diff options
Diffstat (limited to 'deps/openssl/openssl/demos/bio')
-rw-r--r-- | deps/openssl/openssl/demos/bio/Makefile | 40 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/accept.cnf | 8 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/client-arg.c | 20 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/client-conf.c | 20 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/cmod.cnf | 24 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/descrip.mms | 47 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/intca.pem | 23 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/root.pem | 22 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/saccept.c | 61 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/sconnect.c | 68 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/server-arg.c | 25 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/server-cmod.c | 95 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/server-conf.c | 22 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/server-ec.pem | 17 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/server.pem | 65 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/shared.opt | 2 | ||||
-rw-r--r-- | deps/openssl/openssl/demos/bio/static.opt | 2 |
17 files changed, 434 insertions, 127 deletions
diff --git a/deps/openssl/openssl/demos/bio/Makefile b/deps/openssl/openssl/demos/bio/Makefile index f8c8f03517..493e8a58a5 100644 --- a/deps/openssl/openssl/demos/bio/Makefile +++ b/deps/openssl/openssl/demos/bio/Makefile @@ -1,22 +1,30 @@ -CC=cc -CFLAGS= -g -I../../include -LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl -EXAMPLES=saccept sconnect client-arg client-conf +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./server-arg +# LD_LIBRARY_PATH=../.. ./server-cmod +# LD_LIBRARY_PATH=../.. ./server-conf +# LD_LIBRARY_PATH=../.. ./client-arg +# LD_LIBRARY_PATH=../.. ./client-conf +# LD_LIBRARY_PATH=../.. ./saccept +# LD_LIBRARY_PATH=../.. ./sconnect -all: $(EXAMPLES) +CFLAGS = $(OPENSSL_INCS_LOCATION) +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS) -saccept: saccept.o - $(CC) -o saccept saccept.o $(LIBS) - -sconnect: sconnect.o - $(CC) -o sconnect sconnect.o $(LIBS) +all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf client-arg: client-arg.o - $(CC) -o client-arg client-arg.o $(LIBS) - client-conf: client-conf.o - $(CC) -o client-conf client-conf.o $(LIBS) - -clean: - rm -f $(EXAMPLES) *.o +saccept: saccept.o +sconnect: sconnect.o +server-arg: server-arg.o +server-cmod: server-cmod.o +server-conf: server-conf.o +client-arg client-conf saccept sconnect server-arg server-cmod server-conf: + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< diff --git a/deps/openssl/openssl/demos/bio/accept.cnf b/deps/openssl/openssl/demos/bio/accept.cnf index e4acea75f3..eb6965832f 100644 --- a/deps/openssl/openssl/demos/bio/accept.cnf +++ b/deps/openssl/openssl/demos/bio/accept.cnf @@ -5,9 +5,13 @@ Port = 4433 # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 -# Automatic curve selection -ECDHParameters = Automatic # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 Certificate=server.pem PrivateKey=server.pem +ChainCAFile=root.pem +VerifyCAFile=root.pem + +# Request certificate +VerifyMode=Request +ClientCAFile=root.pem diff --git a/deps/openssl/openssl/demos/bio/client-arg.c b/deps/openssl/openssl/demos/bio/client-arg.c index dc354cae06..e8d5e46ab5 100644 --- a/deps/openssl/openssl/demos/bio/client-arg.c +++ b/deps/openssl/openssl/demos/bio/client-arg.c @@ -1,3 +1,13 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> #include <openssl/err.h> #include <openssl/ssl.h> @@ -13,11 +23,7 @@ int main(int argc, char **argv) const char *connect_str = "localhost:4433"; int nargs = argc - 1; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); @@ -38,7 +44,7 @@ int main(int argc, char **argv) if (rv > 0) continue; /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-connect")) { + if (strcmp(*args, "-connect") == 0) { connect_str = args[1]; if (connect_str == NULL) { fprintf(stderr, "Missing -connect argument\n"); @@ -56,7 +62,7 @@ int main(int argc, char **argv) if (!SSL_CONF_CTX_finish(cctx)) { fprintf(stderr, "Finish error\n"); ERR_print_errors_fp(stderr); - goto err; + goto end; } /* diff --git a/deps/openssl/openssl/demos/bio/client-conf.c b/deps/openssl/openssl/demos/bio/client-conf.c index 150e7fcf83..e819030eec 100644 --- a/deps/openssl/openssl/demos/bio/client-conf.c +++ b/deps/openssl/openssl/demos/bio/client-conf.c @@ -1,3 +1,13 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> #include <openssl/err.h> #include <openssl/ssl.h> #include <openssl/conf.h> @@ -16,10 +26,6 @@ int main(int argc, char **argv) const char *connect_str = "localhost:4433"; long errline = -1; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - conf = NCONF_new(NULL); if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { @@ -37,7 +43,7 @@ int main(int argc, char **argv) goto end; } - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); @@ -53,7 +59,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); goto end; } - if (!strcmp(cnf->name, "Connect")) { + if (strcmp(cnf->name, "Connect") == 0) { connect_str = cnf->value; } else { fprintf(stderr, "Unknown configuration option %s\n", cnf->name); @@ -64,7 +70,7 @@ int main(int argc, char **argv) if (!SSL_CONF_CTX_finish(cctx)) { fprintf(stderr, "Finish error\n"); ERR_print_errors_fp(stderr); - goto err; + goto end; } /* diff --git a/deps/openssl/openssl/demos/bio/cmod.cnf b/deps/openssl/openssl/demos/bio/cmod.cnf new file mode 100644 index 0000000000..39ac54edd9 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/cmod.cnf @@ -0,0 +1,24 @@ +# Example config module configuration + +# Name supplied by application to CONF_modules_load_file +# and section containing configuration +testapp = test_sect + +[test_sect] +# list of configuration modules + +# SSL configuration module +ssl_conf = ssl_sect + +[ssl_sect] +# list of SSL configurations +server = server_sect + +[server_sect] +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 +# Certificates and keys +RSA.Certificate=server.pem +ECDSA.Certificate=server-ec.pem diff --git a/deps/openssl/openssl/demos/bio/descrip.mms b/deps/openssl/openssl/demos/bio/descrip.mms new file mode 100644 index 0000000000..d49725ffd1 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/descrip.mms @@ -0,0 +1,47 @@ +# This build description trusts that the following logical names are defined: +# +# For compilation: OPENSSL +# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR +# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL +# +# These are normally defined with the OpenSSL startup procedure + +# By default, we link with the shared libraries +SHARED = TRUE + +# Alternative, for linking with static libraries +#SHARED = FALSE + +.FIRST : + IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt + IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt + +.LAST : + DEASSIGN OPT + +.DEFAULT : + @ ! + +# Because we use an option file, we need to redefine this +.obj.exe : + $(LINK) $(LINKFLAGS) $<,OPT:/OPT + +all : client-arg.exe client-conf.exe saccept.exe sconnect.exe - + server-arg.exe server-cmod.exe server-conf.exe + +client-arg.exe : client-arg.obj +client-conf.exe : client-conf.obj +saccept.exe : saccept.obj +sconnect.exe : sconnect.obj +server-arg.exe : server-arg.obj +server-cmod.exe : server-cmod.obj +server-conf.exe : server-conf.obj + +# Stoopid MMS doesn't infer this automatically... +client-arg.obj : client-arg.c +client-conf.obj : client-conf.c +saccept.obj : saccept.c +sconnect.obj : sconnect.c +server-arg.obj : server-arg.c +server-cmod.obj : server-cmod.c +server-conf.obj : server-conf.c diff --git a/deps/openssl/openssl/demos/bio/intca.pem b/deps/openssl/openssl/demos/bio/intca.pem new file mode 100644 index 0000000000..3551ea93d5 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/intca.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT +VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD +QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL +MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ +VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG +W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL +IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ +GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 +ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds +ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr +VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD +VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz +audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg +j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt +CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR +gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I +RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN +thI= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/root.pem b/deps/openssl/openssl/demos/bio/root.pem new file mode 100644 index 0000000000..3bd0e9b3ef --- /dev/null +++ b/deps/openssl/openssl/demos/bio/root.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT +VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD +QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL +MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ +VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs +vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H +q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG +juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu +R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r +77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA +AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA +FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn +wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI +/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G +Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN +T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz +9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/saccept.c b/deps/openssl/openssl/demos/bio/saccept.c index e79c872329..66c5c61755 100644 --- a/deps/openssl/openssl/demos/bio/saccept.c +++ b/deps/openssl/openssl/demos/bio/saccept.c @@ -1,5 +1,11 @@ -/* NOCW */ -/* demos/bio/saccept.c */ +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ /*- * A minimal program to serve an SSL connection. @@ -18,22 +24,32 @@ #define CERT_FILE "server.pem" -BIO *in = NULL; +static int done = 0; -void close_up() +void interrupt(int sig) { - if (in != NULL) - BIO_free(in); + done = 1; } -int main(argc, argv) -int argc; -char *argv[]; +void sigsetup(void) +{ + struct sigaction sa; + + /* + * Catch at most once, and don't restart the accept system call. + */ + sa.sa_flags = SA_RESETHAND; + sa.sa_handler = interrupt; + sigemptyset(&sa.sa_mask); + sigaction(SIGINT, &sa, NULL); +} + +int main(int argc, char *argv[]) { char *port = NULL; + BIO *in = NULL; BIO *ssl_bio, *tmp; SSL_CTX *ctx; - SSL *ssl; char buf[512]; int ret = 1, i; @@ -42,20 +58,8 @@ char *argv[]; else port = argv[1]; - signal(SIGINT, close_up); - - SSL_load_error_strings(); - -#ifdef WATT32 - dbug_init(); - sock_init(); -#endif - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - - ctx = SSL_CTX_new(SSLv23_server_method()); - if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) + ctx = SSL_CTX_new(TLS_server_method()); + if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE)) goto err; if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) goto err; @@ -63,7 +67,6 @@ char *argv[]; goto err; /* Setup server side SSL bio */ - ssl = SSL_new(ctx); ssl_bio = BIO_new_ssl(ctx, 0); if ((in = BIO_new_accept(port)) == NULL) @@ -76,6 +79,9 @@ char *argv[]; */ BIO_set_accept_bios(in, ssl_bio); + /* Arrange to leave server loop on interrupt */ + sigsetup(); + again: /* * The first call will setup the accept socket, and the second will get a @@ -86,7 +92,7 @@ char *argv[]; if (BIO_do_accept(in) <= 0) goto err; - for (;;) { + while (!done) { i = BIO_read(in, buf, 512); if (i == 0) { /* @@ -110,8 +116,7 @@ char *argv[]; if (ret) { ERR_print_errors_fp(stderr); } - if (in != NULL) - BIO_free(in); + BIO_free(in); exit(ret); return (!ret); } diff --git a/deps/openssl/openssl/demos/bio/sconnect.c b/deps/openssl/openssl/demos/bio/sconnect.c index e6eddb1c05..664a1e038c 100644 --- a/deps/openssl/openssl/demos/bio/sconnect.c +++ b/deps/openssl/openssl/demos/bio/sconnect.c @@ -1,5 +1,11 @@ -/* NOCW */ -/* demos/bio/sconnect.c */ +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ /*- * A minimal program to do SSL to a passed host and port. @@ -11,51 +17,65 @@ #include <stdio.h> #include <stdlib.h> #include <unistd.h> +#include <string.h> #include <openssl/err.h> #include <openssl/ssl.h> +#define HOSTPORT "localhost:4433" +#define CAFILE "root.pem" + extern int errno; int main(argc, argv) int argc; char *argv[]; { - char *host; - BIO *out; + const char *hostport = HOSTPORT; + const char *CAfile = CAFILE; + char *hostname; + char *cp; + BIO *out = NULL; char buf[1024 * 10], *p; SSL_CTX *ssl_ctx = NULL; SSL *ssl; BIO *ssl_bio; int i, len, off, ret = 1; - if (argc <= 1) - host = "localhost:4433"; - else - host = argv[1]; + if (argc > 1) + hostport = argv[1]; + if (argc > 2) + CAfile = argv[2]; + + hostname = OPENSSL_strdup(hostport); + if ((cp = strchr(hostname, ':')) != NULL) + *cp = 0; #ifdef WATT32 dbug_init(); sock_init(); #endif - /* Lets get nice error messages */ - SSL_load_error_strings(); + ssl_ctx = SSL_CTX_new(TLS_client_method()); - /* Setup all the global SSL stuff */ - OpenSSL_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + /* Enable trust chain verification */ + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); /* Lets make a SSL structure */ ssl = SSL_new(ssl_ctx); SSL_set_connect_state(ssl); + /* Enable peername verification */ + if (SSL_set1_host(ssl, hostname) <= 0) + goto err; + /* Use it inside an SSL BIO */ ssl_bio = BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); /* Lets use a connect BIO under the SSL BIO */ out = BIO_new(BIO_s_connect()); - BIO_set_conn_hostname(out, host); + BIO_set_conn_hostname(out, hostport); BIO_set_nbio(out, 1); out = BIO_push(ssl_bio, out); @@ -96,18 +116,16 @@ char *argv[]; } ret = 1; + goto done; - if (0) { err: - if (ERR_peek_error() == 0) { /* system call error */ - fprintf(stderr, "errno=%d ", errno); - perror("error"); - } else - ERR_print_errors_fp(stderr); - } + if (ERR_peek_error() == 0) { /* system call error */ + fprintf(stderr, "errno=%d ", errno); + perror("error"); + } else + ERR_print_errors_fp(stderr); + done: BIO_free_all(out); - if (ssl_ctx != NULL) - SSL_CTX_free(ssl_ctx); - exit(!ret); - return (ret); + SSL_CTX_free(ssl_ctx); + return (ret == 1); } diff --git a/deps/openssl/openssl/demos/bio/server-arg.c b/deps/openssl/openssl/demos/bio/server-arg.c index 1d0e1db234..6056969fe9 100644 --- a/deps/openssl/openssl/demos/bio/server-arg.c +++ b/deps/openssl/openssl/demos/bio/server-arg.c @@ -1,5 +1,11 @@ -/* NOCW */ -/* demos/bio/server-arg.c */ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ /* * A minimal program to serve an SSL connection. It uses blocking. It use the @@ -8,6 +14,7 @@ */ #include <stdio.h> +#include <string.h> #include <signal.h> #include <openssl/err.h> #include <openssl/ssl.h> @@ -24,12 +31,7 @@ int main(int argc, char *argv[]) char **args = argv + 1; int nargs = argc - 1; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - - ctx = SSL_CTX_new(SSLv23_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); @@ -52,7 +54,7 @@ int main(int argc, char *argv[]) if (rv > 0) continue; /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-port")) { + if (strcmp(*args, "-port") == 0) { port = args[1]; if (port == NULL) { fprintf(stderr, "Missing -port argument\n"); @@ -72,7 +74,7 @@ int main(int argc, char *argv[]) ERR_print_errors_fp(stderr); goto err; } -#if 0 +#ifdef ITERATE_CERTS /* * Demo of how to iterate over all certificates in an SSL_CTX structure. */ @@ -137,8 +139,7 @@ int main(int argc, char *argv[]) if (ret) { ERR_print_errors_fp(stderr); } - if (in != NULL) - BIO_free(in); + BIO_free(in); exit(ret); return (!ret); } diff --git a/deps/openssl/openssl/demos/bio/server-cmod.c b/deps/openssl/openssl/demos/bio/server-cmod.c new file mode 100644 index 0000000000..9cb246375c --- /dev/null +++ b/deps/openssl/openssl/demos/bio/server-cmod.c @@ -0,0 +1,95 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal TLS server it ses SSL_CTX_config and a configuration file to + * set most server parameters. + */ + +#include <stdio.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char *argv[]) +{ + unsigned char buf[512]; + char *port = "*:4433"; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + int ret = 1, i; + + ctx = SSL_CTX_new(TLS_server_method()); + + if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { + fprintf(stderr, "Error processing config file\n"); + goto err; + } + + if (SSL_CTX_config(ctx, "server") == 0) { + fprintf(stderr, "Error configuring server.\n"); + goto err; + } + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, sizeof(buf)); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) { + if (BIO_should_retry(in)) + continue; + goto err; + } + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/deps/openssl/openssl/demos/bio/server-conf.c b/deps/openssl/openssl/demos/bio/server-conf.c index a09bc9320d..41b13089c6 100644 --- a/deps/openssl/openssl/demos/bio/server-conf.c +++ b/deps/openssl/openssl/demos/bio/server-conf.c @@ -1,5 +1,11 @@ -/* NOCW */ -/* demos/bio/saccept-conf.c */ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ /* * A minimal program to serve an SSL connection. It uses blocking. It uses @@ -8,6 +14,7 @@ */ #include <stdio.h> +#include <string.h> #include <signal.h> #include <openssl/err.h> #include <openssl/ssl.h> @@ -27,10 +34,7 @@ int main(int argc, char *argv[]) char buf[512]; int ret = 1, i; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); + ctx = SSL_CTX_new(TLS_server_method()); conf = NCONF_new(NULL); @@ -49,7 +53,6 @@ int main(int argc, char *argv[]) goto err; } - ctx = SSL_CTX_new(SSLv23_server_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); @@ -67,7 +70,7 @@ int main(int argc, char *argv[]) ERR_print_errors_fp(stderr); goto err; } - if (!strcmp(cnf->name, "Port")) { + if (strcmp(cnf->name, "Port") == 0) { port = cnf->value; } else { fprintf(stderr, "Unknown configuration option %s\n", cnf->name); @@ -131,8 +134,7 @@ int main(int argc, char *argv[]) if (ret) { ERR_print_errors_fp(stderr); } - if (in != NULL) - BIO_free(in); + BIO_free(in); exit(ret); return (!ret); } diff --git a/deps/openssl/openssl/demos/bio/server-ec.pem b/deps/openssl/openssl/demos/bio/server-ec.pem new file mode 100644 index 0000000000..a13fdc7e28 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/server-ec.pem @@ -0,0 +1,17 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN +lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn +KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM +FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x +NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE +U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg +BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ +lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5 +gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm +fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse +VktDYjE= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/server.pem b/deps/openssl/openssl/demos/bio/server.pem index d0fc265f04..8a4a51f9f0 100644 --- a/deps/openssl/openssl/demos/bio/server.pem +++ b/deps/openssl/openssl/demos/bio/server.pem @@ -1,27 +1,52 @@ subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW +MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS +UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD +QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC +VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H +IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g +3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/ ++qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O +EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi +Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu +/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj +eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2 +w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF +BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R +sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN +Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr +hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K +FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ +rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox ++ybAZO8hxL6/I08/GQ== +-----END CERTIFICATE----- +subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA +issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA +-----BEGIN CERTIFICATE----- +MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU -41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 -hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK -WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp -yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7 -vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds -xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t -JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== +VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD +QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL +MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ +VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG +W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL +IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ +GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 +ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds +ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr +VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD +VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz +audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg +j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt +CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR +gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I +RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN +thI= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv diff --git a/deps/openssl/openssl/demos/bio/shared.opt b/deps/openssl/openssl/demos/bio/shared.opt new file mode 100644 index 0000000000..4141b93a53 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/shared.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL_SHR/SHARE +OSSL$LIBCRYPTO_SHR/SHARE diff --git a/deps/openssl/openssl/demos/bio/static.opt b/deps/openssl/openssl/demos/bio/static.opt new file mode 100644 index 0000000000..9ca1588f77 --- /dev/null +++ b/deps/openssl/openssl/demos/bio/static.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL/LIB +OSSL$LIBCRYPTO/LIB |