diff options
| author | Peter Jones <pjones@redhat.com> | 2018-10-08 13:31:30 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2018-10-09 17:50:01 -0400 |
| commit | b86e8e7e9c4d4191d556a52fbd2c3e614ddb246e (patch) | |
| tree | ca28062a443b69ba44c28ad01c31f522c0e12992 /CryptoPkg/Library/OpensslLib/openssl/demos/bio | |
| parent | 6dfae5e78b327f4671f10e85a42c94cad9064bd6 (diff) | |
| download | efi-boot-shim-openssl-rebase-helper-start.tar.gz efi-boot-shim-openssl-rebase-helper-start.zip | |
Add CryptoPkg/Library/BaseCryptLib/ and CryptoPkg/Library/OpensslLib/openssl-rebase-helper-start
Diffstat (limited to 'CryptoPkg/Library/OpensslLib/openssl/demos/bio')
15 files changed, 1014 insertions, 0 deletions
diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile new file mode 100644 index 00000000..493e8a58 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile @@ -0,0 +1,30 @@ +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./server-arg +# LD_LIBRARY_PATH=../.. ./server-cmod +# LD_LIBRARY_PATH=../.. ./server-conf +# LD_LIBRARY_PATH=../.. ./client-arg +# LD_LIBRARY_PATH=../.. ./client-conf +# LD_LIBRARY_PATH=../.. ./saccept +# LD_LIBRARY_PATH=../.. ./sconnect + +CFLAGS = $(OPENSSL_INCS_LOCATION) +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS) + +all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf + +client-arg: client-arg.o +client-conf: client-conf.o +saccept: saccept.o +sconnect: sconnect.o +server-arg: server-arg.o +server-cmod: server-cmod.o +server-conf: server-conf.o + +client-arg client-conf saccept sconnect server-arg server-cmod server-conf: + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README new file mode 100644 index 00000000..a36bb48a --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README @@ -0,0 +1,7 @@ +This directory contains some simple examples of the use of BIO's +to simplify socket programming. + +The client-conf, server-conf, client-arg and client-conf include examples +of how to use the SSL_CONF API for configuration file or command line +processing. + diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf new file mode 100644 index 00000000..eb696583 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf @@ -0,0 +1,17 @@ +# Example configuration file +# Port to listen on +Port = 4433 +# Disable TLS v1.2 for test. +# Protocol = ALL, -TLSv1.2 +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 +Certificate=server.pem +PrivateKey=server.pem +ChainCAFile=root.pem +VerifyCAFile=root.pem + +# Request certificate +VerifyMode=Request +ClientCAFile=root.pem diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c new file mode 100644 index 00000000..e8d5e46a --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c @@ -0,0 +1,117 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +int main(int argc, char **argv) +{ + BIO *sbio = NULL, *out = NULL; + int len; + char tmpbuf[1024]; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + SSL *ssl; + char **args = argv + 1; + const char *connect_str = "localhost:4433"; + int nargs = argc - 1; + + ctx = SSL_CTX_new(TLS_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto end; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto end; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (strcmp(*args, "-connect") == 0) { + connect_str = args[1]; + if (connect_str == NULL) { + fprintf(stderr, "Missing -connect argument\n"); + goto end; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + return 0; +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c new file mode 100644 index 00000000..e819030e --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c @@ -0,0 +1,126 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char **argv) +{ + BIO *sbio = NULL, *out = NULL; + int i, len, rv; + char tmpbuf[1024]; + SSL_CTX *ctx = NULL; + SSL_CONF_CTX *cctx = NULL; + SSL *ssl = NULL; + CONF *conf = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + CONF_VALUE *cnf; + const char *connect_str = "localhost:4433"; + long errline = -1; + + conf = NCONF_new(NULL); + + if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { + if (errline <= 0) + fprintf(stderr, "Error processing config file\n"); + else + fprintf(stderr, "Error on line %ld\n", errline); + goto end; + } + + sect = NCONF_get_section(conf, "default"); + + if (sect == NULL) { + fprintf(stderr, "Error retrieving default section\n"); + goto end; + } + + ctx = SSL_CTX_new(TLS_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + cnf = sk_CONF_VALUE_value(sect, i); + rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); + if (rv > 0) + continue; + if (rv != -2) { + fprintf(stderr, "Error processing %s = %s\n", + cnf->name, cnf->value); + ERR_print_errors_fp(stderr); + goto end; + } + if (strcmp(cnf->name, "Connect") == 0) { + connect_str = cnf->value; + } else { + fprintf(stderr, "Unknown configuration option %s\n", cnf->name); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + NCONF_free(conf); + return 0; +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf new file mode 100644 index 00000000..39ac54ed --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf @@ -0,0 +1,24 @@ +# Example config module configuration + +# Name supplied by application to CONF_modules_load_file +# and section containing configuration +testapp = test_sect + +[test_sect] +# list of configuration modules + +# SSL configuration module +ssl_conf = ssl_sect + +[ssl_sect] +# list of SSL configurations +server = server_sect + +[server_sect] +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 +# Certificates and keys +RSA.Certificate=server.pem +ECDSA.Certificate=server-ec.pem diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf new file mode 100644 index 00000000..4dee03c3 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf @@ -0,0 +1,9 @@ +# Example configuration file +# Connects to the default port of s_server +Connect = localhost:4433 +# Disable TLS v1.2 for test. +# Protocol = ALL, -TLSv1.2 +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms new file mode 100644 index 00000000..8e127b07 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms @@ -0,0 +1,47 @@ +# This build description trusts that the following logical names are defined: +# +# For compilation: OPENSSL +# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR +# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL +# +# These are normally defined with the OpenSSL startup procedure + +# By default, we link with the shared libraries +SHARED = TRUE + +# Alternative, for linking with static libraries +#SHARED = FALSE + +.FIRST : + IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt + IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt + +.LAST : + DEASSIGN OPT + +.DEFAULT : + @ ! + +# Because we use an option file, we need to redefine this +.obj.exe : + $(LINK) $(LINKFLAGS) $<,OPT:/OPT + +all : client-arg.exe client-conf.exe saccept.exe sconnect.exe - + server-arg.exe server-cmod.exe server-conf.exe + +client-arg.exe : client-arg.obj +client-conf.exe : client-conf.obj +saccept.exe : saccept.obj +sconnect.exe : sconnect.obj +server-arg.exe : server-arg.obj +server-cmod.exe : server-cmod.obj +server-conf.exe : server-conf.obj + +# Stoopid MMS doesn't infer this automatically... +client-arg.obj : client-arg.c +client-conf.obj : client-conf.c +saccept.obj : saccept.c +sconnect.obj : sconnect.c +server-arg.obj : server-arg.c +server-cmod.obj : server-cmod.c +server-conf.obj : server-conf.c diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c new file mode 100644 index 00000000..66c5c617 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c @@ -0,0 +1,122 @@ +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * A minimal program to serve an SSL connection. + * It uses blocking. + * saccept host:port + * host is the interface IP to use. If any interface, use *:port + * The default it *:4433 + * + * cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#define CERT_FILE "server.pem" + +static int done = 0; + +void interrupt(int sig) +{ + done = 1; +} + +void sigsetup(void) +{ + struct sigaction sa; + + /* + * Catch at most once, and don't restart the accept system call. + */ + sa.sa_flags = SA_RESETHAND; + sa.sa_handler = interrupt; + sigemptyset(&sa.sa_mask); + sigaction(SIGINT, &sa, NULL); +} + +int main(int argc, char *argv[]) +{ + char *port = NULL; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + char buf[512]; + int ret = 1, i; + + if (argc <= 1) + port = "*:4433"; + else + port = argv[1]; + + ctx = SSL_CTX_new(TLS_server_method()); + if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + /* Arrange to leave server loop on interrupt */ + sigsetup(); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + while (!done) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c new file mode 100644 index 00000000..664a1e03 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c @@ -0,0 +1,131 @@ +/* + * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * A minimal program to do SSL to a passed host and port. + * It is actually using non-blocking IO but in a very simple manner + * sconnect host:port - it does a 'GET / HTTP/1.0' + * + * cc -I../../include sconnect.c -L../.. -lssl -lcrypto + */ +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#define HOSTPORT "localhost:4433" +#define CAFILE "root.pem" + +extern int errno; + +int main(argc, argv) +int argc; +char *argv[]; +{ + const char *hostport = HOSTPORT; + const char *CAfile = CAFILE; + char *hostname; + char *cp; + BIO *out = NULL; + char buf[1024 * 10], *p; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl; + BIO *ssl_bio; + int i, len, off, ret = 1; + + if (argc > 1) + hostport = argv[1]; + if (argc > 2) + CAfile = argv[2]; + + hostname = OPENSSL_strdup(hostport); + if ((cp = strchr(hostname, ':')) != NULL) + *cp = 0; + +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + + ssl_ctx = SSL_CTX_new(TLS_client_method()); + + /* Enable trust chain verification */ + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); + + /* Lets make a SSL structure */ + ssl = SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Enable peername verification */ + if (SSL_set1_host(ssl, hostname) <= 0) + goto err; + + /* Use it inside an SSL BIO */ + ssl_bio = BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out = BIO_new(BIO_s_connect()); + BIO_set_conn_hostname(out, hostport); + BIO_set_nbio(out, 1); + out = BIO_push(ssl_bio, out); + + p = "GET / HTTP/1.0\r\n\r\n"; + len = strlen(p); + + off = 0; + for (;;) { + i = BIO_write(out, &(p[off]), len); + if (i <= 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "write DELAY\n"); + sleep(1); + continue; + } else { + goto err; + } + } + off += i; + len -= i; + if (len <= 0) + break; + } + + for (;;) { + i = BIO_read(out, buf, sizeof(buf)); + if (i == 0) + break; + if (i < 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf, 1, i, stdout); + } + + ret = 1; + goto done; + + err: + if (ERR_peek_error() == 0) { /* system call error */ + fprintf(stderr, "errno=%d ", errno); + perror("error"); + } else + ERR_print_errors_fp(stderr); + done: + BIO_free_all(out); + SSL_CTX_free(ssl_ctx); + return (ret == 1); +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c new file mode 100644 index 00000000..6056969f --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c @@ -0,0 +1,145 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal program to serve an SSL connection. It uses blocking. It use the + * SSL_CONF API with the command line. cc -I../../include server-arg.c + * -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +int main(int argc, char *argv[]) +{ + char *port = "*:4433"; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + char buf[512]; + BIO *in = NULL; + int ret = 1, i; + char **args = argv + 1; + int nargs = argc - 1; + + ctx = SSL_CTX_new(TLS_server_method()); + + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto err; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto err; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (strcmp(*args, "-port") == 0) { + port = args[1]; + if (port == NULL) { + fprintf(stderr, "Missing -port argument\n"); + goto err; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto err; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } +#ifdef ITERATE_CERTS + /* + * Demo of how to iterate over all certificates in an SSL_CTX structure. + */ + { + X509 *x; + int rv; + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST); + while (rv) { + X509 *x = SSL_CTX_get0_certificate(ctx); + X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, + XN_FLAG_ONELINE); + printf("\n"); + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); + } + fflush(stdout); + } +#endif + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c new file mode 100644 index 00000000..9cb24637 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c @@ -0,0 +1,95 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal TLS server it ses SSL_CTX_config and a configuration file to + * set most server parameters. + */ + +#include <stdio.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char *argv[]) +{ + unsigned char buf[512]; + char *port = "*:4433"; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + int ret = 1, i; + + ctx = SSL_CTX_new(TLS_server_method()); + + if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { + fprintf(stderr, "Error processing config file\n"); + goto err; + } + + if (SSL_CTX_config(ctx, "server") == 0) { + fprintf(stderr, "Error configuring server.\n"); + goto err; + } + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, sizeof(buf)); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) { + if (BIO_should_retry(in)) + continue; + goto err; + } + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c new file mode 100644 index 00000000..41b13089 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c @@ -0,0 +1,140 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal program to serve an SSL connection. It uses blocking. It uses + * the SSL_CONF API with a configuration file. cc -I../../include saccept.c + * -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char *argv[]) +{ + char *port = "*:4433"; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx = NULL; + CONF *conf = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + CONF_VALUE *cnf; + long errline = -1; + char buf[512]; + int ret = 1, i; + + ctx = SSL_CTX_new(TLS_server_method()); + + conf = NCONF_new(NULL); + + if (NCONF_load(conf, "accept.cnf", &errline) <= 0) { + if (errline <= 0) + fprintf(stderr, "Error processing config file\n"); + else + fprintf(stderr, "Error on line %ld\n", errline); + goto err; + } + + sect = NCONF_get_section(conf, "default"); + + if (sect == NULL) { + fprintf(stderr, "Error retrieving default section\n"); + goto err; + } + + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + int rv; + cnf = sk_CONF_VALUE_value(sect, i); + rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); + if (rv > 0) + continue; + if (rv != -2) { + fprintf(stderr, "Error processing %s = %s\n", + cnf->name, cnf->value); + ERR_print_errors_fp(stderr); + goto err; + } + if (strcmp(cnf->name, "Port") == 0) { + port = cnf->value; + } else { + fprintf(stderr, "Unknown configuration option %s\n", cnf->name); + goto err; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) { + if (BIO_should_retry(in)) + continue; + goto err; + } + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt new file mode 100644 index 00000000..4141b93a --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL_SHR/SHARE +OSSL$LIBCRYPTO_SHR/SHARE diff --git a/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt new file mode 100644 index 00000000..9ca1588f --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL/LIB +OSSL$LIBCRYPTO/LIB |