int SSL_use_certificate(SSL *ssl, X509 *x) { //sgx_debug("1\n"); if (x == NULL) { sgx_debug("c 1\n"); SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { sgx_debug("c 2\n"); SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_cert(ssl->cert, x)); }
static int ssl_set_cert(CERT *c, X509 *x) { EVP_PKEY *pkey; int i; pkey = X509_get_pubkey(x); if (pkey == NULL) { SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); return (0); } i = ssl_cert_type(x, pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); return (0); } if (c->pkeys[i].privatekey != NULL) { EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); #ifndef OPENSSL_NO_RSA /* * Don't check the public/private key, this is mostly for smart * cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; else #endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* * don't fail for a cert/key mismatch, just free current private * key (when switching to a different cert & key, first this * function should be used, then ssl_set_pkey */ EVP_PKEY_free(c->pkeys[i].privatekey); c->pkeys[i].privatekey = NULL; /* clear error queue */ ERR_clear_error(); } } EVP_PKEY_free(pkey); if (c->pkeys[i].x509 != NULL) X509_free(c->pkeys[i].x509); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); sgx_debug("s 3\n"); c->valid = 0; return (1); }
void enclave_main() { sgx_debug("qsort test\n"); sgx_qsort(values, 6, sizeof(int), compare); sgx_printf("%d %d %d %d %d %d\n", values[0], values[1], values[2], values[3], values[4], values[5]); sgx_exit(NULL); }
void enclave_main() { SSL_METHOD *method; SSL_CTX *ctx; BIO *bio_cert; BIO *bio_pkey; X509 *cert = NULL; EVP_PKEY *pkey = NULL; int port = 5566; int srvr_fd; int clnt_fd; struct sockaddr_in addr; // Initialize ssl SSL_library_init(); // Initialize ctx OpenSSL_add_all_algorithms(); method = TLSv1_2_server_method(); ctx = SSL_CTX_new(method); // Load certificate bio_cert = BIO_new(BIO_s_mem()); BIO_puts(bio_cert, cert_s); cert = PEM_read_bio_X509(bio_cert, NULL, 0, NULL); if (cert == NULL) { sgx_debug("cert is NULL"); } else { sgx_debug("cert is not NULL"); } bio_pkey = BIO_new(BIO_s_mem()); BIO_puts(bio_pkey, pkey_s); pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, 0, NULL); if (pkey == NULL) { sgx_debug("key is NULL\n"); } else { sgx_debug("key is not NULL\n"); } if (SSL_CTX_use_certificate(ctx, cert) <= 0) { sgx_debug("SSL_CTX_use_certificate failed\n"); //sgx_exit(NULL); } else { sgx_debug("SSL_CTX_use_certificate succeeded\n"); } if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) { sgx_debug("SSL_CTX_use_PrivateKey failed\n"); //sgx_exit(NULL); } else { sgx_debug("SSL_CTX_use_PrivateKey succeeded\n"); } SSL_CTX_set_ecdh_auto(ctx, 1); SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); srvr_fd = sgx_socket(PF_INET, SOCK_STREAM, 0); if (srvr_fd == -1) { sgx_exit(NULL); } sgx_memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_port = sgx_htons(port); addr.sin_addr.s_addr = INADDR_ANY; if (sgx_bind(srvr_fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { sgx_exit(NULL); } if (sgx_listen(srvr_fd, 10) != 0) { sgx_exit(NULL); } while (1) { struct sockaddr_in addr; socklen_t len = sizeof(addr); SSL *ssl; int sd; int bytes; char buf[256]; const char* echo="<html><body><pre>%s</pre></body></html>\n\n"; clnt_fd = sgx_accept(srvr_fd, (struct sockaddr *)&addr, &len); if (clnt_fd < 0) { sgx_puts("ERROR on accept\n"); continue; } ssl = SSL_new(ctx); SSL_set_fd(ssl, clnt_fd); if (SSL_accept(ssl) == -1) sgx_puts("SSL accept failed\n"); else { sgx_puts("SSL accept succeeded\n"); bytes = SSL_read(ssl, buf, sizeof(buf)); if (bytes > 0) { buf[bytes] = 0; sgx_puts(buf); char msg[] = "Successfully connected\n"; SSL_write(ssl, msg, sgx_strlen(msg)); } } sd = SSL_get_fd(ssl); //SSL_free(ssl); sgx_close(sd); //sgx_close(clnt_fd); } sgx_close(srvr_fd); sgx_exit(NULL); }