diff --git a/Configure b/Configure index 3b6617c177..3c3909cfe5 100755 --- a/Configure +++ b/Configure @@ -77,6 +77,8 @@ EOF # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware # support isn't compiled. +# +# enable-demos Enable the building of the example code in the demos directory # no-hw do not compile support for any crypto hardware. # [no-]threads [don't] try to create a library that is suitable for # multithreaded applications (default is "threads" if we @@ -443,6 +445,7 @@ my @disablables = ( "crypto-mdebug", "ct", "default-thread-pool", + "demos", "deprecated", "des", "devcryptoeng", @@ -570,6 +573,7 @@ our %disabled = ( # "what" => "comment" "buildtest-c++" => "default", "crypto-mdebug" => "default", "crypto-mdebug-backtrace" => "default", + "demos" => "default", "devcryptoeng" => "default", "ec_nistp_64_gcc_128" => "default", "egd" => "default", diff --git a/build.info b/build.info index ad780336d4..fdab98c103 100644 --- a/build.info +++ b/build.info @@ -1,10 +1,13 @@ # Note that some of these directories are filtered in Configure. Look for # %skipdir there for further explanations. -SUBDIRS=crypto ssl apps util tools fuzz providers doc demos +SUBDIRS=crypto ssl apps util tools fuzz providers doc IF[{- !$disabled{tests} -}] SUBDIRS=test ENDIF +IF[{- !$disabled{demos} -}] + SUBDIRS=demos +ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] SUBDIRS=engines ENDIF diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c index 6da22ea440..d44c6242a2 100644 --- a/demos/bio/saccept.c +++ b/demos/bio/saccept.c @@ -27,12 +27,12 @@ static volatile int done = 0; -void interrupt(int sig) +static void interrupt(int sig) { done = 1; } -void sigsetup(void) +static void sigsetup(void) { struct sigaction sa; diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index ef0787c30e..da7d0197f3 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -51,7 +51,8 @@ int main(int argc, char *argv[]) /* Enable trust chain verification */ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); - SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); + if (!SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL)) + goto err; /* Lets make a SSL structure */ ssl = SSL_new(ssl_ctx); diff --git a/demos/cipher/aesccm.c b/demos/cipher/aesccm.c index 3c4b9e7445..49a054f9d3 100644 --- a/demos/cipher/aesccm.c +++ b/demos/cipher/aesccm.c @@ -68,7 +68,7 @@ OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; -int aes_ccm_encrypt(void) +static int aes_ccm_encrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -155,7 +155,7 @@ err: return ret; } -int aes_ccm_decrypt(void) +static int aes_ccm_decrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; diff --git a/demos/cipher/aesgcm.c b/demos/cipher/aesgcm.c index 64fa8184f1..40465b269c 100644 --- a/demos/cipher/aesgcm.c +++ b/demos/cipher/aesgcm.c @@ -67,7 +67,7 @@ static const unsigned char gcm_tag[] = { OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; -int aes_gcm_encrypt(void) +static int aes_gcm_encrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -144,7 +144,7 @@ err: return ret; } -int aes_gcm_decrypt(void) +static int aes_gcm_decrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; diff --git a/demos/cipher/aeskeywrap.c b/demos/cipher/aeskeywrap.c index 3207b85663..4d5df4cd98 100644 --- a/demos/cipher/aeskeywrap.c +++ b/demos/cipher/aeskeywrap.c @@ -53,7 +53,7 @@ static const unsigned char wrap_ct[] = { OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; -int aes_wrap_encrypt(void) +static int aes_wrap_encrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -111,7 +111,7 @@ err: return ret; } -int aes_wrap_decrypt(void) +static int aes_wrap_decrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; diff --git a/demos/cipher/ariacbc.c b/demos/cipher/ariacbc.c index de84d995ec..73605d2d6c 100644 --- a/demos/cipher/ariacbc.c +++ b/demos/cipher/ariacbc.c @@ -52,7 +52,7 @@ static const unsigned char cbc_ct[] = { OSSL_LIB_CTX *libctx = NULL; const char *propq = NULL; -int aria_cbc_encrypt(void) +static int aria_cbc_encrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; @@ -108,7 +108,7 @@ err: return ret; } -int aria_cbc_decrypt(void) +static int aria_cbc_decrypt(void) { int ret = 0; EVP_CIPHER_CTX *ctx; diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c index 279af82ead..3a1f0c7ba0 100644 --- a/demos/digest/EVP_MD_demo.c +++ b/demos/digest/EVP_MD_demo.c @@ -76,16 +76,16 @@ const unsigned char known_answer[] = { 0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe, }; -int demonstrate_digest(void) +static int demonstrate_digest(void) { OSSL_LIB_CTX *library_context; int ret = 0; const char *option_properties = NULL; EVP_MD *message_digest = NULL; EVP_MD_CTX *digest_context = NULL; - int digest_length; + unsigned int digest_length; unsigned char *digest_value = NULL; - int j; + unsigned int j; library_context = OSSL_LIB_CTX_new(); if (library_context == NULL) { diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c index 409be9b78e..2360af2255 100644 --- a/demos/digest/EVP_MD_stdin.c +++ b/demos/digest/EVP_MD_stdin.c @@ -31,17 +31,17 @@ * a BIO created to read from stdin */ -int demonstrate_digest(BIO *input) +static int demonstrate_digest(BIO *input) { OSSL_LIB_CTX *library_context = NULL; int ret = 0; const char *option_properties = NULL; EVP_MD *message_digest = NULL; EVP_MD_CTX *digest_context = NULL; - int digest_length; + unsigned int digest_length; unsigned char *digest_value = NULL; unsigned char buffer[512]; - int ii; + unsigned int ii; library_context = OSSL_LIB_CTX_new(); if (library_context == NULL) { diff --git a/demos/digest/EVP_MD_xof.c b/demos/digest/EVP_MD_xof.c index a70e4dc412..9635e4539f 100644 --- a/demos/digest/EVP_MD_xof.c +++ b/demos/digest/EVP_MD_xof.c @@ -30,7 +30,7 @@ const char message[] = "This is a test message."; /* Expected output when an output length of 20 bytes is used. */ -static const char known_answer[] = { +static const unsigned char known_answer[] = { 0x52, 0x97, 0x93, 0x78, 0x27, 0x58, 0x7d, 0x62, 0x8b, 0x00, 0x25, 0xb5, 0xec, 0x39, 0x5e, 0x2d, 0x7f, 0x3e, 0xd4, 0x19 diff --git a/demos/guide/quic-multi-stream.c b/demos/guide/quic-multi-stream.c index d31ea245c8..7ca25ff15c 100644 --- a/demos/guide/quic-multi-stream.c +++ b/demos/guide/quic-multi-stream.c @@ -108,8 +108,8 @@ static BIO *create_socket_bio(const char *hostname, const char *port, return bio; } -int write_a_request(SSL *stream, const char *request_start, - const char *hostname) +static int write_a_request(SSL *stream, const char *request_start, + const char *hostname) { const char *request_end = "\r\n\r\n"; size_t written; diff --git a/demos/pkey/EVP_PKEY_DSA_keygen.c b/demos/pkey/EVP_PKEY_DSA_keygen.c index 579f5f790a..42112bcbbc 100644 --- a/demos/pkey/EVP_PKEY_DSA_keygen.c +++ b/demos/pkey/EVP_PKEY_DSA_keygen.c @@ -21,7 +21,7 @@ * See the EVP_PKEY_DSA_paramgen demo if you need to * use non default parameters. */ -EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq) +static EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *dsaparamkey = NULL; EVP_PKEY_CTX *ctx = NULL; diff --git a/demos/pkey/EVP_PKEY_DSA_paramvalidate.c b/demos/pkey/EVP_PKEY_DSA_paramvalidate.c index 4754789f9c..a56c147869 100644 --- a/demos/pkey/EVP_PKEY_DSA_paramvalidate.c +++ b/demos/pkey/EVP_PKEY_DSA_paramvalidate.c @@ -55,8 +55,8 @@ static const char digest[] = "SHA384"; * Create a new dsa param key that is the combination of an existing param key * plus extra parameters. */ -EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams, - OSSL_LIB_CTX *libctx, const char *propq) +static EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY_CTX *out = NULL; EVP_PKEY_CTX *ctx = NULL; diff --git a/demos/sslecho/main.c b/demos/sslecho/main.c index 3114dcfcde..c75eac2bc3 100644 --- a/demos/sslecho/main.c +++ b/demos/sslecho/main.c @@ -29,7 +29,7 @@ typedef unsigned char bool; */ static volatile bool server_running = true; -int create_socket(bool isServer) +static int create_socket(bool isServer) { int s; int optval = 1; @@ -67,7 +67,7 @@ int create_socket(bool isServer) return s; } -SSL_CTX* create_context(bool isServer) +static SSL_CTX* create_context(bool isServer) { const SSL_METHOD *method; SSL_CTX *ctx; @@ -87,7 +87,7 @@ SSL_CTX* create_context(bool isServer) return ctx; } -void configure_server_context(SSL_CTX *ctx) +static void configure_server_context(SSL_CTX *ctx) { /* Set the key and cert */ if (SSL_CTX_use_certificate_chain_file(ctx, "cert.pem") <= 0) { @@ -101,7 +101,7 @@ void configure_server_context(SSL_CTX *ctx) } } -void configure_client_context(SSL_CTX *ctx) +static void configure_client_context(SSL_CTX *ctx) { /* * Configure the client to abort the handshake if certificate verification @@ -119,7 +119,7 @@ void configure_client_context(SSL_CTX *ctx) } } -void usage(void) +static void usage(void) { printf("Usage: sslecho s\n"); printf(" --or--\n"); @@ -207,7 +207,10 @@ int main(int argc, char **argv) /* Create server SSL structure using newly accepted client socket */ ssl = SSL_new(ssl_ctx); - SSL_set_fd(ssl, client_skt); + if (!SSL_set_fd(ssl, client_skt)) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } /* Wait for SSL connection from the client */ if (SSL_accept(ssl) <= 0) { @@ -279,11 +282,17 @@ int main(int argc, char **argv) /* Create client SSL structure using dedicated client socket */ ssl = SSL_new(ssl_ctx); - SSL_set_fd(ssl, client_skt); + if (!SSL_set_fd(ssl, client_skt)) { + ERR_print_errors_fp(stderr); + goto exit; + } /* Set hostname for SNI */ SSL_set_tlsext_host_name(ssl, rem_server_ip); /* Configure server hostname check */ - SSL_set1_host(ssl, rem_server_ip); + if (!SSL_set1_host(ssl, rem_server_ip)) { + ERR_print_errors_fp(stderr); + goto exit; + } /* Now do SSL connect with server */ if (SSL_connect(ssl) == 1) {