int SSL_use_certificate(SSL *ssl, X509 *x)
{
//sgx_debug("1\n");
if (x == NULL) {
sgx_debug("c 1\n");
SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
if (!ssl_cert_inst(&ssl->cert)) {
sgx_debug("c 2\n");
SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
return (0);
}
return (ssl_set_cert(ssl->cert, x));
}
static int ssl_set_cert(CERT *c, X509 *x)
{
EVP_PKEY *pkey;
int i;
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
return (0);
}
i = ssl_cert_type(x, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
return (0);
}
if (c->pkeys[i].privatekey != NULL) {
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
#ifndef OPENSSL_NO_RSA
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
RSA_METHOD_FLAG_NO_CHECK)) ;
else
#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/*
* don't fail for a cert/key mismatch, just free current private
* key (when switching to a different cert & key, first this
* function should be used, then ssl_set_pkey
*/
EVP_PKEY_free(c->pkeys[i].privatekey);
c->pkeys[i].privatekey = NULL;
/* clear error queue */
ERR_clear_error();
}
}
EVP_PKEY_free(pkey);
if (c->pkeys[i].x509 != NULL)
X509_free(c->pkeys[i].x509);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
sgx_debug("s 3\n");
c->valid = 0;
return (1);
}
void enclave_main()
{
sgx_debug("qsort test\n");
sgx_qsort(values, 6, sizeof(int), compare);
sgx_printf("%d %d %d %d %d %d\n", values[0], values[1], values[2], values[3], values[4], values[5]);
sgx_exit(NULL);
}
void enclave_main()
{
SSL_METHOD *method;
SSL_CTX *ctx;
BIO *bio_cert;
BIO *bio_pkey;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
int port = 5566;
int srvr_fd;
int clnt_fd;
struct sockaddr_in addr;
// Initialize ssl
SSL_library_init();
// Initialize ctx
OpenSSL_add_all_algorithms();
method = TLSv1_2_server_method();
ctx = SSL_CTX_new(method);
// Load certificate
bio_cert = BIO_new(BIO_s_mem());
BIO_puts(bio_cert, cert_s);
cert = PEM_read_bio_X509(bio_cert, NULL, 0, NULL);
if (cert == NULL) {
sgx_debug("cert is NULL");
} else {
sgx_debug("cert is not NULL");
}
bio_pkey = BIO_new(BIO_s_mem());
BIO_puts(bio_pkey, pkey_s);
pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, 0, NULL);
if (pkey == NULL) {
sgx_debug("key is NULL\n");
} else {
sgx_debug("key is not NULL\n");
}
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
sgx_debug("SSL_CTX_use_certificate failed\n");
//sgx_exit(NULL);
} else {
sgx_debug("SSL_CTX_use_certificate succeeded\n");
}
if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) {
sgx_debug("SSL_CTX_use_PrivateKey failed\n");
//sgx_exit(NULL);
} else {
sgx_debug("SSL_CTX_use_PrivateKey succeeded\n");
}
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
srvr_fd = sgx_socket(PF_INET, SOCK_STREAM, 0);
if (srvr_fd == -1) {
sgx_exit(NULL);
}
sgx_memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = sgx_htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
if (sgx_bind(srvr_fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
sgx_exit(NULL);
}
if (sgx_listen(srvr_fd, 10) != 0) {
sgx_exit(NULL);
}
while (1) {
struct sockaddr_in addr;
socklen_t len = sizeof(addr);
SSL *ssl;
int sd;
int bytes;
char buf[256];
const char* echo="<html><body><pre>%s</pre></body></html>\n\n";
clnt_fd = sgx_accept(srvr_fd, (struct sockaddr *)&addr, &len);
if (clnt_fd < 0) {
sgx_puts("ERROR on accept\n");
continue;
}
ssl = SSL_new(ctx);
SSL_set_fd(ssl, clnt_fd);
if (SSL_accept(ssl) == -1)
sgx_puts("SSL accept failed\n");
else {
sgx_puts("SSL accept succeeded\n");
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0) {
buf[bytes] = 0;
sgx_puts(buf);
char msg[] = "Successfully connected\n";
SSL_write(ssl, msg, sgx_strlen(msg));
}
}
sd = SSL_get_fd(ssl);
//SSL_free(ssl);
sgx_close(sd);
//sgx_close(clnt_fd);
}
sgx_close(srvr_fd);
sgx_exit(NULL);
}
