本文整理汇总了C++中S2N_ERROR函数的典型用法代码示例。如果您正苦于以下问题:C++ S2N_ERROR函数的具体用法?C++ S2N_ERROR怎么用?C++ S2N_ERROR使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了S2N_ERROR函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: s2n_asn1der_to_rsa_public_key
int s2n_asn1der_to_rsa_public_key(struct s2n_rsa_public_key *key, struct s2n_blob *asn1der)
{
uint8_t *original_ptr = asn1der->data;
X509 *cert = d2i_X509(NULL, (const unsigned char **)(void *)&asn1der->data, asn1der->size);
if (cert == NULL) {
S2N_ERROR(S2N_ERR_DECODE_CERTIFICATE);
}
if (asn1der->data - original_ptr != asn1der->size) {
X509_free(cert);
S2N_ERROR(S2N_ERR_DECODE_CERTIFICATE);
}
asn1der->data = original_ptr;
EVP_PKEY *public_key = X509_get_pubkey(cert);
X509_free(cert);
if (public_key == NULL) {
S2N_ERROR(S2N_ERR_DECODE_CERTIFICATE);
}
if (public_key->type != EVP_PKEY_RSA) {
EVP_PKEY_free(public_key);
S2N_ERROR(S2N_ERR_DECODE_CERTIFICATE);
}
key->rsa = EVP_PKEY_get1_RSA(public_key);
if (key->rsa == NULL) {
EVP_PKEY_free(public_key);
S2N_ERROR(S2N_ERR_DECODE_CERTIFICATE);
}
EVP_PKEY_free(public_key);
return 0;
}示例2: s2n_set_p_g_Ys_dh_params
static int s2n_set_p_g_Ys_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *p, struct s2n_blob *g, struct s2n_blob *Ys)
{
BIGNUM *bn_p = BN_bin2bn((const unsigned char *)p->data, p->size, NULL);
BIGNUM *bn_g = BN_bin2bn((const unsigned char *)g->data, g->size, NULL);
BIGNUM *bn_Ys = BN_bin2bn((const unsigned char *)Ys->data, Ys->size, NULL);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
dh_params->dh->p = bn_p;
dh_params->dh->g = bn_g;
dh_params->dh->pub_key = bn_Ys;
#else
if (DH_set0_pqg(dh_params->dh, bn_p, NULL, bn_g) == 0) {
/* Per https://www.openssl.org/docs/man1.1.0/crypto/DH_get0_pqg.html:
* values that have been passed in should not be freed directly after this function has been called
*/
S2N_ERROR(S2N_ERR_DH_PARAMS_CREATE);
}
if (DH_set0_key(dh_params->dh, bn_Ys, NULL) == 0) {
/* Same as DH_set0_pqg */
S2N_ERROR(S2N_ERR_DH_PARAMS_CREATE);
}
#endif
return 0;
}示例3: s2n_check_p_g_dh_params
static int s2n_check_p_g_dh_params(struct s2n_dh_params *dh_params)
{
notnull_check(dh_params);
notnull_check(dh_params->dh);
const BIGNUM *p = s2n_get_p_dh_param(dh_params);
const BIGNUM *g = s2n_get_g_dh_param(dh_params);
notnull_check(g);
notnull_check(p);
if (DH_size(dh_params->dh) < S2N_MIN_DH_PRIME_SIZE_BYTES) {
S2N_ERROR(S2N_ERR_DH_PARAMS_CREATE);
}
if (BN_is_zero(g)) {
S2N_ERROR(S2N_ERR_DH_PARAMS_CREATE);
}
if (BN_is_zero(p)) {
S2N_ERROR(S2N_ERR_DH_PARAMS_CREATE);
}
return 0;
}示例4: s2n_process_alert_fragment
int s2n_process_alert_fragment(struct s2n_connection *conn)
{
if (s2n_stuffer_data_available(&conn->alert_in) == 2) {
S2N_ERROR(S2N_ERR_ALERT_PRESENT);
}
while (s2n_stuffer_data_available(&conn->in)) {
uint8_t bytes_required = 2;
/* Alerts are two bytes long, but can still be fragmented or coalesced */
if (s2n_stuffer_data_available(&conn->alert_in) == 1) {
bytes_required = 1;
}
int bytes_to_read = MIN(bytes_required, s2n_stuffer_data_available(&conn->in));
GUARD(s2n_stuffer_copy(&conn->in, &conn->alert_in, bytes_to_read));
if (s2n_stuffer_data_available(&conn->alert_in) == 2) {
conn->closed = 1;
/* Close notifications are handled as shutdowns */
if (conn->alert_in_data[1] == S2N_TLS_ALERT_CLOSE_NOTIFY) {
return 0;
}
/* All other alerts are treated as fatal errors (even warnings) */
S2N_ERROR(S2N_ERR_ALERT);
}
}
return 0;
}示例5: s2n_rsa_sign
int s2n_rsa_sign(struct s2n_rsa_private_key *key, struct s2n_hash_state *digest, struct s2n_blob *signature)
{
uint8_t digest_out[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
int type, digest_length;
if (digest->alg == S2N_HASH_MD5_SHA1) {
type = NID_md5_sha1;
digest_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH;
} else if (digest->alg == S2N_HASH_SHA1) {
type = NID_sha1;
digest_length = SHA_DIGEST_LENGTH;
} else {
S2N_ERROR(S2N_ERR_HASH_INVALID_ALGORITHM);
}
GUARD(s2n_hash_digest(digest, digest_out, digest_length));
unsigned int signature_size = signature->size;
if (RSA_sign(type, digest_out, digest_length, signature->data, &signature_size, key->rsa) == 0) {
S2N_ERROR(S2N_ERR_SIGN);
}
if (signature_size > signature->size) {
S2N_ERROR(S2N_ERR_SIZE_MISMATCH);
}
signature->size = signature_size;
return 0;
}示例6: s2n_map_add
int s2n_map_add(struct s2n_map *map, struct s2n_blob *key, struct s2n_blob *value)
{
if (map->immutable) {
S2N_ERROR(S2N_ERR_MAP_IMMUTABLE);
}
if (map->capacity < (map->size * 2)) {
/* Embiggen the map */
GUARD(s2n_map_embiggen(map, map->capacity * 2));
}
uint32_t slot = s2n_map_slot(map, key);
/* Linear probing until we find an empty slot */
while(map->table[slot].key.size) {
if (key->size != map->table[slot].key.size ||
memcmp(key->data, map->table[slot].key.data, key->size)) {
slot++;
slot %= map->capacity;
continue;
}
/* We found a duplicate key */
S2N_ERROR(S2N_ERR_MAP_DUPLICATE);
}
GUARD(s2n_dup(key, &map->table[slot].key));
GUARD(s2n_dup(value, &map->table[slot].value));
map->size++;
return 0;
}示例7: s2n_sslv2_client_hello_recv
/* See http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html 2.5 */
int s2n_sslv2_client_hello_recv(struct s2n_connection *conn)
{
struct s2n_stuffer *in = &conn->handshake.io;
uint16_t session_id_length;
uint16_t cipher_suites_length;
uint16_t challenge_length;
uint8_t *cipher_suites;
if (conn->client_protocol_version < conn->config->cipher_preferences->minimum_protocol_version || conn->client_protocol_version > conn->server_protocol_version) {
GUARD(s2n_queue_reader_unsupported_protocol_version_alert(conn));
S2N_ERROR(S2N_ERR_BAD_MESSAGE);
}
conn->actual_protocol_version = MIN(conn->client_protocol_version, conn->server_protocol_version);
conn->client_hello_version = S2N_SSLv2;
/* We start 5 bytes into the record */
GUARD(s2n_stuffer_read_uint16(in, &cipher_suites_length));
if (cipher_suites_length % S2N_SSLv2_CIPHER_SUITE_LEN) {
S2N_ERROR(S2N_ERR_BAD_MESSAGE);
}
GUARD(s2n_stuffer_read_uint16(in, &session_id_length));
GUARD(s2n_stuffer_read_uint16(in, &challenge_length));
if (challenge_length > S2N_TLS_RANDOM_DATA_LEN) {
S2N_ERROR(S2N_ERR_BAD_MESSAGE);
}
cipher_suites = s2n_stuffer_raw_read(in, cipher_suites_length);
notnull_check(cipher_suites);
GUARD(s2n_set_cipher_as_sslv2_server(conn, cipher_suites, cipher_suites_length / S2N_SSLv2_CIPHER_SUITE_LEN));
if (session_id_length > s2n_stuffer_data_available(in)) {
S2N_ERROR(S2N_ERR_BAD_MESSAGE);
}
if (session_id_length > 0 && session_id_length <= S2N_TLS_SESSION_ID_MAX_LEN) {
GUARD(s2n_stuffer_read_bytes(in, conn->session_id, session_id_length));
conn->session_id_len = (uint8_t) session_id_length;
} else {
GUARD(s2n_stuffer_skip_read(in, session_id_length));
}
struct s2n_blob b;
b.data = conn->secure.client_random;
b.size = S2N_TLS_RANDOM_DATA_LEN;
b.data += S2N_TLS_RANDOM_DATA_LEN - challenge_length;
b.size -= S2N_TLS_RANDOM_DATA_LEN - challenge_length;
GUARD(s2n_stuffer_read(in, &b));
conn->server->chosen_cert_chain = conn->config->cert_and_key_pairs;
GUARD(s2n_conn_set_handshake_type(conn));
return 0;
}示例8: s2n_set_cipher_as_server
static int s2n_set_cipher_as_server(struct s2n_connection *conn, uint8_t *wire, uint32_t count, uint32_t cipher_suite_len)
{
uint8_t fallback_scsv[S2N_TLS_CIPHER_SUITE_LEN] = { TLS_FALLBACK_SCSV };
struct s2n_cipher_suite *higher_vers_match = NULL;
/* s2n supports only server order */
for (int i = 0; i < conn->config->cipher_preferences->count; i++) {
uint8_t *ours = conn->config->cipher_preferences->wire_format + (i * S2N_TLS_CIPHER_SUITE_LEN);
for (int j = 0; j < count; j++) {
uint8_t *theirs = wire + (j * cipher_suite_len) + (cipher_suite_len - S2N_TLS_CIPHER_SUITE_LEN);
if (!memcmp(fallback_scsv, theirs, S2N_TLS_CIPHER_SUITE_LEN)) {
if (conn->client_protocol_version < S2N_TLS12) {
conn->closed = 1;
S2N_ERROR(S2N_ERR_FALLBACK_DETECTED);
}
}
if (!memcmp(ours, theirs, S2N_TLS_CIPHER_SUITE_LEN)) {
/* We have a match */
struct s2n_cipher_suite *match;
match = s2n_cipher_suite_match(ours);
/* This should never happen */
if (match == NULL) {
S2N_ERROR(S2N_ERR_CIPHER_NOT_SUPPORTED);
}
/* Don't choose DHE key exchange if it's not configured. */
if (conn->config->dhparams == NULL && match->key_exchange_alg == &s2n_dhe) {
continue;
}
/* Don't choose EC ciphers if the curve was not agreed upon. */
if (conn->pending.server_ecc_params.negotiated_curve == NULL && (match->key_exchange_alg->flags & S2N_KEY_EXCHANGE_ECC)) {
continue;
}
/* Don't immediately choose a cipher the client shouldn't be able to support */
if (conn->client_protocol_version < match->minimum_required_tls_version) {
higher_vers_match = match;
continue;
}
conn->pending.cipher_suite = match;
return 0;
}
}
}
/* Settle for a cipher with a higher required proto version, if it was set */
if (higher_vers_match != NULL) {
conn->pending.cipher_suite = higher_vers_match;
return 0;
}
S2N_ERROR(S2N_ERR_CIPHER_NOT_SUPPORTED);
}示例9: s2n_realloc
int s2n_realloc(struct s2n_blob *b, uint32_t size)
{
if (size == 0) {
return s2n_free(b);
}
/* blob already has space for the request */
if (size < b->allocated) {
b->size = size;
return 0;
}
void *data;
if (!use_mlock) {
data = realloc(b->data, size);
if (!data) {
S2N_ERROR(S2N_ERR_ALLOC);
}
b->data = data;
b->size = size;
b->allocated = size;
return 0;
}
/* Page aligned allocation required for mlock */
uint32_t allocate = page_size * (((size - 1) / page_size) + 1);
if (posix_memalign(&data, page_size, allocate)) {
S2N_ERROR(S2N_ERR_ALLOC);
}
if (b->size) {
memcpy_check(data, b->data, b->size);
GUARD(s2n_free(b));
}
b->data = data;
b->size = size;
b->allocated = allocate;
#ifdef MADV_DONTDUMP
if (madvise(b->data, size, MADV_DONTDUMP) < 0) {
GUARD(s2n_free(b));
S2N_ERROR(S2N_ERR_MADVISE);
}
#endif
if (mlock(b->data, size) < 0) {
GUARD(s2n_free(b));
S2N_ERROR(S2N_ERR_MLOCK);
}
b->mlocked = 1;
return 0;
}示例10: s2n_rsa_encrypt
int s2n_rsa_encrypt(struct s2n_rsa_public_key *key, struct s2n_blob *in, struct s2n_blob *out)
{
if (out->size < s2n_rsa_public_encrypted_size(key)) {
S2N_ERROR(S2N_ERR_NOMEM);
}
int r = RSA_public_encrypt(in->size, (unsigned char *)in->data, (unsigned char *)out->data, key->rsa, RSA_PKCS1_PADDING);
if (r != out->size) {
S2N_ERROR(S2N_ERR_SIZE_MISMATCH);
}
return 0;
}示例11: s2n_composite_cipher_aes_sha_decrypt
static int s2n_composite_cipher_aes_sha_decrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out)
{
eq_check(out->size, in->size);
if (EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, NULL, iv->data) == 0) {
S2N_ERROR(S2N_ERR_KEY_INIT);
}
if (EVP_Cipher(key->evp_cipher_ctx, out->data, in->data, in->size) == 0) {
S2N_ERROR(S2N_ERR_DECRYPT);
}
return 0;
}示例12: s2n_dh_params_check
int s2n_dh_params_check(struct s2n_dh_params *params)
{
int codes = 0;
if (DH_check(params->dh, &codes) == 0) {
S2N_ERROR(S2N_ERR_DH_PARAMETER_CHECK);
}
if (codes != 0) {
S2N_ERROR(S2N_ERR_DH_PARAMETER_CHECK);
}
return 0;
}示例13: s2n_asn1der_to_rsa_private_key
int s2n_asn1der_to_rsa_private_key(struct s2n_rsa_private_key *key, struct s2n_blob *asn1der)
{
uint8_t *original_ptr = asn1der->data;
key->rsa = d2i_RSAPrivateKey(NULL, (const unsigned char **)(void *)&asn1der->data, asn1der->size);
if (key->rsa == NULL) {
S2N_ERROR(S2N_ERR_DECODE_PRIVATE_KEY);
}
if (asn1der->data - original_ptr != asn1der->size) {
S2N_ERROR(S2N_ERR_DECODE_PRIVATE_KEY);
}
return 0;
}示例14: s2n_set_server_name
int s2n_set_server_name(struct s2n_connection *conn, const char *server_name)
{
if (conn->mode != S2N_CLIENT) {
S2N_ERROR(S2N_ERR_CLIENT_MODE);
}
int len = strlen(server_name);
if (len > 255) {
S2N_ERROR(S2N_ERR_SERVER_NAME_TOO_LONG);
}
memcpy_check(conn->server_name, server_name, len);
return 0;
}示例15: s2n_cbc_cipher_3des_decrypt
int s2n_cbc_cipher_3des_decrypt(struct s2n_session_key *key, struct s2n_blob *iv, struct s2n_blob *in, struct s2n_blob *out)
{
gte_check(out->size, in->size);
if (EVP_DecryptInit_ex(&key->native_format.evp_cipher_ctx, NULL, NULL, NULL, iv->data) == 0) {
S2N_ERROR(S2N_ERR_KEY_INIT);
}
int len = out->size;
if (EVP_DecryptUpdate(&key->native_format.evp_cipher_ctx, out->data, &len, in->data, in->size) == 0) {
S2N_ERROR(S2N_ERR_DECRYPT);
}
return 0;
}