULL) { perror("open"); exit(1); } } if (outfile == NULL) out = stdout; else { out = fopen(outfile, "w"); if (out == NULL) { perror("open"); exit(1); } } #ifdef OPENSSL_SYS_MSDOS /* This should set the file to binary mode. */ { # include <fcntl.h> setmode(fileno(in), O_BINARY); setmode(fileno(out), O_BINARY); } #endif if (keystr == NULL) { /* get key */ i = EVP_read_pw_string(buf, BUFSIZ, "Enter RC4 password:"******"bad password read\n"); exit(1); } keystr = buf; } EVP_Digest((unsigned char *)keystr, sgx_strlen(keystr), md, NULL, EVP_md5(), NULL); OPENSSL_cleanse(keystr, sgx_strlen(keystr)); RC4_set_key(&key, MD5_DIGEST_LENGTH, md); for (;;) { i = fread(buf, 1, BUFSIZ, in); if (i == 0) break; if (i < 0) { perror("read"); exit(1); } RC4(&key, (unsigned int)i, (unsigned char *)buf, (unsigned char *)buf); i = fwrite(buf, (unsigned int)i, 1, out); if (i != 1) { perror("write"); exit(1); } } fclose(out); fclose(in); exit(0); return (1); }
int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask, long minsize, long maxsize) { int str_type; int ret; char free_out; int outform, outlen = 0; ASN1_STRING *dest; unsigned char *p; int nchar; char strbuf[32]; int (*cpyfunc) (unsigned long, void *) = NULL; if (len == -1) len = sgx_strlen((const char *)in); if (!mask) mask = DIRSTRING_TYPE; /* First do a string check and work out the number of characters */ switch (inform) { case MBSTRING_BMP: if (len & 1) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } nchar = len >> 1; break; case MBSTRING_UNIV: if (len & 3) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } nchar = len >> 2; break; case MBSTRING_UTF8: nchar = 0; /* This counts the characters and does utf8 syntax checking */ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); if (ret < 0) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); return -1; } break; case MBSTRING_ASC: nchar = len; break; default: ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); return -1; } if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } /* Now work out minimal type (if any) */ if (traverse_string(in, len, inform, type_str, &mask) < 0) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); return -1; } /* Now work out output format and string type */ outform = MBSTRING_ASC; if (mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; else if (mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; else if (mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; else if (mask & B_ASN1_BMPSTRING) { str_type = V_ASN1_BMPSTRING; outform = MBSTRING_BMP; } else if (mask & B_ASN1_UNIVERSALSTRING) { str_type = V_ASN1_UNIVERSALSTRING; outform = MBSTRING_UNIV; } else { str_type = V_ASN1_UTF8STRING; outform = MBSTRING_UTF8; } if (!out) return str_type; if (*out) { free_out = 0; dest = *out; if (dest->data) { dest->length = 0; OPENSSL_free(dest->data); dest->data = NULL; } dest->type = str_type; } else { free_out = 1; dest = ASN1_STRING_type_new(str_type); if (!dest) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); return -1; } *out = dest; } /* If both the same type just copy across */ if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); return -1; } return str_type; } /* Work out how much space the destination will need */ switch (outform) { case MBSTRING_ASC: outlen = nchar; cpyfunc = cpy_asc; break; case MBSTRING_BMP: outlen = nchar << 1; cpyfunc = cpy_bmp; break; case MBSTRING_UNIV: outlen = nchar << 2; cpyfunc = cpy_univ; break; case MBSTRING_UTF8: outlen = 0; traverse_string(in, len, inform, out_utf8, &outlen); cpyfunc = cpy_utf8; break; } if (!(p = OPENSSL_malloc(outlen + 1))) { if (free_out) ASN1_STRING_free(dest); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); return -1; } dest->length = outlen; dest->data = p; p[outlen] = 0; traverse_string(in, len, inform, cpyfunc, &p); return str_type; }
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; unsigned char *extension = 0; long extension_length = 0; char *name = NULL; char *header = NULL; char namePrefix[] = "SERVERINFO FOR "; int ret = 0; BIO *bin = NULL; size_t num_extensions = 0; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER); goto end; } bin = BIO_new(BIO_s_file_internal()); if (bin == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(bin, file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB); goto end; } for (num_extensions = 0;; num_extensions++) { if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) == 0) { /* * There must be at least one extension in this file */ if (num_extensions == 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS); goto end; } else /* End of file, we're done */ break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ if (sgx_strlen(name) < sgx_strlen(namePrefix)) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } if (sgx_strncmp(name, namePrefix, sgx_strlen(namePrefix)) != 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX); goto end; } /* * Check that the decoded PEM data is plausible (valid length field) */ if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); goto end; } /* Append the decoded extension to the serverinfo buffer */ serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); if (serverinfo == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } sgx_memcpy(serverinfo + serverinfo_length, extension, extension_length); serverinfo_length += extension_length; OPENSSL_free(name); name = NULL; OPENSSL_free(header); header = NULL; OPENSSL_free(extension); extension = NULL; } ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length); end: /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(extension); OPENSSL_free(serverinfo); if (bin != NULL) BIO_free(bin); return ret; }
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) { int outlen, len; int type; char quotes; unsigned char flags; quotes = 0; /* Keep a copy of escape flags */ flags = (unsigned char)(lflags & ESC_FLAGS); type = str->type; outlen = 0; if (lflags & ASN1_STRFLGS_SHOW_TYPE) { const char *tagname; tagname = ASN1_tag2str(type); outlen += sgx_strlen(tagname); if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; outlen++; } /* Decide what to do with type, either dump content or display it */ /* Dump everything */ if (lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; /* Ignore the string type */ else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; else { /* Else determine width based on type */ if ((type > 0) && (type < 31)) type = tag2nbyte[type]; else type = -1; if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; } if (type == -1) { len = do_dump(lflags, io_ch, arg, str); if (len < 0) return -1; outlen += len; return outlen; } if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { /* * Note: if string is UTF8 and we want to convert to UTF8 then we * just interpret it as 1 byte per character to avoid converting * twice. */ if (!type) type = 1; else type |= BUF_TYPE_CONVUTF8; } len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); if (len < 0) return -1; outlen += len; if (quotes) outlen += 2; if (!arg) return outlen; if (quotes && !io_ch(arg, "\"", 1)) return -1; if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) return -1; if (quotes && !io_ch(arg, "\"", 1)) return -1; return outlen; }
void enclave_main() { SSL_METHOD *method; SSL_CTX *ctx; BIO *bio_cert; BIO *bio_pkey; X509 *cert = NULL; EVP_PKEY *pkey = NULL; int port = 5566; int srvr_fd; int clnt_fd; struct sockaddr_in addr; // Initialize ssl SSL_library_init(); // Initialize ctx OpenSSL_add_all_algorithms(); method = TLSv1_2_server_method(); ctx = SSL_CTX_new(method); // Load certificate bio_cert = BIO_new(BIO_s_mem()); BIO_puts(bio_cert, cert_s); cert = PEM_read_bio_X509(bio_cert, NULL, 0, NULL); if (cert == NULL) { sgx_debug("cert is NULL"); } else { sgx_debug("cert is not NULL"); } bio_pkey = BIO_new(BIO_s_mem()); BIO_puts(bio_pkey, pkey_s); pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, 0, NULL); if (pkey == NULL) { sgx_debug("key is NULL\n"); } else { sgx_debug("key is not NULL\n"); } if (SSL_CTX_use_certificate(ctx, cert) <= 0) { sgx_debug("SSL_CTX_use_certificate failed\n"); //sgx_exit(NULL); } else { sgx_debug("SSL_CTX_use_certificate succeeded\n"); } if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) { sgx_debug("SSL_CTX_use_PrivateKey failed\n"); //sgx_exit(NULL); } else { sgx_debug("SSL_CTX_use_PrivateKey succeeded\n"); } SSL_CTX_set_ecdh_auto(ctx, 1); SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); srvr_fd = sgx_socket(PF_INET, SOCK_STREAM, 0); if (srvr_fd == -1) { sgx_exit(NULL); } sgx_memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_port = sgx_htons(port); addr.sin_addr.s_addr = INADDR_ANY; if (sgx_bind(srvr_fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { sgx_exit(NULL); } if (sgx_listen(srvr_fd, 10) != 0) { sgx_exit(NULL); } while (1) { struct sockaddr_in addr; socklen_t len = sizeof(addr); SSL *ssl; int sd; int bytes; char buf[256]; const char* echo="<html><body><pre>%s</pre></body></html>\n\n"; clnt_fd = sgx_accept(srvr_fd, (struct sockaddr *)&addr, &len); if (clnt_fd < 0) { sgx_puts("ERROR on accept\n"); continue; } ssl = SSL_new(ctx); SSL_set_fd(ssl, clnt_fd); if (SSL_accept(ssl) == -1) sgx_puts("SSL accept failed\n"); else { sgx_puts("SSL accept succeeded\n"); bytes = SSL_read(ssl, buf, sizeof(buf)); if (bytes > 0) { buf[bytes] = 0; sgx_puts(buf); char msg[] = "Successfully connected\n"; SSL_write(ssl, msg, sgx_strlen(msg)); } } sd = SSL_get_fd(ssl); //SSL_free(ssl); sgx_close(sd); //sgx_close(clnt_fd); } sgx_close(srvr_fd); sgx_exit(NULL); }