本文整理汇总了C++中ERR_print_errors_fp函数的典型用法代码示例。如果您正苦于以下问题:C++ ERR_print_errors_fp函数的具体用法?C++ ERR_print_errors_fp怎么用?C++ ERR_print_errors_fp使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ERR_print_errors_fp函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: server_thread
// Minimal TLS server. This is largely based on the example at
// https://wiki.openssl.org/index.php/Simple_TLS_Server and the gRPC core
// internals in src/core/lib/tsi/ssl_transport_security.c.
static void server_thread(void *arg) {
const server_args *args = (server_args *)arg;
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
const SSL_METHOD *method = TLSv1_2_server_method();
SSL_CTX *ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
abort();
}
// Load key pair.
if (SSL_CTX_use_certificate_file(ctx, SSL_CERT_PATH, SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
abort();
}
if (SSL_CTX_use_PrivateKey_file(ctx, SSL_KEY_PATH, SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
abort();
}
// Set the cipher list to match the one expressed in
// src/core/lib/tsi/ssl_transport_security.c.
const char *cipher_list =
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"
"SHA384:ECDHE-RSA-AES256-GCM-SHA384";
if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
ERR_print_errors_fp(stderr);
gpr_log(GPR_ERROR, "Couldn't set server cipher list.");
abort();
}
// Register the ALPN selection callback.
SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb, args->alpn_preferred);
// bind/listen/accept at TCP layer.
const int sock = args->socket;
gpr_log(GPR_INFO, "Server listening");
struct sockaddr_in addr;
socklen_t len = sizeof(addr);
const int client = accept(sock, (struct sockaddr *)&addr, &len);
if (client < 0) {
perror("Unable to accept");
abort();
}
// Establish a SSL* and accept at SSL layer.
SSL *ssl = SSL_new(ctx);
GPR_ASSERT(ssl);
SSL_set_fd(ssl, client);
if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
gpr_log(GPR_ERROR, "Handshake failed.");
} else {
gpr_log(GPR_INFO, "Handshake successful.");
}
// Wait until the client drops its connection.
char buf;
while (SSL_read(ssl, &buf, sizeof(buf)) > 0)
;
SSL_free(ssl);
close(client);
close(sock);
SSL_CTX_free(ctx);
EVP_cleanup();
}
示例2: key_new
rdpRsaKey* key_new(const char* keyfile)
{
FILE* fp;
RSA* rsa;
rdpRsaKey* key;
key = (rdpRsaKey*) malloc(sizeof(rdpRsaKey));
ZeroMemory(key, sizeof(rdpRsaKey));
if (key == NULL)
return NULL;
fp = fopen(keyfile, "r");
if (fp == NULL)
{
fprintf(stderr, "unable to load RSA key from %s: %s.", keyfile, strerror(errno));
free(key) ;
return NULL;
}
rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
if (rsa == NULL)
{
ERR_print_errors_fp(stdout);
fclose(fp);
free(key) ;
return NULL;
}
fclose(fp);
switch (RSA_check_key(rsa))
{
case 0:
RSA_free(rsa);
fprintf(stderr, "invalid RSA key in %s", keyfile);
free(key) ;
return NULL;
case 1:
/* Valid key. */
break;
default:
ERR_print_errors_fp(stderr);
RSA_free(rsa);
free(key) ;
return NULL;
}
if (BN_num_bytes(rsa->e) > 4)
{
RSA_free(rsa);
fprintf(stderr, "RSA public exponent too large in %s", keyfile);
free(key) ;
return NULL;
}
key->ModulusLength = BN_num_bytes(rsa->n);
key->Modulus = (BYTE*) malloc(key->ModulusLength);
BN_bn2bin(rsa->n, key->Modulus);
crypto_reverse(key->Modulus, key->ModulusLength);
key->PrivateExponentLength = BN_num_bytes(rsa->d);
key->PrivateExponent = (BYTE*) malloc(key->PrivateExponentLength);
BN_bn2bin(rsa->d, key->PrivateExponent);
crypto_reverse(key->PrivateExponent, key->PrivateExponentLength);
memset(key->exponent, 0, sizeof(key->exponent));
BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
crypto_reverse(key->exponent, sizeof(key->exponent));
RSA_free(rsa);
return key;
}
示例3: main
int main(int argc, char *argv[]) {
FILE *fin, *fkey;
u_int16_t siglen;
u_int32_t magic;
long nread, ndata;
char *sigbuf, *inbuf;
EVP_PKEY *pkey;
EVP_MD_CTX ctx;
int err, retval;
if (argc != 3)
usage();
ERR_load_crypto_strings();
/* open file and check for magic */
fin = fopen(argv[2], "r+");
if (fin == NULL) {
fprintf(stderr, "unable to open file '%s'\n", argv[2]);
exit(4);
}
fseek(fin, -(sizeof(magic)), SEEK_END);
fread(&magic, sizeof(magic), 1, fin);
if (magic != SIG_MAGIC) {
fclose(fin);
exit(2);
}
/* magic is good; get signature length */
fseek(fin, -(sizeof(magic) + sizeof(siglen)), SEEK_END);
fread(&siglen, sizeof(siglen), 1, fin);
/* read public key */
fkey = fopen(argv[1], "r");
if (fkey == NULL) {
fprintf(stderr, "unable to open public key file '%s'\n", argv[1]);
exit(4);
}
pkey = PEM_read_PUBKEY(fkey, NULL, NULL, NULL);
fclose(fkey);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(4);
}
/* check if siglen is sane */
if ((siglen == 0) || (siglen > EVP_PKEY_size(pkey)))
exit(3);
/* got signature length; read signature */
sigbuf = malloc(siglen);
if (sigbuf == NULL)
exit(4);
fseek(fin, -(sizeof(magic) + sizeof(siglen) + siglen), SEEK_END);
if (fread(sigbuf, 1, siglen, fin) != siglen)
exit(4);
/* signature read; truncate file to remove sig */
fseek(fin, 0, SEEK_END);
ndata = ftell(fin) - (sizeof(magic) + sizeof(siglen) + siglen);
ftruncate(fileno(fin), ndata);
/* verify the signature now */
EVP_VerifyInit(&ctx, EVP_sha1());
/* allocate data buffer */
inbuf = malloc(SIG_INBUFLEN);
if (inbuf == NULL)
exit(4);
rewind(fin);
while (!feof(fin)) {
nread = fread(inbuf, 1, SIG_INBUFLEN, fin);
if (nread != SIG_INBUFLEN) {
if (ferror(fin)) {
fprintf(stderr, "read error in file '%s'\n", argv[2]);
exit(4);
}
}
EVP_VerifyUpdate(&ctx, inbuf, nread);
}
err = EVP_VerifyFinal(&ctx, sigbuf, siglen, pkey);
EVP_PKEY_free(pkey);
if (err == 1)
retval = 0; /* correct signature */
else if (err == 0)
retval = 1; /* invalid signature */
else
retval = 3; /* error */
free(inbuf);
//.........这里部分代码省略.........
示例4: pCtx
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
pCtx (NULL),
PrivateKey (NULL),
Certificate (NULL)
{
/* TODO: the usage of the specified private-key and cert-chain filenames only applies to
* client-side connections at this point. Server connections currently use the default materials.
* That needs to be fixed asap.
* Also, in this implementation, server-side connections use statically defined X-509 defaults.
* One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
* objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
*/
if (!bLibraryInitialized) {
bLibraryInitialized = true;
SSL_library_init();
OpenSSL_add_ssl_algorithms();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
InitializeDefaultCredentials();
}
bIsServer = is_server;
pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
if (!pCtx)
throw std::runtime_error ("no SSL context");
SSL_CTX_set_options (pCtx, SSL_OP_ALL);
//SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
if (is_server) {
// The SSL_CTX calls here do NOT allocate memory.
int e;
if (privkeyfile.length() > 0)
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
else
e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
if (certchainfile.length() > 0)
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
else
e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
if (is_server) {
SSL_CTX_sess_set_cache_size (pCtx, 128);
SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
}
else {
int e;
if (privkeyfile.length() > 0) {
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
if (certchainfile.length() > 0) {
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
}
}
示例5: main
//.........这里部分代码省略.........
}
else
{
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
EXIT(1);
}
}
if (!results)
BIO_puts(out,"obase=16\nibase=16\n");
message(out,"BN_add");
if (!test_add(out)) goto err;
BIO_flush(out);
message(out,"BN_sub");
if (!test_sub(out)) goto err;
BIO_flush(out);
message(out,"BN_lshift1");
if (!test_lshift1(out)) goto err;
BIO_flush(out);
message(out,"BN_lshift (fixed)");
if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
goto err;
BIO_flush(out);
message(out,"BN_lshift");
if (!test_lshift(out,ctx,NULL)) goto err;
BIO_flush(out);
message(out,"BN_rshift1");
if (!test_rshift1(out)) goto err;
BIO_flush(out);
message(out,"BN_rshift");
if (!test_rshift(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_sqr");
if (!test_sqr(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mul");
if (!test_mul(out)) goto err;
BIO_flush(out);
message(out,"BN_div");
if (!test_div(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_div_recp");
if (!test_div_recp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod");
if (!test_mod(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_mul");
if (!test_mod_mul(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mont");
if (!test_mont(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_exp");
if (!test_mod_exp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_kronecker");
if (!test_kron(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_sqrt");
if (!test_sqrt(out,ctx)) goto err;
BIO_flush(out);
BN_CTX_free(ctx);
BIO_free(out);
/**/
EXIT(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
EXIT(1);
return(1);
}
示例6: digest
static void
digest(struct executable *x)
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
size_t sum_of_bytes_hashed;
int i, ok;
/*
* Windows Authenticode Portable Executable Signature Format
* spec version 1.0 specifies MD5 and SHA1. However, pesign
* and sbsign both use SHA256, so do the same.
*/
md = EVP_get_digestbyname(DIGEST);
if (md == NULL) {
ERR_print_errors_fp(stderr);
errx(1, "EVP_get_digestbyname(\"%s\") failed", DIGEST);
}
mdctx = EVP_MD_CTX_create();
if (mdctx == NULL) {
ERR_print_errors_fp(stderr);
errx(1, "EVP_MD_CTX_create(3) failed");
}
ok = EVP_DigestInit_ex(mdctx, md, NULL);
if (ok == 0) {
ERR_print_errors_fp(stderr);
errx(1, "EVP_DigestInit_ex(3) failed");
}
/*
* According to the Authenticode spec, we need to compute
* the digest in a rather... specific manner; see "Calculating
* the PE Image Hash" part of the spec for details.
*
* First, everything from 0 to before the PE checksum.
*/
digest_range(x, mdctx, 0, x->x_checksum_off);
/*
* Second, from after the PE checksum to before the Certificate
* entry in Data Directory.
*/
digest_range(x, mdctx, x->x_checksum_off + x->x_checksum_len,
x->x_certificate_entry_off -
(x->x_checksum_off + x->x_checksum_len));
/*
* Then, from after the Certificate entry to the end of headers.
*/
digest_range(x, mdctx,
x->x_certificate_entry_off + x->x_certificate_entry_len,
x->x_headers_len -
(x->x_certificate_entry_off + x->x_certificate_entry_len));
/*
* Then, each section in turn, as specified in the PE Section Table.
*
* XXX: Sorting.
*/
sum_of_bytes_hashed = x->x_headers_len;
for (i = 0; i < x->x_nsections; i++) {
digest_range(x, mdctx,
x->x_section_off[i], x->x_section_len[i]);
sum_of_bytes_hashed += x->x_section_len[i];
}
/*
* I believe this can happen with overlapping sections.
*/
if (sum_of_bytes_hashed > x->x_len)
errx(1, "number of bytes hashed is larger than file size");
/*
* I can't really explain this one; just do what the spec says.
*/
if (sum_of_bytes_hashed < x->x_len) {
digest_range(x, mdctx, sum_of_bytes_hashed,
x->x_len - (signature_size(x) + sum_of_bytes_hashed));
}
ok = EVP_DigestFinal_ex(mdctx, x->x_digest, &x->x_digest_len);
if (ok == 0) {
ERR_print_errors_fp(stderr);
errx(1, "EVP_DigestFinal_ex(3) failed");
}
EVP_MD_CTX_destroy(mdctx);
}
示例7: while
/**
* \brief Funtion that listens for new connetions
*
* Runs in a thread and adds new connections to plugin_conf->master set
*
* \param[in, out] config Plugin configuration structure
* \return NULL always
*/
void *input_listen(void *config)
{
struct plugin_conf *conf = (struct plugin_conf *) config;
int new_sock;
/* use IPv6 sockaddr structure to store address information (IPv4 fits easily) */
struct sockaddr_in6 *address = NULL;
socklen_t addr_length;
char src_addr[INET6_ADDRSTRLEN];
struct input_info_list *input_info;
#ifdef TLS_SUPPORT
int ret;
int i;
SSL *ssl = NULL; /* structure for TLS connection */
X509 *peer_cert = NULL; /* peer's certificate */
struct cleanup maid; /* auxiliary struct for TLS error handling */
#endif
/* loop ends when thread is cancelled by pthread_cancel() function */
while (1) {
/* allocate space for the address */
addr_length = sizeof(struct sockaddr_in6);
address = malloc(addr_length);
if (!address) {
MSG_ERROR(msg_module, "Memory allocation failed (%s:%d)", __FILE__, __LINE__);
break;
}
/* ensure that address will be freed when thread is canceled */
pthread_cleanup_push(input_listen_cleanup, (void *) address);
if ((new_sock = accept(conf->socket, (struct sockaddr*) address, &addr_length)) == -1) {
MSG_ERROR(msg_module, "Cannot accept new socket: %s", strerror(errno));
/* exit and call cleanup */
pthread_exit(0);
}
#ifdef TLS_SUPPORT
/* preparation for TLS error handling */
maid.address = address;
maid.ssl = NULL;
maid.peer_cert = NULL;
if (conf->tls) {
/* create a new SSL structure for the connection */
ssl = SSL_new(conf->ctx);
if (!ssl) {
MSG_ERROR(msg_module, "Unable to create SSL structure");
ERR_print_errors_fp(stderr);
/* cleanup */
input_listen_tls_cleanup(conf, &maid);
continue;
}
maid.ssl = ssl;
/* connect the SSL object with the socket */
ret = SSL_set_fd(ssl, new_sock);
if (ret != 1) {
MSG_ERROR(msg_module, "Unable to connect the SSL object with the socket");
ERR_print_errors_fp(stderr);
/* cleanup */
input_listen_tls_cleanup(conf, &maid);
continue;
}
/* TLS handshake */
ret = SSL_accept(ssl);
if (ret != 1) {
/* handshake wasn't successful */
MSG_ERROR(msg_module, "TLS handshake was not successful");
ERR_print_errors_fp(stderr);
/* cleanup */
input_listen_tls_cleanup(conf, &maid);
continue;
}
/* obtain peer's certificate */
peer_cert = SSL_get_peer_certificate(ssl);
if (!peer_cert) {
MSG_ERROR(msg_module, "No certificate was presented by the peer");
/* cleanup */
input_listen_tls_cleanup(conf, &maid);
continue;
}
maid.peer_cert = peer_cert;
/* verify peer's certificate */
if (SSL_get_verify_result(ssl) != X509_V_OK) {
MSG_ERROR(msg_module, "Client sent bad certificate; verification failed");
/* cleanup */
input_listen_tls_cleanup(conf, &maid);
continue;
}
//.........这里部分代码省略.........
示例8: fips_check_rsa
int fips_check_rsa(RSA *rsa)
{
int n, ret = 0;
unsigned char tctext[256], *ctext = tctext;
unsigned char tptext[256], *ptext = tptext;
/* The longest we can have with PKCS#1 v1.5 padding and a 512 bit key,
* namely 512/8-11-1 = 52 bytes */
static const unsigned char original_ptext[] =
"\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x01\x23\x45\x67";
if (RSA_size(rsa) > sizeof(tctext))
{
ctext = OPENSSL_malloc(RSA_size(rsa));
ptext = OPENSSL_malloc(RSA_size(rsa));
if (!ctext || !ptext)
{
ERR_print_errors_fp(OPENSSL_stderr());
exit(1);
}
}
/* this will fail for keys shorter than 512 bits */
n=RSA_private_encrypt(sizeof(original_ptext)-1,original_ptext,ctext,rsa,
RSA_PKCS1_PADDING);
if(n < 0)
{
ERR_print_errors_fp(OPENSSL_stderr());
exit(1);
}
if(!memcmp(ctext,original_ptext,n))
{
FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
goto error;
}
n=RSA_public_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_PADDING);
if(n < 0)
{
ERR_print_errors_fp(OPENSSL_stderr());
exit(1);
}
if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))
{
FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
goto error;
}
ret = 1;
error:
if (RSA_size(rsa) > sizeof(tctext))
{
OPENSSL_free(ctext);
OPENSSL_free(ptext);
}
return ret;
}
示例9: krb5_cproxy_process
krb5_data *
krb5_cproxy_process(char *servername, char *port, krb5_data *request) {
/* SSL init */
SSL_library_init(); /* always returns 1 */
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
const SSL_METHOD *method = SSLv23_client_method(); /* includes TLSv1 */
if (!method) {
ERR_print_errors_fp(stderr);
EVP_cleanup();
return NULL;
}
SSL_CTX *gamma = SSL_CTX_new(method);
if (!gamma) {
ERR_print_errors_fp(stderr);
EVP_cleanup();
return NULL;
}
SSL_CTX_set_verify(gamma, SSL_VERIFY_PEER, NULL);
if (!SSL_CTX_set_default_verify_paths(gamma)) {
ERR_print_errors_fp(stderr);
SSL_CTX_free(gamma);
EVP_cleanup();
return NULL;
}
SSL *ssl = SSL_new(gamma);
if (!ssl) {
ERR_print_errors_fp(stderr);
SSL_CTX_free(gamma);
EVP_cleanup();
return NULL;
}
/* Encoding */
char *req;
gsize out_len;
char *fmt = "POST / HTTP/1.0\r\n"
"Host: %s\r\n" /* MSFT gets upset without this */
"Content-type: application/kerberos\r\n"
"Content-length: %d\r\n"
"\r\n%s";
char *g_buf = g_base64_encode((guchar *) request->data, request->length);
size_t reqlen = asprintf(&req, fmt, servername, strlen(g_buf), g_buf);
g_free(g_buf);
/* connect to other proxy */
struct addrinfo khints, *kserverdata;
memset(&khints, 0, sizeof(khints));
khints.ai_family = AF_UNSPEC;
khints.ai_socktype = SOCK_STREAM; /* TCP for HTTP */
int gai_ret = getaddrinfo(servername, port, &khints, &kserverdata);
if (gai_ret) {
fprintf(stderr, "%s\n", gai_strerror(gai_ret));
SSL_CTX_free(gamma);
EVP_cleanup();
free(req);
return NULL;
}
int fd_prox = -1;
for (struct addrinfo *cur = kserverdata;
cur != NULL && fd_prox == -1;
cur = cur->ai_next) {
fd_prox = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);
if (fd_prox == -1) {
fprintf(stderr, "failed to socket\n");
} else if (connect(fd_prox, cur->ai_addr, cur->ai_addrlen) == -1) {
close(fd_prox);
fd_prox = -1;
fprintf(stderr, "failed to connect\n");
}
}
freeaddrinfo(kserverdata);
if (fd_prox == -1) {
fprintf(stderr, "unable to connect to any sockets\n");
SSL_CTX_free(gamma);
EVP_cleanup();
free(req);
return NULL;
}
/* SSL the socket */
if (!SSL_set_fd(ssl, fd_prox)) {
ERR_print_errors_fp(stderr);
close(fd_prox);
free(req);
SSL_free(ssl);
SSL_CTX_free(gamma);
EVP_cleanup();
return NULL;
}
if (SSL_connect(ssl) != 1) {
ERR_print_errors_fp(stderr); /* maybe? */
close(fd_prox);
free(req);
SSL_free(ssl);
SSL_CTX_free(gamma);
EVP_cleanup();
return NULL;
}
//.........这里部分代码省略.........
示例10: main
//.........这里部分代码省略.........
fprintf(stdout, "%s: scep msg: %s", pname,
http_string);
}
/*
* Send http message.
* Response is written to http_response struct "reply".
*/
reply.payload = NULL;
if ((c = send_msg (&reply, http_string, host_name,
host_port, operation_flag)) == 1) {
fprintf(stderr, "%s: error while sending "
"message\n", pname);
exit (SCEP_PKISTATUS_NET);
}
if (reply.payload == NULL) {
fprintf(stderr, "%s: no data, perhaps you "
"should define CA identifier (-i)\n", pname);
exit (SCEP_PKISTATUS_SUCCESS);
}
if (v_flag){
printf("%s: valid response from server\n", pname);
}
if (reply.type == SCEP_MIME_GETCA_RA) {
/* XXXXXXXXXXXXXXXXXXXXX chain not verified */
write_ca_ra(&reply);
}
/* Read payload as DER X.509 object: */
bp = BIO_new_mem_buf(reply.payload, reply.bytes);
cacert = d2i_X509_bio(bp, NULL);
/* Read and print certificate information */
if (!X509_digest(cacert, fp_alg, md, &n)) {
ERR_print_errors_fp(stderr);
exit (SCEP_PKISTATUS_ERROR);
}
if (v_flag){
printf("%s: %s fingerprint: ", pname,
OBJ_nid2sn(EVP_MD_type(fp_alg)));
for (c = 0; c < (int)n; c++) {
printf("%02X%c",md[c],
(c + 1 == (int)n) ?'\n':':');
}
}
/* Write PEM-formatted file: */
#ifdef WIN32
if ((fopen_s(&fp,c_char , "w")))
#else
if (!(fp = fopen(c_char, "w")))
#endif
{
fprintf(stderr, "%s: cannot open CA file for "
"writing\n", pname);
exit (SCEP_PKISTATUS_ERROR);
}
if (PEM_write_X509(fp, c_char) != 1) {
fprintf(stderr, "%s: error while writing CA "
"file\n", pname);
ERR_print_errors_fp(stderr);
exit (SCEP_PKISTATUS_ERROR);
}
if (v_flag)
printf("%s: CA certificate written as %s\n",
pname, c_char);
示例11: SSL_library_init
/* Init necessary structures for SSL in WebIf*/
SSL_CTX *SSL_Webif_Init(void)
{
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_SSL_strings();
SSL_CTX *ctx;
static const char *cs_cert = "oscam.pem";
if(pthread_key_create(&getssl, NULL))
{
cs_log("Could not create getssl");
}
// set locking callbacks for SSL
int32_t i, num = CRYPTO_num_locks();
lock_cs = (CS_MUTEX_LOCK *) OPENSSL_malloc(num * sizeof(CS_MUTEX_LOCK));
for(i = 0; i < num; ++i)
{
cs_lock_create(&lock_cs[i], "ssl_lock_cs", 10000);
}
/* static lock callbacks */
CRYPTO_set_id_callback(SSL_id_function);
CRYPTO_set_locking_callback(SSL_locking_function);
/* dynamic lock callbacks */
CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function);
CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function);
if(cfg.http_force_sslv3)
{
ctx = SSL_CTX_new(SSLv3_server_method());
#ifdef SSL_CTX_clear_options
SSL_CTX_clear_options(ctx, SSL_OP_ALL); //we CLEAR all bug workarounds! This is for security reason
#else
cs_log("WARNING: You enabled to force sslv3 but your system does not support to clear the ssl workarounds! SSL security will be reduced!");
#endif
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); // we force SSL v3 !
SSL_CTX_set_cipher_list(ctx, SSL_TXT_RC4);
}
else
{ ctx = SSL_CTX_new(SSLv23_server_method()); }
char path[128];
if(!cfg.http_cert)
{ get_config_filename(path, sizeof(path), cs_cert); }
else
{ cs_strncpy(path, cfg.http_cert, sizeof(path)); }
if(!ctx)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0)
{
ERR_print_errors_fp(stderr);
return NULL;
}
if(!SSL_CTX_check_private_key(ctx))
{
cs_log("SSL: Private key does not match the certificate public key");
return NULL;
}
cs_log("load ssl certificate file %s", path);
return ctx;
}
示例12: krx_ssl_ctx_init
int krx_ssl_ctx_init(krx* k, const char* keyname) {
int r = 0;
/* create a new context using DTLS */
k->ctx = SSL_CTX_new(DTLSv1_method());
if(!k->ctx) {
printf("Error: cannot create SSL_CTX.\n");
ERR_print_errors_fp(stderr);
return -1;
}
/* set our supported ciphers */
r = SSL_CTX_set_cipher_list(k->ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
if(r != 1) {
printf("Error: cannot set the cipher list.\n");
ERR_print_errors_fp(stderr);
return -2;
}
/* the client doesn't have to send it's certificate */
SSL_CTX_set_verify(k->ctx, SSL_VERIFY_PEER, krx_ssl_verify_peer);
/* enable srtp */
r = SSL_CTX_set_tlsext_use_srtp(k->ctx, "SRTP_AES128_CM_SHA1_80");
if(r != 0) {
printf("Error: cannot setup srtp.\n");
ERR_print_errors_fp(stderr);
return -3;
}
/* load key and certificate */
char certfile[1024];
char keyfile[1024];
sprintf(certfile, "./%s-cert.pem", keyname);
sprintf(keyfile, "./%s-key.pem", keyname);
/* certificate file; contains also the public key */
r = SSL_CTX_use_certificate_file(k->ctx, certfile, SSL_FILETYPE_PEM);
if(r != 1) {
printf("Error: cannot load certificate file.\n");
ERR_print_errors_fp(stderr);
return -4;
}
/* load private key */
r = SSL_CTX_use_PrivateKey_file(k->ctx, keyfile, SSL_FILETYPE_PEM);
if(r != 1) {
printf("Error: cannot load private key file.\n");
ERR_print_errors_fp(stderr);
return -5;
}
/* check if the private key is valid */
r = SSL_CTX_check_private_key(k->ctx);
if(r != 1) {
printf("Error: checking the private key failed. \n");
ERR_print_errors_fp(stderr);
return -6;
}
sprintf(k->name, "+ %s", keyname);
return 0;
}
示例13: main
int main(int argc, char *argv[]) {
BIO *sbio;
SSL_CTX *ssl_ctx;
SSL *ssl;
X509 *server_cert;
// Initialize OpenSSL
OpenSSL_add_all_algorithms();
SSL_library_init();
SSL_load_error_strings();
// Check OpenSSL PRNG
if(RAND_status() != 1) {
fprintf(stderr, "OpenSSL PRNG not seeded with enough data.");
goto error_1;
}
ssl_ctx = SSL_CTX_new(TLSv1_client_method());
// Enable certificate validation
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
// Configure the CA trust store to be used
if (SSL_CTX_load_verify_locations(ssl_ctx, TRUSTED_CA_PATHNAME, NULL) != 1) {
fprintf(stderr, "Couldn't load certificate trust store.\n");
goto error_2;
}
// Only support secure cipher suites
if (SSL_CTX_set_cipher_list(ssl_ctx, SECURE_CIPHER_LIST) != 1)
goto error_2;
// Create the SSL connection
sbio = BIO_new_ssl_connect(ssl_ctx);
BIO_get_ssl(sbio, &ssl);
if(!ssl) {
fprintf(stderr, "Can't locate SSL pointer\n");
goto error_3;
}
// Do the SSL handshake
BIO_set_conn_hostname(sbio, TARGET_SERVER);
if(SSL_do_handshake(ssl) <= 0) {
// SSL Handshake failed
long verify_err = SSL_get_verify_result(ssl);
if (verify_err != X509_V_OK) {
// It failed because the certificate chain validation failed
fprintf(stderr, "Certificate chain validation failed: %s\n", X509_verify_cert_error_string(verify_err));
}
else {
// It failed for another reason
ERR_print_errors_fp(stderr);
}
goto error_3;
}
// Recover the server's certificate
server_cert = SSL_get_peer_certificate(ssl);
if (server_cert == NULL) {
// The handshake was successful although the server did not provide a certificate
// Most likely using an insecure anonymous cipher suite... get out!
goto error_4;
}
// Validate the hostname
if (validate_hostname(TARGET_HOST, server_cert) != MatchFound) {
fprintf(stderr, "Hostname validation failed.\n");
goto error_5;
}
// Hostname validation succeeded; we can start sending data
send_http_get_and_print(sbio);
error_5:
X509_free(server_cert);
error_4:
BIO_ssl_shutdown(sbio);
error_3:
BIO_free_all(sbio);
error_2:
SSL_CTX_free(ssl_ctx);
error_1: // OpenSSL cleanup
EVP_cleanup();
ERR_free_strings();
return 0;
}
示例14: test_ecdh_curve
//.........这里部分代码省略.........
BN_print(out,y_b);
BIO_puts(out,"\n");
#else
BIO_printf(out,".");
(void)BIO_flush(out);
#endif
alen=KDF1_SHA1_len;
abuf=(unsigned char *)OPENSSL_malloc(alen);
aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
#ifdef NOISY
BIO_puts(out," key1 =");
for (i=0; i<aout; i++)
{
TINYCLR_SSL_SPRINTF(buf,"%02X",abuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
#else
BIO_printf(out,".");
(void)BIO_flush(out);
#endif
blen=KDF1_SHA1_len;
bbuf=(unsigned char *)OPENSSL_malloc(blen);
bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
#ifdef NOISY
BIO_puts(out," key2 =");
for (i=0; i<bout; i++)
{
TINYCLR_SSL_SPRINTF(buf,"%02X",bbuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
#else
BIO_printf(out,".");
(void)BIO_flush(out);
#endif
if ((aout < 4) || (bout != aout) || (TINYCLR_SSL_MEMCMP(abuf,bbuf,aout) != 0))
{
#ifndef NOISY
BIO_printf(out, " failed\n\n");
BIO_printf(out, "key a:\n");
BIO_printf(out, "private key: ");
BN_print(out, EC_KEY_get0_private_key(a));
BIO_printf(out, "\n");
BIO_printf(out, "public key (x,y): ");
BN_print(out, x_a);
BIO_printf(out, ",");
BN_print(out, y_a);
BIO_printf(out, "\nkey b:\n");
BIO_printf(out, "private key: ");
BN_print(out, EC_KEY_get0_private_key(b));
BIO_printf(out, "\n");
BIO_printf(out, "public key (x,y): ");
BN_print(out, x_b);
BIO_printf(out, ",");
BN_print(out, y_b);
BIO_printf(out, "\n");
BIO_printf(out, "generated key a: ");
for (i=0; i<bout; i++)
{
TINYCLR_SSL_SPRINTF(buf, "%02X", bbuf[i]);
BIO_puts(out, buf);
}
BIO_printf(out, "\n");
BIO_printf(out, "generated key b: ");
for (i=0; i<aout; i++)
{
TINYCLR_SSL_SPRINTF(buf, "%02X", abuf[i]);
BIO_puts(out,buf);
}
BIO_printf(out, "\n");
#endif
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"Error in ECDH routines\n");
ret=0;
}
else
{
#ifndef NOISY
BIO_printf(out, " ok\n");
#endif
ret=1;
}
err:
ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR);
if (abuf != NULL) OPENSSL_free(abuf);
if (bbuf != NULL) OPENSSL_free(bbuf);
if (x_a) BN_free(x_a);
if (y_a) BN_free(y_a);
if (x_b) BN_free(x_b);
if (y_b) BN_free(y_b);
if (b) EC_KEY_free(b);
if (a) EC_KEY_free(a);
return(ret);
}
示例15: handle_error
void handle_error(const char *file, int linenum, const char *msg) {
fprintf(stderr, "*** %s:%i %s\n", file, linenum, msg);
ERR_print_errors_fp(stderr);
exit(-1);
}