BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX ctxt;
unsigned char *cs;
if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL;
if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
return NULL;
EVP_MD_CTX_init(&ctxt);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
EVP_DigestUpdate(&ctxt, user, sgx_strlen(user));
EVP_DigestUpdate(&ctxt, ":", 1);
EVP_DigestUpdate(&ctxt, pass, sgx_strlen(pass));
EVP_DigestFinal_ex(&ctxt, dig, NULL);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs);
EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs);
EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
EVP_DigestFinal_ex(&ctxt, dig, NULL);
EVP_MD_CTX_cleanup(&ctxt);
return BN_bin2bn(dig, sizeof(dig), NULL);
}
static char *dl_name_converter(DSO *dso, const char *filename)
{
char *translated;
int len, rsize, transform;
len = sgx_strlen(filename);
rsize = len + 1;
transform = (strstr(filename, "/") == NULL);
{
/* We will convert this to "%s.s?" or "lib%s.s?" */
rsize += sgx_strlen(extension); /* The length of ".s?" */
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
rsize += 3; /* The length of "lib" */
}
translated = OPENSSL_malloc(rsize);
if (translated == NULL) {
DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
return (NULL);
}
if (transform) {
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
sprintf(translated, "lib%s%s", filename, extension);
else
sprintf(translated, "%s%s", filename, extension);
} else
sprintf(translated, "%s", filename);
return (translated);
}
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len)
{
int i;
const EVP_PKEY_ASN1_METHOD *ameth;
if (len == -1)
len = sgx_strlen(str);
if (pe) {
#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
if (ameth) {
/*
* Convert structural into functional reference
*/
if (!ENGINE_init(e))
ameth = NULL;
ENGINE_free(e);
*pe = e;
return ameth;
}
#endif
*pe = NULL;
}
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if (((int)sgx_strlen(ameth->pem_str) == len) &&
!strncasecmp(ameth->pem_str, str, len))
return ameth;
}
return NULL;
}
static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
{
char *merged;
if (!filespec1 && !filespec2) {
DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
return (NULL);
}
/*
* If the first file specification is a rooted path, it rules. same goes
* if the second file specification is missing.
*/
if (!filespec2 || filespec1[0] == '/') {
merged = OPENSSL_malloc(strlen(filespec1) + 1);
if (!merged) {
DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
return (NULL);
}
sgx_strcpy(merged, filespec1);
}
/*
* If the first file specification is missing, the second one rules.
*/
else if (!filespec1) {
merged = OPENSSL_malloc(strlen(filespec2) + 1);
if (!merged) {
DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
return (NULL);
}
sgx_strcpy(merged, filespec2);
} else
/*
* This part isn't as trivial as it looks. It assumes that the
* second file specification really is a directory, and makes no
* checks whatsoever. Therefore, the result becomes the
* concatenation of filespec2 followed by a slash followed by
* filespec1.
*/
{
int spec2len, len;
spec2len = (filespec2 ? sgx_strlen(filespec2) : 0);
len = spec2len + (filespec1 ? sgx_strlen(filespec1) : 0);
if (filespec2 && filespec2[spec2len - 1] == '/') {
spec2len--;
len--;
}
merged = OPENSSL_malloc(len + 2);
if (!merged) {
DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
return (NULL);
}
sgx_strcpy(merged, filespec2);
merged[spec2len] = '/';
sgx_strcpy(&merged[spec2len + 1], filespec1);
}
return (merged);
}
int main(int argc, char *argv[])
{
int ret = 0;
unsigned char md[MDC2_DIGEST_LENGTH];
int i;
EVP_MD_CTX c;
static char *text = "Now is the time for all ";
# ifdef CHARSET_EBCDIC
ebcdic2ascii(text, text, sgx_strlen(text));
# endif
EVP_MD_CTX_init(&c);
EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
EVP_DigestUpdate(&c, (unsigned char *)text, sgx_strlen(text));
EVP_DigestFinal_ex(&c, &(md[0]), NULL);
if (sgx_memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
printf("%02X", md[i]);
printf(" <- generated\n");
for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
printf("%02X", pad1[i]);
printf(" <- correct\n");
ret = 1;
} else
printf("pad1 - ok\n");
EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
/* FIXME: use a ctl function? */
((MDC2_CTX *)c.md_data)->pad_type = 2;
EVP_DigestUpdate(&c, (unsigned char *)text, sgx_strlen(text));
EVP_DigestFinal_ex(&c, &(md[0]), NULL);
if (sgx_memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
printf("%02X", md[i]);
printf(" <- generated\n");
for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
printf("%02X", pad2[i]);
printf(" <- correct\n");
ret = 1;
} else
printf("pad2 - ok\n");
EVP_MD_CTX_cleanup(&c);
# ifdef OPENSSL_SYS_NETWARE
if (ret)
printf("ERROR: %d\n", ret);
# endif
EXIT(ret);
return (ret);
}
static int sig_out(BIO *b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
ctx = b->ptr;
md = &ctx->md;
if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
return 1;
if (!EVP_DigestInit_ex(md, md->digest, NULL))
goto berr;
/*
* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
RAND_pseudo_bytes(md->md_data, md->digest->md_size);
sgx_memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len += md->digest->md_size;
if (!EVP_DigestUpdate(md, WELLKNOWN, sgx_strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
goto berr;
ctx->buf_len += md->digest->md_size;
ctx->blockout = 1;
ctx->sigio = 0;
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
* full size of dst, not space left). At most siz-1 characters
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
* Returns strlen(src) + MIN(siz, strlen(initial dst)).
* If retval >= siz, truncation occurred.
*/
size_t
strlcat(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;
register size_t n = siz;
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */
while (n-- != 0 && *d != '\0')
d++;
dlen = d - dst;
n = siz - dlen;
if (n == 0)
return(dlen + sgx_strlen(s));
while (*s != '\0') {
if (n != 1) {
*d++ = *s;
n--;
}
s++;
}
*d = '\0';
return(dlen + (s - src)); /* count does not include NUL */
}
static void hashstring(SHA_CTX *sha, const char *string)
{
size_t l = sgx_strlen(string);
hashlength(sha, l);
SHA1_Update(sha, string, l);
}
static char *vms_name_converter(DSO *dso, const char *filename)
{
int len = sgx_strlen(filename);
char *not_translated = OPENSSL_malloc(len + 1);
sgx_strcpy(not_translated, filename);
return (not_translated);
}
static int acpt_puts(BIO *bp, const char *str)
{
int n, ret;
n = sgx_strlen(str);
ret = acpt_write(bp, str, n);
return (ret);
}
void sgx_debug(char msg[])
{
size_t size = sgx_strlen(msg);
sgx_stub_info_tp *stub = (sgx_stub_info_tp *)STUB_ADDR_TP;
stub->fcode = FUNC_DEBUG;
sgx_memcpy(stub->out_data1, msg, size);
sgx_exit(stub->trampoline);
}
static void run_cert(X509 *crt, const char *nameincert,
const struct set_name_fn *fn)
{
const char *const *pname = names;
while (*pname) {
int samename = sgx_strcasecmp(nameincert, *pname) == 0;
size_t namelen = sgx_strlen(*pname);
char *name = sgx_malloc(namelen);
int match, ret;
sgx_memcpy(name, *pname, namelen);
ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
if (ret < 0) {
fprintf(stderr, "internal error in X509_check_host");
++errors;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
if (ret == 0 && samename)
match = 0;
} else if (ret == 1)
match = 1;
check_message(fn, "host", nameincert, match, *pname);
ret = X509_check_host(crt, name, namelen,
X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
if (ret < 0) {
fprintf(stderr, "internal error in X509_check_host");
++errors;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
if (ret == 0 && samename)
match = 0;
} else if (ret == 1)
match = 1;
check_message(fn, "host-no-wildcards", nameincert, match, *pname);
ret = X509_check_email(crt, name, namelen, 0);
match = -1;
if (fn->email) {
if (ret && !samename)
match = 1;
if (!ret && samename && sgx_strchr(nameincert, '@') != NULL)
match = 0;
} else if (ret)
match = 1;
check_message(fn, "email", nameincert, match, *pname);
++pname;
sgx_free(name);
}
}
/*
* Copy src to string dst of size siz. At most siz-1 characters
* will be copied. Always NUL terminates (unless siz == 0).
* Returns strlen(src); if retval >= siz, truncation occurred.
*/
size_t strlcpy(char *dst, const char *src, size_t siz)
{
register char *d = dst;
register const char *s = src;
register size_t n = siz;
if (n == 0)
return(sgx_strlen(s));
while (*s != '\0') {
if (n != 1) {
*d++ = *s;
n--;
}
s++;
}
*d = '\0';
return(s - src); /* count does not include NUL */
}
static int sig_in(BIO *b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
unsigned char tmp[EVP_MAX_MD_SIZE];
int ret = 0;
ctx = b->ptr;
md = &ctx->md;
if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
return 1;
if (!EVP_DigestInit_ex(md, md->digest, NULL))
goto berr;
sgx_memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
longswap(md->md_data, md->digest->md_size);
ctx->buf_off += md->digest->md_size;
if (!EVP_DigestUpdate(md, WELLKNOWN, sgx_strlen(WELLKNOWN)))
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
ret = sgx_memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
ctx->buf_off += md->digest->md_size;
if (ret == 1) {
ctx->sigio = 0;
if (ctx->buf_len != ctx->buf_off) {
sgx_memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
ctx->buf_len - ctx->buf_off);
}
ctx->buf_len -= ctx->buf_off;
ctx->buf_off = 0;
} else {
ctx->cont = 0;
}
return 1;
berr:
BIO_clear_retry_flags(b);
return 0;
}
static char *vms_merger(DSO *dso, const char *filespec1,
const char *filespec2)
{
int status;
int filespec1len, filespec2len;
struct FAB fab;
struct NAMX_STRUCT nam;
char esa[NAMX_MAXRSS + 1];
char *merged;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
# if __INITIAL_POINTER_SIZE == 64
# define FILESPEC1 filespec1_32p;
# define FILESPEC2 filespec2_32p;
# pragma pointer_size save
# pragma pointer_size 32
char *filespec1_32p;
char *filespec2_32p;
# pragma pointer_size restore
char filespec1_32[NAMX_MAXRSS + 1];
char filespec2_32[NAMX_MAXRSS + 1];
# else /* __INITIAL_POINTER_SIZE == 64 */
# define FILESPEC1 ((char *) filespec1)
# define FILESPEC2 ((char *) filespec2)
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
if (!filespec1)
filespec1 = "";
if (!filespec2)
filespec2 = "";
filespec1len = sgx_strlen(filespec1);
filespec2len = sgx_strlen(filespec2);
# if __INITIAL_POINTER_SIZE == 64
/* Copy the file names to storage with a 32-bit pointer. */
filespec1_32p = filespec1_32;
filespec2_32p = filespec2_32;
sgx_strcpy(filespec1_32p, filespec1);
sgx_strcpy(filespec2_32p, filespec2);
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
fab = cc$rms_fab;
nam = CC_RMS_NAMX;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
NAMX_DNA_FNA_SET(fab)
nam.NAMX_ESA = esa;
nam.NAMX_ESS = NAMX_MAXRSS;
nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
SET_NAMX_NO_SHORT_UPCASE(nam);
fab.FAB_NAMX = &nam;
status = sys$parse(&fab, 0, 0);
if (!$VMS_STATUS_SUCCESS(status)) {
unsigned short length;
char errstring[257];
struct dsc$descriptor_s errstring_dsc;
errstring_dsc.dsc$w_length = sizeof(errstring);
errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
errstring_dsc.dsc$a_pointer = errstring;
status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
if (!$VMS_STATUS_SUCCESS(status))
lib$signal(status); /* This is really bad. Abort! */
else {
errstring[length] = '\0';
DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
ERR_add_error_data(7,
"filespec \"", filespec1, "\", ",
"defaults \"", filespec2, "\": ", errstring);
}
return (NULL);
}
merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
if (!merged)
goto malloc_err;
sgx_strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
merged[nam.NAMX_ESL] = '\0';
return (merged);
malloc_err:
DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
}
void vms_bind_sym(DSO *dso, const char *symname, void **sym)
{
DSO_VMS_INTERNAL *ptr;
int status;
# if 0
int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
* defined in VMS older than 7.0 or so */
# else
int flags = 0;
# endif
struct dsc$descriptor_s symname_dsc;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
# if __INITIAL_POINTER_SIZE == 64
# define SYMNAME symname_32p
# pragma pointer_size save
# pragma pointer_size 32
char *symname_32p;
# pragma pointer_size restore
char symname_32[NAMX_MAXRSS + 1];
# else /* __INITIAL_POINTER_SIZE == 64 */
# define SYMNAME ((char *) symname)
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
*sym = NULL;
if ((dso == NULL) || (symname == NULL)) {
DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
return;
}
# if __INITIAL_POINTER_SIZE == 64
/* Copy the symbol name to storage with a 32-bit pointer. */
symname_32p = symname_32;
sgx_strcpy(symname_32p, symname);
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
symname_dsc.dsc$w_length = sgx_strlen(SYMNAME);
symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
symname_dsc.dsc$b_class = DSC$K_CLASS_S;
symname_dsc.dsc$a_pointer = SYMNAME;
if (sk_void_num(dso->meth_data) < 1) {
DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
return;
}
ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
sk_void_num(dso->meth_data) - 1);
if (ptr == NULL) {
DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
return;
}
if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
flags = 0;
status = do_find_symbol(ptr, &symname_dsc, sym, flags);
if (!$VMS_STATUS_SUCCESS(status)) {
unsigned short length;
char errstring[257];
struct dsc$descriptor_s errstring_dsc;
errstring_dsc.dsc$w_length = sizeof(errstring);
errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
errstring_dsc.dsc$a_pointer = errstring;
*sym = NULL;
status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
if (!$VMS_STATUS_SUCCESS(status))
lib$signal(status); /* This is really bad. Abort! */
else {
errstring[length] = '\0';
DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
if (ptr->imagename_dsc.dsc$w_length)
ERR_add_error_data(9,
"Symbol ", symname,
" in ", ptr->filename,
" (", ptr->imagename, ")",
": ", errstring);
else
ERR_add_error_data(6,
"Symbol ", symname,
" in ", ptr->filename, ": ", errstring);
}
return;
}
return;
}
static int vms_load(DSO *dso)
{
void *ptr = NULL;
/* See applicable comments in dso_dl.c */
char *filename = DSO_convert_filename(dso, NULL);
/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
# if __INITIAL_POINTER_SIZE == 64
# define DSO_MALLOC _malloc32
# pragma pointer_size save
# pragma pointer_size 32
# else /* __INITIAL_POINTER_SIZE == 64 */
# define DSO_MALLOC OPENSSL_malloc
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
DSO_VMS_INTERNAL *p = NULL;
# if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size restore
# endif /* __INITIAL_POINTER_SIZE == 64 */
const char *sp1, *sp2; /* Search result */
if (filename == NULL) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
goto err;
}
/*-
* A file specification may look like this:
*
* node::dev:[dir-spec]name.type;ver
*
* or (for compatibility with TOPS-20):
*
* node::dev:<dir-spec>name.type;ver
*
* and the dir-spec uses '.' as separator. Also, a dir-spec
* may consist of several parts, with mixed use of [] and <>:
*
* [dir1.]<dir2>
*
* We need to split the file specification into the name and
* the rest (both before and after the name itself).
*/
/*
* Start with trying to find the end of a dir-spec, and save the position
* of the byte after in sp1
*/
sp1 = strrchr(filename, ']');
sp2 = strrchr(filename, '>');
if (sp1 == NULL)
sp1 = sp2;
if (sp2 != NULL && sp2 > sp1)
sp1 = sp2;
if (sp1 == NULL)
sp1 = strrchr(filename, ':');
if (sp1 == NULL)
sp1 = filename;
else
sp1++; /* The byte after the found character */
/* Now, let's see if there's a type, and save the position in sp2 */
sp2 = sgx_strchr(sp1, '.');
/*
* If we found it, that's where we'll cut. Otherwise, look for a version
* number and save the position in sp2
*/
if (sp2 == NULL)
sp2 = sgx_strchr(sp1, ';');
/*
* If there was still nothing to find, set sp2 to point at the end of the
* string
*/
if (sp2 == NULL)
sp2 = sp1 + sgx_strlen(sp1);
/* Check that we won't get buffer overflows */
if (sp2 - sp1 > FILENAME_MAX
|| (sp1 - filename) + sgx_strlen(sp2) > FILENAME_MAX) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
goto err;
}
p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
if (p == NULL) {
DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
goto err;
}
sgx_strncpy(p->filename, sp1, sp2 - sp1);
p->filename[sp2 - sp1] = '\0';
sgx_strncpy(p->imagename, filename, sp1 - filename);
p->imagename[sp1 - filename] = '\0';
sgx_strcat(p->imagename, sp2);
p->filename_dsc.dsc$w_length = sgx_strlen(p->filename);
p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
p->filename_dsc.dsc$a_pointer = p->filename;
p->imagename_dsc.dsc$w_length = sgx_strlen(p->imagename);
p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
p->imagename_dsc.dsc$a_pointer = p->imagename;
if (!sk_void_push(dso->meth_data, (char *)p)) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
goto err;
}
/* Success (for now, we lie. We actually do not know...) */
dso->loaded_filename = filename;
return (1);
err:
/* Cleanup! */
if (p != NULL)
OPENSSL_free(p);
if (filename != NULL)
OPENSSL_free(filename);
return (0);
}
static int str_copy(CONF *conf, char *section, char **pto, char *from)
{
int q, r, rr = 0, to = 0, len = 0;
char *s, *e, *rp, *p, *rrp, *np, *cp, v;
BUF_MEM *buf;
if ((buf = BUF_MEM_new()) == NULL)
return (0);
len = sgx_strlen(from) + 1;
if (!BUF_MEM_grow(buf, len))
goto err;
for (;;) {
if (IS_QUOTE(conf, *from)) {
q = *from;
from++;
while (!IS_EOF(conf, *from) && (*from != q)) {
if (IS_ESC(conf, *from)) {
from++;
if (IS_EOF(conf, *from))
break;
}
buf->data[to++] = *(from++);
}
if (*from == q)
from++;
} else if (IS_DQUOTE(conf, *from)) {
q = *from;
from++;
while (!IS_EOF(conf, *from)) {
if (*from == q) {
if (*(from + 1) == q) {
from++;
} else {
break;
}
}
buf->data[to++] = *(from++);
}
if (*from == q)
from++;
} else if (IS_ESC(conf, *from)) {
from++;
v = *(from++);
if (IS_EOF(conf, v))
break;
else if (v == 'r')
v = '\r';
else if (v == 'n')
v = '\n';
else if (v == 'b')
v = '\b';
else if (v == 't')
v = '\t';
buf->data[to++] = v;
} else if (IS_EOF(conf, *from))
break;
else if (*from == '$') {
/* try to expand it */
rrp = NULL;
s = &(from[1]);
if (*s == '{')
q = '}';
else if (*s == '(')
q = ')';
else
q = 0;
if (q)
s++;
cp = section;
e = np = s;
while (IS_ALPHA_NUMERIC(conf, *e))
e++;
if ((e[0] == ':') && (e[1] == ':')) {
cp = np;
rrp = e;
rr = *e;
*rrp = '\0';
e += 2;
np = e;
while (IS_ALPHA_NUMERIC(conf, *e))
e++;
}
r = *e;
*e = '\0';
rp = e;
if (q) {
if (r != q) {
CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
goto err;
}
e++;
}
/*-
* So at this point we have
* np which is the start of the name string which is
* '\0' terminated.
* cp which is the start of the section string which is
* '\0' terminated.
* e is the 'next point after'.
* r and rr are the chars replaced by the '\0'
* rp and rrp is where 'r' and 'rr' came from.
*/
p = _CONF_get_string(conf, cp, np);
if (rrp != NULL)
*rrp = rr;
*rp = r;
if (p == NULL) {
CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from)));
while (*p)
buf->data[to++] = *(p++);
/*
* Since we change the pointer 'from', we also have to change the
* perceived length of the string it points at. /RL
*/
len -= e - from;
from = e;
/*
* In case there were no braces or parenthesis around the
* variable reference, we have to put back the character that was
* replaced with a '\0'. /RL
*/
*rp = r;
} else
buf->data[to++] = *(from++);
}
buf->data[to] = '\0';
if (*pto != NULL)
OPENSSL_free(*pto);
*pto = buf->data;
OPENSSL_free(buf);
return (1);
err:
if (buf != NULL)
BUF_MEM_free(buf);
return (0);
}
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
#define CONFBUFSIZE 512
int bufnum = 0, i, ii;
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
CONF_VALUE *sv = NULL;
char *section = NULL, *buf;
char *start, *psection, *pname;
void *h = (void *)(conf->data);
if ((buff = BUF_MEM_new()) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
section = (char *)OPENSSL_malloc(10);
if (section == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(section, "default", 10);
if (_CONF_new_data(conf) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
bufnum = 0;
again = 0;
for (;;) {
if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
goto err;
}
p = &(buff->data[bufnum]);
*p = '\0';
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = sgx_strlen(p);
if (i == 0 && !again)
break;
again = 0;
while (i > 0) {
if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
break;
else
i--;
}
/*
* we removed some trailing stuff so there is a new line on the end.
*/
if (ii && i == ii)
again = 1; /* long line */
else {
p[i] = '\0';
eline++; /* another input line */
}
/* we now have a line with trailing \r\n removed */
/* i is the number of bytes */
bufnum += i;
v = NULL;
/* check for line continuation */
if (bufnum >= 1) {
/*
* If we have bytes and the last char '\\' and second last char
* is not '\\'
*/
p = &(buff->data[bufnum - 1]);
if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
bufnum--;
again = 1;
}
}
if (again)
continue;
bufnum = 0;
buf = buff->data;
clear_comments(conf, buf);
s = eat_ws(conf, buf);
if (IS_EOF(conf, *s))
continue; /* blank line */
if (*s == '[') {
char *ss;
s++;
start = eat_ws(conf, s);
ss = start;
again:
end = eat_alpha_numeric(conf, ss);
p = eat_ws(conf, end);
if (*p != ']') {
if (*p != '\0' && ss != p) {
ss = p;
goto again;
}
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
goto err;
}
*end = '\0';
if (!str_copy(conf, NULL, §ion, start))
goto err;
if ((sv = _CONF_get_section(conf, section)) == NULL)
sv = _CONF_new_section(conf, section);
if (sv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
continue;
} else {
pname = s;
psection = NULL;
end = eat_alpha_numeric(conf, s);
if ((end[0] == ':') && (end[1] == ':')) {
*end = '\0';
end += 2;
psection = pname;
pname = end;
end = eat_alpha_numeric(conf, end);
}
p = eat_ws(conf, end);
if (*p != '=') {
CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
goto err;
}
*end = '\0';
p++;
start = eat_ws(conf, p);
while (!IS_EOF(conf, *p))
p++;
p--;
while ((p != start) && (IS_WS(conf, *p)))
p--;
p++;
*p = '\0';
if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (psection == NULL)
psection = section;
v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
v->value = NULL;
if (v->name == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(v->name, pname, sgx_strlen(pname) + 1);
if (!str_copy(conf, psection, &(v->value), start))
goto err;
if (sgx_strcmp(psection, section) != 0) {
if ((tv = _CONF_get_section(conf, psection))
== NULL)
tv = _CONF_new_section(conf, psection);
if (tv == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO,
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
} else
tv = sv;
#if 1
if (_CONF_add_string(conf, tv, v) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
#else
v->section = tv->section;
if (!sk_CONF_VALUE_push(ts, v)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
vv = (CONF_VALUE *)lh_insert(conf->data, v);
if (vv != NULL) {
sk_CONF_VALUE_delete_ptr(ts, vv);
OPENSSL_free(vv->name);
OPENSSL_free(vv->value);
OPENSSL_free(vv);
}
#endif
v = NULL;
}
}
if (buff != NULL)
BUF_MEM_free(buff);
if (section != NULL)
OPENSSL_free(section);
return (1);
err:
if (buff != NULL)
BUF_MEM_free(buff);
if (section != NULL)
OPENSSL_free(section);
if (line != NULL)
*line = eline;
BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
ERR_add_error_data(2, "line ", btmp);
if ((h != conf->data) && (conf->data != NULL)) {
CONF_free(conf->data);
conf->data = NULL;
}
if (v != NULL) {
if (v->name != NULL)
OPENSSL_free(v->name);
if (v->value != NULL)
OPENSSL_free(v->value);
if (v != NULL)
OPENSSL_free(v);
}
return (0);
}
static int asn1_str2tag(const char *tagstr, int len)
{
unsigned int i;
static const struct tag_name_st *tntmp, tnst[] = {
ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
ASN1_GEN_STR("NULL", V_ASN1_NULL),
ASN1_GEN_STR("INT", V_ASN1_INTEGER),
ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
ASN1_GEN_STR("OID", V_ASN1_OBJECT),
ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
ASN1_GEN_STR("T61", V_ASN1_T61STRING),
ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
/* Special cases */
ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
ASN1_GEN_STR("SET", V_ASN1_SET),
/* type modifiers */
/* Explicit tag */
ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
/* Implicit tag */
ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
/* OCTET STRING wrapper */
ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
/* SEQUENCE wrapper */
ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
/* SET wrapper */
ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
/* BIT STRING wrapper */
ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
};
if (len == -1)
len = sgx_strlen(tagstr);
tntmp = tnst;
for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
if ((len == tntmp->len) && !sgx_strncmp(tntmp->strnam, tagstr, len))
return tntmp->tag;
}
return -1;
}
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
int status;
char *p, *r;
size_t l;
unsigned long flags = 0;
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64
# pragma pointer_size save
# pragma pointer_size 32
char *ctx_filespec_32p;
# pragma pointer_size restore
char ctx_filespec_32[NAMX_MAXRSS + 1];
#endif /* __INITIAL_POINTER_SIZE == 64 */
#ifdef NAML$C_MAXRSS
flags |= LIB$M_FIL_LONG_NAMES;
#endif
if (ctx == NULL || directory == NULL) {
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL) {
size_t filespeclen = sgx_strlen(directory);
char *filespec = NULL;
if (filespeclen == 0) {
errno = ENOENT;
return 0;
}
/* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen - 1] != ']'
&& directory[filespeclen - 1] != '>'
&& directory[filespeclen - 1] != ':') {
errno = EINVAL;
return 0;
}
filespeclen += 4; /* "*.*;" */
if (filespeclen > NAMX_MAXRSS) {
errno = ENAMETOOLONG;
return 0;
}
*ctx = (LP_DIR_CTX *)sgx_malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL) {
errno = ENOMEM;
return 0;
}
sgx_memset(*ctx, '\0', sizeof(LP_DIR_CTX));
sgx_strcpy((*ctx)->filespec, directory);
sgx_strcat((*ctx)->filespec, "*.*;");
/* Arrange 32-bit pointer to (copied) string storage, if needed. */
#if __INITIAL_POINTER_SIZE == 64
# define CTX_FILESPEC ctx_filespec_32p
/* Copy the file name to storage with a 32-bit pointer. */
ctx_filespec_32p = ctx_filespec_32;
sgx_strcpy(ctx_filespec_32p, (*ctx)->filespec);
#else /* __INITIAL_POINTER_SIZE == 64 */
# define CTX_FILESPEC (*ctx)->filespec
#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
(*ctx)->filespec_dsc.dsc$w_length = filespeclen;
(*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
(*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
}
(*ctx)->result_dsc.dsc$w_length = 0;
(*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
(*ctx)->result_dsc.dsc$a_pointer = 0;
status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
&(*ctx)->VMS_context, 0, 0, 0, &flags);
if (status == RMS$_NMF) {
errno = 0;
vaxc$errno = status;
return NULL;
}
if (!$VMS_STATUS_SUCCESS(status)) {
errno = EVMSERR;
vaxc$errno = status;
return NULL;
}
/*
* Quick, cheap and dirty way to discard any device and directory, since
* we only want file names
*/
l = (*ctx)->result_dsc.dsc$w_length;
p = (*ctx)->result_dsc.dsc$a_pointer;
r = p;
for (; *p; p++) {
if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
p++;
} else if (*p == ':' || *p == '>' || *p == ']') {
l -= p + 1 - r;
r = p + 1;
} else if (*p == ';') {
l = p - r;
break;
}
}
sgx_strncpy((*ctx)->result, r, l);
(*ctx)->result[l] = '\0';
str$free1_dx(&(*ctx)->result_dsc);
return (*ctx)->result;
}
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
int indent, unsigned long flags)
{
int i, prev = -1, orflags, cnt;
int fn_opt, fn_nid;
ASN1_OBJECT *fn;
ASN1_STRING *val;
X509_NAME_ENTRY *ent;
char objtmp[80];
const char *objbuf;
int outlen, len;
char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len;
if (indent < 0)
indent = 0;
outlen = indent;
if (!do_indent(io_ch, arg, indent))
return -1;
switch (flags & XN_FLAG_SEP_MASK) {
case XN_FLAG_SEP_MULTILINE:
sep_dn = "\n";
sep_dn_len = 1;
sep_mv = " + ";
sep_mv_len = 3;
break;
case XN_FLAG_SEP_COMMA_PLUS:
sep_dn = ",";
sep_dn_len = 1;
sep_mv = "+";
sep_mv_len = 1;
indent = 0;
break;
case XN_FLAG_SEP_CPLUS_SPC:
sep_dn = ", ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
case XN_FLAG_SEP_SPLUS_SPC:
sep_dn = "; ";
sep_dn_len = 2;
sep_mv = " + ";
sep_mv_len = 3;
indent = 0;
break;
default:
return -1;
}
if (flags & XN_FLAG_SPC_EQ) {
sep_eq = " = ";
sep_eq_len = 3;
} else {
sep_eq = "=";
sep_eq_len = 1;
}
fn_opt = flags & XN_FLAG_FN_MASK;
cnt = X509_NAME_entry_count(n);
for (i = 0; i < cnt; i++) {
if (flags & XN_FLAG_DN_REV)
ent = X509_NAME_get_entry(n, cnt - i - 1);
else
ent = X509_NAME_get_entry(n, i);
if (prev != -1) {
if (prev == ent->set) {
if (!io_ch(arg, sep_mv, sep_mv_len))
return -1;
outlen += sep_mv_len;
} else {
if (!io_ch(arg, sep_dn, sep_dn_len))
return -1;
outlen += sep_dn_len;
if (!do_indent(io_ch, arg, indent))
return -1;
outlen += indent;
}
}
prev = ent->set;
fn = X509_NAME_ENTRY_get_object(ent);
val = X509_NAME_ENTRY_get_data(ent);
fn_nid = OBJ_obj2nid(fn);
if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {
if (fn_opt == XN_FLAG_FN_SN) {
fld_len = FN_WIDTH_SN;
objbuf = OBJ_nid2sn(fn_nid);
} else if (fn_opt == XN_FLAG_FN_LN) {
fld_len = FN_WIDTH_LN;
objbuf = OBJ_nid2ln(fn_nid);
} else {
fld_len = 0; /* XXX: what should this be? */
objbuf = "";
}
}
objlen = sgx_strlen(objbuf);
if (!io_ch(arg, objbuf, objlen))
return -1;
if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
if (!do_indent(io_ch, arg, fld_len - objlen))
return -1;
outlen += fld_len - objlen;
}
if (!io_ch(arg, sep_eq, sep_eq_len))
return -1;
outlen += objlen + sep_eq_len;
}
/*
* If the field name is unknown then fix up the DER dump flag. We
* might want to limit this further so it will DER dump on anything
* other than a few 'standard' fields.
*/
if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
orflags = ASN1_STRFLGS_DUMP_ALL;
else
orflags = 0;
len = do_print_ex(io_ch, arg, flags | orflags, val);
if (len < 0)
return -1;
outlen += len;
}
return outlen;
}
int main(int argc, char *argv[])
{
FILE *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *keystr = NULL;
RC4_KEY key;
char buf[BUFSIZ];
int badops = 0, i;
char **pp;
unsigned char md[MD5_DIGEST_LENGTH];
argc--;
argv++;
while (argc >= 1) {
if (sgx_strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (sgx_strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (sgx_strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keystr = *(++argv);
} else {
fprintf(stderr, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
for (pp = usage; (*pp != NULL); pp++)
fprintf(stderr, "%s", *pp);
exit(1);
}
if (infile == NULL)
in = stdin;
else {
in = fopen(infile, "r");
if (in == NULL) {
perror("open");
exit(1);
}
}
if (outfile == NULL)
out = stdout;
else {
out = fopen(outfile, "w");
if (out == NULL) {
perror("open");
exit(1);
}
}
#ifdef OPENSSL_SYS_MSDOS
/* This should set the file to binary mode. */
{
# include <fcntl.h>
setmode(fileno(in), O_BINARY);
setmode(fileno(out), O_BINARY);
}
#endif
if (keystr == NULL) { /* get key */
i = EVP_read_pw_string(buf, BUFSIZ, "Enter RC4 password:"******"bad password read\n");
exit(1);
}
keystr = buf;
}
EVP_Digest((unsigned char *)keystr, sgx_strlen(keystr), md, NULL, EVP_md5(),
NULL);
OPENSSL_cleanse(keystr, sgx_strlen(keystr));
RC4_set_key(&key, MD5_DIGEST_LENGTH, md);
for (;;) {
i = fread(buf, 1, BUFSIZ, in);
if (i == 0)
break;
if (i < 0) {
perror("read");
exit(1);
}
RC4(&key, (unsigned int)i, (unsigned char *)buf,
(unsigned char *)buf);
i = fwrite(buf, (unsigned int)i, 1, out);
if (i != 1) {
perror("write");
exit(1);
}
}
fclose(out);
fclose(in);
exit(0);
return (1);
}
int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask,
long minsize, long maxsize)
{
int str_type;
int ret;
char free_out;
int outform, outlen = 0;
ASN1_STRING *dest;
unsigned char *p;
int nchar;
char strbuf[32];
int (*cpyfunc) (unsigned long, void *) = NULL;
if (len == -1)
len = sgx_strlen((const char *)in);
if (!mask)
mask = DIRSTRING_TYPE;
/* First do a string check and work out the number of characters */
switch (inform) {
case MBSTRING_BMP:
if (len & 1) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
nchar = len >> 1;
break;
case MBSTRING_UNIV:
if (len & 3) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
nchar = len >> 2;
break;
case MBSTRING_UTF8:
nchar = 0;
/* This counts the characters and does utf8 syntax checking */
ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
if (ret < 0) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
return -1;
}
break;
case MBSTRING_ASC:
nchar = len;
break;
default:
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
return -1;
}
if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}
/* Now work out minimal type (if any) */
if (traverse_string(in, len, inform, type_str, &mask) < 0) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
return -1;
}
/* Now work out output format and string type */
outform = MBSTRING_ASC;
if (mask & B_ASN1_PRINTABLESTRING)
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP;
} else if (mask & B_ASN1_UNIVERSALSTRING) {
str_type = V_ASN1_UNIVERSALSTRING;
outform = MBSTRING_UNIV;
} else {
str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8;
}
if (!out)
return str_type;
if (*out) {
free_out = 0;
dest = *out;
if (dest->data) {
dest->length = 0;
OPENSSL_free(dest->data);
dest->data = NULL;
}
dest->type = str_type;
} else {
free_out = 1;
dest = ASN1_STRING_type_new(str_type);
if (!dest) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1;
}
*out = dest;
}
/* If both the same type just copy across */
if (inform == outform) {
if (!ASN1_STRING_set(dest, in, len)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1;
}
return str_type;
}
/* Work out how much space the destination will need */
switch (outform) {
case MBSTRING_ASC:
outlen = nchar;
cpyfunc = cpy_asc;
break;
case MBSTRING_BMP:
outlen = nchar << 1;
cpyfunc = cpy_bmp;
break;
case MBSTRING_UNIV:
outlen = nchar << 2;
cpyfunc = cpy_univ;
break;
case MBSTRING_UTF8:
outlen = 0;
traverse_string(in, len, inform, out_utf8, &outlen);
cpyfunc = cpy_utf8;
break;
}
if (!(p = OPENSSL_malloc(outlen + 1))) {
if (free_out)
ASN1_STRING_free(dest);
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
return -1;
}
dest->length = outlen;
dest->data = p;
p[outlen] = 0;
traverse_string(in, len, inform, cpyfunc, &p);
return str_type;
}
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
{
unsigned char *serverinfo = NULL;
size_t serverinfo_length = 0;
unsigned char *extension = 0;
long extension_length = 0;
char *name = NULL;
char *header = NULL;
char namePrefix[] = "SERVERINFO FOR ";
int ret = 0;
BIO *bin = NULL;
size_t num_extensions = 0;
if (ctx == NULL || file == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
bin = BIO_new(BIO_s_file_internal());
if (bin == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(bin, file) <= 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
goto end;
}
for (num_extensions = 0;; num_extensions++) {
if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
== 0) {
/*
* There must be at least one extension in this file
*/
if (num_extensions == 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_NO_PEM_EXTENSIONS);
goto end;
} else /* End of file, we're done */
break;
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
if (sgx_strlen(name) < sgx_strlen(namePrefix)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
if (sgx_strncmp(name, namePrefix, sgx_strlen(namePrefix)) != 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_BAD_PREFIX);
goto end;
}
/*
* Check that the decoded PEM data is plausible (valid length field)
*/
if (extension_length < 4
|| (extension[2] << 8) + extension[3] != extension_length - 4) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
goto end;
}
/* Append the decoded extension to the serverinfo buffer */
serverinfo =
OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
if (serverinfo == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
goto end;
}
sgx_memcpy(serverinfo + serverinfo_length, extension, extension_length);
serverinfo_length += extension_length;
OPENSSL_free(name);
name = NULL;
OPENSSL_free(header);
header = NULL;
OPENSSL_free(extension);
extension = NULL;
}
ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length);
end:
/* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(extension);
OPENSSL_free(serverinfo);
if (bin != NULL)
BIO_free(bin);
return ret;
}
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
ASN1_STRING *str)
{
int outlen, len;
int type;
char quotes;
unsigned char flags;
quotes = 0;
/* Keep a copy of escape flags */
flags = (unsigned char)(lflags & ESC_FLAGS);
type = str->type;
outlen = 0;
if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
const char *tagname;
tagname = ASN1_tag2str(type);
outlen += sgx_strlen(tagname);
if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
return -1;
outlen++;
}
/* Decide what to do with type, either dump content or display it */
/* Dump everything */
if (lflags & ASN1_STRFLGS_DUMP_ALL)
type = -1;
/* Ignore the string type */
else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
type = 1;
else {
/* Else determine width based on type */
if ((type > 0) && (type < 31))
type = tag2nbyte[type];
else
type = -1;
if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
type = 1;
}
if (type == -1) {
len = do_dump(lflags, io_ch, arg, str);
if (len < 0)
return -1;
outlen += len;
return outlen;
}
if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
/*
* Note: if string is UTF8 and we want to convert to UTF8 then we
* just interpret it as 1 byte per character to avoid converting
* twice.
*/
if (!type)
type = 1;
else
type |= BUF_TYPE_CONVUTF8;
}
len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
if (len < 0)
return -1;
outlen += len;
if (quotes)
outlen += 2;
if (!arg)
return outlen;
if (quotes && !io_ch(arg, "\"", 1))
return -1;
if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
return -1;
if (quotes && !io_ch(arg, "\"", 1))
return -1;
return outlen;
}
void enclave_main()
{
SSL_METHOD *method;
SSL_CTX *ctx;
BIO *bio_cert;
BIO *bio_pkey;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
int port = 5566;
int srvr_fd;
int clnt_fd;
struct sockaddr_in addr;
// Initialize ssl
SSL_library_init();
// Initialize ctx
OpenSSL_add_all_algorithms();
method = TLSv1_2_server_method();
ctx = SSL_CTX_new(method);
// Load certificate
bio_cert = BIO_new(BIO_s_mem());
BIO_puts(bio_cert, cert_s);
cert = PEM_read_bio_X509(bio_cert, NULL, 0, NULL);
if (cert == NULL) {
sgx_debug("cert is NULL");
} else {
sgx_debug("cert is not NULL");
}
bio_pkey = BIO_new(BIO_s_mem());
BIO_puts(bio_pkey, pkey_s);
pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, 0, NULL);
if (pkey == NULL) {
sgx_debug("key is NULL\n");
} else {
sgx_debug("key is not NULL\n");
}
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
sgx_debug("SSL_CTX_use_certificate failed\n");
//sgx_exit(NULL);
} else {
sgx_debug("SSL_CTX_use_certificate succeeded\n");
}
if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) {
sgx_debug("SSL_CTX_use_PrivateKey failed\n");
//sgx_exit(NULL);
} else {
sgx_debug("SSL_CTX_use_PrivateKey succeeded\n");
}
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
srvr_fd = sgx_socket(PF_INET, SOCK_STREAM, 0);
if (srvr_fd == -1) {
sgx_exit(NULL);
}
sgx_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = sgx_htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
if (sgx_bind(srvr_fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
sgx_exit(NULL);
}
if (sgx_listen(srvr_fd, 10) != 0) {
sgx_exit(NULL);
}
while (1) {
struct sockaddr_in addr;
socklen_t len = sizeof(addr);
SSL *ssl;
int sd;
int bytes;
char buf[256];
const char* echo="<html><body><pre>%s</pre></body></html>\n\n";
clnt_fd = sgx_accept(srvr_fd, (struct sockaddr *)&addr, &len);
if (clnt_fd < 0) {
sgx_puts("ERROR on accept\n");
continue;
}
ssl = SSL_new(ctx);
SSL_set_fd(ssl, clnt_fd);
if (SSL_accept(ssl) == -1)
sgx_puts("SSL accept failed\n");
else {
sgx_puts("SSL accept succeeded\n");
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0) {
buf[bytes] = 0;
sgx_puts(buf);
char msg[] = "Successfully connected\n";
SSL_write(ssl, msg, sgx_strlen(msg));
}
}
sd = SSL_get_fd(ssl);
//SSL_free(ssl);
sgx_close(sd);
//sgx_close(clnt_fd);
}
sgx_close(srvr_fd);
sgx_exit(NULL);
}