Import OpenSSL 1.1.0f

demos/bio/Makefile

@@ -1,22 +1,30 @@
-CC=cc
-CFLAGS= -g -I../../include
-LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl
-EXAMPLES=saccept sconnect client-arg client-conf
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./server-arg
+#    LD_LIBRARY_PATH=../.. ./server-cmod
+#    LD_LIBRARY_PATH=../.. ./server-conf
+#    LD_LIBRARY_PATH=../.. ./client-arg
+#    LD_LIBRARY_PATH=../.. ./client-conf
+#    LD_LIBRARY_PATH=../.. ./saccept
+#    LD_LIBRARY_PATH=../.. ./sconnect
 
-all: $(EXAMPLES) 
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
 
-saccept: saccept.o
-	$(CC) -o saccept saccept.o $(LIBS)
-
-sconnect: sconnect.o
-	$(CC) -o sconnect sconnect.o $(LIBS)
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
 
 client-arg: client-arg.o
-	$(CC) -o client-arg client-arg.o $(LIBS)
-
 client-conf: client-conf.o
-	$(CC) -o client-conf client-conf.o $(LIBS)
-
-clean:	
-	rm -f $(EXAMPLES) *.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
 
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<

demos/bio/accept.cnf

@@ -5,9 +5,13 @@ Port = 4433
 # Protocol = ALL, -TLSv1.2
 # Only support 3 curves
 Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
 # Restricted signature algorithms
 SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
 Certificate=server.pem
 PrivateKey=server.pem
+ChainCAFile=root.pem
+VerifyCAFile=root.pem
+
+# Request certificate
+VerifyMode=Request
+ClientCAFile=root.pem

demos/bio/client-arg.c

@@ -1,3 +1,13 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
@@ -13,11 +23,7 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     int nargs = argc - 1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
-    ctx = SSL_CTX_new(SSLv23_client_method());
+    ctx = SSL_CTX_new(TLS_client_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@@ -38,7 +44,7 @@ int main(int argc, char **argv)
         if (rv > 0)
             continue;
         /* Otherwise application specific argument processing */
-        if (!strcmp(*args, "-connect")) {
+        if (strcmp(*args, "-connect") == 0) {
             connect_str = args[1];
             if (connect_str == NULL) {
                 fprintf(stderr, "Missing -connect argument\n");
@@ -56,7 +62,7 @@ int main(int argc, char **argv)
     if (!SSL_CONF_CTX_finish(cctx)) {
         fprintf(stderr, "Finish error\n");
         ERR_print_errors_fp(stderr);
-        goto err;
+        goto end;
     }
 
     /*

demos/bio/client-conf.c

@@ -1,3 +1,13 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/conf.h>
@@ -16,10 +26,6 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     long errline = -1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
     conf = NCONF_new(NULL);
 
     if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
@@ -37,7 +43,7 @@ int main(int argc, char **argv)
         goto end;
     }
 
-    ctx = SSL_CTX_new(SSLv23_client_method());
+    ctx = SSL_CTX_new(TLS_client_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
@@ -53,7 +59,7 @@ int main(int argc, char **argv)
             ERR_print_errors_fp(stderr);
             goto end;
         }
-        if (!strcmp(cnf->name, "Connect")) {
+        if (strcmp(cnf->name, "Connect") == 0) {
             connect_str = cnf->value;
         } else {
             fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -64,7 +70,7 @@ int main(int argc, char **argv)
     if (!SSL_CONF_CTX_finish(cctx)) {
         fprintf(stderr, "Finish error\n");
         ERR_print_errors_fp(stderr);
-        goto err;
+        goto end;
     }
 
     /*

demos/bio/cmod.cnf

@@ -0,0 +1,24 @@
+# Example config module configuration
+
+# Name supplied by application to CONF_modules_load_file
+# and section containing configuration
+testapp = test_sect
+
+[test_sect]
+# list of confuration modules
+
+# SSL configuration module
+ssl_conf = ssl_sect
+
+[ssl_sect]
+# list of SSL configurations
+server = server_sect
+
+[server_sect]
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+# Certificates and keys
+RSA.Certificate=server.pem
+ECDSA.Certificate=server-ec.pem

demos/bio/descrip.mms

@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+	IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+	IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+	DEASSIGN OPT
+
+.DEFAULT :
+	@ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe : 
+	$(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+      server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c

demos/bio/intca.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
+-----END CERTIFICATE-----

demos/bio/root.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
+vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
+q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
+juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
+R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
+77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
+AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
+FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn
+wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI
+/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G
+Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN
+T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz
+9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y
+-----END CERTIFICATE-----

demos/bio/saccept.c

@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/saccept.c */
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 /*-
  * A minimal program to serve an SSL connection.
@@ -18,22 +24,32 @@
 
 #define CERT_FILE       "server.pem"
 
-BIO *in = NULL;
+static int done = 0;
 
-void close_up()
+void interrupt(int sig)
 {
-    if (in != NULL)
-        BIO_free(in);
+    done = 1;
 }
 
-int main(argc, argv)
-int argc;
-char *argv[];
+void sigsetup(void)
+{
+    struct sigaction sa;
+
+    /*
+     * Catch at most once, and don't restart the accept system call.
+     */
+    sa.sa_flags = SA_RESETHAND;
+    sa.sa_handler = interrupt;
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGINT, &sa, NULL);
+}
+
+int main(int argc, char *argv[])
 {
     char *port = NULL;
+    BIO *in = NULL;
     BIO *ssl_bio, *tmp;
     SSL_CTX *ctx;
-    SSL *ssl;
     char buf[512];
     int ret = 1, i;
 
@@ -42,20 +58,8 @@ char *argv[];
     else
         port = argv[1];
 
-    signal(SIGINT, close_up);
-
-    SSL_load_error_strings();
-
-#ifdef WATT32
-    dbug_init();
-    sock_init();
-#endif
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
-    ctx = SSL_CTX_new(SSLv23_server_method());
-    if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
+    ctx = SSL_CTX_new(TLS_server_method());
+    if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
         goto err;
     if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
         goto err;
@@ -63,7 +67,6 @@ char *argv[];
         goto err;
 
     /* Setup server side SSL bio */
-    ssl = SSL_new(ctx);
     ssl_bio = BIO_new_ssl(ctx, 0);
 
     if ((in = BIO_new_accept(port)) == NULL)
@@ -76,6 +79,9 @@ char *argv[];
      */
     BIO_set_accept_bios(in, ssl_bio);
 
+    /* Arrange to leave server loop on interrupt */
+    sigsetup();
+
  again:
     /*
      * The first call will setup the accept socket, and the second will get a
@@ -86,7 +92,7 @@ char *argv[];
     if (BIO_do_accept(in) <= 0)
         goto err;
 
-    for (;;) {
+    while (!done) {
         i = BIO_read(in, buf, 512);
         if (i == 0) {
             /*
@@ -110,8 +116,7 @@ char *argv[];
     if (ret) {
         ERR_print_errors_fp(stderr);
     }
-    if (in != NULL)
-        BIO_free(in);
+    BIO_free(in);
     exit(ret);
     return (!ret);
 }

demos/bio/sconnect.c

@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/sconnect.c */
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 /*-
  * A minimal program to do SSL to a passed host and port.
@@ -11,51 +17,65 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <string.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
+#define HOSTPORT "localhost:4433"
+#define CAFILE "root.pem"
+
 extern int errno;
 
 int main(argc, argv)
 int argc;
 char *argv[];
 {
-    char *host;
-    BIO *out;
+    const char *hostport = HOSTPORT;
+    const char *CAfile = CAFILE;
+    char *hostname;
+    char *cp;
+    BIO *out = NULL;
     char buf[1024 * 10], *p;
     SSL_CTX *ssl_ctx = NULL;
     SSL *ssl;
     BIO *ssl_bio;
     int i, len, off, ret = 1;
 
-    if (argc <= 1)
-        host = "localhost:4433";
-    else
-        host = argv[1];
+    if (argc > 1)
+        hostport = argv[1];
+    if (argc > 2)
+        CAfile = argv[2];
+
+    hostname = OPENSSL_strdup(hostport);
+    if ((cp = strchr(hostname, ':')) != NULL)
+        *cp = 0;
 
 #ifdef WATT32
     dbug_init();
     sock_init();
 #endif
 
-    /* Lets get nice error messages */
-    SSL_load_error_strings();
+    ssl_ctx = SSL_CTX_new(TLS_client_method());
 
-    /* Setup all the global SSL stuff */
-    OpenSSL_add_ssl_algorithms();
-    ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+    /* Enable trust chain verification */
+    SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+    SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
 
     /* Lets make a SSL structure */
     ssl = SSL_new(ssl_ctx);
     SSL_set_connect_state(ssl);
 
+    /* Enable peername verification */
+    if (SSL_set1_host(ssl, hostname) <= 0)
+        goto err;
+
     /* Use it inside an SSL BIO */
     ssl_bio = BIO_new(BIO_f_ssl());
     BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
 
     /* Lets use a connect BIO under the SSL BIO */
     out = BIO_new(BIO_s_connect());
-    BIO_set_conn_hostname(out, host);
+    BIO_set_conn_hostname(out, hostport);
     BIO_set_nbio(out, 1);
     out = BIO_push(ssl_bio, out);
 
@@ -96,18 +116,16 @@ char *argv[];
     }
 
     ret = 1;
+    goto done;
 
-    if (0) {
  err:
-        if (ERR_peek_error() == 0) { /* system call error */
-            fprintf(stderr, "errno=%d ", errno);
-            perror("error");
-        } else
-            ERR_print_errors_fp(stderr);
-    }
+    if (ERR_peek_error() == 0) { /* system call error */
+        fprintf(stderr, "errno=%d ", errno);
+        perror("error");
+    } else
+        ERR_print_errors_fp(stderr);
+ done:
     BIO_free_all(out);
-    if (ssl_ctx != NULL)
-        SSL_CTX_free(ssl_ctx);
-    exit(!ret);
-    return (ret);
+    SSL_CTX_free(ssl_ctx);
+    return (ret == 1);
 }

demos/bio/server-arg.c

@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/server-arg.c */
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 /*
  * A minimal program to serve an SSL connection. It uses blocking. It use the
@@ -8,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -24,12 +31,7 @@ int main(int argc, char *argv[])
     char **args = argv + 1;
     int nargs = argc - 1;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
-    ctx = SSL_CTX_new(SSLv23_server_method());
+    ctx = SSL_CTX_new(TLS_server_method());
 
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
@@ -52,7 +54,7 @@ int main(int argc, char *argv[])
         if (rv > 0)
             continue;
         /* Otherwise application specific argument processing */
-        if (!strcmp(*args, "-port")) {
+        if (strcmp(*args, "-port") == 0) {
             port = args[1];
             if (port == NULL) {
                 fprintf(stderr, "Missing -port argument\n");
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
         ERR_print_errors_fp(stderr);
         goto err;
     }
-#if 0
+#ifdef ITERATE_CERTS
     /*
      * Demo of how to iterate over all certificates in an SSL_CTX structure.
      */
@@ -137,8 +139,7 @@ int main(int argc, char *argv[])
     if (ret) {
         ERR_print_errors_fp(stderr);
     }
-    if (in != NULL)
-        BIO_free(in);
+    BIO_free(in);
     exit(ret);
     return (!ret);
 }

demos/bio/server-cmod.c

@@ -0,0 +1,95 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A minimal TLS server it ses SSL_CTX_config and a configuration file to
+ * set most server parameters.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char *argv[])
+{
+    unsigned char buf[512];
+    char *port = "*:4433";
+    BIO *in = NULL;
+    BIO *ssl_bio, *tmp;
+    SSL_CTX *ctx;
+    int ret = 1, i;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+
+    if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
+        fprintf(stderr, "Error processing config file\n");
+        goto err;
+    }
+
+    if (SSL_CTX_config(ctx, "server") == 0) {
+        fprintf(stderr, "Error configuring server.\n");
+        goto err;
+    }
+
+    /* Setup server side SSL bio */
+    ssl_bio = BIO_new_ssl(ctx, 0);
+
+    if ((in = BIO_new_accept(port)) == NULL)
+        goto err;
+
+    /*
+     * This means that when a new connection is accepted on 'in', The ssl_bio
+     * will be 'duplicated' and have the new socket BIO push into it.
+     * Basically it means the SSL BIO will be automatically setup
+     */
+    BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+    /*
+     * The first call will setup the accept socket, and the second will get a
+     * socket.  In this loop, the first actual accept will occur in the
+     * BIO_read() function.
+     */
+
+    if (BIO_do_accept(in) <= 0)
+        goto err;
+
+    for (;;) {
+        i = BIO_read(in, buf, sizeof(buf));
+        if (i == 0) {
+            /*
+             * If we have finished, remove the underlying BIO stack so the
+             * next time we call any function for this BIO, it will attempt
+             * to do an accept
+             */
+            printf("Done\n");
+            tmp = BIO_pop(in);
+            BIO_free_all(tmp);
+            goto again;
+        }
+        if (i < 0) {
+            if (BIO_should_retry(in))
+                continue;
+            goto err;
+        }
+        fwrite(buf, 1, i, stdout);
+        fflush(stdout);
+    }
+
+    ret = 0;
+ err:
+    if (ret) {
+        ERR_print_errors_fp(stderr);
+    }
+    BIO_free(in);
+    exit(ret);
+    return (!ret);
+}

demos/bio/server-conf.c

@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/saccept-conf.c */
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
 
 /*
  * A minimal program to serve an SSL connection. It uses blocking. It uses
@@ -8,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -27,10 +34,7 @@ int main(int argc, char *argv[])
     char buf[512];
     int ret = 1, i;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
+    ctx = SSL_CTX_new(TLS_server_method());
 
     conf = NCONF_new(NULL);
 
@@ -49,7 +53,6 @@ int main(int argc, char *argv[])
         goto err;
     }
 
-    ctx = SSL_CTX_new(SSLv23_server_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
@@ -67,7 +70,7 @@ int main(int argc, char *argv[])
             ERR_print_errors_fp(stderr);
             goto err;
         }
-        if (!strcmp(cnf->name, "Port")) {
+        if (strcmp(cnf->name, "Port") == 0) {
             port = cnf->value;
         } else {
             fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -131,8 +134,7 @@ int main(int argc, char *argv[])
     if (ret) {
         ERR_print_errors_fp(stderr);
     }
-    if (in != NULL)
-        BIO_free(in);
+    BIO_free(in);
     exit(ret);
     return (!ret);
 }

demos/bio/server-ec.pem

@@ -0,0 +1,17 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN
+lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn
+KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM
+FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x
+NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE
+U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg
+BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ
+lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5
+gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm
+fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse
+VktDYjE=
+-----END CERTIFICATE-----

demos/bio/server.pem

@@ -1,27 +1,52 @@
 subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
 issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW
+MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS
+UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD
+QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC
+VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H
+IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g
+3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/
++qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O
+EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi
+Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu
+/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj
+eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2
+w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R
+sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN
+Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr
+hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K
+FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ
+rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox
++ybAZO8hxL6/I08/GQ==
+-----END CERTIFICATE-----
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
 BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv

demos/bio/shared.opt

@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE

demos/bio/static.opt

@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB