diff options
Diffstat (limited to 'openssl/demos/bio')
-rw-r--r-- | openssl/demos/bio/Makefile | 16 | ||||
-rw-r--r-- | openssl/demos/bio/README | 3 | ||||
-rw-r--r-- | openssl/demos/bio/saccept.c | 112 | ||||
-rw-r--r-- | openssl/demos/bio/sconnect.c | 121 | ||||
-rw-r--r-- | openssl/demos/bio/server.pem | 30 |
5 files changed, 282 insertions, 0 deletions
diff --git a/openssl/demos/bio/Makefile b/openssl/demos/bio/Makefile new file mode 100644 index 000000000..435154053 --- /dev/null +++ b/openssl/demos/bio/Makefile @@ -0,0 +1,16 @@ +CC=cc +CFLAGS= -g -I../../include +LIBS= -L../.. ../../libssl.a ../../libcrypto.a +EXAMPLES=saccept sconnect + +all: $(EXAMPLES) + +saccept: saccept.o + $(CC) -o saccept saccept.o $(LIBS) + +sconnect: sconnect.o + $(CC) -o sconnect sconnect.o $(LIBS) + +clean: + rm -f $(EXAMPLES) *.o + diff --git a/openssl/demos/bio/README b/openssl/demos/bio/README new file mode 100644 index 000000000..0b24e5b80 --- /dev/null +++ b/openssl/demos/bio/README @@ -0,0 +1,3 @@ +This directory contains some simple examples of the use of BIO's +to simplify socket programming. + diff --git a/openssl/demos/bio/saccept.c b/openssl/demos/bio/saccept.c new file mode 100644 index 000000000..40cd4daad --- /dev/null +++ b/openssl/demos/bio/saccept.c @@ -0,0 +1,112 @@ +/* NOCW */ +/* demos/bio/saccept.c */ + +/* A minimal program to server an SSL connection. + * It uses blocking. + * saccept host:port + * host is the interface IP to use. If any interface, use *:port + * The default it *:4433 + * + * cc -I../../include saccept.c -L../.. -lssl -lcrypto + */ + +#include <stdio.h> +#include <signal.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#define CERT_FILE "server.pem" + +BIO *in=NULL; + +void close_up() + { + if (in != NULL) + BIO_free(in); + } + +int main(argc,argv) +int argc; +char *argv[]; + { + char *port=NULL; + BIO *ssl_bio,*tmp; + SSL_CTX *ctx; + SSL *ssl; + char buf[512]; + int ret=1,i; + + if (argc <= 1) + port="*:4433"; + else + port=argv[1]; + + signal(SIGINT,close_up); + + SSL_load_error_strings(); + +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + + /* Add ciphers and message digests */ + OpenSSL_add_ssl_algorithms(); + + ctx=SSL_CTX_new(SSLv23_server_method()); + if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl=SSL_new(ctx); + ssl_bio=BIO_new_ssl(ctx,0); + + if ((in=BIO_new_accept(port)) == NULL) goto err; + + /* This means that when a new connection is acceptede on 'in', + * The ssl_bio will be 'dupilcated' and have the new socket + * BIO push into it. Basically it means the SSL BIO will be + * automatically setup */ + BIO_set_accept_bios(in,ssl_bio); + +again: + /* The first call will setup the accept socket, and the second + * will get a socket. In this loop, the first actual accept + * will occur in the BIO_read() function. */ + + if (BIO_do_accept(in) <= 0) goto err; + + for (;;) + { + i=BIO_read(in,buf,512); + if (i == 0) + { + /* If we have finished, remove the underlying + * BIO stack so the next time we call any function + * for this BIO, it will attempt to do an + * accept */ + printf("Done\n"); + tmp=BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) goto err; + fwrite(buf,1,i,stdout); + fflush(stdout); + } + + ret=0; +err: + if (ret) + { + ERR_print_errors_fp(stderr); + } + if (in != NULL) BIO_free(in); + exit(ret); + return(!ret); + } + diff --git a/openssl/demos/bio/sconnect.c b/openssl/demos/bio/sconnect.c new file mode 100644 index 000000000..880344eb7 --- /dev/null +++ b/openssl/demos/bio/sconnect.c @@ -0,0 +1,121 @@ +/* NOCW */ +/* demos/bio/sconnect.c */ + +/* A minimal program to do SSL to a passed host and port. + * It is actually using non-blocking IO but in a very simple manner + * sconnect host:port - it does a 'GET / HTTP/1.0' + * + * cc -I../../include sconnect.c -L../.. -lssl -lcrypto + */ +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +extern int errno; + +int main(argc,argv) +int argc; +char *argv[]; + { + char *host; + BIO *out; + char buf[1024*10],*p; + SSL_CTX *ssl_ctx=NULL; + SSL *ssl; + BIO *ssl_bio; + int i,len,off,ret=1; + + if (argc <= 1) + host="localhost:4433"; + else + host=argv[1]; + +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + + /* Lets get nice error messages */ + SSL_load_error_strings(); + + /* Setup all the global SSL stuff */ + OpenSSL_add_ssl_algorithms(); + ssl_ctx=SSL_CTX_new(SSLv23_client_method()); + + /* Lets make a SSL structure */ + ssl=SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Use it inside an SSL BIO */ + ssl_bio=BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out=BIO_new(BIO_s_connect()); + BIO_set_conn_hostname(out,host); + BIO_set_nbio(out,1); + out=BIO_push(ssl_bio,out); + + p="GET / HTTP/1.0\r\n\r\n"; + len=strlen(p); + + off=0; + for (;;) + { + i=BIO_write(out,&(p[off]),len); + if (i <= 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"write DELAY\n"); + sleep(1); + continue; + } + else + { + goto err; + } + } + off+=i; + len-=i; + if (len <= 0) break; + } + + for (;;) + { + i=BIO_read(out,buf,sizeof(buf)); + if (i == 0) break; + if (i < 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf,1,i,stdout); + } + + ret=1; + + if (0) + { +err: + if (ERR_peek_error() == 0) /* system call error */ + { + fprintf(stderr,"errno=%d ",errno); + perror("error"); + } + else + ERR_print_errors_fp(stderr); + } + BIO_free_all(out); + if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx); + exit(!ret); + return(ret); + } + diff --git a/openssl/demos/bio/server.pem b/openssl/demos/bio/server.pem new file mode 100644 index 000000000..5cf1387d6 --- /dev/null +++ b/openssl/demos/bio/server.pem @@ -0,0 +1,30 @@ +subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- + +-----BEGIN DH PARAMETERS----- +MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn +a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC +-----END DH PARAMETERS----- + |