diff options
60 files changed, 0 insertions, 11367 deletions
diff --git a/demos/easy_tls/Makefile.in b/demos/easy_tls/Makefile.in deleted file mode 100644 index 087caa8afc..0000000000 --- a/demos/easy_tls/Makefile.in +++ /dev/null @@ -1,124 +0,0 @@ -# Makefile for easy-tls example application (rudimentary client and server) -# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $ - -SOLARIS_CFLAGS=-Wall -pedantic -g -O2 -SOLARIS_LIBS=-lxnet - -LINUX_CFLAGS=-Wall -pedantic -g -O2 -LINUX_LIBS= - - -auto-all: - case `uname -s` in \ - SunOS) echo Using SunOS configuration; \ - make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \ - Linux) echo Using Linux configuration; \ - make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \ - *) echo "unknown system"; exit 1;; \ - esac - -all: test TAGS - -# For adapting this Makefile to a different system, only the following -# definitions should need customizing: - -OPENSSLDIR=../.. -CC=gcc - -SYSCFLAGS=whatever -SYSLIBS=whatever - - -############################################################################# -# -# SSLeay/OpenSSL imports -# -# OPENSSLDIR (set above) can be either the directory where OpenSSL is -# installed or the directory where it was compiled. - -# We rely on having a new OpenSSL release where include files -# have names like <openssl/ssl.h> (not just <ssl.h>). -OPENSSLINCLUDES=-I$(OPENSSLDIR)/include - -# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is -# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed -# library. With the following definition, we can handle either case. -OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto - - -############################################################################# -# -# Stuff for handling the source files -# - -SOURCES=easy-tls.c test.c -HEADERS=easy-tls.h test.h -DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem -EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc) - -ls: ls-l -ls-l: - ls -l $(EVERYTHING) -# For RCS: -tag: - -rcs -n_`date +%y%m%d`: $(EVERYTHING) - rcs -nMYTAG $(EVERYTHING) - rcs -nMYTAG: $(EVERYTHING) -diff: - -rcsdiff -rMYTAG -u $(EVERYTHING) -today: - -rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING) -ident: - for a in $(EVERYTHING); do ident $$a; done - -# Distribution .tar: -easy-tls.tar.gz: $(EVERYTHING) - tar cvf - $(EVERYTHING) | \ - gzip -9 > easy-tls.tar.gz - -# Working .tar: -tls.tgz: $(EVERYTHING) - tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \ - gzip -9 > tls.tgz - -# For emacs: -etags: TAGS -TAGS: $(SOURCES) $(HEADERS) - -etags $(SOURCES) $(HEADERS) - - -############################################################################# -# -# Compilation -# -# The following definitions are system dependent (and hence defined -# at the beginning of this Makefile, where they are more easily found): - -### CC=gcc -### SYSCFLAGS=-Wall -pedantic -g -O2 -### SYSLIBS=-lxnet - -EXTRACFLAGS=-DTLS_APP=\"test.h\" -# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS - -# -# The rest shouldn't need to be touched. -# -LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS) -INCLUDES=$(OPENSSLINCLUDES) -CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES) - -OBJS=easy-tls.o test.o - -clean: - @rm -f test - @rm -f TAGS - @rm -f *.o - @rm -f core - -test: $(OBJS) - $(CC) $(OBJS) $(LDFLAGS) -o test - -test.o: $(HEADERS) -easy-tls.o: $(HEADERS) -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/demos/easy_tls/README b/demos/easy_tls/README deleted file mode 100644 index ee89dfb942..0000000000 --- a/demos/easy_tls/README +++ /dev/null @@ -1,65 +0,0 @@ -easy_tls - generic SSL/TLS proxy -======== - -(... and example for non-blocking SSL/TLS I/O multiplexing.) - - - easy_tls.c, easy_tls.h: - - Small generic SSL/TLS proxy library: With a few function calls, - an application socket will be replaced by a pipe handled by a - separate SSL/TLS proxy process. This allows easily adding - SSL/TLS support to many programs not originally designed for it. - - [Actually easy_tls.c is not a proper library: Customization - requires defining preprocessor macros while compiling it. - This is quite confusing, so I'll probably change it.] - - These files may be used under the OpenSSL license. - - - - test.c, test.h, Makefile, cert.pem, cacerts.pem: - - Rudimentary example program using the easy_tls library, and - example key and certificates for it. Usage examples: - - $ ./test 8443 # create server listening at port 8443 - $ ./test 127.0.0.1 8443 # create client, connect to port 8443 - # at IP address 127.0.0.1 - - 'test' will not automatically do SSL/TLS, or even read or write - data -- it must be told to do so on input lines starting - with a command letter. 'W' means write a line, 'R' means - read a line, 'C' means close the connection, 'T' means - start an SSL/TLS proxy. E.g. (user input tagged with '*'): - - * R - <<< 220 mail.example.net - * WSTARTTLS - >>> STARTTLS - * R - <<< 220 Ready to start TLS - * T - test_process_init(fd = 3, client_p = 1, apparg = (nil)) - +++ `E:self signed certificate in certificate chain' - +++ `<... certificate info ...>' - * WHELO localhost - >>> HELO localhost - R - <<< 250 mail.example.net - - You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using - 'T' multiple times. I have no idea why you would want to though. - - -This code is rather old. When I find time I will update anything that -should be changed, and improve code comments. To compile the sample -program 'test' on platforms other then Linux or Solaris, you will have -to edit the Makefile. - -As noted above, easy_tls.c will be changed to become a library one -day, which means that future revisions will not be fully compatible to -the current version. - -Bodo Möller <bodo@openssl.org> diff --git a/demos/easy_tls/cacerts.pem b/demos/easy_tls/cacerts.pem deleted file mode 100644 index acc70baf19..0000000000 --- a/demos/easy_tls/cacerts.pem +++ /dev/null @@ -1,18 +0,0 @@ -$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $ - -issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit) -subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) ------BEGIN CERTIFICATE----- -MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD -VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw -OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY -BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0 -IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ -DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv -1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2 -mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v -hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4 -YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA -q30KIqGM/uoM60INq97qjDmCJapagcNBGQs= ------END CERTIFICATE----- diff --git a/demos/easy_tls/cert.pem b/demos/easy_tls/cert.pem deleted file mode 100644 index 364fe10d5b..0000000000 --- a/demos/easy_tls/cert.pem +++ /dev/null @@ -1,31 +0,0 @@ -$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $ - -Example certificate and key. - ------BEGIN CERTIFICATE----- -MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 -ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF -MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF -AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL -tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3 -DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco -9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9 -MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68 -/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2 -ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB -AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU -4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP -I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri -dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM -D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC -Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06 -5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB -AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft -JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08 -Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX ------END RSA PRIVATE KEY----- diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c deleted file mode 100644 index deef1fd48d..0000000000 --- a/demos/easy_tls/easy-tls.c +++ /dev/null @@ -1,1293 +0,0 @@ -/* */ -/*- - * easy-tls.c -- generic TLS proxy. - * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ - */ -/*- - (c) Copyright 1999 Bodo Moeller. All rights reserved. - - This is free software; you can redistributed and/or modify it - unter the terms of either - - the GNU General Public License as published by the - Free Software Foundation, version 1, or (at your option) - any later version, - or - - the following license: -*/ -/*- - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that each of the following - * conditions is met: - * - * 1. Redistributions qualify as "freeware" or "Open Source Software" under - * one of the following terms: - * - * (a) Redistributions are made at no charge beyond the reasonable cost of - * materials and delivery. - * - * (b) Redistributions are accompanied by a copy of the Source Code - * or by an irrevocable offer to provide a copy of the Source Code - * for up to three years at the cost of materials and delivery. - * Such redistributions must allow further use, modification, and - * redistribution of the Source Code under substantially the same - * terms as this license. - * - * 2. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 3. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 4. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by Bodo Moeller." - * (If available, substitute umlauted o for oe.) - * - * 5. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Bodo Moeller." - * - * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR - * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*- - * Attribution for OpenSSL library: - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/) - */ - -static char const rcsid[] = - "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $"; - -#include <assert.h> -#include <errno.h> -#include <fcntl.h> -#include <limits.h> -#include <stdarg.h> -#include <stdio.h> -#include <string.h> -#include <sys/select.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/types.h> -#include <sys/utsname.h> -#include <unistd.h> - -#include <openssl/crypto.h> -#include <openssl/dh.h> -#include <openssl/dsa.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/opensslv.h> -#include <openssl/pem.h> -#include <openssl/rand.h> -#ifndef NO_RSA -# include <openssl/rsa.h> -#endif -#include <openssl/ssl.h> -#include <openssl/x509.h> -#include <openssl/x509_vfy.h> - -#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */ -# error "This program needs OpenSSL 0.9.4 or later." -#endif - -#include "easy-tls.h" /* include after <openssl/ssl.h> if both are - * needed */ - -#if TLS_INFO_SIZE > PIPE_BUF -# if PIPE_BUF < 512 -# error "PIPE_BUF < 512" /* non-POSIX */ -# endif -# error "TLS_INFO_SIZE > PIPE_BUF" -#endif - -/*****************************************************************************/ - -#ifdef TLS_APP -# include TLS_APP -#endif - -/*- - * Applications can define: - * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg) - * TLS_CUMULATE_ERRORS - * TLS_ERROR_BUFSIZ - * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg) - */ - -#ifndef TLS_APP_PROCESS_INIT -# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0) -#endif - -#ifndef TLS_ERROR_BUFSIZ -# define TLS_ERROR_BUFSIZ (10*160) -#endif -#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */ -# error "TLS_ERROR_BUFSIZE is too small." -#endif - -#ifndef TLS_APP_ERRFLUSH -# define TLS_APP_ERRFLUSH tls_app_errflush -static void -tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg) -{ - fputs(errbuf, stderr); -} -#endif - -/*****************************************************************************/ - -#ifdef DEBUG_TLS -# define DEBUG_MSG(x) fprintf(stderr," %s\n",x) -# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y) -static int tls_loop_count = 0; -static int tls_select_count = 0; -#else -# define DEBUG_MSG(x) (void)0 -# define DEBUG_MSG2(x,y) (void)0 -#endif - -static void tls_rand_seed_uniquely(void); -static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, - int client_p); -static int tls_socket_nonblocking(int fd); - -static int tls_child_p = 0; -static void *tls_child_apparg; - -struct tls_start_proxy_args tls_start_proxy_defaultargs(void) -{ - struct tls_start_proxy_args ret; - - ret.fd = -1; - ret.client_p = -1; - ret.ctx = NULL; - ret.pid = NULL; - ret.infofd = NULL; - - return ret; -} - -/*- - * Slice in TLS proxy process at fd. - * Return value: - * 0 ok (*pid is set to child's PID if pid != NULL), - * < 0 look at errno - * > 0 other error - * (return value encodes place of error) - * - */ -int tls_start_proxy(struct tls_start_proxy_args a, void *apparg) -{ - int fds[2] = { -1, -1 }; - int infofds[2] = { -1, -1 }; - int r, getfd, getfl; - int ret; - - DEBUG_MSG2("tls_start_proxy fd", a.fd); - DEBUG_MSG2("tls_start_proxy client_p", a.client_p); - - if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL) - return 1; - - if (a.pid != NULL) { - *a.pid = 0; - } - if (a.infofd != NULL) { - *a.infofd = -1; - } - - r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds); - if (r == -1) - return -1; - if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) { - ret = 2; - goto err; - } - if (a.infofd != NULL) { - r = pipe(infofds); - if (r == -1) { - ret = -3; - goto err; - } - } - - r = fork(); - if (r == -1) { - ret = -4; - goto err; - } - if (r == 0) { - DEBUG_MSG("fork"); - tls_child_p = 1; - tls_child_apparg = apparg; - close(fds[1]); - if (infofds[0] != -1) - close(infofds[0]); - TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg); - DEBUG_MSG("TLS_APP_PROCESS_INIT"); - tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p); - exit(0); - } - if (a.pid != NULL) - *a.pid = r; - if (infofds[1] != -1) { - close(infofds[1]); - infofds[1] = -1; - } - /* install fds[1] in place of fd: */ - close(fds[0]); - fds[0] = -1; - getfd = fcntl(a.fd, F_GETFD); - getfl = fcntl(a.fd, F_GETFL); - r = dup2(fds[1], a.fd); - close(fds[1]); - fds[1] = -1; - if (r == -1) { - ret = -5; - goto err; - } - if (getfd != 1) - fcntl(a.fd, F_SETFD, getfd); - if (getfl & O_NONBLOCK) - (void)tls_socket_nonblocking(a.fd); - if (a.infofd != NULL) - *a.infofd = infofds[0]; - return 0; - - err: - if (fds[0] != -1) - close(fds[0]); - if (fds[1] != -1) - close(fds[1]); - if (infofds[0] != -1) - close(infofds[0]); - if (infofds[1] != -1) - close(infofds[1]); - return ret; -} - -/*****************************************************************************/ - -static char errbuf[TLS_ERROR_BUFSIZ]; -static size_t errbuf_i = 0; - -static void tls_errflush(void *apparg) -{ - if (errbuf_i == 0) - return; - - assert(errbuf_i < sizeof errbuf); - assert(errbuf[errbuf_i] == 0); - if (errbuf_i == sizeof errbuf - 1) { - /* make sure we have a newline, even if string has been truncated */ - errbuf[errbuf_i - 1] = '\n'; - } - - /* - * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute - * other characters for \n for convenience - */ - TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg); - - errbuf_i = 0; -} - -static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) -{ - va_list args; - int r; - - if (errbuf_i < sizeof errbuf - 1) { - size_t n; - - va_start(args, fmt); - n = (sizeof errbuf) - errbuf_i; - r = vsnprintf(errbuf + errbuf_i, n, fmt, args); - if (r >= n) - r = n - 1; - if (r >= 0) { - errbuf_i += r; - } else { - errbuf_i = sizeof errbuf - 1; - errbuf[errbuf_i] = '\0'; - } - |