[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Tue Sep 20 16:25:21 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  435972c17211df1bc6bb5276385f2223aafe3848 (commit)
       via  9c067c8991ac450c508d04d2387d6d5f41a41a92 (commit)
       via  0430efa62fbae715a8cee56e9b2498b8a3c0fe0d (commit)
       via  3ed2d8a4b85fd361c733316883174309275f5e29 (commit)
       via  b90348c7c57f2a6ba129fd2cb9a5889401fe3f91 (commit)
       via  d57569388379c72271a0703e68a5eaffa7ffebca (commit)
       via  f506d8247709f82ec1b123819ea975afe45a55c5 (commit)
      from  3fd181a8b5b85a1f7383e82438da494a08f7d843 (commit)


- Log -----------------------------------------------------------------
commit 435972c17211df1bc6bb5276385f2223aafe3848
Author: Richard Levitte <levitte at openssl.org>
Date:   Sun Sep 18 23:52:30 2016 +0200

    Documentation fixup; no more ECDHParameters
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 6e836806add140fa9e56d1226d7514fdfa2c803a)

commit 9c067c8991ac450c508d04d2387d6d5f41a41a92
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 01:53:38 2016 +0200

    Crude VMS build files for demos/bio/
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 8c88c88b5ad43bbdf1f6e7602b6ac56c9031b153)

commit 0430efa62fbae715a8cee56e9b2498b8a3c0fe0d
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 01:01:30 2016 +0200

    Crude Makefile for demos/bio/
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit f4566dff06d2539dd01f54c817e2b952b64452e4)

commit 3ed2d8a4b85fd361c733316883174309275f5e29
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 01:01:15 2016 +0200

    Don't ignore Makefiles in demos/
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit ccf11f7ee49a0825caa407ed481c21b4b5933023)

commit b90348c7c57f2a6ba129fd2cb9a5889401fe3f91
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 09:32:00 2016 +0200

    Fixup BIO demos for OpenSSL 1.1.x
    
    Call SSL_CTX_new() before doing any configuration.
    (or call OPENSSL_ssl_init())
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 54d72ef0f019db383f8e98342b9b77c5da8541e5)

commit d57569388379c72271a0703e68a5eaffa7ffebca
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 00:59:00 2016 +0200

    Fixup BIO demos for OpenSSL 1.1.x
    
    'ECDHParameters = Automatic' isn't accepted.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 3656ea1c2217f38d44f3f34253e7c16f1b40ba77)

commit f506d8247709f82ec1b123819ea975afe45a55c5
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 9 00:58:21 2016 +0200

    Fixup BIO demos for OpenSSL 1.1.x
    
    Note: server-cmod doesn't seem to do things right...  from loading
    cmod.cnf, it tries to load libssl_conf.so.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 16c6deed2c42d4cf4a7676a32b718d6a867f482a)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore               |  2 ++
 demos/bio/Makefile       | 30 ++++++++++++++++++++++++++++++
 demos/bio/accept.cnf     |  2 --
 demos/bio/client-arg.c   |  4 ----
 demos/bio/client-conf.c  |  4 ----
 demos/bio/descrip.mms    | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 demos/bio/saccept.c      |  7 +------
 demos/bio/sconnect.c     |  5 -----
 demos/bio/server-arg.c   |  6 +-----
 demos/bio/server-cmod.c  |  7 +------
 demos/bio/server-conf.c  |  7 ++-----
 demos/bio/shared.opt     |  2 ++
 demos/bio/static.opt     |  2 ++
 doc/ssl/SSL_CONF_cmd.pod | 10 ----------
 14 files changed, 88 insertions(+), 47 deletions(-)
 create mode 100644 demos/bio/Makefile
 create mode 100644 demos/bio/descrip.mms
 create mode 100644 demos/bio/shared.opt
 create mode 100644 demos/bio/static.opt

diff --git a/.gitignore b/.gitignore
index 730731f..23c48be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,8 @@
 
 # *all* Makefiles
 Makefile
+# ... except in demos
+!/demos/*/Makefile
 
 # Links under apps
 /apps/CA.pl
diff --git a/demos/bio/Makefile b/demos/bio/Makefile
new file mode 100644
index 0000000..493e8a5
--- /dev/null
+++ b/demos/bio/Makefile
@@ -0,0 +1,30 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+#    make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./server-arg
+#    LD_LIBRARY_PATH=../.. ./server-cmod
+#    LD_LIBRARY_PATH=../.. ./server-conf
+#    LD_LIBRARY_PATH=../.. ./client-arg
+#    LD_LIBRARY_PATH=../.. ./client-conf
+#    LD_LIBRARY_PATH=../.. ./saccept
+#    LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf
index 5a2ef45..eb69658 100644
--- a/demos/bio/accept.cnf
+++ b/demos/bio/accept.cnf
@@ -5,8 +5,6 @@ Port = 4433
 # Protocol = ALL, -TLSv1.2
 # Only support 3 curves
 Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
 # Restricted signature algorithms
 SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 
 Certificate=server.pem
diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c
index 9e136e5..e8d5e46 100644
--- a/demos/bio/client-arg.c
+++ b/demos/bio/client-arg.c
@@ -23,10 +23,6 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     int nargs = argc - 1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
     ctx = SSL_CTX_new(TLS_client_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c
index 66b5cac..e819030 100644
--- a/demos/bio/client-conf.c
+++ b/demos/bio/client-conf.c
@@ -26,10 +26,6 @@ int main(int argc, char **argv)
     const char *connect_str = "localhost:4433";
     long errline = -1;
 
-    ERR_load_crypto_strings();
-    ERR_load_SSL_strings();
-    SSL_library_init();
-
     conf = NCONF_new(NULL);
 
     if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms
new file mode 100644
index 0000000..8e127b0
--- /dev/null
+++ b/demos/bio/descrip.mms
@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+	IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+	IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+	DEASSIGN OPT
+
+.DEFAULT :
+	@ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe : 
+	$(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+      server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 106a089..66c5c61 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -26,7 +26,7 @@
 
 static int done = 0;
 
-void interrupt()
+void interrupt(int sig)
 {
     done = 1;
 }
@@ -58,11 +58,6 @@ int main(int argc, char *argv[])
     else
         port = argv[1];
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
     ctx = SSL_CTX_new(TLS_server_method());
     if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
         goto err;
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index 284bc30..664a1e0 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -55,11 +55,6 @@ char *argv[];
     sock_init();
 #endif
 
-    /* Lets get nice error messages */
-    SSL_load_error_strings();
-
-    /* Setup all the global SSL stuff */
-    OpenSSL_add_ssl_algorithms();
     ssl_ctx = SSL_CTX_new(TLS_client_method());
 
     /* Enable trust chain verification */
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index 4e9b7bd..6056969 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -14,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -30,11 +31,6 @@ int main(int argc, char *argv[])
     char **args = argv + 1;
     int nargs = argc - 1;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
-
     ctx = SSL_CTX_new(TLS_server_method());
 
     cctx = SSL_CONF_CTX_new();
diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c
index 77b456a..9cb2463 100644
--- a/demos/bio/server-cmod.c
+++ b/demos/bio/server-cmod.c
@@ -27,18 +27,13 @@ int main(int argc, char *argv[])
     SSL_CTX *ctx;
     int ret = 1, i;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
+    ctx = SSL_CTX_new(TLS_server_method());
 
     if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
         fprintf(stderr, "Error processing config file\n");
         goto err;
     }
 
-    ctx = SSL_CTX_new(TLS_server_method());
-
     if (SSL_CTX_config(ctx, "server") == 0) {
         fprintf(stderr, "Error configuring server.\n");
         goto err;
diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
index 32abefd..41b1308 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -14,6 +14,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <signal.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -33,10 +34,7 @@ int main(int argc, char *argv[])
     char buf[512];
     int ret = 1, i;
 
-    SSL_load_error_strings();
-
-    /* Add ciphers and message digests */
-    OpenSSL_add_ssl_algorithms();
+    ctx = SSL_CTX_new(TLS_server_method());
 
     conf = NCONF_new(NULL);
 
@@ -55,7 +53,6 @@ int main(int argc, char *argv[])
         goto err;
     }
 
-    ctx = SSL_CTX_new(TLS_server_method());
     cctx = SSL_CONF_CTX_new();
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
diff --git a/demos/bio/shared.opt b/demos/bio/shared.opt
new file mode 100644
index 0000000..4141b93
--- /dev/null
+++ b/demos/bio/shared.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE
diff --git a/demos/bio/static.opt b/demos/bio/static.opt
new file mode 100644
index 0000000..9ca1588
--- /dev/null
+++ b/demos/bio/static.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 7b38489..d8c0e9b 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -263,16 +263,6 @@ The B<value> argument is a colon separated list of curves. The curve can be
 either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
 B<prime256v1>). Curve names are case sensitive.
 
-=item B<ECDHParameters>
-
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
-servers
-
-The B<value> argument is a curve name or the special value B<Automatic> which
-picks an appropriate curve based on client and server preferences. The curve
-can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
-(e.g B<prime256v1>). Curve names are case sensitive.
-
 =item B<MinProtocol>
 
 This sets the minimum supported SSL, TLS or DTLS version.


More information about the openssl-commits mailing list