d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r160814,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Simon L. B. Nielsen 2006-07-29 19:10:21 +00:00
commit f6ab039488
892 changed files with 97114 additions and 19870 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1080
crypto/openssl/CHANGES
View File

File diff suppressed because it is too large Load Diff

163
crypto/openssl/ChangeLog.0_9_7-stable_not-in-head Normal file
View File

@ -0,0 +1,163 @@
This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
provides a collection of those CVS change log entries for the
0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
0.9.8-dev (CVS head).
ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes
ChangeLog.0_9_7-stable_not-in-head - everything else
Some obvious false positives have been eliminated: e.g., we do not
care about a simple "make update"; and we don't care about changes
identified to the 0.9.7 branch that were explicitly identified as
backports from head.
Eliminating all other entries (and finally this file and its
compantion), either as false positives or as things that should go
into 0.9.8, remains to be done. Any additional changes to 0.9.7 that
are not immediately put into 0.9.8, but belong there as well, should
be added to the end of this file.
2002-11-04 17:33 levitte
Changed:
Configure (1.314.2.38), "Exp", lines: +4 -2
Return my normal debug targets to something not so extreme, and
make the extreme ones special (or 'extreme', if you will :-)).
2002-12-16 19:17 appro
Changed:
crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
This is rollback to 0.9.6h bn_mul.c to address problem reported in
RT#272.
2003-07-27 15:46 ben
Changed:
crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
Add untested CFB-r mode. Will be tested soon.
2003-07-28 17:07 ben
Changed:
Makefile.org (1.154.2.69), "Exp", lines: +5 -1
crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
Add support for partial CFB modes, make tests work, update
dependencies.
2003-07-29 12:56 ben
Changed:
crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
Working CFB1 and test vectors.
2003-07-29 15:24 ben
Changed:
crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
The rest of the keysizes for CFB1, working AES AVS test for CFB1.
2003-07-29 19:05 ben
Changed:
crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
AES CFB8.
2003-07-30 20:30 ben
Changed:
Makefile.org (1.154.2.70), "Exp", lines: +16 -5
crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
2003-08-01 12:25 ben
Changed:
crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
Fix DES CFB-r.
2003-08-01 12:31 ben
Changed:
crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
DES CFB8 test.
2005-04-19 16:21 appro
Changed:
Configure (1.314.2.117), "Exp", lines: +24 -21
Makefile.org (1.154.2.100), "Exp", lines: +1 -11
TABLE (1.99.2.52), "Exp", lines: +20 -20
apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
test/Makefile (1.1.4.12), "Exp", lines: +1 -1
Enable shared link on HP-UX.

1494
crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS Normal file
View File

File diff suppressed because it is too large Load Diff

988
crypto/openssl/Configure
View File

File diff suppressed because it is too large Load Diff

150
crypto/openssl/FAQ
View File

@ -31,6 +31,7 @@ OpenSSL - Frequently Asked Questions
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
* Why is OpenSSL x509 DN output not conformant to RFC2253?
* What is a "128 bit certificate"? Can I create one with OpenSSL?
[BUILD] Questions about building and testing OpenSSL
@ -46,6 +47,9 @@ OpenSSL - Frequently Asked Questions
* Why does the OpenSSL test suite fail on MacOS X?
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
* Why does compiler fail to compile sha512.c?
* Test suite still fails, what to do?
[PROG] Questions about programming with OpenSSL
@ -70,7 +74,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7e was released on October 25, 2004.
OpenSSL 0.9.8b was released on May 4th, 2006.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@ -141,8 +145,8 @@ less Unix-centric, it might have been used much earlier.
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
version 0.9.7 the changes were merged into the main development line,
so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
@ -152,7 +156,8 @@ Use MD5 to check that a tarball from a mirror site is identical:
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
You can check authenticity using pgp or gpg. You need the OpenSSL team
member public key used to sign it (download it from a key server). Then
member public key used to sign it (download it from a key server, see a
list of keys at <URL: http://www.openssl.org/about/>). Then
just do:
pgp TARBALL.asc
@ -166,8 +171,8 @@ you if you want to use OpenSSL. For information on intellectual
property rights, please consult a lawyer. The OpenSSL team does not
offer legal advice.
You can configure OpenSSL so as not to use RC5 and IDEA by using
./config no-rc5 no-idea
You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
./config no-idea no-mdc2 no-rc5
* Can I use OpenSSL with GPL software?
@ -383,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual
page of the "openssl x509" commandline tool for details. The old behaviour
has however been left as default for the sake of compatibility.
* What is a "128 bit certificate"? Can I create one with OpenSSL?
The term "128 bit certificate" is a highly misleading marketing term. It does
*not* refer to the size of the public key in the certificate! A certificate
containing a 128 bit RSA key would have negligible security.
There were various other names such as "magic certificates", "SGC
certificates", "step up certificates" etc.
You can't generally create such a certificate using OpenSSL but there is no
need to any more. Nowadays web browsers using unrestricted strong encryption
are generally available.
When there were tight export restrictions on the export of strong encryption
software from the US only weak encryption algorithms could be freely exported
(initially 40 bit and then 56 bit). It was widely recognised that this was
inadequate. A relaxation the rules allowed the use of strong encryption but
only to an authorised server.
Two slighly different techniques were developed to support this, one used by
Netscape was called "step up", the other used by MSIE was called "Server Gated
Cryptography" (SGC). When a browser initially connected to a server it would
check to see if the certificate contained certain extensions and was issued by
an authorised authority. If these test succeeded it would reconnect using
strong encryption.
Only certain (initially one) certificate authorities could issue the
certificates and they generally cost more than ordinary certificates.
Although OpenSSL can create certificates containing the appropriate extensions
the certificate would not come from a permitted authority and so would not
be recognized.
The export laws were later changed to allow almost unrestricted use of strong
encryption so these certificates are now obsolete.
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
@ -462,7 +504,7 @@ get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
@ -472,6 +514,10 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
should not be used and is not used in SSL/TLS nor any other recognized
protocol in either case.
* Why does the OpenSSL compilation fail with "ar: command not found"?
@ -593,6 +639,35 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and
remedy should be same. Provided binary is statically linked and should be
working across wider range of *BSD branches, not just OpenBSD.
* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
If the test program in question fails withs SIGILL, Illegal Instruction
exception, then you more than likely to run SSE2-capable CPU, such as
Intel P4, under control of kernel which does not support SSE2
instruction extentions. See accompanying INSTALL file and
OPENSSL_ia32cap(3) documentation page for further information.
* Why does compiler fail to compile sha512.c?
OpenSSL SHA-512 implementation depends on compiler support for 64-bit
integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
couple] lack support for this and therefore are incapable of compiling
the module in question. The recommendation is to disable SHA-512 by
adding no-sha512 to ./config [or ./Configure] command line. Another
possible alternative might be to switch to GCC.
* Test suite still fails, what to do?
Another common reason for failure to complete some particular test is
simply bad code generated by a buggy component in toolchain or deficiency
in run-time environment. There are few cases documented in PROBLEMS file,
consult it for possible workaround before you beat the drum. Even if you
don't find solution or even mention there, do reserve for possibility of
a compiler bug. Compiler bugs might appear in rather bizarre ways, they
never make sense, and tend to emerge when you least expect them. In order
to identify one, drop optimization level, e.g. by editing CFLAG line in
top-level Makefile, recompile and re-run the test.
[PROG] ========================================================================
* Is OpenSSL thread-safe?
@ -625,10 +700,10 @@ your application must link against the same by which OpenSSL was
built. If you are using MS Visual C++ (Studio) this can be changed
by:
1. Select Settings... from the Project Menu.
2. Select the C/C++ Tab.
3. Select "Code Generation from the "Category" drop down list box
4. Select the Appropriate library (see table below) from the "Use
1. Select Settings... from the Project Menu.
2. Select the C/C++ Tab.
3. Select "Code Generation from the "Category" drop down list box
4. Select the Appropriate library (see table below) from the "Use
run-time library" drop down list box. Perform this step for both
your debug and release versions of your application (look at the
top left of the settings panel to change between the two)
@ -647,30 +722,44 @@ by:
Note that debug and release libraries are NOT interchangeable. If you
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
.DLLs compiled with some specific run-time option [we insist on the
default /MD] can be deployed with application compiled with different
option or even different compiler. But there is a catch! Instead of
re-compiling OpenSSL toolkit, as you would have to with prior versions,
you have to compile small C snippet with compiler and/or options of
your choice. The snippet gets installed as
<install-root>/include/openssl/applink.c and should be either added to
your application project or simply #include-d in one [and only one]
of your application source files. Failure to link this shim module
into your application manifests itself as fatal "no OPENSSL_Applink"
run-time error. An explicit reminder is due that in this situation
[mixing compiler options] it is as important to add CRYPTO_malloc_init
prior first call to OpenSSL.
* How do I read or write a DER encoded buffer using the ASN1 functions?
You have two options. You can either use a memory BIO in conjunction
with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
i2d_XXX(), d2i_XXX() functions directly. Since these are often the
with the i2d_*_bio() or d2i_*_bio() functions or you can use the
i2d_*(), d2i_*() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:
unsigned char *buf, *p;
int len;
unsigned char *buf, *p;
int len;
len = i2d_PKCS7(p7, NULL);
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
len = i2d_PKCS7(p7, NULL);
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
At this point buf contains the len bytes of the DER encoding of
p7.
The opposite assumes we already have len bytes in buf:
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS7 structure of NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
@ -788,9 +877,20 @@ that is allocated when an application starts up. Since such tables do not grow
in size over time they are harmless.
These internal tables can be freed up when an application closes using various
functions. Currently these include: EVP_cleanup(), ERR_remove_state(),
ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and
CRYPTO_cleanup_all_ex_data().
functions. Currently these include following:
Thread-local cleanup functions:
ERR_remove_state()
Application-global cleanup functions that are aware of usage (and therefore
thread-safe):
ENGINE_cleanup() and CONF_modules_unload()
"Brutal" (thread-unsafe) Application-global cleanup functions:
ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
===============================================================================

32
crypto/openssl/INSTALL
View File

@ -2,8 +2,10 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
[Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
[Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
INSTALL.MacOS and INSTALL.NW.
This document describes installation on operating systems in the Unix
family.]
@ -73,14 +75,30 @@
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
more efficient, but requires at least a 486).
more efficient, but requires at least a 486). Note: Use
compiler flags for any other CPU specific configuration,
e.g. "-m32" to build x86 code on an x64 system.
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
detected at run-time, but the decision whether or not the
machine code will be executed is taken solely on CPU
capability vector. This means that if you happen to run OS
kernel which does not support SSE2 extension on Intel P4
processor, then your application might be exposed to
"illegal instruction" exception. There might be a way
to enable support in kernel, e.g. FreeBSD kernel can be
compiled with CPU_ENABLE_SSE, and there is a way to
disengage SSE2 code pathes upon application start-up,
but if you aim for wider "audience" running such kernel,
consider no-sse2. Both 386 and no-asm options above imply
no-sse2.
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
-Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
-Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
@ -123,7 +141,7 @@
generic configurations "cc" or "gcc" should usually work on 32 bit
systems.
Configure creates the file Makefile from Makefile.org and
Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
@ -159,7 +177,7 @@
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
in Makefile and run "make clean; make". Please send a bug
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt2.html.
@ -312,7 +330,7 @@
Note on support for multiple builds
-----------------------------------
OpenSSL is usually built in it's source tree. Unfortunately, this doesn't
OpenSSL is usually built in its source tree. Unfortunately, this doesn't
support building for multiple platforms from the same source tree very well.
It is however possible to build in a separate tree through the use of lots
of symbolic links, which should be prepared like this:

2
crypto/openssl/LICENSE
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

746
crypto/openssl/Makefile
View File

@ -4,16 +4,16 @@
## Makefile for OpenSSL
##
VERSION=0.9.7e
VERSION=0.9.8b
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.7
SHLIB_MINOR=9.8
SHLIB_EXT=
PLATFORM=dist
OPTIONS= no-krb5
OPTIONS= no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zlib-dynamic
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@ -60,9 +60,8 @@ OPENSSLDIR=/usr/local/ssl
# PKCS1_CHECK - pkcs1 tests.
CC= cc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DOPENSSL_NO_KRB5 -O
DEPFLAG=
CFLAG= -O
DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5
PEX_LIBS=
EX_LIBS=
EXE_EXT=
@ -82,113 +81,45 @@ MAKEDEPPROG=makedepend
AS=$(CC) -c
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
#BN_ASM= bn_asm.o
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
#BN_ASM= asm/bn86-sol.o # solaris
#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
#BN_ASM= asm/bn86bsdi.o # bsdi
#BN_ASM= asm/alpha.o # DEC Alpha
#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
#BN_ASM= asm/r3000.o # SGI MIPS cpu
#BN_ASM= asm/sparc.o # Sun solaris/SunOS
#BN_ASM= asm/bn-win32.o # Windows 95/NT
#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
FIPS_DES_ENC= fips_des_enc.o
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
AES_ASM_OBJ= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
#BF_ENC= asm/bx86bsdi.o # bsdi
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
CAST_ENC= c_enc.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
#CAST_ENC= asm/cx86bsdi.o # bsdi
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC4_ENC= rc4_enc.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
#RC4_ENC= asm/rx86bsdi.o # bsdi
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC5_ENC= rc5_enc.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
MD5_ASM_OBJ=
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
SHA1_ASM_OBJ=
FIPS_SHA1_ASM_OBJ=
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
RMD160_ASM_OBJ=
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
SHLIBDIRS= fips crypto ssl
DIRS= crypto ssl engines apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= objects \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa dh dso engine aes \
SDIRS= \
objects \
md2 md4 md5 sha hmac ripemd \
des aes rc2 rc4 idea bf cast \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
FDIRS= sha1 rand des aes dsa rsa dh
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
store pqueue
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@ -207,7 +138,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@ -222,45 +152,106 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
# When we're prepared to use shared libraries in the programs we link here
# we might remove 'clean-shared' from the targets to perform at this stage
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
all: Makefile sub_all openssl.pc
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
sigs: $(SIGS)
libcrypto.a.sha1: libcrypto.a
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
$(RANLIB) libcrypto.a; \
fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
CC='${CC}' CFLAG='${CFLAG}' \
AS='${CC}' ASFLAG='${CFLAG} -c' \
AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
INSTALL_PREFIX='${INSTALL_PREFIX}' \
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
MAKEDEPPROG='${MAKEDEPPROG}' \
SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
CPUID_OBJ='${CPUID_OBJ}' \
BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
AES_ASM_OBJ='${AES_ASM_OBJ}' \
BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
$(BUILD_CMD); \
fi
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
done;
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_target:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making $(TARGET) in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
done;
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@ -268,10 +259,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@for i in $(SHLIBDIRS); do \
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
@ -280,327 +272,59 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
( set -x; \
rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
fi
build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
do_bsd-gcc-shared: do_gnu-shared
do_linux-shared: do_gnu-shared
do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
@ set -e; for i in ${SHLIBDIRS}; do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
build-shared: do_$(SHLIB_TARGET) link-shared
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
echo "" ; \
done
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ) || exit 1; \
libs="-l$$i $$libs"; \
done
# This assumes that GNU utilities are *not* used
do_alpha-osf1-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
do_$(SHLIB_TARGET):
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
# option passed to the linker.
do_tru64-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between tru64-shared and tru64-shared-rpath is the
# -rpath ${INSTALLTOP}/lib passed to the linker.
do_tru64-shared-rpath:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_solaris-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
$$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# OpenServer 5 native compilers used
do_svr3-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# UnixWare 7 and OpenUNIX 8 native compilers used
do_svr5-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
SHARE_FLAG='-G'; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_irix-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( WHOLELIB="-all lib$$i.a -notall"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# HP-UX includes the full pathname of libs we depend on, so we would get
# ./libcrypto (with ./ as path information) compiled into libssl, hence
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
# anyway.
# The object modules are loaded from lib$i.a using the undocumented -Fl
# option.
#
# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
# by temporarily specifying "+s"!
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+vnocompatwarnings \
-b -z +s \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Fl lib$$i.a -ldld -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# This assumes that GNU utilities are *not* used
# HP-UX includes the full pathname of libs we depend on, so we would get
# ./libcrypto (with ./ as path information) compiled into libssl, hence
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
# anyway.
#
# HP-UX in 64bit mode has "+s" enabled by default; it will search for
# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
#
do_hpux64-shared:
for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-b -z \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+forceload lib$$i.a -ldl -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
# The following method is said to work on all platforms. Tests will
# determine if that's how it's gong to be used.
# This assumes that for all but GNU systems, GNU utilities are *not* used.
# ALLSYMSFLAGS would be:
# GNU systems: --whole-archive
# Tru64 Unix: -all
# Solaris: -z allextract
# Irix: -all
# HP/UX-32bit: -Fl
# HP/UX-64bit: +forceload
# AIX: -bnogc
# SHAREDFLAGS would be:
# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Tru64 Unix: -shared \
# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-32bit: +vnocompatwarnings -b -z +s \
# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# AIX: -G -bE:lib$$i.exp -bM:SRE
# SHAREDCMD would be:
# GNU systems: $(CC)
# Tru64 Unix: $(CC)
# Solaris: $(CC)
# Irix: $(CC)
# HP/UX-32bit: /usr/ccs/bin/ld
# HP/UX-64bit: /usr/ccs/bin/ld
# AIX: $(CC)
ALLSYMSFLAG=-bnogc
SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
SHAREDCMD=$(CC)
do_aix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; \
ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
$(SHAREDCMD) $(SHAREDFLAGS) \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
libs="-l$$i $$libs"; \
done
do_reliantunix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
) || exit 1; \
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
rm -rf $$tmpdir ; \
libs="-l$$i $$libs"; \
done
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@ -612,31 +336,25 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org
@echo "Makefile is older than Makefile.org."
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
fi; \
done;
rm -f openssl.pc
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
@ -647,84 +365,44 @@ makefile.one: files
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
done;
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
fi; \
done;
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
done;
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
depend:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
fi; \
done;
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
done;
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
@ -732,7 +410,8 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
(cd engines; $(MAKE) PERL=$(PERL) errors)
$(PERL) util/ck_errf.pl */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
@ -751,11 +430,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@ -790,45 +473,36 @@ dist:
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@for i in $(EXHEADER) ;\
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
fi; \
done
@for i in $(LIBS) ;\
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; for i in $(LIBS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
: ; \
else \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
fi; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
@if [ -n "$(SHARED_LIBS)" ]; then \
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
@ -839,20 +513,19 @@ install_sw:
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
fi ); \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
@ -860,15 +533,10 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
@for i in $(SIGS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@ -881,12 +549,12 @@ install_docs:
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
filecase=-i; \
fi; \
for i in doc/apps/*.pod; do \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@ -894,16 +562,16 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@ -911,8 +579,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \

750
crypto/openssl/Makefile.org
View File

@ -57,9 +57,8 @@ OPENSSLDIR=/usr/local/ssl
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= gcc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CC= cc
CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
@ -80,113 +79,45 @@ MAKEDEPPROG=makedepend
AS=$(CC) -c
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
#BN_ASM= bn_asm.o
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
#BN_ASM= asm/bn86-sol.o # solaris
#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
#BN_ASM= asm/bn86bsdi.o # bsdi
#BN_ASM= asm/alpha.o # DEC Alpha
#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
#BN_ASM= asm/r3000.o # SGI MIPS cpu
#BN_ASM= asm/sparc.o # Sun solaris/SunOS
#BN_ASM= asm/bn-win32.o # Windows 95/NT
#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
FIPS_DES_ENC= des_enc.o fcrypt_b.o
DES_ENC= asm/dx86-out.o asm/yx86-out.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
BF_ENC= asm/bx86-out.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
#BF_ENC= asm/bx86bsdi.o # bsdi
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
CAST_ENC= asm/cx86-out.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
#CAST_ENC= asm/cx86bsdi.o # bsdi
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC4_ENC= asm/rx86-out.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
#RC4_ENC= asm/rx86bsdi.o # bsdi
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC5_ENC= asm/r586-out.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
MD5_ASM_OBJ= asm/mx86-out.o
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
SHA1_ASM_OBJ= asm/sx86-out.o
FIPS_SHA1_ASM_OBJ= asm/sx86-out.o
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
RMD160_ASM_OBJ= asm/rm86-out.o
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
DES_ENC= des_enc.o fcrypt_b.o
AES_ASM_OBJ=aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ=
SHA1_ASM_OBJ=
RMD160_ASM_OBJ=
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
SHLIBDIRS= fips crypto ssl
DIRS= crypto ssl engines apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= objects \
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa dh dso engine aes \
des aes rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
FDIRS= sha1 rand des aes dsa rsa dh
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
store pqueue
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@ -205,7 +136,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@ -220,45 +150,106 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
# When we're prepared to use shared libraries in the programs we link here
# we might remove 'clean-shared' from the targets to perform at this stage
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
all: Makefile sub_all openssl.pc
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
sigs: $(SIGS)
libcrypto.a.sha1: libcrypto.a
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
$(RANLIB) libcrypto.a; \
fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
CC='${CC}' CFLAG='${CFLAG}' \
AS='${CC}' ASFLAG='${CFLAG} -c' \
AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
INSTALL_PREFIX='${INSTALL_PREFIX}' \
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
MAKEDEPPROG='${MAKEDEPPROG}' \
SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
CPUID_OBJ='${CPUID_OBJ}' \
BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
AES_ASM_OBJ='${AES_ASM_OBJ}' \
BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
$(BUILD_CMD); \
fi
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
done;
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_target:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making $(TARGET) in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
done;
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@ -266,10 +257,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@for i in $(SHLIBDIRS); do \
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
@ -278,327 +270,59 @@ clean-shared:
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
( set -x; \
rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
fi
build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
do_bsd-gcc-shared: do_gnu-shared
do_linux-shared: do_gnu-shared
do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
@ set -e; for i in ${SHLIBDIRS}; do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
build-shared: do_$(SHLIB_TARGET) link-shared
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
echo "" ; \
done
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ) || exit 1; \
libs="-l$$i $$libs"; \
done
# This assumes that GNU utilities are *not* used
do_alpha-osf1-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
do_$(SHLIB_TARGET):
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
# option passed to the linker.
do_tru64-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between tru64-shared and tru64-shared-rpath is the
# -rpath ${INSTALLTOP}/lib passed to the linker.
do_tru64-shared-rpath:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_solaris-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
$$libs ${EX_LIBS} -lc ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# OpenServer 5 native compilers used
do_svr3-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# UnixWare 7 and OpenUNIX 8 native compilers used
do_svr5-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
SHARE_FLAG='-G'; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_irix-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( WHOLELIB="-all lib$$i.a -notall"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# HP-UX includes the full pathname of libs we depend on, so we would get
# ./libcrypto (with ./ as path information) compiled into libssl, hence
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
# anyway.
# The object modules are loaded from lib$i.a using the undocumented -Fl
# option.
#
# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
# by temporarily specifying "+s"!
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+vnocompatwarnings \
-b -z +s \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Fl lib$$i.a -ldld -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
# This assumes that GNU utilities are *not* used
# HP-UX includes the full pathname of libs we depend on, so we would get
# ./libcrypto (with ./ as path information) compiled into libssl, hence
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
# anyway.
#
# HP-UX in 64bit mode has "+s" enabled by default; it will search for
# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
#
do_hpux64-shared:
for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-b -z \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+forceload lib$$i.a -ldl -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
# The following method is said to work on all platforms. Tests will
# determine if that's how it's gong to be used.
# This assumes that for all but GNU systems, GNU utilities are *not* used.
# ALLSYMSFLAGS would be:
# GNU systems: --whole-archive
# Tru64 Unix: -all
# Solaris: -z allextract
# Irix: -all
# HP/UX-32bit: -Fl
# HP/UX-64bit: +forceload
# AIX: -bnogc
# SHAREDFLAGS would be:
# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Tru64 Unix: -shared \
# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-32bit: +vnocompatwarnings -b -z +s \
# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# AIX: -G -bE:lib$$i.exp -bM:SRE
# SHAREDCMD would be:
# GNU systems: $(CC)
# Tru64 Unix: $(CC)
# Solaris: $(CC)
# Irix: $(CC)
# HP/UX-32bit: /usr/ccs/bin/ld
# HP/UX-64bit: /usr/ccs/bin/ld
# AIX: $(CC)
ALLSYMSFLAG=-bnogc
SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
SHAREDCMD=$(CC)
do_aix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
( set -x; \
ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
$(SHAREDCMD) $(SHAREDFLAGS) \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
libs="-l$$i $$libs"; \
done
do_reliantunix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
) || exit 1; \
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
rm -rf $$tmpdir ; \
libs="-l$$i $$libs"; \
done
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/lib'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@ -610,31 +334,25 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org
@echo "Makefile is older than Makefile.org."
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
fi; \
done;
rm -f openssl.pc
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
@ -645,84 +363,44 @@ makefile.one: files
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
done;
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
fi; \
done;
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
done;
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs)
touch rehash.time
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
depend:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
fi; \
done;
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
done;
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
@ -730,7 +408,8 @@ tags:
errors:
$(PERL) util/mkerr.pl -recurse -write
(cd crypto/engine; $(MAKE) PERL=$(PERL) errors)
(cd engines; $(MAKE) PERL=$(PERL) errors)
$(PERL) util/ck_errf.pl */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
@ -749,11 +428,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@ -788,45 +471,36 @@ dist:
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@for i in $(EXHEADER) ;\
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
fi; \
done
@for i in $(LIBS) ;\
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; for i in $(LIBS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
: ; \
else \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
fi; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
@if [ -n "$(SHARED_LIBS)" ]; then \
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
@ -837,20 +511,19 @@ install_sw:
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
fi ); \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
@ -858,15 +531,10 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
@for i in $(SIGS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done;
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@ -879,12 +547,12 @@ install_docs:
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
filecase=-i; \
fi; \
for i in doc/apps/*.pod; do \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@ -892,16 +560,16 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@ -909,8 +577,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \

603
crypto/openssl/Makefile.shared Normal file
View File

@ -0,0 +1,603 @@
#
# Helper makefile to link shared libraries in a portable way.
# This is much simpler than libtool, and hopefully not too error-prone.
#
# The following variables need to be set on the command line to build
# properly
# CC contains the current compiler. This one MUST be defined
CC=cc
CFLAGS=$(CFLAG)
# LDFLAGS contains flags to be used when temporary object files (when building
# shared libraries) are created, or when an application is linked.
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
LDFLAGS=
SHARED_LDFLAGS=
# LIBNAME contains just the name of the library, without prefix ("lib"
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
# .dll, ...). This one MUST have a value when using this makefile to
# build shared libraries.
# For example, to build libfoo.so, you need to do the following:
#LIBNAME=foo
LIBNAME=
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
# For example, to build foo, you need to do the following:
#APPNAME=foo
APPNAME=
# OBJECTS contains all the object files to link together into the application.
# This must contain at least one object file.
#OBJECTS=foo.o
OBJECTS=
# LIBEXTRAS contains extra modules to link together with the library.
# For example, if a second library, say libbar.a needs to be linked into
# libfoo.so, you need to do the following:
#LIBEXTRAS=libbar.a
# Note that this MUST be used when using the link_o targets, to hold the
# names of all object files that go into the target library.
LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
#------------------------------------------------------------------------------
# The rest is private to this makefile.
SET_X=:
#SET_X=set -x
top:
echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
LINK_SO= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO); \
( $(SET_X); rm -f lib$(LIBNAME).exp )
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
if [ -n "$$SHLIB_COMPAT" ]; then \
for x in $$SHLIB_COMPAT; do \
( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
fi
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_A_VIA_O= \
SHOBJECTS=lib$(LIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( $(SET_X); \
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
$(LINK_SO) && rm -f $(LIBNAME).o
LINK_SO_A_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
#do with shared libraries, for example when linking against static
#libraries. It's mostly here to avoid a lot of conditionals everywhere
#else...
link_app.:
$(LINK_APP)
link_o.gnu:
@ $(DO_GNU_SO); $(LINK_SO_O)
link_a.gnu:
@ $(DO_GNU_SO); $(LINK_SO_A)
link_app.gnu:
@ $(DO_GNU_APP); $(LINK_APP)
link_o.bsd:
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_O)
link_a.bsd:
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_A)
link_app.bsd:
@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
# link_o.darwin produces .so, because we let it use dso_dlfcn module,
# which has .so extension hard-coded. One can argue that one should
# develop special dso module for MacOS X. At least manual encourages
# to use native NSModule(3) API and refers to dlfcn as termporary hack.
link_o.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.so; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
$(LINK_SO_O)
link_a.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
$(LINK_SO_A)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_o.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
SHLIB_SUFFIX=.dll; \
LIBVERSION="$(LIBVERSION)"; \
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
$(LINK_SO_O)
link_a.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
SHLIB_SUFFIX=.dll; \
SHLIB_SOVER=-$(LIBVERSION); \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
$(LINK_SO_A) || exit 1; \
cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
link_app.cygwin:
$(LINK_APP)
link_o.alpha-osf1:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_O)
link_a.alpha-osf1:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_A)
link_app.alpha-osf1:
@if ${DETECT_GNU_LD}; then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
fi; \
$(LINK_APP)
link_o.solaris:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_O)
link_a.solaris:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_A)
link_app.solaris:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
fi; \
$(LINK_APP)
# OpenServer 5 native compilers used
link_o.svr3:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_O)
link_a.svr3:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
link_app.svr3:
@${DETECT_GNU_LD} && $(DO_GNU_APP); \
$(LINK_APP)
# UnixWare 7 and OpenUNIX 8 native compilers used
link_o.svr5:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_O)
link_a.svr5:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
link_app.svr5:
@${DETECT_GNU_LD} && $(DO_GNU_APP); \
$(LINK_APP)
link_o.irix:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_O)
link_a.irix:
@ if ${DETECT_GNU_LD}; then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A)
link_app.irix:
@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
# rules imply that we can only link one level down in catalog structure,
# but that's what takes place for the moment of this writing. +cdp option
# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
# editor context only [it's simply ignored in other cases, which are all
# ELFs by the way].
#
link_o.hpux:
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr "$(CFLAGS)" : 'DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_a.hpux:
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_app.hpux:
@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
fi; \
$(LINK_APP)
link_o.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
$(LINK_SO_O); rm -rf lib$(LIBNAME).exp
link_a.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
$(LINK_SO_A_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
$(LINK_APP)
link_o.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_O)
link_a.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_A_UNPACKED)
link_app.reliantunix:
$(LINK_APP)
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix symlink.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
link_o.bsd-shared: link_o.bsd
link_a.bsd-shared: link_a.bsd
link_app.bsd-shared: link_app.bsd
link_o.darwin-shared: link_o.darwin
link_a.darwin-shared: link_a.darwin
link_app.darwin-shared: link_app.darwin
symlink.darwin-shared: symlink.darwin
link_o.cygwin-shared: link_o.cygwin
link_a.cygwin-shared: link_a.cygwin
link_app.cygwin-shared: link_app.cygwin
symlink.cygwin-shared: symlink.cygwin
link_o.alpha-osf1-shared: link_o.alpha-osf1
link_a.alpha-osf1-shared: link_a.alpha-osf1
link_app.alpha-osf1-shared: link_app.alpha-osf1
symlink.alpha-osf1-shared: symlink.alpha-osf1
link_o.tru64-shared: link_o.tru64
link_a.tru64-shared: link_a.tru64
link_app.tru64-shared: link_app.tru64
symlink.tru64-shared: symlink.tru64
link_o.tru64-shared-rpath: link_o.tru64-rpath
link_a.tru64-shared-rpath: link_a.tru64-rpath
link_app.tru64-shared-rpath: link_app.tru64-rpath
symlink.tru64-shared-rpath: symlink.tru64-rpath
link_o.solaris-shared: link_o.solaris
link_a.solaris-shared: link_a.solaris
link_app.solaris-shared: link_app.solaris
symlink.solaris-shared: symlink.solaris
link_o.svr3-shared: link_o.svr3
link_a.svr3-shared: link_a.svr3
link_app.svr3-shared: link_app.svr3
symlink.svr3-shared: symlink.svr3
link_o.svr5-shared: link_o.svr5
link_a.svr5-shared: link_a.svr5
link_app.svr5-shared: link_app.svr5
symlink.svr5-shared: symlink.svr5
link_o.irix-shared: link_o.irix
link_a.irix-shared: link_a.irix
link_app.irix-shared: link_app.irix
symlink.irix-shared: symlink.irix
link_o.hpux-shared: link_o.hpux
link_a.hpux-shared: link_a.hpux
link_app.hpux-shared: link_app.hpux
symlink.hpux-shared: symlink.hpux
link_o.aix-shared: link_o.aix
link_a.aix-shared: link_a.aix
link_app.aix-shared: link_app.aix
symlink.aix-shared: symlink.aix
link_o.reliantunix-shared: link_o.reliantunix
link_a.reliantunix-shared: link_a.reliantunix
link_app.reliantunix-shared: link_app.reliantunix
symlink.reliantunix-shared: symlink.reliantunix

121
crypto/openssl/NEWS
View File

@ -5,6 +5,127 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
o Cipher string fixes.
o Fixes for VC++ 2005.
o Updated ECC cipher suite support.
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
o Zlib compression usage fixes.
o Built in dynamic engine compilation support on Win32.
o Fixes auto dynamic engine loading in Win32.
Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
o Fix potential SSL 2.0 rollback, CAN-2005-2969
o Extended Windows CE support
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
is the result of a major audit of the BIGNUM library.
o Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
the use through EVP, X509 and ENGINE.
o New ASN.1 mini-compiler that's usable through the OpenSSL
configuration file.
o Added support for ASN.1 indefinite length constructed encoding.
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
o Complete rework of shared library construction and linking
programs with shared or static libraries, through a separate
Makefile.shared.
o Rework of the passing of parameters from one Makefile to another.
o Changed ENGINE framework to load dynamic engine modules
automatically from specifically given directories.
o New structure and ASN.1 functions for CertificatePair.
o Changed the ZLIB compression method to be stateful.
o Changed the key-generation and primality testing "progress"
mechanism to take a structure that contains the ticker
function and an argument.
o New engine module: GMP (performs private key exponentiation).
o New engine module: VIA PadLOck ACE extension in VIA C3
Nehemiah processors.
o Added support for IPv6 addresses in certificate extensions.
See RFC 1884, section 2.2.
o Added support for certificate policy mappings, policy
constraints and name constraints.
o Added support for multi-valued AVAs in the OpenSSL
configuration file.
o Added support for multiple certificates with the same subject
in the 'openssl ca' index file.
o Make it possible to create self-signed certificates using
'openssl ca -selfsign'.
o Make it possible to generate a serial number file with
'openssl ca -create_serial'.
o New binary search functions with extended functionality.
o New BUF functions.
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o Added the possibility to compile without old deprecated
functionality with the OPENSSL_NO_DEPRECATED macro or the
'no-deprecated' argument to the config and Configure scripts.
o Constification of all ASN.1 conversion functions, and other
affected functions.
o Improved platform support for PowerPC.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
of X.509 path validation.
o Major overhaul of RC4 performance on Intel P4, IA-64 and
AMD64.
o Changed the Configure script to have some algorithms disabled
by default. Those can be explicitely enabled with the new
argument form 'enable-xxx'.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
o Added support for DTLS.
o New BIGNUM blinding.
o Added support for the RSA-PSS encryption scheme
o Added support for the RSA X.931 padding.
o Added support for BSD sockets on NetWare.
o Added support for files larger than 2GB.
o Added initial support for Win64.
o Added alternate pkg-config files.
Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
o Visual C++ 2005 fixes.
o Update Windows build system for FIPS.
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
o Fix SSL 2.0 Rollback, CAN-2005-2969
o Allow use of fixed-length exponent on DSA signing
o Default fixed-window RSA, DSA, DH private-key operations
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
o More compilation issues fixed.
o Adaptation to more modern Kerberos API.
o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
o Enhanced x86_64 assembler BIGNUM module.
o More constification.
o Added processing of proxy certificates (RFC 3820).
Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
o Several compilation issues fixed.
o Many memory allocation failure checks added.
o Improved comparison of X509 Name type.
o Mandatory basic checks on certificates.
o Performance improvements.
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
o Fix race condition in CRL checking code.

98
crypto/openssl/PROBLEMS
View File

@ -48,20 +48,34 @@ will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
* Bugs in gcc 3.0 triggered
* Bugs in gcc triggered
According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
- According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
We recommend that you upgrade gcc to as high a 3.x version as you can.
We recommend that you upgrade gcc to as high a 3.x version as you can.
- According to multiple problem reports, some of our message digest
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
latter - SHA one.
The recomendation is to upgrade your compiler. This naturally applies to
other similar cases.
- There is a subtle Solaris x86-specific gcc run-time environment bug, which
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
manifests itself as Segmentation Fault upon early application start-up.
The problem can be worked around by patching the environment according to
http://www.openssl.org/~appro/values.c.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
@ -90,15 +104,6 @@ failures in other parts of the code.
Workaround: modify the target to +O2 when building with no-asm.
* Poor support for AIX shared builds.
do_aix-shared rule is not flexible enough to parameterize through a
config-line. './Configure aix43-cc shared' is working, but not
'./Configure aix64-gcc shared'. In latter case make fails to create shared
libraries. It's possible to build 64-bit shared libraries by running
'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
supporting even gcc shared builds. See RT#463 for background information.
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
@ -129,3 +134,64 @@ Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
* ULTRIX build fails with shell errors, such as "bad substitution"
and "test: argument expected"
The problem is caused by ULTRIX /bin/sh supporting only original
Bourne shell syntax/semantics, and the trouble is that the vast
majority is so accustomed to more modern syntax, that very few
people [if any] would recognize the ancient syntax even as valid.
This inevitably results in non-trivial scripts breaking on ULTRIX,
and OpenSSL isn't an exclusion. Fortunately there is workaround,
hire /bin/ksh to do the job /bin/sh fails to do.
1. Trick make(1) to use /bin/ksh by setting up following environ-
ment variables *prior* you execute ./Configure and make:
PROG_ENV=POSIX
MAKESHELL=/bin/ksh
export PROG_ENV MAKESHELL
or if your shell is csh-compatible:
setenv PROG_ENV POSIX
setenv MAKESHELL /bin/ksh
2. Trick /bin/sh to use alternative expression evaluator. Create
following 'test' script for example in /tmp:
#!/bin/ksh
${0##*/} "$@"
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
natively just replace system /bin/test and /bin/[ with the
above script.
* hpux64-ia64-cc fails blowfish test.
Compiler bug, presumably at particular patch level. It should be noted
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
* no-engines generates errors.
Unfortunately, the 'no-engines' configuration option currently doesn't
work properly. Use 'no-hw' and you'll will at least get no hardware
support. We'll see how we fix that on OpenSSL versions past 0.9.8.
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
if elder GNU binutils were deployed to link shared libcrypto.so.
As subject suggests the failure is caused by a bug in elder binutils,
either as or ld, and was observed on FreeBSD and Linux. There are two
options. First is naturally to upgrade binutils, the second one - to
reconfigure with additional no-sse2 [or 386] option passed to ./config.
* If configured with ./config no-dso, toolkit still gets linked with -ldl,
which most notably poses a problem when linking with dietlibc.
We don't have framework to associate -ldl with no-dso, therefore the only
way is to edit Makefile right after ./config no-dso and remove -ldl from
EX_LIBS line.

29
crypto/openssl/README
View File

@ -1,7 +1,7 @@
OpenSSL 0.9.7e 25 Oct 2004
OpenSSL 0.9.8b 04 May 2006
Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1998-2005 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@ -14,13 +14,13 @@
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit and its
related documentation.
related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill the conditions of both licenses.
purposes as long as you fulfill the conditions of both licenses.
OVERVIEW
--------
@ -53,11 +53,11 @@
MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
RSA encryption/decryption/generation.
RSA encryption/decryption/generation.
There is no limit on the number of bits.
DSA encryption/decryption/generation.
DSA encryption/decryption/generation.
There is no limit on the number of bits.
Diffie-Hellman key-exchange/key generation.
Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
@ -80,16 +80,16 @@
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
openssl:
openssl:
A command line tool that can be used for:
Creation of RSA, DH and DSA key parameters
Creation of X.509 certificates, CSRs and CRLs
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
PATENTS
-------
@ -104,13 +104,15 @@
licensing conditions. Their web page is http://www.rsasecurity.com/.
RC4 is a trademark of RSA Security, so use of this label should perhaps
only be used with RSA Security's permission.
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
The MDC2 algorithm is patented by IBM.
INSTALLATION
------------
@ -129,7 +131,7 @@
or application author. We try to collect those in doc/PROBLEMS, with current
thoughts on how they should be solved in a future of OpenSSL.
SUPPORT
SUPPORT
-------
If you have any problems with OpenSSL then please take the following steps
@ -138,7 +140,7 @@
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
to see if the problem has already been addressed
- Remove ASM versions of libraries
- Remove compiler optimisation flags
- Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
@ -191,3 +193,4 @@
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch

53
crypto/openssl/apps/CA.pl
View File

@ -36,16 +36,26 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
$VERIFY="openssl verify";
$X509="openssl x509";
$PKCS12="openssl pkcs12";
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
@ -58,19 +68,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate (and private key) is in newreq.pem\n"
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@ -84,6 +94,9 @@ foreach (@ARGV) {
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
@ -98,22 +111,24 @@ foreach (@ARGV) {
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -x509 -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
if (! -f "${CATOP}/serial" ) {
system ("$X509 -in ${CATOP}/$CACERT -noout "
. "-next_serial -out ${CATOP}/serial");
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");

53
crypto/openssl/apps/CA.pl.in
View File

@ -36,16 +36,26 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
$VERIFY="openssl verify";
$X509="openssl x509";
$PKCS12="openssl pkcs12";
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
@ -58,19 +68,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate (and private key) is in newreq.pem\n"
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@ -84,6 +94,9 @@ foreach (@ARGV) {
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
@ -98,22 +111,24 @@ foreach (@ARGV) {
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -x509 -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
if (! -f "${CATOP}/serial" ) {
system ("$X509 -in ${CATOP}/$CACERT -noout "
. "-next_serial -out ${CATOP}/serial");
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");

31
crypto/openssl/apps/CA.sh
View File

@ -30,14 +30,18 @@
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
DAYS="-days 365"
REQ="openssl req $SSLEAY_CONFIG"
CA="openssl ca $SSLEAY_CONFIG"
VERIFY="openssl verify"
X509="openssl x509"
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
DAYS="-days 365" # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
CATOP=./demoCA
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
for i
@ -49,15 +53,15 @@ case $i in
;;
-newcert)
# create a certificate
$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate (and private key) is in newreq.pem"
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
$REQ -new -keyout newreq.pem -out newreq.pem $DAYS
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
@ -70,7 +74,7 @@ case $i in
mkdir ${CATOP}/crl
mkdir ${CATOP}/newcerts
mkdir ${CATOP}/private
echo "01" > ${CATOP}/serial
echo "00" > ${CATOP}/serial
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
@ -83,8 +87,11 @@ case $i in
RET=$?
else
echo "Making CA certificate ..."
$REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CACERT $DAYS
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi

1291
crypto/openssl/apps/Makefile
View File

File diff suppressed because it is too large Load Diff

456
crypto/openssl/apps/apps.c
View File

@ -125,13 +125,17 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
typedef struct {
char *name;
const char *name;
unsigned long flag;
unsigned long mask;
} NAME_EX_TBL;
@ -250,7 +254,7 @@ int str2fmt(char *s)
return(FORMAT_UNDEF);
}
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
void program_name(char *in, char *out, int size)
{
int i,n;
@ -269,12 +273,23 @@ void program_name(char *in, char *out, int size)
if (p == NULL)
p=in;
n=strlen(p);
#if defined(OPENSSL_SYS_NETWARE)
/* strip off trailing .nlm if present. */
if ((n > 4) && (p[n-4] == '.') &&
((p[n-3] == 'n') || (p[n-3] == 'N')) &&
((p[n-2] == 'l') || (p[n-2] == 'L')) &&
((p[n-1] == 'm') || (p[n-1] == 'M')))
n-=4;
#else
/* strip off trailing .exe if present. */
if ((n > 4) && (p[n-4] == '.') &&
((p[n-3] == 'e') || (p[n-3] == 'E')) &&
((p[n-2] == 'x') || (p[n-2] == 'X')) &&
((p[n-1] == 'e') || (p[n-1] == 'E')))
n-=4;
#endif
if (n > size-1)
n=size-1;
@ -330,22 +345,6 @@ void program_name(char *in, char *out, int size)
#endif
#endif
#ifdef OPENSSL_SYS_VMS
int VMS_strcasecmp(const char *str1, const char *str2)
{
while (*str1 && *str2)
{
int res = toupper(*str1) - toupper(*str2);
if (res) return res < 0 ? -1 : 1;
}
if (*str1)
return 1;
if (*str2)
return -1;
return 0;
}
#endif
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
int num,len,i;
@ -377,10 +376,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
/* The start of something good :-) */
if (num >= arg->count)
{
arg->count+=20;
arg->data=(char **)OPENSSL_realloc(arg->data,
sizeof(char *)*arg->count);
if (argc == 0) return(0);
char **tmp_p;
int tlen = arg->count + 20;
tmp_p = (char **)OPENSSL_realloc(arg->data,
sizeof(char *)*tlen);
if (tmp_p == NULL)
return 0;
arg->data = tmp_p;
arg->count = tlen;
/* initialize newly allocated data */
for (i = num; i < arg->count; i++)
arg->data[i] = NULL;
}
arg->data[num++]=p;
@ -542,7 +548,7 @@ int password_callback(char *buf, int bufsiz, int verify,
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase",
cb_data->prompt_info);
prompt_info);
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@ -691,6 +697,51 @@ int add_oid_section(BIO *err, CONF *conf)
return 1;
}
static int load_pkcs12(BIO *err, BIO *in, const char *desc,
pem_password_cb *pem_cb, void *cb_data,
EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
{
const char *pass;
char tpass[PEM_BUFSIZE];
int len, ret = 0;
PKCS12 *p12;
p12 = d2i_PKCS12_bio(in, NULL);
if (p12 == NULL)
{
BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
goto die;
}
/* See if an empty password will do */
if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
pass = "";
else
{
if (!pem_cb)
pem_cb = (pem_password_cb *)password_callback;
len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
if (len < 0)
{
BIO_printf(err, "Passpharse callback error for %s\n",
desc);
goto die;
}
if (len < PEM_BUFSIZE)
tpass[len] = 0;
if (!PKCS12_verify_mac(p12, tpass, len))
{
BIO_printf(err,
"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
goto die;
}
pass = tpass;
}
ret = PKCS12_parse(p12, pass, pkey, cert, ca);
die:
if (p12)
PKCS12_free(p12);
return ret;
}
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip)
{
@ -725,7 +776,7 @@ X509 *load_cert(BIO *err, const char *file, int format,
x=d2i_X509_bio(cert,NULL);
else if (format == FORMAT_NETSCAPE)
{
unsigned char *p,*op;
const unsigned char *p,*op;
int size=0,i;
/* We sort of have to do it this way because it is sort of nice
@ -771,11 +822,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
PKCS12_parse(p12, NULL, NULL, &x, NULL);
PKCS12_free(p12);
p12 = NULL;
if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
NULL, &x, NULL))
goto end;
}
else {
BIO_printf(err,"bad input format specified for %s\n",
@ -854,11 +903,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
#endif
else if (format == FORMAT_PKCS12)
{
PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
PKCS12_parse(p12, pass, &pkey, NULL, NULL);
PKCS12_free(p12);
p12 = NULL;
if (!load_pkcs12(err, key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
&pkey, NULL, NULL))
goto end;
}
else
{
@ -1230,7 +1278,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
return 0;
}
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
{
char *buf;
char mline = 0;
@ -1565,8 +1613,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
&& errno != ENOTDIR)
&& errno != ENOTDIR
#endif
)
goto err;
}
else
@ -1697,23 +1746,10 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
if (p)
{
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
switch(*p)
{
case 'f': /* false */
case 'F': /* FALSE */
case 'n': /* no */
case 'N': /* NO */
retdb->attributes.unique_subject = 0;
break;
case 't': /* true */
case 'T': /* TRUE */
case 'y': /* yes */
case 'Y': /* YES */
default:
retdb->attributes.unique_subject = 1;
break;
}
#endif
retdb->attributes.unique_subject = parse_yesno(p,1);
}
}
@ -1748,7 +1784,7 @@ int index_index(CA_DB *db)
return 1;
}
int save_index(char *dbfile, char *suffix, CA_DB *db)
int save_index(const char *dbfile, const char *suffix, CA_DB *db)
{
char buf[3][BSIZE];
BIO *out = BIO_new(BIO_s_file());
@ -1815,7 +1851,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db)
return 0;
}
int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
{
char buf[5][BSIZE];
int i,j;
@ -1867,8 +1903,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
&& errno != ENOTDIR)
&& errno != ENOTDIR
#endif
)
goto err;
}
else
@ -1903,8 +1940,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
&& errno != ENOTDIR)
&& errno != ENOTDIR
#endif
)
goto err;
}
else
@ -1953,9 +1991,174 @@ void free_index(CA_DB *db)
}
}
int parse_yesno(const char *str, int def)
{
int ret = def;
if (str)
{
switch (*str)
{
case 'f': /* false */
case 'F': /* FALSE */
case 'n': /* no */
case 'N': /* NO */
case '0': /* 0 */
ret = 0;
break;
case 't': /* true */
case 'T': /* TRUE */
case 'y': /* yes */
case 'Y': /* YES */
case '1': /* 1 */
ret = 0;
break;
default:
ret = def;
break;
}
}
return ret;
}
/*
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
X509_NAME *parse_name(char *subject, long chtype, int multirdn)
{
size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
char *buf = OPENSSL_malloc(buflen);
size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
int *mval = OPENSSL_malloc (max_ne * sizeof (int));
char *sp = subject, *bp = buf;
int i, ne_num = 0;
X509_NAME *n = NULL;
int nid;
if (!buf || !ne_types || !ne_values)
{
BIO_printf(bio_err, "malloc error\n");
goto error;
}
if (*subject != '/')
{
BIO_printf(bio_err, "Subject does not start with '/'.\n");
goto error;
}
sp++; /* skip leading / */
/* no multivalued RDN by default */
mval[ne_num] = 0;
while (*sp)
{
/* collect type */
ne_types[ne_num] = bp;
while (*sp)
{
if (*sp == '\\') /* is there anything to escape in the type...? */
{
if (*++sp)
*bp++ = *sp++;
else
{
BIO_printf(bio_err, "escape character at end of string\n");
goto error;
}
}
else if (*sp == '=')
{
sp++;
*bp++ = '\0';
break;
}
else
*bp++ = *sp++;
}
if (!*sp)
{
BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
goto error;
}
ne_values[ne_num] = bp;
while (*sp)
{
if (*sp == '\\')
{
if (*++sp)
*bp++ = *sp++;
else
{
BIO_printf(bio_err, "escape character at end of string\n");
goto error;
}
}
else if (*sp == '/')
{
sp++;
/* no multivalued RDN by default */
mval[ne_num+1] = 0;
break;
}
else if (*sp == '+' && multirdn)
{
/* a not escaped + signals a mutlivalued RDN */
sp++;
mval[ne_num+1] = -1;
break;
}
else
*bp++ = *sp++;
}
*bp++ = '\0';
ne_num++;
}
if (!(n = X509_NAME_new()))
goto error;
for (i = 0; i < ne_num; i++)
{
if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
{
BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
continue;
}
if (!*ne_values[i])
{
BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
goto error;
}
OPENSSL_free(ne_values);
OPENSSL_free(ne_types);
OPENSSL_free(buf);
return n;
error:
X509_NAME_free(n);
if (ne_values)
OPENSSL_free(ne_values);
if (ne_types)
OPENSSL_free(ne_types);
if (buf)
OPENSSL_free(buf);
return NULL;
}
/* This code MUST COME AFTER anything that uses rename() */
#ifdef OPENSSL_SYS_WIN32
int WIN32_rename(char *from, char *to)
int WIN32_rename(const char *from, const char *to)
{
#ifndef OPENSSL_SYS_WINCE
/* Windows rename gives an error if 'to' exists, so delete it
@ -1991,3 +2194,142 @@ int WIN32_rename(char *from, char *to)
#endif
}
#endif
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
{
ASN1_OBJECT *otmp = NULL;
unsigned long flags = 0;
int i;
int purpose = 0;
char **oldargs = *pargs;
char *arg = **pargs, *argn = (*pargs)[1];
if (!strcmp(arg, "-policy"))
{
if (!argn)
*badarg = 1;
else
{
otmp = OBJ_txt2obj(argn, 0);
if (!otmp)
{
BIO_printf(err, "Invalid Policy \"%s\"\n",
argn);
*badarg = 1;
}
}
(*pargs)++;
}
else if (strcmp(arg,"-purpose") == 0)
{
X509_PURPOSE *xptmp;
if (!argn)
*badarg = 1;
else
{
i = X509_PURPOSE_get_by_sname(argn);
if(i < 0)
{
BIO_printf(err, "unrecognized purpose\n");
*badarg = 1;
}
else
{
xptmp = X509_PURPOSE_get0(i);
purpose = X509_PURPOSE_get_id(xptmp);
}
}
(*pargs)++;
}
else if (!strcmp(arg, "-ignore_critical"))
flags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (!strcmp(arg, "-issuer_checks"))
flags |= X509_V_FLAG_CB_ISSUER_CHECK;
else if (!strcmp(arg, "-crl_check"))
flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp(arg, "-crl_check_all"))
flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (!strcmp(arg, "-policy_check"))
flags |= X509_V_FLAG_POLICY_CHECK;
else if (!strcmp(arg, "-explicit_policy"))
flags |= X509_V_FLAG_EXPLICIT_POLICY;
else if (!strcmp(arg, "-x509_strict"))
flags |= X509_V_FLAG_X509_STRICT;
else if (!strcmp(arg, "-policy_print"))
flags |= X509_V_FLAG_NOTIFY_POLICY;
else
return 0;
if (*badarg)
{
if (*pm)
X509_VERIFY_PARAM_free(*pm);
*pm = NULL;
goto end;
}
if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
{
*badarg = 1;
goto end;
}
if (otmp)
X509_VERIFY_PARAM_add0_policy(*pm, otmp);
if (flags)
X509_VERIFY_PARAM_set_flags(*pm, flags);
if (purpose)
X509_VERIFY_PARAM_set_purpose(*pm, purpose);
end:
(*pargs)++;
if (pargc)
*pargc -= *pargs - oldargs;
return 1;
}
static void nodes_print(BIO *out, const char *name,
STACK_OF(X509_POLICY_NODE) *nodes)
{
X509_POLICY_NODE *node;
int i;
BIO_printf(out, "%s Policies:", name);
if (nodes)
{
BIO_puts(out, "\n");
for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
{
node = sk_X509_POLICY_NODE_value(nodes, i);
X509_POLICY_NODE_print(out, node, 2);
}
}
else
BIO_puts(out, " <empty>\n");
}
void policies_print(BIO *out, X509_STORE_CTX *ctx)
{
X509_POLICY_TREE *tree;
int explicit_policy;
int free_out = 0;
if (out == NULL)
{
out = BIO_new_fp(stderr, BIO_NOCLOSE);
free_out = 1;
}
tree = X509_STORE_CTX_get0_policy_tree(ctx);
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
BIO_printf(out, "Require explicit Policy: %s\n",
explicit_policy ? "True" : "False");
nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
if (free_out)
BIO_free(out);
}

23
crypto/openssl/apps/apps.h
View File

@ -114,9 +114,7 @@
#include "e_os.h"
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
@ -138,7 +136,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
#ifdef OPENSSL_SYS_WIN32
#define rename(from,to) WIN32_rename((from),(to))
int WIN32_rename(char *oldname,char *newname);
int WIN32_rename(const char *oldname,const char *newname);
#endif
#ifndef MONOLITH
@ -148,11 +146,9 @@ int WIN32_rename(char *oldname,char *newname);
#ifndef NON_MAIN
CONF *config=NULL;
BIO *bio_err=NULL;
int in_FIPS_mode=0;
#else
extern CONF *config;
extern BIO *bio_err;
extern int in_FIPS_mode;
#endif
#else
@ -161,11 +157,12 @@ extern int in_FIPS_mode;
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
extern int in_FIPS_mode;
#endif
#ifndef OPENSSL_SYS_NETWARE
#include <signal.h>
#endif
#ifdef SIGPIPE
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
@ -257,7 +254,7 @@ void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
#endif
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
@ -283,7 +280,7 @@ char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, char *str);
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
#define DB_type 0
#define DB_exp_date 1
@ -313,12 +310,16 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(char *dbfile, char *suffix, CA_DB *db);
int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
void free_index(CA_DB *db);
int index_name_cmp(const char **a, const char **b);
int parse_yesno(const char *str, int def);
X509_NAME *do_subject(char *str, long chtype);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1

123
crypto/openssl/apps/asn1pars.c
View File

@ -82,6 +82,8 @@
int MAIN(int, char **);
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv)
{
int i,badops=0,offset=0,ret=1,j;
@ -90,7 +92,9 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
int informat,indent=0, noout = 0, dump = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
char *genstr=NULL, *genconf=NULL;
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf=NULL;
STACK *osk=NULL;
ASN1_TYPE *at=NULL;
@ -167,6 +171,16 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
sk_push(osk,*(++argv));
}
else if (strcmp(*argv,"-genstr") == 0)
{
if (--argc < 1) goto bad;
genstr= *(++argv);
}
else if (strcmp(*argv,"-genconf") == 0)
{
if (--argc < 1) goto bad;
genconf= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@ -182,7 +196,7 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file (output format is always DER\n");
BIO_printf(bio_err," -noout arg don't produce any output\n");
@ -195,6 +209,8 @@ bad:
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err," ASN1 blob wrappings\n");
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
goto end;
}
@ -248,25 +264,39 @@ bad:
if ((buf=BUF_MEM_new()) == NULL) goto end;
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
if (informat == FORMAT_PEM)
if (genstr || genconf)
{
BIO *tmp;
if ((b64=BIO_new(BIO_f_base64())) == NULL)
num = do_generate(bio_err, genstr, genconf, buf);
if (num < 0)
{
ERR_print_errors(bio_err);
goto end;
BIO_push(b64,in);
tmp=in;
in=b64;
b64=tmp;
}
}
num=0;
for (;;)
else
{
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
i=BIO_read(in,&(buf->data[num]),BUFSIZ);
if (i <= 0) break;
num+=i;
if (informat == FORMAT_PEM)
{
BIO *tmp;
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64,in);
tmp=in;
in=b64;
b64=tmp;
}
num=0;
for (;;)
{
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
i=BIO_read(in,&(buf->data[num]),BUFSIZ);
if (i <= 0) break;
num+=i;
}
}
str=buf->data;
@ -278,8 +308,8 @@ bad:
tmplen=num;
for (i=0; i<sk_num(osk); i++)
{
int typ;
ASN1_TYPE *atmp;
int typ;
j=atoi(sk_value(osk,i));
if (j == 0)
{
@ -289,7 +319,8 @@ bad:
tmpbuf+=j;
tmplen-=j;
atmp = at;
at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
ASN1_TYPE_free(atmp);
if(!at)
{
@ -353,3 +384,61 @@ end:
OPENSSL_EXIT(ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
long errline;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf)
{
cnf = NCONF_new(NULL);
if (!NCONF_load(cnf, genconf, &errline))
goto conferr;
if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr)
{
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
if (!atyp)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf,len))
goto err;
p=(unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
conferr:
if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
errline, genconf);
else
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

389
crypto/openssl/apps/ca.c
View File

@ -83,7 +83,7 @@
# else
# include <unixlib.h>
# endif
# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
# include <sys/file.h>
# endif
#endif
@ -105,6 +105,9 @@
#define ENV_DEFAULT_CA "default_ca"
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
#define ENV_DIR "dir"
#define ENV_CERTS "certs"
#define ENV_CRL_DIR "crl_dir"
@ -131,6 +134,7 @@
#define ENV_NAMEOPT "name_opt"
#define ENV_CERTOPT "cert_opt"
#define ENV_EXTCOPY "copy_extensions"
#define ENV_UNIQUE_SUBJECT "unique_subject"
#define ENV_DATABASE "database"
@ -142,7 +146,7 @@
#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
static char *ca_usage[]={
static const char *ca_usage[]={
"usage: ca args\n",
"\n",
" -verbose - Talk alot while doing things\n",
@ -160,6 +164,7 @@ static char *ca_usage[]={
" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n",
" -selfsign - sign a certificate with the key associated with it\n",
" -in file - The input PEM encoded certificate request(s)\n",
" -out file - Where to put the output file(s)\n",
" -outdir dir - Where to put output certificates\n",
@ -172,6 +177,8 @@ static char *ca_usage[]={
" -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n",
" -subj arg - Use arg instead of request's subject\n",
" -utf8 - input characters are UTF8 (default ASCII)\n",
" -multivalue-rdn - enable support for multivalued RDNs\n",
" -extensions .. - Extension section (override value in config file)\n",
" -extfile file - Configuration file with X509v3 extentions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
@ -189,40 +196,40 @@ extern int EF_PROTECT_BELOW;
extern int EF_ALIGNMENT;
#endif
static void lookup_fail(char *name,char *tag);
static void lookup_fail(const char *name, const char *tag);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate,
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
int default_op, int ext_copy, int selfsign);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
char *startdate, char *enddate, long days, int batch,
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
int ext_copy, int selfsign);
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, CA_DB *db);
static int do_updatedb(CA_DB *db);
static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int make_revoked(X509_REVOKED *rev, const char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
static CONF *conf=NULL;
static CONF *extconf=NULL;
@ -272,6 +279,8 @@ int MAIN(int argc, char **argv)
char *extensions=NULL;
char *extfile=NULL;
char *subj=NULL;
unsigned long chtype = MBSTRING_ASC;
int multirdn = 0;
char *tmp_email_dn=NULL;
char *crl_ext=NULL;
int rev_type = REV_NONE;
@ -286,7 +295,8 @@ int MAIN(int argc, char **argv)
unsigned long nameopt = 0, certopt = 0;
int default_op = 1;
int ext_copy = EXT_COPY_NONE;
X509 *x509=NULL;
int selfsign = 0;
X509 *x509=NULL, *x509p = NULL;
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
char *dbfile=NULL;
@ -295,7 +305,8 @@ int MAIN(int argc, char **argv)
X509_REVOKED *r=NULL;
ASN1_TIME *tmptm;
ASN1_INTEGER *tmpser;
char **pp,*p,*f;
char *f;
const char *p, **pp;
int i,j;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
@ -350,6 +361,12 @@ EF_ALIGNMENT=0;
subj= *(++argv);
/* preserve=1; */
}
else if (strcmp(*argv,"-utf8") == 0)
chtype = MBSTRING_UTF8;
else if (strcmp(*argv,"-create_serial") == 0)
create_ser = 1;
else if (strcmp(*argv,"-multivalue-rdn") == 0)
multirdn=1;
else if (strcmp(*argv,"-startdate") == 0)
{
if (--argc < 1) goto bad;
@ -400,6 +417,8 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
certfile= *(++argv);
}
else if (strcmp(*argv,"-selfsign") == 0)
selfsign=1;
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
@ -633,29 +652,31 @@ bad:
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
f = NCONF_get_string(conf, section, STRING_MASK);
if (!f)
ERR_clear_error();
if(f && !ASN1_STRING_set_default_mask_asc(f)) {
BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
goto err;
}
if (chtype != MBSTRING_UTF8){
f = NCONF_get_string(conf, section, UTF8_IN);
if (!f)
ERR_clear_error();
else if (!strcmp(f, "yes"))
chtype = MBSTRING_UTF8;
}
db_attr.unique_subject = 1;
p = NCONF_get_string(conf, section, "unique_subject");
p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
if (p)
{
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
#endif
switch(*p)
{
case 'f': /* false */
case 'F': /* FALSE */
case 'n': /* no */
case 'N': /* NO */
db_attr.unique_subject = 0;
break;
case 't': /* true */
case 'T': /* TRUE */
case 'y': /* yes */
case 'Y': /* YES */
default:
db_attr.unique_subject = 1;
break;
}
db_attr.unique_subject = parse_yesno(p,1);
}
else
ERR_clear_error();
@ -699,7 +720,7 @@ bad:
}
/*****************************************************************/
/* we definitely need a public key, so let's get it */
/* we definitely need a private key, so let's get it */
if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
@ -727,22 +748,27 @@ bad:
/*****************************************************************/
/* we need a certificate */
if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
if (!selfsign || spkac_file || ss_cert_file || gencrl)
{
lookup_fail(section,ENV_CERTIFICATE);
goto err;
}
x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
"CA certificate");
if (x509 == NULL)
goto err;
if ((certfile == NULL)
&& ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
goto err;
}
x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
"CA certificate");
if (x509 == NULL)
goto err;
if (!X509_check_private_key(x509,pkey))
{
BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
goto err;
if (!X509_check_private_key(x509,pkey))
{
BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
goto err;
}
}
if (!selfsign) x509p = x509;
f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
@ -856,7 +882,7 @@ bad:
/* Lets check some fields */
for (i=0; i<sk_num(db->db->data); i++)
{
pp=(char **)sk_value(db->db->data,i);
pp=(const char **)sk_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@ -869,7 +895,7 @@ bad:
BIO_printf(bio_err," in entry %d\n", i+1);
goto err;
}
if (!check_time_format(pp[DB_exp_date]))
if (!check_time_format((char *)pp[DB_exp_date]))
{
BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
goto err;
@ -943,7 +969,6 @@ bad:
if (verbose) BIO_printf(bio_err,
"Done. %d entries marked as expired\n",i);
}
goto err;
}
/*****************************************************************/
@ -994,25 +1019,27 @@ bad:
}
}
if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
goto err;
}
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto err;
}
if (req)
{
if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
goto err;
}
if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
{
if(strcmp(tmp_email_dn,"no") == 0)
email_dn=0;
}
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto err;
}
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
@ -1131,7 +1158,7 @@ bad:
{
total++;
j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
serial,subj,email_dn,startdate,enddate,days,extensions,
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
conf,verbose,certopt,nameopt,default_op,ext_copy);
if (j < 0) goto err;
if (j > 0)
@ -1155,7 +1182,7 @@ bad:
{
total++;
j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
db,serial,subj,email_dn,startdate,enddate,days,batch,
db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
extensions,conf,verbose, certopt, nameopt,
default_op, ext_copy, e);
if (j < 0) goto err;
@ -1174,10 +1201,10 @@ bad:
if (infile != NULL)
{
total++;
j=certify(&x,infile,pkey,x509,dgst,attribs,db,
serial,subj,email_dn,startdate,enddate,days,batch,
j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
extensions,conf,verbose, certopt, nameopt,
default_op, ext_copy);
default_op, ext_copy, selfsign);
if (j < 0) goto err;
if (j > 0)
{
@ -1194,10 +1221,10 @@ bad:
for (i=0; i<argc; i++)
{
total++;
j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
serial,subj,email_dn,startdate,enddate,days,batch,
j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
extensions,conf,verbose, certopt, nameopt,
default_op, ext_copy);
default_op, ext_copy, selfsign);
if (j < 0) goto err;
if (j > 0)
{
@ -1248,7 +1275,7 @@ bad:
x=sk_X509_value(cert_sk,i);
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
p=(const char *)x->cert_info->serialNumber->data;
if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
{
@ -1369,7 +1396,7 @@ bad:
for (i=0; i<sk_num(db->db->data); i++)
{
pp=(char **)sk_value(db->db->data,i);
pp=(const char **)sk_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@ -1395,23 +1422,15 @@ bad:
/* we now have a CRL */
if (verbose) BIO_printf(bio_err,"signing CRL\n");
if (md != NULL)
{
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto err;
}
}
else
{
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
dgst=EVP_dss1();
else
if (pkey->type == EVP_PKEY_DSA)
dgst=EVP_dss1();
else
#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC)
dgst=EVP_ecdsa();
#endif
dgst=EVP_md5();
}
/* Add any extensions asked for */
@ -1498,7 +1517,7 @@ err:
BN_free(serial);
free_index(db);
EVP_PKEY_free(pkey);
X509_free(x509);
if (x509) X509_free(x509);
X509_CRL_free(crl);
NCONF_free(conf);
OBJ_cleanup();
@ -1506,17 +1525,17 @@ err:
OPENSSL_EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
static void lookup_fail(const char *name, const char *tag)
{
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
int ext_copy, int selfsign)
{
X509_REQ *req=NULL;
BIO *in=NULL;
@ -1541,6 +1560,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err,"Check that the request matches the signature\n");
if (selfsign && !X509_REQ_check_private_key(req,pkey))
{
BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
ok=0;
goto err;
}
if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
{
BIO_printf(bio_err,"error unpacking public key\n");
@ -1563,9 +1588,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
else
BIO_printf(bio_err,"Signature ok\n");
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
certopt, nameopt, default_op, ext_copy);
certopt, nameopt, default_op, ext_copy, selfsign);
err:
if (req != NULL) X509_REQ_free(req);
@ -1575,7 +1600,7 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, ENGINE *e)
@ -1617,9 +1642,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
goto err;
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
ext_copy);
ext_copy, 0);
err:
if (rreq != NULL) X509_REQ_free(rreq);
@ -1629,10 +1654,11 @@ err:
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
unsigned long chtype, int multirdn,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
int ext_copy, int selfsign)
{
X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
ASN1_UTCTIME *tm,*tmptm;
@ -1644,7 +1670,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
X509_NAME_ENTRY *tne,*push;
EVP_PKEY *pktmp;
int ok= -1,i,j,last,nid;
char *p;
const char *p;
CONF_VALUE *cv;
char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
char buf[25];
@ -1661,7 +1687,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
if (subj)
{
X509_NAME *n = do_subject(subj, MBSTRING_ASC);
X509_NAME *n = parse_name(subj, chtype, multirdn);
if (!n)
{
@ -1736,7 +1762,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
}
/* take a copy of the issuer name before we mess with it. */
CAname=X509_NAME_dup(x509->cert_info->subject);
if (selfsign)
CAname=X509_NAME_dup(name);
else
CAname=X509_NAME_dup(x509->cert_info->subject);
if (CAname == NULL) goto err;
str=str2=NULL;
@ -1948,8 +1977,16 @@ again2:
if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
goto err;
if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
goto err;
if (selfsign)
{
if (!X509_set_issuer_name(ret,subject))
goto err;
}
else
{
if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
goto err;
}
if (strcmp(startdate,"today") == 0)
X509_gmtime_adj(X509_get_notBefore(ret),0);
@ -1984,7 +2021,10 @@ again2:
ci->extensions = NULL;
/* Initialize the context structure */
X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
if (selfsign)
X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
else
X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
if (extconf)
{
@ -2051,7 +2091,7 @@ again2:
BIO_printf(bio_err,"Certificate is to be certified until ");
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
if (days) BIO_printf(bio_err," (%d days)",days);
if (days) BIO_printf(bio_err," (%ld days)",days);
BIO_printf(bio_err, "\n");
if (!batch)
@ -2078,6 +2118,16 @@ again2:
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC)
dgst = EVP_ecdsa();
pktmp = X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_free(pktmp);
#endif
if (!X509_sign(ret,pkey,dgst))
goto err;
@ -2174,7 +2224,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
@ -2315,9 +2365,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
X509_REQ_set_pubkey(req,pktmp);
EVP_PKEY_free(pktmp);
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
ext_copy);
ext_copy, 0);
err:
if (req != NULL) X509_REQ_free(req);
if (parms != NULL) CONF_free(parms);
@ -2628,7 +2678,7 @@ err:
return (cnt);
}
static char *crl_reasons[] = {
static const char *crl_reasons[] = {
/* CRL reason strings */
"unspecified",
"keyCompromise",
@ -2656,7 +2706,8 @@ static char *crl_reasons[] = {
char *make_revocation_str(int rev_type, char *rev_arg)
{
char *reason = NULL, *other = NULL, *str;
char *other = NULL, *str;
const char *reason = NULL;
ASN1_OBJECT *otmp;
ASN1_UTCTIME *revtm = NULL;
int i;
@ -2750,7 +2801,7 @@ char *make_revocation_str(int rev_type, char *rev_arg)
*/
int make_revoked(X509_REVOKED *rev, char *str)
int make_revoked(X509_REVOKED *rev, const char *str)
{
char *tmp = NULL;
int reason_code = -1;
@ -2804,129 +2855,6 @@ int make_revoked(X509_REVOKED *rev, char *str)
return ret;
}
/*
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
X509_NAME *do_subject(char *subject, long chtype)
{
size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
char *buf = OPENSSL_malloc(buflen);
size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
char *sp = subject, *bp = buf;
int i, ne_num = 0;
X509_NAME *n = NULL;
int nid;
if (!buf || !ne_types || !ne_values)
{
BIO_printf(bio_err, "malloc error\n");
goto error;
}
if (*subject != '/')
{
BIO_printf(bio_err, "Subject does not start with '/'.\n");
goto error;
}
sp++; /* skip leading / */
while (*sp)
{
/* collect type */
ne_types[ne_num] = bp;
while (*sp)
{
if (*sp == '\\') /* is there anything to escape in the type...? */
{
if (*++sp)
*bp++ = *sp++;
else
{
BIO_printf(bio_err, "escape character at end of string\n");
goto error;
}
}
else if (*sp == '=')
{
sp++;
*bp++ = '\0';
break;
}
else
*bp++ = *sp++;
}
if (!*sp)
{
BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
goto error;
}
ne_values[ne_num] = bp;
while (*sp)
{
if (*sp == '\\')
{
if (*++sp)
*bp++ = *sp++;
else
{
BIO_printf(bio_err, "escape character at end of string\n");
goto error;
}
}
else if (*sp == '/')
{
sp++;
break;
}
else
*bp++ = *sp++;
}
*bp++ = '\0';
ne_num++;
}
if (!(n = X509_NAME_new()))
goto error;
for (i = 0; i < ne_num; i++)
{
if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
{
BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
continue;
}
if (!*ne_values[i])
{
BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
continue;
}
if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
goto error;
}
OPENSSL_free(ne_values);
OPENSSL_free(ne_types);
OPENSSL_free(buf);
return n;
error:
X509_NAME_free(n);
if (ne_values)
OPENSSL_free(ne_values);
if (ne_types)
OPENSSL_free(ne_types);
if (buf)
OPENSSL_free(buf);
return NULL;
}
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
{
char buf[25],*pbuf, *p;
@ -2966,12 +2894,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
return 1;
}
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
{
char *tmp = NULL;
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
int reason_code = -1;
int i, ret = 0;
int ret = 0;
unsigned int i;
ASN1_OBJECT *hold = NULL;
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);

4
crypto/openssl/apps/ciphers.c
View File

@ -69,7 +69,7 @@
#undef PROG
#define PROG ciphers_main
static char *ciphers_usage[]={
static const char *ciphers_usage[]={
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
" -ssl2 - SSL2 mode\n",
@ -84,7 +84,7 @@ int MAIN(int argc, char **argv)
{
int ret=1,i;
int verbose=0;
char **pp;
const char **pp;
const char *p;
int badops=0;
SSL_CTX *ctx=NULL;

12
crypto/openssl/apps/crl.c
View File

@ -72,7 +72,7 @@
#undef POSTFIX
#define POSTFIX ".rvk"
static char *crl_usage[]={
static const char *crl_usage[]={
"usage: crl args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
@ -108,14 +108,14 @@ int MAIN(int argc, char **argv)
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0;
char **pp;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg,*digest=EVP_md5();
const EVP_MD *md_alg,*digest=EVP_sha1();
apps_startup();
@ -355,7 +355,11 @@ bad:
if (text) X509_CRL_print(out, x);
if (noout) goto end;
if (noout)
{
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);

77
crypto/openssl/apps/dgst.c
View File

@ -66,7 +66,6 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
@ -74,11 +73,9 @@
#undef PROG
#define PROG dgst_main
static HMAC_CTX hmac_ctx;
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key);
const char *file);
int MAIN(int, char **);
@ -103,10 +100,10 @@ int MAIN(int argc, char **argv)
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
char *hmac_key=NULL;
apps_startup();
@ -149,6 +146,12 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
keyfile=*(++argv);
}
else if (!strcmp(*argv,"-passin"))
{
if (--argc < 1)
break;
passargin=*++argv;
}
else if (strcmp(*argv,"-verify") == 0)
{
if (--argc < 1) break;
@ -185,12 +188,6 @@ int MAIN(int argc, char **argv)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
break;
hmac_key=*++argv;
}
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
md=m;
else
@ -232,10 +229,20 @@ int MAIN(int argc, char **argv)
LN_md4,LN_md4);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_md2,LN_md2);
#ifndef OPENSSL_NO_SHA
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_sha1,LN_sha1);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_sha,LN_sha);
#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_sha256,LN_sha256);
#endif
#ifndef OPENSSL_NO_SHA512
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_sha512,LN_sha512);
#endif
#endif
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
LN_mdc2,LN_mdc2);
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
@ -245,7 +252,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
@ -257,6 +264,12 @@ int MAIN(int argc, char **argv)
BIO_set_callback_arg(in,bio_err);
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if ((in == NULL) || (bmd == NULL))
{
ERR_print_errors(bio_err);
@ -298,7 +311,7 @@ int MAIN(int argc, char **argv)
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
e, "key file");
else
sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
e, "key file");
if (!sigkey)
{
@ -328,6 +341,8 @@ int MAIN(int argc, char **argv)
goto end;
}
}
/* we use md as a filter, reading from 'in' */
if (!BIO_set_md(bmd,md))
@ -343,7 +358,7 @@ int MAIN(int argc, char **argv)
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
siglen,"","(stdin)",bmd,hmac_key);
siglen,"","(stdin)");
}
else
{
@ -361,15 +376,14 @@ int MAIN(int argc, char **argv)
}
if(!out_bin)
{
size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
size_t len = strlen(name)+strlen(argv[i])+5;
tmp=tofree=OPENSSL_malloc(len);
BIO_snprintf(tmp,len,"%s%s(%s)= ",
hmac_key ? "HMAC-" : "",name,argv[i]);
BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
}
else
tmp="";
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
siglen,tmp,argv[i],bmd,hmac_key);
siglen,tmp,argv[i]);
if(r)
err=r;
if(tofree)
@ -384,6 +398,8 @@ end:
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
if (passin)
OPENSSL_free(passin);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
@ -394,21 +410,11 @@ end:
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key)
const char *file)
{
unsigned int len;
int len;
int i;
EVP_MD_CTX *md_ctx;
if (hmac_key)
{
EVP_MD *md;
BIO_get_md(bmd,&md);
HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md);
BIO_get_md_ctx(bmd,&md_ctx);
BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
}
for (;;)
{
i=BIO_read(bp,(char *)buf,BUFSIZE);
@ -451,11 +457,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
return 1;
}
}
else if(hmac_key)
{
HMAC_Final(&hmac_ctx,buf,&len);
HMAC_CTX_cleanup(&hmac_ctx);
}
else
len=BIO_gets(bp,(char *)buf,BUFSIZE);
@ -463,7 +464,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
else
{
BIO_write(out,title,strlen(title));
for (i=0; (unsigned int)i<len; i++)
for (i=0; i<len; i++)
{
if (sep && (i != 0))
BIO_printf(out, ":");
@ -471,10 +472,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
BIO_printf(out, "\n");
}
if (hmac_key)
{
BIO_set_md_ctx(bmd,md_ctx);
}
return 0;
}

1
crypto/openssl/apps/dh.c
View File

@ -57,6 +57,7 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>

25
crypto/openssl/apps/dhparam.c
View File

@ -109,6 +109,7 @@
*
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
@ -142,7 +143,7 @@
* -C
*/
static void MS_CALLBACK dh_cb(int p, int n, void *arg);
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
@ -294,6 +295,8 @@ bad:
if(num) {
BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
@ -305,12 +308,13 @@ bad:
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa;
DSA *dsa = DSA_new();
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
if (dsa == NULL)
if(!dsa || !DSA_generate_parameters_ex(dsa, num,
NULL, 0, NULL, NULL, &cb))
{
if(dsa) DSA_free(dsa);
ERR_print_errors(bio_err);
goto end;
}
@ -326,12 +330,12 @@ bad:
else
#endif
{
dh = DH_new();
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
if (dh == NULL)
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
{
if(dh) DH_free(dh);
ERR_print_errors(bio_err);
goto end;
}
@ -534,7 +538,7 @@ end:
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
@ -542,11 +546,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#endif

2
crypto/openssl/apps/dsa.c
View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <stdlib.h>
@ -68,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#undef PROG
#define PROG dsa_main

86
crypto/openssl/apps/dsaparam.c
View File

@ -56,6 +56,13 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_DSA
#include <assert.h>
#include <stdio.h>
@ -82,9 +89,23 @@
* -C
* -noout
* -genkey
* #ifdef GENCB_TEST
* -timebomb n - interrupt keygen after <n> seconds
* #endif
*/
static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
#ifdef GENCB_TEST
static int stop_keygen_flag = 0;
static void timebomb_sigalarm(int foo)
{
stop_keygen_flag = 1;
}
#endif
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
@ -103,6 +124,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
#ifdef GENCB_TEST
int timebomb=0;
#endif
apps_startup();
@ -149,6 +173,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
engine = *(++argv);
}
#endif
#ifdef GENCB_TEST
else if(strcmp(*argv, "-timebomb") == 0)
{
if (--argc < 1) goto bad;
timebomb = atoi(*(++argv));
}
#endif
else if (strcmp(*argv,"-text") == 0)
text=1;
@ -199,6 +230,9 @@ bad:
BIO_printf(bio_err," -rand files to use for random number input\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
#ifdef GENCB_TEST
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
#endif
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
@ -257,10 +291,47 @@ bad:
if (numbits > 0)
{
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err);
assert(need_rand);
dsa = DSA_new();
if(!dsa)
{
BIO_printf(bio_err,"Error allocating DSA object\n");
goto end;
}
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
#ifdef GENCB_TEST
if(timebomb > 0)
{
struct sigaction act;
act.sa_handler = timebomb_sigalarm;
act.sa_flags = 0;
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
timebomb);
if(sigaction(SIGALRM, &act, NULL) != 0)
{
BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
goto end;
}
alarm(timebomb);
}
#endif
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
{
#ifdef GENCB_TEST
if(stop_keygen_flag)
{
BIO_printf(bio_err,"DSA key generation time-stopped\n");
/* This is an asked-for behaviour! */
ret = 0;
goto end;
}
#endif
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
}
else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
@ -385,7 +456,7 @@ end:
OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
@ -393,10 +464,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(arg,&c,1);
(void)BIO_flush(arg);
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
#ifdef GENCB_TEST
if(stop_keygen_flag)
return 0;
#endif
return 1;
}
#endif

400
crypto/openssl/apps/ec.c Normal file
View File

@ -0,0 +1,400 @@
/* apps/ec.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#undef PROG
#define PROG ec_main
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -text - print a text version
* -param_out - print the elliptic curve parameters
* -conv_form arg - specifies the point encoding form
* -param_enc arg - specifies the parameter encoding
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret = 1;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
int i, badops = 0;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text=0, noout=0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
engine = NULL;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-conv_form") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
}
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
}
else if (strcmp(*argv, "-param_out") == 0)
param_out = 1;
else if (strcmp(*argv, "-pubin") == 0)
pubin=1;
else if (strcmp(*argv, "-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - "
"DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -passin arg input file pass "
"phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -passout arg output file pass "
"phrase source\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device.\n");
BIO_printf(bio_err, " -des encrypt PEM output, "
"instead of 'des' every other \n"
" cipher "
"supported by OpenSSL can be used\n");
BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -param_out print the elliptic "
"curve parameters\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possilbe values:"
" named_curve (default)\n");
BIO_printf(bio_err," "
"explicit\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else
{
if (BIO_read_filename(in, infile) <= 0)
{
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1)
{
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
}
else if (informat == FORMAT_PEM)
{
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
passin);
}
else
{
BIO_printf(bio_err, "bad input format specified for key\n");
goto end;
}
if (eckey == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out, outfile) <= 0)
{
perror(outfile);
goto end;
}
}
group = EC_KEY_get0_group(eckey);
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (text)
if (!EC_KEY_print(out, eckey, 0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (noout)
goto end;
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1)
{
if (param_out)
i = i2d_ECPKParameters_bio(out, group);
else if (pubin || pubout)
i = i2d_EC_PUBKEY_bio(out, eckey);
else
i = i2d_ECPrivateKey_bio(out, eckey);
}
else if (outformat == FORMAT_PEM)
{
if (param_out)
i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout)
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
}
else
{
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if (in)
BIO_free(in);
if (out)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#endif

728
crypto/openssl/apps/ecparam.c Normal file
View File

@ -0,0 +1,728 @@
/* apps/ecparam.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG ecparam_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -noout - do not print the ec parameter
* -text - print the ec parameters in text form
* -check - validate the ec parameters
* -C - print a 'C' function creating the parameters
* -name arg - use the ec parameters with 'short name' name
* -list_curves - prints a list of all currently available curve 'short names'
* -conv_form arg - specifies the point conversion form
* - possible values: compressed
* uncompressed (default)
* hybrid
* -param_enc arg - specifies the way the ec parameters are encoded
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
* -no_seed - if 'explicit' parameters are choosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
*/
static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
char *curve_name = NULL, *inrand = NULL;
int list_curves = 0, no_seed = 0, check = 0,
badops = 0, text = 0, i, need_rand = 0, genkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
char *engine = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
unsigned char *buffer = NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-C") == 0)
C = 1;
else if (strcmp(*argv,"-check") == 0)
check = 1;
else if (strcmp (*argv, "-name") == 0)
{
if (--argc < 1)
goto bad;
curve_name = *(++argv);
}
else if (strcmp(*argv, "-list_curves") == 0)
list_curves = 1;
else if (strcmp(*argv, "-conv_form") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
}
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
}
else if (strcmp(*argv, "-no_seed") == 0)
no_seed = 1;
else if (strcmp(*argv, "-noout") == 0)
noout=1;
else if (strcmp(*argv,"-genkey") == 0)
{
genkey=1;
need_rand=1;
}
else if (strcmp(*argv, "-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
need_rand=1;
}
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"default PEM (DER or PEM)\n");
BIO_printf(bio_err, " -outform arg output format - "
"default PEM\n");
BIO_printf(bio_err, " -in arg input file - "
"default stdin\n");
BIO_printf(bio_err, " -out arg output file - "
"default stdout\n");
BIO_printf(bio_err, " -noout do not print the "
"ec parameter\n");
BIO_printf(bio_err, " -text print the ec "
"parameters in text form\n");
BIO_printf(bio_err, " -check validate the ec "
"parameters\n");
BIO_printf(bio_err, " -C print a 'C' "
"function creating the parameters\n");
BIO_printf(bio_err, " -name arg use the "
"ec parameters with 'short name' name\n");
BIO_printf(bio_err, " -list_curves prints a list of "
"all currently available curve 'short names'\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
" parameters are choosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
BIO_printf(bio_err, " -rand file files to use for"
" random number input\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device\n");
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (list_curves)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
size_t n = 0;
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
if (curves == NULL)
goto end;
if (!EC_get_builtin_curves(curves, crv_len))
{
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++)
{
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
goto end;
}
if (curve_name != NULL)
{
int nid;
/* workaround for the SECG curve names secp192r1
* and secp256r1 (which are the same as the curves
* prime192v1 and prime256v1 defined in X9.62)
*/
if (!strcmp(curve_name, "secp192r1"))
{
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
}
else if (!strcmp(curve_name, "secp256r1"))
{
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
}
else
nid = OBJ_sn2nid(curve_name);
if (nid == 0)
{
BIO_printf(bio_err, "unknown curve name (%s)\n",
curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
{
BIO_printf(bio_err, "unable to create curve (%s)\n",
curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
}
else if (informat == FORMAT_ASN1)
{
group = d2i_ECPKParameters_bio(in, NULL);
}
else if (informat == FORMAT_PEM)
{
group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
}
else
{
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (group == NULL)
{
BIO_printf(bio_err,
"unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed)
{
EC_GROUP_set_seed(group, NULL, 0);
}
if (text)
{
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check)
{
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL))
{
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
}
else
BIO_printf(bio_err, "ok\n");
}
if (C)
{
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL )
{
perror("OPENSSL_malloc");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) ==
NID_X9_62_prime_field);
if (is_prime)
{
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end;
}
else
{
/* TODO */
goto end;
}
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group), ec_gen,
NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen ||
!ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = (unsigned char *)OPENSSL_malloc(buf_len);
if (buffer == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
buffer);
BIO_printf(out, "\n\n");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
BIO_printf(out, "\tint ok=0;\n");
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
"*tmp_3 = NULL;\n\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
if (is_prime)
{
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
"\n\t\tgoto err;\n\n");
}
else
{
/* TODO */
goto end;
}
BIO_printf(out, "\t/* build generator */\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
"sizeof(ec_gen_%d), tmp_1)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
"NULL, NULL);\n");
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
"sizeof(ec_order_%d), tmp_2)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
" tmp_2, tmp_3))\n\t\tgoto err;\n");
BIO_printf(out, "\n\tok=1;\n");
BIO_printf(out, "err:\n");
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
BIO_printf(out, "\tif (!ok)\n");
BIO_printf(out, "\t\t{\n");
BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
BIO_printf(out, "\t\tgroup = NULL;\n");
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group);
else
{
BIO_printf(bio_err,"bad output format specified for"
" outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (genkey)
{
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
assert(need_rand);
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
if (!EC_KEY_generate_key(eckey))
{
EC_KEY_free(eckey);
goto end;
}
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
else
{
BIO_printf(bio_err, "bad output format specified "
"for outfile\n");
EC_KEY_free(eckey);
goto end;
}
EC_KEY_free(eckey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (ec_p)
BN_free(ec_p);
if (ec_a)
BN_free(ec_a);
if (ec_b)
BN_free(ec_b);
if (ec_gen)
BN_free(ec_gen);
if (ec_order)
BN_free(ec_order);
if (ec_cofactor)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00");
else
{
int i, l;
l = BN_bn2bin(in, buffer);
for (i=0; i<l-1; i++)
{
if ((i%12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X,", buffer[i]);
}
if ((i%12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X", buffer[i]);
}
BIO_printf(out, "\n\t};\n\n");
return 1;
}
#endif

36
crypto/openssl/apps/enc.c
View File

@ -118,6 +118,7 @@ int MAIN(int argc, char **argv)
int enc=1,printkey=0,i,base64=0;
int debug=0,olb64=0,nosalt=0;
const EVP_CIPHER *cipher=NULL,*c;
EVP_CIPHER_CTX *ctx = NULL;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
@ -313,10 +314,7 @@ bad:
if (dgst == NULL)
{
if (in_FIPS_mode)
dgst = EVP_sha1();
else
dgst = EVP_md5();
dgst = EVP_md5();
}
if (bufsize != NULL)
@ -539,13 +537,31 @@ bad:
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
goto end;
BIO_set_cipher(benc,cipher,key,iv,enc);
if (nopad)
/* Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
EVP_CIPHER_CTX *ctx;
BIO_get_cipher_ctx(benc, &ctx);
EVP_CIPHER_CTX_set_padding(ctx, 0);
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(benc,BIO_debug_callback);
@ -557,7 +573,7 @@ bad:
if (!nosalt)
{
printf("salt=");
for (i=0; i<sizeof salt; i++)
for (i=0; i<(int)sizeof(salt); i++)
printf("%02X",salt[i]);
printf("\n");
}

25
crypto/openssl/apps/engine.c
View File

@ -72,14 +72,15 @@
#undef PROG
#define PROG engine_main
static char *engine_usage[]={
static const char *engine_usage[]={
"usage: engine opts [engine ...]\n",
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
" -vv will additionally display each command's description\n",
" -vvv will also add the input flags for each command\n",
" -vvvv will also show internal input flags\n",
" -c - for each engine, also list the capabilities\n",
" -t - for each engine, check that they are really available\n",
" -t[t] - for each engine, check that they are really available\n",
" -tt will display error trace for unavailable engines\n",
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
" to load it (if -t is used)\n",
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
@ -343,8 +344,8 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret=1,i;
char **pp;
int verbose=0, list_cap=0, test_avail=0;
const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
ENGINE *e;
STACK *engines = sk_new_null();
STACK *pre_cmds = sk_new_null();
@ -382,16 +383,26 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-c") == 0)
list_cap=1;
else if (strcmp(*argv,"-t") == 0)
else if (strncmp(*argv,"-t",2) == 0)
{
test_avail=1;
if(strspn(*argv + 1, "t") < strlen(*argv + 1))
goto skip_arg_loop;
if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
goto skip_arg_loop;
}
else if (strcmp(*argv,"-pre") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_push(pre_cmds,*argv);
}
else if (strcmp(*argv,"-post") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_push(post_cmds,*argv);
}
else if ((strncmp(*argv,"-h",2) == 0) ||
@ -498,7 +509,8 @@ skip_digests:
else
{
BIO_printf(bio_out, "[ unavailable ]\n");
ERR_print_errors_fp(stdout);
if(test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
}
}
@ -512,6 +524,7 @@ skip_digests:
ret=0;
end:
ERR_print_errors(bio_err);
sk_pop_free(engines, identity);
sk_pop_free(pre_cmds, identity);

24
crypto/openssl/apps/gendh.c
View File

@ -57,6 +57,13 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <string.h>
@ -75,12 +82,13 @@
#undef PROG
#define PROG gendh_main
static void MS_CALLBACK dh_cb(int p, int n, void *arg);
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
@ -96,6 +104,7 @@ int MAIN(int argc, char **argv)
apps_startup();
BN_GENCB_set(&cb, dh_cb, bio_err);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@ -193,10 +202,10 @@ bad:
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
if (dh == NULL) goto end;
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DHparams(out,dh))
@ -211,7 +220,7 @@ end:
OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
@ -219,10 +228,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#endif

1
crypto/openssl/apps/gendsa.c
View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <string.h>

34
crypto/openssl/apps/genrsa.c
View File

@ -56,6 +56,13 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <string.h>
@ -75,17 +82,17 @@
#undef PROG
#define PROG genrsa_main
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
long l;
const EVP_CIPHER *enc=NULL;
@ -97,8 +104,13 @@ int MAIN(int argc, char **argv)
#endif
char *inrand=NULL;
BIO *out=NULL;
BIGNUM *bn = BN_new();
RSA *rsa = RSA_new();
if(!bn || !rsa) goto err;
apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@ -233,12 +245,12 @@ bad:
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
if (rsa == NULL) goto err;
/* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
l=0L;
@ -262,8 +274,9 @@ bad:
ret=0;
err:
if (rsa != NULL) RSA_free(rsa);
if (out != NULL) BIO_free_all(out);
if (bn) BN_free(bn);
if (rsa) RSA_free(rsa);
if (out) BIO_free_all(out);
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
@ -271,7 +284,7 @@ err:
OPENSSL_EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
@ -279,11 +292,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#else /* !OPENSSL_NO_RSA */

5
crypto/openssl/apps/ocsp.c
View File

@ -64,6 +64,7 @@
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/bn.h>
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
@ -784,7 +785,7 @@ int MAIN(int argc, char **argv)
if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
{
BIO_printf(out, "Responder Error: %s (%ld)\n",
BIO_printf(out, "Responder Error: %s (%d)\n",
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
@ -850,7 +851,7 @@ int MAIN(int argc, char **argv)
if(i <= 0)
{
BIO_printf(bio_err, "Response Verify Failure\n", i);
BIO_printf(bio_err, "Response Verify Failure\n");
ERR_print_errors(bio_err);
}
else

36
crypto/openssl/apps/openssl.c
View File

@ -129,7 +129,6 @@
#include "progs.h"
#include "s_apps.h"
#include <openssl/err.h>
#include <openssl/fips.h>
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
* base prototypes (we cast each variable inside the function to the required
@ -148,7 +147,6 @@ char *default_config_file=NULL;
#ifdef MONOLITH
CONF *config=NULL;
BIO *bio_err=NULL;
int in_FIPS_mode=0;
#endif
@ -222,38 +220,18 @@ int main(int Argc, char *Argv[])
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
FUNCTION f,*fp;
MS_STATIC char *prompt,buf[1024];
MS_STATIC const char *prompt;
MS_STATIC char buf[1024];
char *to_free=NULL;
int n,i,ret=0;
int argc;
char **argv,*p;
LHASH *prog=NULL;
long errline;
arg.data=NULL;
arg.count=0;
in_FIPS_mode = 0;
#ifdef OPENSSL_FIPS
if(getenv("OPENSSL_FIPS")) {
#if defined(_WIN32)
char filename[MAX_PATH] = "";
GetModuleFileName( NULL, filename, MAX_PATH) ;
p = filename;
#else
p = Argv[0];
#endif
if (!FIPS_mode_set(1,p)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
exit(1);
}
in_FIPS_mode = 1;
if (getenv("OPENSSL_FIPS_MD5"))
FIPS_allow_md5(1);
}
#endif
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@ -511,7 +489,7 @@ static LHASH *prog_init(void)
{
LHASH *ret;
FUNCTION *f;
int i;
size_t i;
/* Purely so it looks nice when the user hits ? */
for(i=0,f=functions ; f->name != NULL ; ++f,++i)
@ -529,12 +507,12 @@ static LHASH *prog_init(void)
/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
{
return(strncmp(((FUNCTION *)a_void)->name,
((FUNCTION *)b_void)->name,8));
return(strncmp(((const FUNCTION *)a_void)->name,
((const FUNCTION *)b_void)->name,8));
}
/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
static unsigned long MS_CALLBACK hash(const void *a_void)
{
return(lh_strhash(((FUNCTION *)a_void)->name));
return(lh_strhash(((const FUNCTION *)a_void)->name));
}

10
crypto/openssl/apps/passwd.c
View File

@ -312,7 +312,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out;
int n, i;
int n;
unsigned int i;
EVP_MD_CTX md,md2;
size_t passwd_len, salt_len;
@ -358,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 1000; i++)
{
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
(i & 1) ? passwd_len : sizeof buf);
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
(i & 1) ? sizeof buf : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
@ -473,7 +474,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if ((strlen(passwd) > pw_maxlen))
{
if (!quiet)
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
/* XXX: really we should know how to print a size_t, not cast it */
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
passwd[pw_maxlen] = 0;
}
assert(strlen(passwd) <= pw_maxlen);

288
crypto/openssl/apps/pkcs12.c
View File

@ -1,11 +1,9 @@
/* pkcs12.c */
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
* project.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -58,6 +56,9 @@
*
*/
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -83,7 +84,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
@ -166,10 +167,14 @@ int MAIN(int argc, char **argv)
maciter = PKCS12_DEFAULT_ITER;
else if (!strcmp (*args, "-nomaciter"))
maciter = 1;
else if (!strcmp (*args, "-nomac"))
maciter = -1;
else if (!strcmp (*args, "-nodes")) enc=NULL;
else if (!strcmp (*args, "-certpbe")) {
if (args[1]) {
args++;
if (!strcmp(*args, "NONE"))
cert_pbe = -1;
cert_pbe=OBJ_txt2nid(*args);
if(cert_pbe == NID_undef) {
BIO_printf(bio_err,
@ -180,7 +185,10 @@ int MAIN(int argc, char **argv)
} else if (!strcmp (*args, "-keypbe")) {
if (args[1]) {
args++;
key_pbe=OBJ_txt2nid(*args);
if (!strcmp(*args, "NONE"))
key_pbe = -1;
else
key_pbe=OBJ_txt2nid(*args);
if(key_pbe == NID_undef) {
BIO_printf(bio_err,
"Unknown PBE algorithm %s\n", *args);
@ -365,24 +373,6 @@ int MAIN(int argc, char **argv)
goto end;
}
#if 0
if (certfile) {
if(!(certsin = BIO_new_file(certfile, "r"))) {
BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
perror (certfile);
goto end;
}
}
if (keyname) {
if(!(inkey = BIO_new_file(keyname, "r"))) {
BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
perror (keyname);
goto end;
}
}
#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("write files");
@ -419,27 +409,31 @@ int MAIN(int argc, char **argv)
if (export_cert) {
EVP_PKEY *key = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
STACK_OF(PKCS7) *safes = NULL;
PKCS12_SAFEBAG *bag = NULL;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
PKCS7 *authsafe = NULL;
X509 *ucert = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs=NULL;
char *catmp = NULL;
unsigned char *catmp = NULL;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
{
BIO_printf(bio_err, "Nothing to do!\n");
goto export_end;
}
if (options & NOCERTS)
chain = 0;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
#endif
key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
passin, e, "private key");
if (!key) {
goto export_end;
}
if (!(options & NOKEYS))
{
key = load_key(bio_err, keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key");
if (!key)
goto export_end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@ -447,50 +441,62 @@ int MAIN(int argc, char **argv)
#endif
/* Load in all certs in input file */
if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
"certificates"))) {
goto export_end;
}
if(!(options & NOCERTS))
{
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
"certificates");
if (!certs)
goto export_end;
if (key)
{
/* Look for matching private key */
for(i = 0; i < sk_X509_num(certs); i++)
{
x = sk_X509_value(certs, i);
if(X509_check_private_key(x, key))
{
ucert = x;
/* Zero keyid and alias */
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
sk_X509_delete(certs, i);
break;
}
}
if (!ucert)
{
BIO_printf(bio_err, "No certificate matches private key\n");
goto export_end;
}
}
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input 2");
#endif
for(i = 0; i < sk_X509_num(certs); i++) {
ucert = sk_X509_value(certs, i);
if(X509_check_private_key(ucert, key)) {
X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
break;
}
}
if(!keyidlen) {
ucert = NULL;
BIO_printf(bio_err, "No certificate matches private key\n");
goto export_end;
}
/* Add any more certificates asked for */
if(certfile)
{
STACK_OF(X509) *morecerts=NULL;
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e,
"certificates from certfile")))
goto export_end;
while(sk_X509_num(morecerts) > 0)
sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile");
#endif
bags = sk_PKCS12_SAFEBAG_new_null ();
/* Add any more certificates asked for */
if (certfile) {
STACK_OF(X509) *morecerts=NULL;
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e,
"certificates from certfile"))) {
goto export_end;
}
while(sk_X509_num(morecerts) > 0) {
sk_X509_push(certs, sk_X509_shift(morecerts));
}
sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building chain");
@ -526,100 +532,55 @@ int MAIN(int argc, char **argv)
}
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building bags");
#endif
/* Add any CA names */
/* We now have loads of certificates: include them all */
for(i = 0; i < sk_X509_num(certs); i++) {
X509 *cert = NULL;
cert = sk_X509_value(certs, i);
bag = PKCS12_x5092certbag(cert);
/* If it matches private key set id */
if(cert == ucert) {
if(name) PKCS12_add_friendlyname(bag, name, -1);
PKCS12_add_localkeyid(bag, keyid, keyidlen);
} else if((catmp = sk_shift(canames)))
PKCS12_add_friendlyname(bag, catmp, -1);
sk_PKCS12_SAFEBAG_push(bags, bag);
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
for (i = 0; i < sk_num(canames); i++)
{
catmp = (unsigned char *)sk_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
if (csp_name && key)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name, -1);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("encrypting bags");
CRYPTO_push_info("reading password");
#endif
if(!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
{
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
/* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
iter, bags);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
if (!authsafe) {
ERR_print_errors (bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("creating PKCS#12 structure");
#endif
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
if (!p12)
{
ERR_print_errors (bio_err);
goto export_end;
}
}
safes = sk_PKCS7_new_null ();
sk_PKCS7_push (safes, authsafe);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building shrouded key bag");
#endif
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
p8 = NULL;
if (name) PKCS12_add_friendlyname (bag, name, -1);
if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_PKCS12_SAFEBAG_new_null();
sk_PKCS12_SAFEBAG_push (bags, bag);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("encrypting shrouded key bag");
#endif
/* Turn it into unencrypted safe bag */
authsafe = PKCS12_pack_p7data (bags);
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
sk_PKCS7_push (safes, authsafe);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building pkcs12");
#endif
p12 = PKCS12_init(NID_pkcs7_data);
PKCS12_pack_authsafes(p12, safes);
sk_PKCS7_pop_free(safes, PKCS7_free);
safes = NULL;
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
if (maciter != -1)
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("writing pkcs12");
#endif
i2d_PKCS12_bio (out, p12);
i2d_PKCS12_bio(out, p12);
ret = 0;
@ -632,8 +593,7 @@ int MAIN(int argc, char **argv)
if (key) EVP_PKEY_free(key);
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@ -666,7 +626,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("verify MAC");
#endif
/* If we enter empty password try no password first */
if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
@ -710,9 +670,10 @@ int MAIN(int argc, char **argv)
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
STACK_OF(PKCS7) *asafes;
STACK_OF(PKCS7) *asafes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
int ret = 0;
PKCS7 *p7;
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
@ -730,16 +691,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
}
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else continue;
if (!bags) return 0;
if (!bags) goto err;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) {
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
return 0;
goto err;
}
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
bags = NULL;
}
sk_PKCS7_pop_free (asafes, PKCS7_free);
return 1;
ret = 1;
err:
if (asafes)
sk_PKCS7_pop_free (asafes, PKCS7_free);
return ret;
}
int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@ -856,11 +823,12 @@ err:
int alg_print (BIO *x, X509_ALGOR *alg)
{
PBEPARAM *pbe;
unsigned char *p;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
BIO_printf (bio_err, "%s, Iteration %d\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
BIO_printf (bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
return 0;
}
@ -894,7 +862,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;

50
crypto/openssl/apps/prime.c
View File

@ -56,12 +56,14 @@
#undef PROG
#define PROG prime_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int hex=0;
int checks=20;
BIGNUM *bn=NULL;
BIO *bio_out=NULL;
BIO *bio_out;
apps_startup();
@ -69,18 +71,6 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
--argc;
++argv;
while (argc >= 1 && **argv == '-')
@ -95,16 +85,29 @@ int MAIN(int argc, char **argv)
else
{
BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s hex\n","-hex");
BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
exit(1);
goto bad;
}
--argc;
++argv;
}
if (argv[0] == NULL)
{
BIO_printf(bio_err,"No prime specified\n");
goto bad;
}
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
if(hex)
BN_hex2bn(&bn,argv[0]);
else
@ -112,7 +115,16 @@ int MAIN(int argc, char **argv)
BN_print(bio_out,bn);
BIO_printf(bio_out," is %sprime\n",
BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
BN_free(bn);
BIO_free_all(bio_out);
return 0;
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s hex\n","-hex");
BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
return 1;
}

18
crypto/openssl/apps/progs.h
View File

@ -17,6 +17,8 @@ extern int rsa_main(int argc,char *argv[]);
extern int rsautl_main(int argc,char *argv[]);
extern int dsa_main(int argc,char *argv[]);
extern int dsaparam_main(int argc,char *argv[]);
extern int ec_main(int argc,char *argv[]);
extern int ecparam_main(int argc,char *argv[]);
extern int x509_main(int argc,char *argv[]);
extern int genrsa_main(int argc,char *argv[]);
extern int gendsa_main(int argc,char *argv[]);
@ -35,11 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]);
extern int spkac_main(int argc,char *argv[]);
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
extern int prime_main(int argc,char *argv[]);
#ifndef OPENSSL_NO_ENGINE
extern int engine_main(int argc,char *argv[]);
#endif
extern int ocsp_main(int argc,char *argv[]);
extern int prime_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
@ -47,8 +47,8 @@ extern int ocsp_main(int argc,char *argv[]);
typedef struct {
int type;
char *name;
int (*func)();
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
FUNCTION functions[] = {
@ -81,6 +81,12 @@ FUNCTION functions[] = {
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ec",ec_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
#endif
{FUNC_TYPE_GENERAL,"x509",x509_main},
#ifndef OPENSSL_NO_RSA
@ -116,11 +122,11 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
{FUNC_TYPE_GENERAL,"prime",prime_main},
#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
#endif
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
{FUNC_TYPE_GENERAL,"prime",prime_main},
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
#endif

10
crypto/openssl/apps/progs.pl
View File

@ -16,8 +16,8 @@ print <<'EOF';
typedef struct {
int type;
char *name;
int (*func)();
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
FUNCTION functions[] = {
@ -29,10 +29,16 @@ foreach (@ARGV)
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/))
{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))

2
crypto/openssl/apps/rand.c
View File

@ -205,7 +205,7 @@ int MAIN(int argc, char **argv)
int chunk;
chunk = num;
if (chunk > sizeof buf)
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
r = RAND_bytes(buf, chunk);
if (r <= 0)

228
crypto/openssl/apps/req.c
View File

@ -56,6 +56,12 @@
* [including the GNU Public Licence.]
*/
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
@ -73,7 +79,13 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include "../crypto/cryptlib.h"
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#define SECTION "req"
@ -113,9 +125,10 @@
* require. This format is wrong
*/
static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
unsigned long chtype);
static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
int attribs,unsigned long chtype);
static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
int multirdn);
static int prompt_info(X509_REQ *req,
STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
@ -123,16 +136,16 @@ static int prompt_info(X509_REQ *req,
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs,
unsigned long chtype);
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int n_min,
static int add_attribute_object(X509_REQ *req, char *text, const char *def,
char *value, int nid, int n_min,
int n_max, unsigned long chtype);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid,int n_min,int n_max, unsigned long chtype);
static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
int nid,int n_min,int n_max, unsigned long chtype, int mval);
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
#endif
static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
static int check_end(const char *str, const char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
#endif
@ -142,6 +155,7 @@ static int batch=0;
#define TYPE_RSA 1
#define TYPE_DSA 2
#define TYPE_DH 3
#define TYPE_EC 4
int MAIN(int, char **);
@ -150,6 +164,9 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
DSA *dsa_params=NULL;
#endif
#ifndef OPENSSL_NO_ECDSA
EC_KEY *ec_params = NULL;
#endif
unsigned long nmflag = 0, reqflag = 0;
int ex=1,x509=0,days=30;
@ -175,7 +192,8 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *p;
char *subj = NULL;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
int multirdn = 0;
const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
char *to_free;
@ -322,11 +340,64 @@ int MAIN(int argc, char **argv)
}
}
BIO_free(in);
newkey=BN_num_bits(dsa_params->p);
in=NULL;
newkey=BN_num_bits(dsa_params->p);
}
else
#endif
#ifndef OPENSSL_NO_ECDSA
if (strncmp("ec:",p,3) == 0)
{
X509 *xtmp=NULL;
EVP_PKEY *dtmp;
EC_GROUP *group;
pkey_type=TYPE_EC;
p+=3;
if ((in=BIO_new_file(p,"r")) == NULL)
{
perror(p);
goto end;
}
if ((ec_params = EC_KEY_new()) == NULL)
goto end;
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
if (group == NULL)
{
EC_KEY_free(ec_params);
ERR_clear_error();
(void)BIO_reset(in);
if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
{
BIO_printf(bio_err,"unable to load EC parameters from file\n");
goto end;
}
if ((dtmp=X509_get_pubkey(xtmp))==NULL)
goto end;
if (dtmp->type == EVP_PKEY_EC)
ec_params = EC_KEY_dup(dtmp->pkey.ec);
EVP_PKEY_free(dtmp);
X509_free(xtmp);
if (ec_params == NULL)
{
BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
goto end;
}
}
else
{
if (EC_KEY_set_group(ec_params, group) == 0)
goto end;
EC_GROUP_free(group);
}
BIO_free(in);
in=NULL;
newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
}
else
#endif
#ifndef OPENSSL_NO_DH
if (strncmp("dh:",p,4) == 0)
{
@ -335,7 +406,9 @@ int MAIN(int argc, char **argv)
}
else
#endif
pkey_type=TYPE_RSA;
{
goto bad;
}
newreq=1;
}
@ -380,6 +453,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
subj= *(++argv);
}
else if (strcmp(*argv,"-multivalue-rdn") == 0)
multirdn=1;
else if (strcmp(*argv,"-days") == 0)
{
if (--argc < 1) goto bad;
@ -445,9 +520,13 @@ bad:
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
#ifndef OPENSSL_NO_ECDSA
BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -subj arg set or modify request subject\n");
BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -batch do not ask anything during request generation\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
@ -499,13 +578,16 @@ bad:
else
{
req_conf=config;
if( verbose )
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
if (req_conf == NULL)
{
BIO_printf(bio_err,"Unable to load config info\n");
BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
if (newreq)
goto end;
}
else if( verbose )
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
}
if (req_conf != NULL)
@ -637,7 +719,8 @@ bad:
message */
goto end;
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA ||
EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
{
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
@ -648,6 +731,9 @@ bad:
if (newreq && (pkey == NULL))
{
#ifndef OPENSSL_NO_RSA
BN_GENCB cb;
#endif
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
@ -661,24 +747,33 @@ bad:
newkey=DEFAULT_KEY_LENGTH;
}
if (newkey < MIN_KEY_LENGTH)
if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
{
BIO_printf(bio_err,"private key length is too short,\n");
BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
goto end;
}
BIO_printf(bio_err,"Generating a %d bit %s private key\n",
newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
newkey,(pkey_type == TYPE_RSA)?"RSA":
(pkey_type == TYPE_DSA)?"DSA":"EC");
if ((pkey=EVP_PKEY_new()) == NULL) goto end;
#ifndef OPENSSL_NO_RSA
BN_GENCB_set(&cb, req_cb, bio_err);
if (pkey_type == TYPE_RSA)
{
if (!EVP_PKEY_assign_RSA(pkey,
RSA_generate_key(newkey,0x10001,
req_cb,bio_err)))
RSA *rsa = RSA_new();
BIGNUM *bn = BN_new();
if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
!RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
!EVP_PKEY_assign_RSA(pkey, rsa))
{
if(bn) BN_free(bn);
if(rsa) RSA_free(rsa);
goto end;
}
BN_free(bn);
}
else
#endif
@ -690,6 +785,15 @@ bad:
dsa_params=NULL;
}
#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey_type == TYPE_EC)
{
if (!EC_KEY_generate_key(ec_params)) goto end;
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
goto end;
ec_params = NULL;
}
#endif
app_RAND_write_file(randfile, bio_err);
@ -795,6 +899,10 @@ loop:
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC)
digest=EVP_ecdsa();
#endif
if (req == NULL)
{
@ -804,7 +912,7 @@ loop:
goto end;
}
i=make_REQ(req,pkey,subj,!x509, chtype);
i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
subj=NULL; /* done processing '-subj' option */
if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
{
@ -899,7 +1007,7 @@ loop:
print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
}
if (build_subject(req, subj, chtype) == 0)
if (build_subject(req, subj, chtype, multirdn) == 0)
{
BIO_printf(bio_err, "ERROR: cannot modify subject\n");
ex=1;
@ -1082,13 +1190,16 @@ end:
OBJ_cleanup();
#ifndef OPENSSL_NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
#ifndef OPENSSL_NO_ECDSA
if (ec_params != NULL) EC_KEY_free(ec_params);
#endif
apps_shutdown();
OPENSSL_EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
unsigned long chtype)
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
int attribs, unsigned long chtype)
{
int ret=0,i;
char no_prompt = 0;
@ -1138,7 +1249,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
else
{
if (subj)
i = build_subject(req, subj, chtype);
i = build_subject(req, subj, chtype, multirdn);
else
i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
}
@ -1155,11 +1266,11 @@ err:
* subject is expected to be in the format /type0=value0/type1=value1/type2=...
* where characters may be escaped by \
*/
static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
{
X509_NAME *n;
if (!(n = do_subject(subject, chtype)))
if (!(n = parse_name(subject, chtype, multirdn)))
return 0;
if (!X509_REQ_set_subject_name(req, n))
@ -1180,9 +1291,10 @@ static int prompt_info(X509_REQ *req,
int i;
char *p,*q;
char buf[100];
int nid;
int nid, mval;
long n_min,n_max;
char *type,*def,*value;
char *type, *value;
const char *def;
CONF_VALUE *v;
X509_NAME *subj;
subj = X509_REQ_get_subject_name(req);
@ -1223,10 +1335,17 @@ start: for (;;)
if(*p) type = p;
break;
}
if (*type == '+')
{
mval = -1;
type++;
}
else
mval = 0;
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
>= sizeof buf)
>= (int)sizeof(buf))
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
@ -1260,7 +1379,7 @@ start: for (;;)
}
if (!add_DN_object(subj,v->value,def,value,nid,
n_min,n_max, chtype))
n_min,n_max, chtype, mval))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
@ -1291,7 +1410,7 @@ start2: for (;;)
goto start2;
if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
>= sizeof buf)
>= (int)sizeof(buf))
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
@ -1350,6 +1469,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
{
int mval;
v=sk_CONF_VALUE_value(dn_sk,i);
p=q=NULL;
type=v->name;
@ -1366,8 +1486,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
if(*p) type = p;
break;
}
#ifndef CHARSET_EBCDIC
if (*p == '+')
#else
if (*p == os_toascii['+'])
#endif
{
p++;
mval = -1;
}
else
mval = 0;
if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
(unsigned char *) v->value,-1,-1,0)) return 0;
(unsigned char *) v->value,-1,-1,mval)) return 0;
}
@ -1389,8 +1520,8 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
}
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid, int n_min, int n_max, unsigned long chtype)
static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
int nid, int n_min, int n_max, unsigned long chtype, int mval)
{
int i,ret=0;
MS_STATIC char buf[1024];
@ -1439,14 +1570,14 @@ start:
#endif
if(!req_check_len(i, n_min, n_max)) goto start;
if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,0)) goto err;
(unsigned char *) buf, -1,-1,mval)) goto err;
ret=1;
err:
return(ret);
}
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int n_min,
static int add_attribute_object(X509_REQ *req, char *text, const char *def,
char *value, int nid, int n_min,
int n_max, unsigned long chtype)
{
int i;
@ -1510,7 +1641,7 @@ err:
}
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p, int n, void *arg)
static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
@ -1518,11 +1649,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#endif
@ -1542,10 +1674,10 @@ static int req_check_len(int len, int n_min, int n_max)
}
/* Check if the end of a string matches 'end' */
static int check_end(char *str, char *end)
static int check_end(const char *str, const char *end)
{
int elen, slen;
char *tmp;
const char *tmp;
elen = strlen(end);
slen = strlen(str);
if(elen > slen) return 1;

4
crypto/openssl/apps/rsa.c
View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <stdlib.h>
@ -68,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#undef PROG
#define PROG rsa_main
@ -307,7 +309,7 @@ bad:
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
long err;
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&

3
crypto/openssl/apps/rsautl.c
View File

@ -56,12 +56,14 @@
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
@ -147,6 +149,7 @@ int MAIN(int argc, char **argv)
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
else if(!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN;
need_priv = 1;

10
crypto/openssl/apps/s_apps.h
View File

@ -108,8 +108,9 @@
* Hudson (tjh@cryptsoft.com).
*
*/
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
#include <sys/types.h>
#endif
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
@ -147,19 +148,20 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
int do_server(int port, int *ret, int (*cb) (), char *context);
int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
int init_client(int *sock, char *server, int port);
int init_client(int *sock, char *server, int port, int type);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H

54
crypto/openssl/apps/s_cb.c
View File

@ -229,8 +229,36 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
return(1);
}
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret)
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
{
if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0)
{
BIO_printf(bio_err,"error setting certificate\n");
ERR_print_errors(bio_err);
return 0;
}
if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
{
BIO_printf(bio_err,"error setting private key\n");
ERR_print_errors(bio_err);
return 0;
}
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
{
BIO_printf(bio_err,"Private key does not match the certificate public key\n");
return 0;
}
return 1;
}
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret)
{
BIO *out;
@ -239,15 +267,15 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
{
BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
bio,argp,argi,ret,ret);
BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
(void *)bio,argp,argi,ret,ret);
BIO_dump(out,argp,(int)ret);
return(ret);
}
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
bio,argp,argi,ret,ret);
BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
(void *)bio,argp,argi,ret,ret);
BIO_dump(out,argp,(int)ret);
}
return(ret);
@ -255,7 +283,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
{
char *str;
const char *str;
int w;
w=where& ~SSL_ST_MASK;
@ -318,14 +346,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
if (len > 0)
{
switch (((unsigned char*)buf)[0])
switch (((const unsigned char*)buf)[0])
{
case 0:
str_details1 = ", ERROR:";
str_details2 = " ???";
if (len >= 3)
{
unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
switch (err)
{
@ -394,7 +422,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
if (len == 2)
{
switch (((unsigned char*)buf)[0])
switch (((const unsigned char*)buf)[0])
{
case 1:
str_details1 = ", warning";
@ -405,7 +433,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
}
str_details2 = " ???";
switch (((unsigned char*)buf)[1])
switch (((const unsigned char*)buf)[1])
{
case 0:
str_details2 = " close_notify";
@ -486,7 +514,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
if (len > 0)
{
switch (((unsigned char*)buf)[0])
switch (((const unsigned char*)buf)[0])
{
case 0:
str_details1 = ", HelloRequest";
@ -539,7 +567,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
{
if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n ");
BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
}
if (i < len)
BIO_printf(bio, " ...");

183
crypto/openssl/apps/s_client.c
View File

@ -135,6 +135,7 @@ typedef unsigned int u_int;
#include <openssl/pem.h>
#include <openssl/rand.h>
#include "s_apps.h"
#include "timeouts.h"
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@ -187,16 +188,22 @@ static void sc_usage(void)
BIO_printf(bio_err," -port port - use -connect instead\n");
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
BIO_printf(bio_err," not specified but cert file is.\n");
BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
#endif
BIO_printf(bio_err," -msg - Show protocol messages\n");
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
BIO_printf(bio_err," -state - print the 'ssl' states\n");
@ -209,6 +216,8 @@ static void sc_usage(void)
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
BIO_printf(bio_err," -mtu - set the MTU\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
@ -241,6 +250,10 @@ int MAIN(int argc, char **argv)
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
int crlf=0;
@ -250,16 +263,25 @@ int MAIN(int argc, char **argv)
int starttls_proto = 0;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
#ifdef sock_type
#undef sock_type
#endif
int sock_type=SOCK_STREAM;
BIO *sbio;
char *inrand=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
ENGINE *e=NULL;
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
struct sockaddr peer;
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long mtu = 0;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
#elif !defined(OPENSSL_NO_SSL3)
@ -329,6 +351,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
else if (strcmp(*argv,"-certform") == 0)
{
if (--argc < 1) goto bad;
cert_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
@ -348,6 +375,10 @@ int MAIN(int argc, char **argv)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
#ifdef WATT32
else if (strcmp(*argv,"-wdebug") == 0)
dbug_init();
#endif
else if (strcmp(*argv,"-msg") == 0)
c_msg=1;
else if (strcmp(*argv,"-showcerts") == 0)
@ -367,9 +398,33 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_client_method();
sock_type=SOCK_DGRAM;
}
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
{
if (--argc < 1) goto bad;
mtu = atol(*(++argv));
}
#endif
else if (strcmp(*argv,"-bugs") == 0)
bugs=1;
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
key_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg = *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@ -451,6 +506,42 @@ bad:
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
#endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (key_file == NULL)
key_file = cert_file;
if (key_file)
{
key = load_key(bio_err, key_file, key_format, 0, pass, e,
"client certificate private key file");
if (!key)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (cert_file)
{
cert = load_cert(bio_err,cert_file,cert_format,
NULL, e, "client certificate file");
if (!cert)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
@ -485,6 +576,10 @@ bad:
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (cipher != NULL)
@ -499,7 +594,7 @@ bad:
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
if (!set_cert_stuff(ctx,cert_file,key_file))
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
@ -524,7 +619,7 @@ bad:
re_start:
if (init_client(&s,host,port) == 0)
if (init_client(&s,host,port,sock_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
@ -545,7 +640,46 @@ re_start:
}
#endif
if (c_Pause & 0x01) con->debug=1;
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if ( SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
if (getsockname(s, &peer, (void *)&peerlen) < 0)
{
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
SHUTDOWN(s);
goto end;
}
BIO_ctrl_set_connected(sbio, 1, &peer);
if ( enable_timeouts)
{
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_SND_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
if ( mtu > 0)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, mtu);
}
else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
}
else
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (nbio_test)
{
@ -558,7 +692,7 @@ re_start:
if (c_debug)
{
con->debug=1;
BIO_set_callback(sbio,bio_dump_cb);
BIO_set_callback(sbio,bio_dump_callback);
BIO_set_callback_arg(sbio,bio_c_out);
}
if (c_msg)
@ -640,7 +774,7 @@ re_start:
if (!ssl_pending)
{
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
@ -690,6 +824,16 @@ re_start:
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
}
#elif defined(OPENSSL_SYS_NETWARE)
if(!write_tty) {
if(read_tty) {
tv.tv_sec = 1;
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
} else i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
}
#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
@ -770,7 +914,7 @@ re_start:
goto shut;
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
/* Assume Windows/DOS can always write */
else if (!ssl_pending && write_tty)
#else
@ -857,6 +1001,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
#else
else if (FD_ISSET(fileno(stdin),&readfds))
#endif
@ -920,6 +1066,12 @@ end:
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
if (cert)
X509_free(cert);
if (key)
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
@ -937,13 +1089,16 @@ static void print_stuff(BIO *bio, SSL *s, int full)
{
X509 *peer=NULL;
char *p;
static char *space=" ";
static const char *space=" ";
char buf[BUFSIZ];
STACK_OF(X509) *sk;
STACK_OF(X509_NAME) *sk2;
SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
#endif
if (full)
{
@ -1046,6 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
#ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s);
BIO_printf(bio,"Compression: %s\n",
comp ? SSL_COMP_get_name(comp) : "NONE");
BIO_printf(bio,"Expansion: %s\n",
expansion ? SSL_COMP_get_name(expansion) : "NONE");
#endif
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)

363
crypto/openssl/apps/s_server.c
View File

@ -108,18 +108,33 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
#include <sys/types.h>
#endif
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@ -138,7 +153,14 @@ typedef unsigned int u_int;
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#include "s_apps.h"
#include "timeouts.h"
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@ -165,9 +187,10 @@ static void print_stats(BIO *bp,SSL_CTX *ctx);
static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len);
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(char *dhfile);
static DH *load_dh_param(const char *dhfile);
static DH *get_dh512(void);
#endif
#ifdef MONOLITH
static void s_server_init(void);
#endif
@ -206,6 +229,7 @@ static DH *get_dh512(void)
}
#endif
/* static int load_CA(SSL_CTX *ctx, char *file);*/
#undef BUFSIZZ
@ -222,7 +246,7 @@ extern int verify_depth;
static char *cipher=NULL;
static int s_server_verify=SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
static char *s_dcert_file=NULL,*s_dkey_file=NULL;
#ifdef FIONBIO
static int s_nbio=0;
@ -243,6 +267,14 @@ static char *engine_id=NULL;
#endif
static const char *session_id_prefix=NULL;
static int enable_timeouts = 0;
#ifdef mtu
#undef mtu
#endif
static long mtu;
static int cert_chain = 0;
#ifdef MONOLITH
static void s_server_init(void)
{
@ -279,14 +311,25 @@ static void sv_usage(void)
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err," or a default set of parameters is used\n");
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
" Use \"openssl ecparam -list_curves\" for all names\n" \
" (default is sect163r2).\n");
#endif
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
@ -305,11 +348,18 @@ static void sv_usage(void)
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
BIO_printf(bio_err," -timeout - Enable timeouts\n");
BIO_printf(bio_err," -mtu - Set MTU\n");
BIO_printf(bio_err," -chain - Read a certificate chain\n");
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
#ifndef OPENSSL_NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
@ -484,18 +534,31 @@ int MAIN(int argc, char *argv[])
int vflags = 0;
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
#ifndef OPENSSL_NO_ECDH
char *named_curve = NULL;
#endif
int badop=0,bugs=0;
int ret=1;
int off=0;
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
#ifdef sock_type
#undef sock_type
#endif
int sock_type=SOCK_STREAM;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
#endif
char *inrand=NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
char *dpassarg = NULL, *dpass = NULL;
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
@ -555,28 +618,65 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-context") == 0)
{
if (--argc < 1) goto bad;
context= *(++argv);
context= (unsigned char *)*(++argv);
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
s_cert_file= *(++argv);
}
else if (strcmp(*argv,"-certform") == 0)
{
if (--argc < 1) goto bad;
s_cert_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
s_key_file= *(++argv);
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
s_key_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg = *(++argv);
}
else if (strcmp(*argv,"-dhparam") == 0)
{
if (--argc < 1) goto bad;
dhfile = *(++argv);
}
#ifndef OPENSSL_NO_ECDH
else if (strcmp(*argv,"-named_curve") == 0)
{
if (--argc < 1) goto bad;
named_curve = *(++argv);
}
#endif
else if (strcmp(*argv,"-dcertform") == 0)
{
if (--argc < 1) goto bad;
s_dcert_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-dcert") == 0)
{
if (--argc < 1) goto bad;
s_dcert_file= *(++argv);
}
else if (strcmp(*argv,"-dkeyform") == 0)
{
if (--argc < 1) goto bad;
s_dkey_format = str2fmt(*(++argv));
}
else if (strcmp(*argv,"-dpass") == 0)
{
if (--argc < 1) goto bad;
dpassarg = *(++argv);
}
else if (strcmp(*argv,"-dkey") == 0)
{
if (--argc < 1) goto bad;
@ -640,6 +740,8 @@ int MAIN(int argc, char *argv[])
{ no_tmp_rsa=1; }
else if (strcmp(*argv,"-no_dhe") == 0)
{ no_dhe=1; }
else if (strcmp(*argv,"-no_ecdhe") == 0)
{ no_ecdhe=1; }
else if (strcmp(*argv,"-www") == 0)
{ www=1; }
else if (strcmp(*argv,"-WWW") == 0)
@ -663,6 +765,22 @@ int MAIN(int argc, char *argv[])
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_server_method();
sock_type = SOCK_DGRAM;
}
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv,"-mtu") == 0)
{
if (--argc < 1) goto bad;
mtu = atol(*(++argv));
}
else if (strcmp(*argv, "-chain") == 0)
cert_chain = 1;
#endif
else if (strcmp(*argv, "-id_prefix") == 0)
{
@ -704,6 +822,62 @@ bad:
e = setup_engine(bio_err, engine_id, 1);
#endif
if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (s_key_file == NULL)
s_key_file = s_cert_file;
if (nocert == 0)
{
s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
"server certificate private key file");
if (!s_key)
{
ERR_print_errors(bio_err);
goto end;
}
s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
NULL, e, "server certificate file");
if (!s_cert)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (s_dcert_file)
{
if (s_dkey_file == NULL)
s_dkey_file = s_dcert_file;
s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
0, dpass, e,
"second certificate private key file");
if (!s_dkey)
{
ERR_print_errors(bio_err);
goto end;
}
s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
NULL, e, "second server certificate file");
if (!s_dcert)
{
ERR_print_errors(bio_err);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
@ -726,7 +900,7 @@ bad:
}
}
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
if (nocert)
#endif
{
@ -762,6 +936,10 @@ bad:
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
SSL_CTX_set_options(ctx,off);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
@ -814,12 +992,57 @@ bad:
DH_free(dh);
}
#endif
if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
goto end;
if (s_dcert_file != NULL)
#ifndef OPENSSL_NO_ECDH
if (!no_ecdhe)
{
if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
EC_KEY *ecdh=NULL;
if (named_curve)
{
int nid = OBJ_sn2nid(named_curve);
if (nid == 0)
{
BIO_printf(bio_err, "unknown curve name (%s)\n",
named_curve);
goto end;
}
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL)
{
BIO_printf(bio_err, "unable to create curve (%s)\n",
named_curve);
goto end;
}
}
if (ecdh != NULL)
{
BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
}
else
{
BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
if (ecdh == NULL)
{
BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
goto end;
}
}
(void)BIO_flush(bio_s_out);
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
EC_KEY_free(ecdh);
}
#endif
if (!set_cert_key_stuff(ctx,s_cert,s_key))
goto end;
if (s_dcert != NULL)
{
if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
goto end;
}
@ -863,16 +1086,28 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
do_server(port,&accept_socket,www_body, context);
do_server(port,sock_type,&accept_socket,www_body, context);
else
do_server(port,&accept_socket,sv_body, context);
do_server(port,sock_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (s_cert)
X509_free(s_cert);
if (s_dcert)
X509_free(s_dcert);
if (s_key)
EVP_PKEY_free(s_key);
if (s_dkey)
EVP_PKEY_free(s_dkey);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
BIO_free(bio_s_out);
bio_s_out=NULL;
}
apps_shutdown();
@ -883,23 +1118,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
{
BIO_printf(bio,"%4ld items in the session cache\n",
SSL_CTX_sess_number(ssl_ctx));
BIO_printf(bio,"%4d client connects (SSL_connect())\n",
BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
SSL_CTX_sess_connect(ssl_ctx));
BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
SSL_CTX_sess_connect_renegotiate(ssl_ctx));
BIO_printf(bio,"%4d client connects that finished\n",
BIO_printf(bio,"%4ld client connects that finished\n",
SSL_CTX_sess_connect_good(ssl_ctx));
BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
SSL_CTX_sess_accept(ssl_ctx));
BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
SSL_CTX_sess_accept_renegotiate(ssl_ctx));
BIO_printf(bio,"%4d server accepts that finished\n",
BIO_printf(bio,"%4ld server accepts that finished\n",
SSL_CTX_sess_accept_good(ssl_ctx));
BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
SSL_CTX_sess_cache_full(ssl_ctx),
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
@ -913,7 +1148,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
@ -951,7 +1186,39 @@ static int sv_body(char *hostname, int s, unsigned char *context)
}
SSL_clear(con);
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (SSL_version(con) == DTLS1_VERSION)
{
struct timeval timeout;
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
if ( enable_timeouts)
{
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_RCV_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
timeout.tv_sec = 0;
timeout.tv_usec = DGRAM_SND_TIMEOUT;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
if ( mtu > 0)
{
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu(con, mtu);
}
else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
/* turn on cookie exchange */
SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
}
else
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (s_nbio_test)
{
BIO *test;
@ -966,7 +1233,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (s_debug)
{
con->debug=1;
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
if (s_msg)
@ -987,7 +1254,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
@ -997,7 +1264,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
@ -1057,7 +1324,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if ((i <= 0) || (buf[0] == 'q'))
{
BIO_printf(bio_s_out,"DONE\n");
SHUTDOWN(s);
if (SSL_version(con) != DTLS1_VERSION)
SHUTDOWN(s);
/* close_accept_socket();
ret= -11;*/
goto err;
@ -1086,7 +1354,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
}
if (buf[0] == 'P')
{
static char *str="Lets print some clear text\n";
static const char *str="Lets print some clear text\n";
BIO_write(SSL_get_wbio(con),str,strlen(str));
}
if (buf[0] == 'S')
@ -1270,7 +1538,7 @@ static int init_ssl_connection(SSL *con)
}
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(char *dhfile)
static DH *load_dh_param(const char *dhfile)
{
DH *ret=NULL;
BIO *bio;
@ -1369,7 +1637,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (s_debug)
{
con->debug=1;
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
if (s_msg)
@ -1417,7 +1685,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
sleep(1);
#endif
continue;
@ -1436,7 +1706,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
char *p;
X509 *peer;
STACK_OF(SSL_CIPHER) *sk;
static char *space=" ";
static const char *space=" ";
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
@ -1516,7 +1786,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
{
BIO *file;
char *p,*e;
static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
p= &(buf[5]);
@ -1692,21 +1962,30 @@ err:
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
BIGNUM *bn = NULL;
static RSA *rsa_tmp=NULL;
if (rsa_tmp == NULL)
if (!rsa_tmp && ((bn = BN_new()) == NULL))
BIO_printf(bio_err,"Allocation error in generating RSA key\n");
if (!rsa_tmp && bn)
{
if (!s_quiet)
{
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
(void)BIO_flush(bio_err);
}
rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
{
if(rsa_tmp) RSA_free(rsa_tmp);
rsa_tmp = NULL;
}
if (!s_quiet)
{
BIO_printf(bio_err,"\n");
(void)BIO_flush(bio_err);
}
BN_free(bn);
}
return(rsa_tmp);
}

120
crypto/openssl/apps/s_socket.c
View File

@ -62,8 +62,6 @@
#include <errno.h>
#include <signal.h>
#include <openssl/e_os2.h>
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@ -81,14 +79,26 @@ typedef unsigned int u_int;
#include "s_apps.h"
#include <openssl/ssl.h>
#ifdef FLAT_INC
#include "e_os.h"
#else
#include "../e_os.h"
#endif
#ifndef OPENSSL_NO_SOCK
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
#include "netdb.h"
#endif
static struct hostent *GetHostByName(char *name);
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
static int init_client_ip(int *sock,unsigned char ip[4], int port);
static int init_server(int *sock, int port);
static int init_server_long(int *sock, int port,char *ip);
static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port,char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
@ -98,6 +108,10 @@ static int host_ip(char *str, unsigned char ip[4]);
#define SOCKET_PROTOCOL IPPROTO_TCP
#endif
#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
static int wsa_init_done=0;
#endif
#ifdef OPENSSL_SYS_WINDOWS
static struct WSAData wsa_state;
static int wsa_init_done=0;
@ -146,6 +160,15 @@ static void ssl_sock_cleanup(void)
WSACleanup();
}
}
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
static void sock_cleanup(void)
{
if (wsa_init_done)
{
wsa_init_done=0;
WSACleanup();
}
}
#endif
static int ssl_sock_init(void)
@ -153,7 +176,6 @@ static int ssl_sock_init(void)
#ifdef WATT32
extern int _watt_do_exit;
_watt_do_exit = 0;
dbug_init();
if (sock_init())
return (0);
#elif defined(OPENSSL_SYS_WINDOWS)
@ -181,11 +203,32 @@ static int ssl_sock_init(void)
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
#endif /* OPENSSL_SYS_WIN16 */
}
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
WORD wVerReq;
WSADATA wsaData;
int err;
if (!wsa_init_done)
{
# ifdef SIGINT
signal(SIGINT,(void (*)(int))sock_cleanup);
# endif
wsa_init_done=1;
wVerReq = MAKEWORD( 2, 0 );
err = WSAStartup(wVerReq,&wsaData);
if (err != 0)
{
BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
return(0);
}
}
#endif /* OPENSSL_SYS_WINDOWS */
return(1);
}
int init_client(int *sock, char *host, int port)
int init_client(int *sock, char *host, int port, int type)
{
unsigned char ip[4];
short p=0;
@ -195,10 +238,10 @@ int init_client(int *sock, char *host, int port)
return(0);
}
if (p != 0) port=p;
return(init_client_ip(sock,ip,port));
return(init_client_ip(sock,ip,port,type));
}
static int init_client_ip(int *sock, unsigned char ip[4], int port)
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
{
unsigned long addr;
struct sockaddr_in them;
@ -216,13 +259,20 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
((unsigned long)ip[3]);
them.sin_addr.s_addr=htonl(addr);
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (type == SOCK_STREAM)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
else /* ( type == SOCK_DGRAM) */
s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
#ifndef OPENSSL_SYS_MPE
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
if (type == SOCK_STREAM)
{
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
}
#endif
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
@ -231,30 +281,36 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
return(1);
}
int do_server(int port, int *ret, int (*cb)(), char *context)
int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{
int sock;
char *name;
char *name = NULL;
int accept_socket;
int i;
if (!init_server(&accept_socket,port)) return(0);
if (!init_server(&accept_socket,port,type)) return(0);
if (ret != NULL)
{
*ret=accept_socket;
/* return(1);*/
}
for (;;)
{
if (do_accept(accept_socket,&sock,&name) == 0)
for (;;)
{
if (type==SOCK_STREAM)
{
SHUTDOWN(accept_socket);
return(0);
if (do_accept(accept_socket,&sock,&name) == 0)
{
SHUTDOWN(accept_socket);
return(0);
}
}
else
sock = accept_socket;
i=(*cb)(name,sock, context);
if (name != NULL) OPENSSL_free(name);
SHUTDOWN2(sock);
if (type==SOCK_STREAM)
SHUTDOWN2(sock);
if (i < 0)
{
SHUTDOWN2(accept_socket);
@ -263,7 +319,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
}
}
static int init_server_long(int *sock, int port, char *ip)
static int init_server_long(int *sock, int port, char *ip, int type)
{
int ret=0;
struct sockaddr_in server;
@ -283,7 +339,11 @@ static int init_server_long(int *sock, int port, char *ip)
#else
memcpy(&server.sin_addr,ip,4);
#endif
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (type == SOCK_STREAM)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
else /* type == SOCK_DGRAM */
s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) goto err;
#if defined SOL_SOCKET && defined SO_REUSEADDR
@ -301,7 +361,7 @@ static int init_server_long(int *sock, int port, char *ip)
goto err;
}
/* Make it 128 for linux */
if (listen(s,128) == -1) goto err;
if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
i=0;
*sock=s;
ret=1;
@ -313,9 +373,9 @@ err:
return(ret);
}
static int init_server(int *sock, int port)
static int init_server(int *sock, int port, int type)
{
return(init_server_long(sock, port, NULL));
return(init_server_long(sock, port, NULL, type));
}
static int do_accept(int acc_sock, int *sock, char **host)
@ -342,7 +402,7 @@ redoit:
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
if (ret == INVALID_SOCKET)
{
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
i=WSAGetLastError();
BIO_printf(bio_err,"accept error %d\n",i);
#else
@ -553,3 +613,5 @@ static struct hostent *GetHostByName(char *name)
return(ret);
}
}
#endif

18
crypto/openssl/apps/s_time.c
View File

@ -85,7 +85,7 @@
#include OPENSSL_UNISTD
#endif
#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
#define TIMES
#endif
@ -105,7 +105,7 @@
#undef TIMES
#endif
#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
#include <sys/timeb.h>
#endif
@ -384,6 +384,20 @@ static double tm_Time_F(int s)
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
return((ret == 0.0)?1e-6:ret);
}
#elif defined(OPENSSL_SYS_NETWARE)
static clock_t tstart,tend;
if (s == START)
{
tstart=clock();
return(0);
}
else
{
tend=clock();
ret=(double)((double)(tend)-(double)(tstart));
return((ret < 0.001)?0.001:ret);
}
#elif defined(OPENSSL_SYS_VXWORKS)
{
static unsigned long tick_start, tick_end;

6
crypto/openssl/apps/sess_id.c
View File

@ -69,7 +69,7 @@
#undef PROG
#define PROG sess_id_main
static char *sess_id_usage[]={
static const char *sess_id_usage[]={
"usage: sess_id args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
int cert=0,noout=0,text=0;
char **pp;
const char **pp;
apps_startup();
@ -241,7 +241,7 @@ bad:
if (!noout && !cert)
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_SSL_SESSION_bio(out,x);
i=i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x);
else {

575
crypto/openssl/apps/smime.c
View File

@ -1,9 +1,9 @@
/* smime.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
* project.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -64,10 +64,13 @@
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
#undef PROG
#define PROG smime_main
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int smime_cb(int ok, X509_STORE_CTX *ctx);
#define SMIME_OP 0x10
#define SMIME_ENCRYPT (1 | SMIME_OP)
@ -79,12 +82,12 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
char *inmode = "r", *outmode = "w";
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
@ -96,7 +99,7 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
int flags = PKCS7_DETACHED, store_flags = 0;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
@ -108,24 +111,34 @@ int MAIN(int argc, char **argv)
char *engine=NULL;
#endif
X509_VERIFY_PARAM *vpm = NULL;
args = argv + 1;
ret = 1;
apps_startup();
if (bio_err == NULL)
{
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
}
if (!load_config(bio_err, NULL))
goto end;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp (*args, "-encrypt"))
operation = SMIME_ENCRYPT;
else if (!strcmp (*args, "-decrypt"))
operation = SMIME_DECRYPT;
else if (!strcmp (*args, "-sign"))
operation = SMIME_SIGN;
else if (!strcmp (*args, "-verify"))
operation = SMIME_VERIFY;
else if (!strcmp (*args, "-pk7out"))
operation = SMIME_PK7OUT;
#ifndef OPENSSL_NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
@ -172,127 +185,225 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL;
else if (!strcmp (*args, "-crl_check"))
store_flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp (*args, "-crl_check_all"))
store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (!strcmp(*args,"-rand")) {
if (args[1]) {
else if (!strcmp(*args,"-rand"))
{
if (args[1])
{
args++;
inrand = *args;
} else badarg = 1;
}
else
badarg = 1;
need_rand = 1;
}
#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
else if (!strcmp(*args,"-engine"))
{
if (args[1])
{
args++;
engine = *args;
} else badarg = 1;
}
else badarg = 1;
}
#endif
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
else if (!strcmp(*args,"-passin"))
{
if (args[1])
{
args++;
passargin = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-to")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-to"))
{
if (args[1])
{
args++;
to = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-from")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-from"))
{
if (args[1])
{
args++;
from = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-subject")) {
if (args[1]) {
}
else badarg = 1;
}
else if (!strcmp (*args, "-subject"))
{
if (args[1])
{
args++;
subject = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-signer")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-signer"))
{
if (args[1])
{
args++;
signerfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-recip")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-recip"))
{
if (args[1])
{
args++;
recipfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
}
else badarg = 1;
}
else if (!strcmp (*args, "-inkey"))
{
if (args[1])
{
args++;
keyfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-keyform")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-keyform"))
{
if (args[1])
{
args++;
keyform = str2fmt(*args);
} else badarg = 1;
} else if (!strcmp (*args, "-certfile")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-certfile"))
{
if (args[1])
{
args++;
certfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-CAfile")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-CAfile"))
{
if (args[1])
{
args++;
CAfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-CApath")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-CApath"))
{
if (args[1])
{
args++;
CApath = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inform")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-inform"))
{
if (args[1])
{
args++;
informat = str2fmt(*args);
} else badarg = 1;
} else if (!strcmp (*args, "-outform")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-outform"))
{
if (args[1])
{
args++;
outformat = str2fmt(*args);
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-content")) {
if (args[1]) {
}
else
badarg = 1;
}
else if (!strcmp (*args, "-content"))
{
if (args[1])
{
args++;
contfile = *args;
} else badarg = 1;
} else badarg = 1;
}
else
badarg = 1;
}
else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue;
else
badarg = 1;
args++;
}
}
if(operation == SMIME_SIGN) {
if(!signerfile) {
if (operation == SMIME_SIGN)
{
if (!signerfile)
{
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
}
}
need_rand = 1;
} else if(operation == SMIME_DECRYPT) {
if(!recipfile) {
BIO_printf(bio_err, "No recipient certificate and key specified\n");
badarg = 1;
}
} else if(operation == SMIME_ENCRYPT) {
if(!*args) {
else if (operation == SMIME_DECRYPT)
{
if (!recipfile && !keyfile)
{
BIO_printf(bio_err, "No recipient certificate or key specified\n");
badarg = 1;
}
}
else if (operation == SMIME_ENCRYPT)
{
if (!*args)
{
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
}
need_rand = 1;
} else if(!operation) badarg = 1;
}
else if (!operation)
badarg = 1;
if (badarg) {
if (badarg)
{
BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-encrypt encrypt message\n");
@ -347,121 +458,155 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, " the random number generator\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
}
if (need_rand) {
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
}
ret = 2;
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
if (operation != SMIME_SIGN)
flags &= ~PKCS7_DETACHED;
if(operation & SMIME_OP) {
if(flags & PKCS7_BINARY) inmode = "rb";
if(outformat == FORMAT_ASN1) outmode = "wb";
} else {
if(flags & PKCS7_BINARY) outmode = "wb";
if(informat == FORMAT_ASN1) inmode = "rb";
}
if (operation & SMIME_OP)
{
if (flags & PKCS7_BINARY)
inmode = "rb";
if (outformat == FORMAT_ASN1)
outmode = "wb";
}
else
{
if (flags & PKCS7_BINARY)
outmode = "wb";
if (informat == FORMAT_ASN1)
inmode = "rb";
}
if(operation == SMIME_ENCRYPT) {
if (!cipher) {
if (operation == SMIME_ENCRYPT)
{
if (!cipher)
{
#ifndef OPENSSL_NO_RC2
cipher = EVP_rc2_40_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
#endif
}
}
encerts = sk_X509_new_null();
while (*args) {
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
NULL, e, "recipient certificate file"))) {
while (*args)
{
if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
NULL, e, "recipient certificate file")))
{
#if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
#endif
goto end;
}
}
sk_X509_push(encerts, cert);
cert = NULL;
args++;
}
}
}
if(signerfile && (operation == SMIME_SIGN)) {
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
e, "signer certificate"))) {
if (signerfile && (operation == SMIME_SIGN))
{
if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
e, "signer certificate")))
{
#if 0 /* An appropri message has already been printed */
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
#endif
goto end;
}
}
}
if(certfile) {
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
e, "certificate file"))) {
if (certfile)
{
if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
e, "certificate file")))
{
#if 0 /* An appropriate message has already been printed */
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
#endif
ERR_print_errors(bio_err);
goto end;
}
}
}
if(recipfile && (operation == SMIME_DECRYPT)) {
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
e, "recipient certificate file"))) {
if (recipfile && (operation == SMIME_DECRYPT))
{
if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
e, "recipient certificate file")))
{
#if 0 /* An appropriate message has alrady been printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
#endif
ERR_print_errors(bio_err);
goto end;
}
}
}
if(operation == SMIME_DECRYPT) {
if(!keyfile) keyfile = recipfile;
} else if(operation == SMIME_SIGN) {
if(!keyfile) keyfile = signerfile;
} else keyfile = NULL;
if (operation == SMIME_DECRYPT)
{
if (!keyfile)
keyfile = recipfile;
}
else if (operation == SMIME_SIGN)
{
if (!keyfile)
keyfile = signerfile;
}
else keyfile = NULL;
if(keyfile) {
if (keyfile)
{
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
if (!key) {
if (!key)
goto end;
}
}
}
if (infile) {
if (!(in = BIO_new_file(infile, inmode))) {
if (infile)
{
if (!(in = BIO_new_file(infile, inmode)))
{
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file(outfile, outmode))) {
if (outfile)
{
if (!(out = BIO_new_file(outfile, outmode)))
{
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
} else {
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
@ -469,100 +614,133 @@ int MAIN(int argc, char **argv)
out = BIO_push(tmpbio, out);
}
#endif
}
}
if(operation == SMIME_VERIFY) {
if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
X509_STORE_set_flags(store, store_flags);
}
if (operation == SMIME_VERIFY)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb_func(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
ret = 3;
if(operation == SMIME_ENCRYPT) {
if (operation == SMIME_ENCRYPT)
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
} else if(operation == SMIME_SIGN) {
else if (operation == SMIME_SIGN)
{
/* If detached data and SMIME output enable partial
* signing.
*/
if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
flags |= PKCS7_STREAM;
p7 = PKCS7_sign(signer, key, other, in, flags);
if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
BIO_printf(bio_err, "Can't rewind input file\n");
goto end;
}
} else {
if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
else if(informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else if(informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
/* Don't need to rewind for partial signing */
if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0))
{
BIO_printf(bio_err, "Can't rewind input file\n");
goto end;
}
if(!p7) {
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
if(contfile) {
BIO_free(indata);
if(!(indata = BIO_new_file(contfile, "rb"))) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
}
else
{
if (informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
else if (informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
goto end;
}
if(!p7) {
if (!p7)
{
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
if (contfile)
{
BIO_free(indata);
if (!(indata = BIO_new_file(contfile, "rb")))
{
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
}
if (!p7)
{
BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
goto end;
}
}
ret = 4;
if(operation == SMIME_DECRYPT) {
if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
if (operation == SMIME_DECRYPT)
{
if (!PKCS7_decrypt(p7, key, recip, out, flags))
{
BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
goto end;
}
}
} else if(operation == SMIME_VERIFY) {
else if (operation == SMIME_VERIFY)
{
STACK_OF(X509) *signers;
if(PKCS7_verify(p7, other, store, indata, out, flags)) {
if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification successful\n");
} else {
else
{
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
}
signers = PKCS7_get0_signers(p7, other, flags);
if(!save_certs(signerfile, signers)) {
if (!save_certs(signerfile, signers))
{
BIO_printf(bio_err, "Error writing signers to %s\n",
signerfile);
ret = 5;
goto end;
}
}
sk_X509_free(signers);
} else if(operation == SMIME_PK7OUT) {
}
else if (operation == SMIME_PK7OUT)
PEM_write_bio_PKCS7(out, p7);
} else {
if(to) BIO_printf(out, "To: %s\n", to);
if(from) BIO_printf(out, "From: %s\n", from);
if(subject) BIO_printf(out, "Subject: %s\n", subject);
if(outformat == FORMAT_SMIME)
else
{
if (to)
BIO_printf(out, "To: %s\n", to);
if (from)
BIO_printf(out, "From: %s\n", from);
if (subject)
BIO_printf(out, "Subject: %s\n", subject);
if (outformat == FORMAT_SMIME)
SMIME_write_PKCS7(out, p7, in, flags);
else if(outformat == FORMAT_PEM)
else if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS7(out,p7);
else if(outformat == FORMAT_ASN1)
else if (outformat == FORMAT_ASN1)
i2d_PKCS7_bio(out,p7);
else {
else
{
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end;
}
}
}
ret = 0;
end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
if(ret) ERR_print_errors(bio_err);
if (ret) ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
@ -572,20 +750,39 @@ end:
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);
if(passin) OPENSSL_free(passin);
if (passin) OPENSSL_free(passin);
return (ret);
}
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
{
{
int i;
BIO *tmp;
if(!signerfile) return 1;
if (!signerfile)
return 1;
tmp = BIO_new_file(signerfile, "w");
if(!tmp) return 0;
if (!tmp) return 0;
for(i = 0; i < sk_X509_num(signers); i++)
PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
BIO_free(tmp);
return 1;
}
}
/* Minimal callback just to output policy info (if any) */
static int smime_cb(int ok, X509_STORE_CTX *ctx)
{
int error;
error = X509_STORE_CTX_get_error(ctx);
if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
policies_print(NULL, ctx);
return ok;
}

5
crypto/openssl/apps/spkac.c
View File

@ -87,7 +87,8 @@ int MAIN(int argc, char **argv)
int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
const char *spkac = "SPKAC", *spksect = "default";
char *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
@ -200,7 +201,7 @@ bad:
}
spki = NETSCAPE_SPKI_new();
if(challenge) ASN1_STRING_set(spki->spkac->challenge,
challenge, strlen(challenge));
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);

67
crypto/openssl/apps/timeouts.h Normal file
View File

@ -0,0 +1,67 @@
/* apps/timeouts.h */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef INCLUDED_TIMEOUTS_H
#define INCLUDED_TIMEOUTS_H
/* numbers in us */
#define DGRAM_RCV_TIMEOUT 250000
#define DGRAM_SND_TIMEOUT 250000
#endif /* ! INCLUDED_TIMEOUTS_H */

44
crypto/openssl/apps/verify.c
View File

@ -79,13 +79,14 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1;
int i,ret=1, badarg = 0;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
char *untfile = NULL, *trustfile = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
X509_VERIFY_PARAM *vpm = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
@ -121,18 +122,12 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
CAfile= *(++argv);
}
else if (strcmp(*argv,"-purpose") == 0)
else if (args_verify(&argv, &argc, &badarg, bio_err,
&vpm))
{
X509_PURPOSE *xptmp;
if (argc-- < 1) goto end;
i = X509_PURPOSE_get_by_sname(*(++argv));
if(i < 0)
{
BIO_printf(bio_err, "unrecognized purpose\n");
if (badarg)
goto end;
}
xptmp = X509_PURPOSE_get0(i);
purpose = X509_PURPOSE_get_id(xptmp);
continue;
}
else if (strcmp(*argv,"-untrusted") == 0)
{
@ -153,14 +148,6 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-ignore_critical") == 0)
vflags |= X509_V_FLAG_IGNORE_CRITICAL;
else if (strcmp(*argv,"-issuer_checks") == 0)
vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
else if (strcmp(*argv,"-crl_check") == 0)
vflags |= X509_V_FLAG_CRL_CHECK;
else if (strcmp(*argv,"-crl_check_all") == 0)
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
else if (strcmp(*argv,"-verbose") == 0)
v_verbose=1;
else if (argv[0][0] == '-')
@ -178,6 +165,9 @@ int MAIN(int argc, char **argv)
e = setup_engine(bio_err, engine, 0);
#endif
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@ -238,6 +228,7 @@ end:
X509_PURPOSE_get0_name(ptmp));
}
}
if (vpm) X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
@ -339,10 +330,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (!ok)
{
X509_NAME_oneline(
if (ctx->current_cert)
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf);
printf("%s\n",buf);
printf("%s\n",buf);
}
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
X509_verify_cert_error_string(ctx->error));
@ -354,13 +348,21 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
/* Continue after extension errors too */
if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
policies_print(NULL, ctx);
return ok;
}
if ((ctx->error == X509_V_OK) && (ok == 2))
policies_print(NULL, ctx);
if (!v_verbose)
ERR_clear_error();
return(ok);

15
crypto/openssl/apps/version.c
View File

@ -115,6 +115,7 @@
#include "apps.h"
#include <openssl/evp.h>
#include <openssl/crypto.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_MD2
# include <openssl/md2.h>
#endif
@ -172,7 +173,19 @@ int MAIN(int argc, char **argv)
}
}
if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
if (version)
{
if (SSLeay() == SSLEAY_VERSION_NUMBER)
{
printf("%s\n",SSLeay_version(SSLEAY_VERSION));
}
else
{
printf("%s (Library: %s)\n",
OPENSSL_VERSION_TEXT,
SSLeay_version(SSLEAY_VERSION));
}
}
if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
if (options)

63
crypto/openssl/apps/x509.c
View File

@ -73,6 +73,12 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#undef PROG
#define PROG x509_main
@ -81,7 +87,7 @@
#define POSTFIX ".srl"
#define DEF_DAYS 30
static char *x509_usage[]={
static const char *x509_usage[]={
"usage: x509 args\n",
" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
@ -92,7 +98,9 @@ static char *x509_usage[]={
" -out arg - output file - default stdout\n",
" -passin arg - private key password source\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject_hash - print subject hash value\n",
" -issuer_hash - print issuer hash value\n",
" -hash - synonym for -subject_hash\n",
" -subject - print subject DN\n",
" -issuer - print issuer DN\n",
" -email - print email address(es)\n",
@ -167,19 +175,20 @@ int MAIN(int argc, char **argv)
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0,ocspid=0;
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0;
int subject_hash=0,issuer_hash=0,ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
int pprint = 0;
char **pp;
const char **pp;
X509_STORE *ctx=NULL;
X509_REQ *rq=NULL;
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
const EVP_MD *md_alg,*digest=EVP_sha1();
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
@ -381,8 +390,11 @@ int MAIN(int argc, char **argv)
x509req= ++num;
else if (strcmp(*argv,"-text") == 0)
text= ++num;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
else if (strcmp(*argv,"-hash") == 0
|| strcmp(*argv,"-subject_hash") == 0)
subject_hash= ++num;
else if (strcmp(*argv,"-issuer_hash") == 0)
issuer_hash= ++num;
else if (strcmp(*argv,"-subject") == 0)
subject= ++num;
else if (strcmp(*argv,"-issuer") == 0)
@ -598,9 +610,12 @@ bad:
sno = ASN1_INTEGER_new();
if (!sno || !rand_serial(NULL, sno))
goto end;
if (!X509_set_serialNumber(x, sno))
goto end;
ASN1_INTEGER_free(sno);
sno = NULL;
}
if (!X509_set_serialNumber(x, sno))
else if (!X509_set_serialNumber(x, sno))
goto end;
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
@ -694,7 +709,8 @@ bad:
else if (serial == i)
{
BIO_printf(STDout,"serial=");
i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
i2a_ASN1_INTEGER(STDout,
X509_get_serialNumber(x));
BIO_printf(STDout,"\n");
}
else if (next_serial == i)
@ -731,10 +747,14 @@ bad:
if (alstr) BIO_printf(STDout,"%s\n", alstr);
else BIO_puts(STDout,"<No Alias>\n");
}
else if (hash == i)
else if (subject_hash == i)
{
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
}
else if (issuer_hash == i)
{
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
}
else if (pprint == i)
{
X509_PURPOSE *ptmp;
@ -896,6 +916,10 @@ bad:
if (Upkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
if (Upkey->type == EVP_PKEY_EC)
digest=EVP_ecdsa();
#endif
assert(need_rand);
if (!sign(x,Upkey,days,clrext,digest,
@ -916,6 +940,10 @@ bad:
if (CApkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
if (CApkey->type == EVP_PKEY_EC)
digest = EVP_ecdsa();
#endif
assert(need_rand);
if (!x509_certify(ctx,CAfile,digest,x,xca,
@ -947,6 +975,10 @@ bad:
if (pk->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
if (pk->type == EVP_PKEY_EC)
digest=EVP_ecdsa();
#endif
rq=X509_to_X509_REQ(x,pk,digest);
EVP_PKEY_free(pk);
@ -971,9 +1003,9 @@ bad:
if (checkend)
{
time_t tnow=time(NULL);
time_t tcheck=time(NULL) + checkoffset;
if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
{
BIO_printf(out,"Certificate will expire\n");
ret=1;
@ -1010,8 +1042,7 @@ bad:
ah.data=(char *)x;
ah.meth=X509_asn1_meth();
/* no macro for this one yet */
i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
}
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");

39
crypto/openssl/certs/argena.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
-----END CERTIFICATE-----

23
crypto/openssl/certs/argeng.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
US0spjsDPQ==
-----END CERTIFICATE-----

33
crypto/openssl/certs/demo/ca-cert.pem Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----

43
crypto/openssl/certs/demo/dsa-ca.pem Normal file
View File

@ -0,0 +1,43 @@
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
MVqOsYxGCb+kez0FoDSTgw==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
C1Q=
-----END CERTIFICATE-----

49
crypto/openssl/certs/demo/dsa-pca.pem Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
5rKUjNBhSg==
-----END CERTIFICATE-----

16
crypto/openssl/certs/demo/nortelCA.pem Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
-----END CERTIFICATE-----

33
crypto/openssl/certs/demo/pca-cert.pem Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----

16
crypto/openssl/certs/demo/timCA.pem Normal file
View File

@ -0,0 +1,16 @@
Tims test GCI CA
-----BEGIN CERTIFICATE-----
MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
-----END CERTIFICATE-----

15
crypto/openssl/certs/demo/tjhCA.pem Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
-----END CERTIFICATE-----

18
crypto/openssl/certs/demo/vsigntca.pem Normal file
View File

@ -0,0 +1,18 @@
subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
notBefore=Mar 4 00:00:00 1997 GMT
notAfter=Mar 4 23:59:59 2025 GMT
-----BEGIN CERTIFICATE-----
MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
ToLEMaUojc3DuNXHG21PDG8=
-----END CERTIFICATE-----

19
crypto/openssl/certs/expired/RegTP-4R.pem Normal file
View File

@ -0,0 +1,19 @@
issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
notBefore=Jan 21 16:04:53 1999 GMT
notAfter=Jan 21 16:04:53 2004 GMT
subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-----BEGIN CERTIFICATE-----
MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
-----END CERTIFICATE-----

15
crypto/openssl/certs/expired/factory.pem Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
S7ELuYGtmYgYm9NZOIr7yU0=
-----END CERTIFICATE-----

19
crypto/openssl/certs/expired/rsa-cca.pem Normal file
View File

@ -0,0 +1,19 @@
subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
notBefore=941104185834Z
notAfter =991103185834Z
-----BEGIN X509 CERTIFICATE-----
MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
-----END X509 CERTIFICATE-----

18
crypto/openssl/certs/expired/vsign2.pem Normal file
View File

@ -0,0 +1,18 @@
subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
notBefore=Jan 29 00:00:00 1996 GMT
notAfter=Jan 7 23:59:59 2004 GMT
-----BEGIN CERTIFICATE-----
MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
1Q==
-----END CERTIFICATE-----

23
crypto/openssl/certs/wellsfgo.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
-----END CERTIFICATE-----

284
crypto/openssl/config
View File

@ -82,9 +82,9 @@ if [ "x$XREL" != "x" ]; then
esac
;;
4.2)
echo "i386-whatever-unixware1"; exit 0
echo "whatever-whatever-unixware1"; exit 0
;;
5)
5*)
case "x${VERSION}" in
# We hardcode i586 in place of ${MACHINE} for the
# following reason. The catch is that even though Pentium
@ -93,8 +93,7 @@ if [ "x$XREL" != "x" ]; then
# with i386 is that it makes ./config pass 386 to
# ./Configure, which in turn makes make generate
# inefficient SHA-1 (for this moment) code.
x7*) echo "i586-sco-unixware7"; exit 0 ;;
x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
x[678]*) echo "i586-sco-unixware7"; exit 0 ;;
esac
;;
esac
@ -111,16 +110,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "m68k-apple-aux3"; exit 0
;;
AIX:[3456789]:4:*)
echo "${MACHINE}-ibm-aix43"; exit 0
AIX:[3-9]:4:*)
echo "${MACHINE}-ibm-aix"; exit 0
;;
AIX:*:[56789]:*)
echo "${MACHINE}-ibm-aix43"; exit 0
AIX:*:[5-9]:*)
echo "${MACHINE}-ibm-aix"; exit 0
;;
AIX:*)
echo "${MACHINE}-ibm-aix"; exit 0
echo "${MACHINE}-ibm-aix3"; exit 0
;;
dgux:*)
@ -337,6 +336,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "mips-sony-newsos4"; exit 0;
;;
MINGW*)
echo "${MACHINE}-whatever-mingw"; exit 0;
;;
CYGWIN*)
case "$RELEASE" in
[bB]*|1.0|1.[12].*)
@ -404,7 +406,7 @@ if [ "$GCCVER" != "" ]; then
CC=gcc
# then strip off whatever prefix egcs prepends the number with...
# Hopefully, this will work for any future prefixes as well.
GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
# Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
# does give us what we want though, so we use that. We just just the
# major and minor version numbers.
@ -442,15 +444,13 @@ if [ "$SYSTEM" = "SunOS" ]; then
egrep -e '^cc: .* C [0-9]\.[0-9]' | \
sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
CCVER=${CCVER:-0}
if [ $CCVER -gt 40 ]; then
if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
CC=cc # overrides gcc!!!
if [ $CCVER -eq 50 ]; then
echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
echo " patch #107357-01 or later applied."
sleep 5
fi
elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
CC=sc3
fi
fi
@ -491,91 +491,81 @@ case "$GUESSOS" in
OUT="irix-$CC"
;;
mips3-sgi-irix)
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
options="$options -mips4"
else
options="$options -mips3"
fi
#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
#CPU=${CPU:-0}
#if [ $CPU -ge 5000 ]; then
# options="$options -mips4"
#else
# options="$options -mips3"
#fi
OUT="irix-mips3-$CC"
;;
mips4-sgi-irix64)
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
options="$options -mips4"
else
options="$options -mips3"
fi
#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
#CPU=${CPU:-0}
#if [ $CPU -ge 5000 ]; then
# options="$options -mips4"
#else
# options="$options -mips3"
#fi
OUT="irix-mips3-$CC"
;;
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
alpha-*-linux2)
ISA=`awk '/cpu model/{print$4}' /proc/cpuinfo`
ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
case ${ISA:-generic} in
*[67]) OUT="linux-alpha+bwx-$CC" ;;
*[678]) OUT="linux-alpha+bwx-$CC" ;;
*) OUT="linux-alpha-$CC" ;;
esac
if [ "$CC" = "gcc" ]; then
case ${ISA:-generic} in
EV5|EV45) options="$options -mcpu=ev5";;
EV56|PCA56) options="$options -mcpu=ev56";;
EV6|EV67|PCA57) options="$options -mcpu=ev6";;
*) options="$options -mcpu=ev6";;
esac
fi
;;
mips-*-linux?)
cat >dummy.c <<EOF
#include <stdio.h> /* for printf() prototype */
int main (argc, argv) int argc; char *argv[]; {
#ifdef __MIPSEB__
printf ("linux-%s\n", argv[1]);
#endif
#ifdef __MIPSEL__
printf ("linux-%sel\n", argv[1]);
#endif
return 0;
}
EOF
${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
rm dummy dummy.c
;;
ppc64-*-linux2)
#Use the standard target for PPC architecture until we create a
#special one for the 64bit architecture.
OUT="linux-ppc" ;;
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure linux-ppc64' *manually*."
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
OUT="linux-ppc"
;;
ppc-*-linux2) OUT="linux-ppc" ;;
m68k-*-linux*) OUT="linux-m68k" ;;
ia64-*-linux?) OUT="linux-ia64" ;;
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
sparc64-*-linux2)
echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
echo " and wish to build 64-bit library, then you have to"
echo " invoke './Configure linux64-sparcv9' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
case ${KARCH:-sun4} in
sun4u*) OUT="linux-sparcv9" ;;
sun4m) OUT="linux-sparcv8" ;;
sun4d) OUT="linux-sparcv8" ;;
*) OUT="linux-sparcv7" ;;
*) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
esac ;;
parisc-*-linux2)
CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
CPUSCHEDULE=`awk '/^cpu.[ ]: PA/{print substr($3,3)}' /proc/cpuinfo`
parisc*-*-linux2)
# 64-bit builds under parisc64 linux are not supported and
# compiler is expected to generate 32-bit objects...
CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo`
CPUSCHEDULE=`awk '/^cpu.[ ]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo`
# ??TODO ?? Model transformations
# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
@ -588,28 +578,29 @@ EOF
# PA8500 -> 8000 (2.0)
# PA8600 -> 8000 (2.0)
CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
# Finish Model transformations
options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
OUT="linux-parisc" ;;
arm*-*-linux2) OUT="linux-elf-arm" ;;
s390-*-linux2) OUT="linux-s390" ;;
s390x-*-linux?) OUT="linux-s390x" ;;
options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
OUT="linux-generic32" ;;
arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
x86_64-*-linux?) OUT="linux-x86_64" ;;
*-*-linux2) OUT="linux-elf"
*86-*-linux2) OUT="linux-elf"
if [ "$GCCVER" -gt 28 ]; then
if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
OUT="linux-pentium"
options="$options -mcpu=pentium"
fi
if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
OUT="linux-ppro"
options="$options -mcpu=pentiumpro"
fi
if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
OUT="linux-k6"
options="$options -mcpu=k6"
fi
fi ;;
*-*-linux1) OUT="linux-aout" ;;
*-*-linux2) OUT="linux-generic32" ;;
sun4u*-*-solaris2)
OUT="solaris-sparcv9-$CC"
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
@ -617,9 +608,9 @@ EOF
if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
# $GCC_ARCH denotes default ABI chosen by compiler driver
@ -629,17 +620,17 @@ EOF
OUT="solaris64-sparcv9-gcc"
echo "WARNING! If you wish to build 32-bit library, then you have to"
echo " invoke './Configure solaris-sparcv9-gcc' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
elif [ "$GCC_ARCH" = "-m32" ]; then
echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
echo " and wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-gcc' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
fi
fi
@ -647,47 +638,49 @@ EOF
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
*86*-*-solaris2) OUT="solaris-x86-$CC" ;;
*-*-sunos4) OUT="sunos-$CC" ;;
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
*-freebsd[1-2]*) OUT="FreeBSD" ;;
*86*-*-netbsd) OUT="NetBSD-x86" ;;
sun3*-*-netbsd) OUT="NetBSD-m68" ;;
*-*-netbsd) OUT="NetBSD-sparc" ;;
alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
*86*-*-openbsd) OUT="OpenBSD-i386" ;;
m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
mips*-*-openbsd) OUT="OpenBSD-mips" ;;
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
vax*-*-openbsd) OUT="OpenBSD-vax" ;;
hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
*-*-openbsd) OUT="OpenBSD" ;;
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
*-*-osf) OUT="alphaold-cc" ;;
*-*-tru64) OUT="alpha-cc" ;;
*-*-OpenUNIX*)
if [ "$CC" = "gcc" ]; then
OUT="OpenUNIX-8-gcc"
else
OUT="OpenUNIX-8"
*86*-*-solaris2)
ISA64=`(isalist) 2>/dev/null | grep amd64`
if [ "$ISA64" != "" ]; then
OUT="solaris64-x86_64-$CC"
else
OUT="solaris-x86-$CC"
if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
options="$options no-sse2"
fi
fi
;;
*-*-unixware7) OUT="unixware-7" ;;
*-*-UnixWare7) OUT="unixware-7" ;;
*-*-Unixware7) OUT="unixware-7" ;;
*-*-unixware20*) OUT="unixware-2.0" ;;
*-*-unixware21*) OUT="unixware-2.1" ;;
*-*-UnixWare20*) OUT="unixware-2.0" ;;
*-*-UnixWare21*) OUT="unixware-2.1" ;;
*-*-Unixware20*) OUT="unixware-2.0" ;;
*-*-Unixware21*) OUT="unixware-2.1" ;;
*-*-sunos4) OUT="sunos-$CC" ;;
*86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;;
powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;;
sparc64-*-*bsd*) OUT="BSD-sparc64" ;;
ia64-*-*bsd*) OUT="BSD-ia64" ;;
amd64-*-*bsd*) OUT="BSD-x86_64" ;;
*86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
libc=/usr/lib/libc.so
else # OpenBSD
# ld searches for highest libc.so.* and so do we
libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null`
fi
case "`(file -L $libc) 2>/dev/null`" in
*ELF*) OUT="BSD-x86-elf" ;;
*) OUT="BSD-x86"; options="$options no-sse2" ;;
esac ;;
*-*-*bsd*) OUT="BSD-generic32" ;;
*-*-osf) OUT="osf1-alpha-cc" ;;
*-*-tru64) OUT="tru64-alpha-cc" ;;
*-*-[Uu]nix[Ww]are7)
if [ "$CC" = "gcc" ]; then
OUT="unixware-7-gcc" ; options="$options no-sse2"
else
OUT="unixware-7" ; options="$options no-sse2 -D__i386__"
fi
;;
*-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
*-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
*-*-vos)
options="$options no-threads no-shared no-asm no-dso"
EXE=".pm"
@ -696,15 +689,8 @@ EOF
RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
*-siemens-sysv4) OUT="SINIX" ;;
*-hpux1*)
if [ $CC = "gcc" ];
then
if [ $GCC_BITS = "64" ]; then
if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
OUT="hpux64-parisc2-gcc"
else
OUT="hpux-parisc-gcc"
fi
else
OUT="hpux-parisc-$CC"
fi
KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
KERNEL_BITS=${KERNEL_BITS:-32}
@ -715,34 +701,57 @@ EOF
echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
echo " If you wish to build 32-bit library, the you have to"
echo " invoke './Configure hpux-ia64-cc' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
OUT="hpux64-ia64-cc"
elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU
if [ "$CC" = "cc" ]; then
OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
fi
OUT=${OUT:-"hpux-parisc2-${CC}"}
if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
echo "WARNING! If you wish to build 64-bit library then you have to"
echo " invoke './Configure hpux64-parisc2-cc' *manually*."
if [ "$TEST" = "false" ]; then
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
fi
elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
:
OUT="hpux-parisc-${CC}
elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
:
OUT="hpux-parisc-${CC}
else # Motorola(?) CPU
OUT="hpux-$CC"
fi
options="$options -D_REENTRANT" ;;
*-hpux) OUT="hpux-parisc-$CC" ;;
*-aix)
KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
KERNEL_BITS=${KERNEL_BITS:-32}
OBJECT_MODE=${OBJECT_MODE:-32}
if [ "$CC" = "gcc" ]; then
OUT="aix-gcc"
elif [ $OBJECT_MODE -eq 64 ]; then
echo 'Your $OBJECT_MODE was found to be set to 64'
OUT="aix64-cc"
else
OUT="aix-cc"
if [ $KERNEL_BITS -eq 64 ]; then
echo "WARNING! If you wish to build 64-bit kit, then you have to"
echo " invoke './Configure aix64-cc' *manually*."
if [ "$TEST" = "false" -a -t 1 ]; then
echo " You have ~5 seconds to press Ctrl-C to abort."
(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
fi
fi
fi
if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then
: # this applies even to Power3 and later, as they return PowerPC_POWER[345]
else
options="$options no-asm"
fi
;;
# these are all covered by the catchall below
# *-aix) OUT="aix-$CC" ;;
# *-dgux) OUT="dgux" ;;
mips-sony-newsos4) OUT="newsos4-gcc" ;;
*-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
@ -768,9 +777,10 @@ esac
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
then
echo "WARNING! Do consider upgrading to gcc-2.8 or later."
echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
echo " Upgrade to gcc-2.8 or later."
sleep 5
OUT=solaris-sparcv9-gcc27
OUT=solaris-sparcv8-gcc
fi
if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
then

42
crypto/openssl/crypto/LPdir_nyi.c Normal file
View File

@ -0,0 +1,42 @@
/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef LPDIR_H
#include "LPdir.h"
#endif
struct LP_dir_context_st { void *dummy; };
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
errno = EINVAL;
return 0;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
errno = EINVAL;
return 0;
}

127
crypto/openssl/crypto/LPdir_unix.c Normal file
View File

@ -0,0 +1,127 @@
/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stddef.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <sys/types.h>
#include <dirent.h>
#include <errno.h>
#ifndef LPDIR_H
#include "LPdir.h"
#endif
/* The POSIXly macro for the maximum number of characters in a file path
is NAME_MAX. However, some operating systems use PATH_MAX instead.
Therefore, it seems natural to first check for PATH_MAX and use that,
and if it doesn't exist, use NAME_MAX. */
#if defined(PATH_MAX)
# define LP_ENTRY_SIZE PATH_MAX
#elif defined(NAME_MAX)
# define LP_ENTRY_SIZE NAME_MAX
#endif
/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
exist. It's also possible that NAME_MAX exists but is define to a
very small value (HP-UX offers 14), so we need to check if we got a
result, and if it meets a minimum standard, and create or change it
if not. */
#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
# undef LP_ENTRY_SIZE
# define LP_ENTRY_SIZE 255
#endif
struct LP_dir_context_st
{
DIR *dir;
char entry_name[LP_ENTRY_SIZE+1];
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
struct dirent *direntry = NULL;
if (ctx == NULL || directory == NULL)
{
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL)
{
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL)
{
errno = ENOMEM;
return 0;
}
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
(*ctx)->dir = opendir(directory);
if ((*ctx)->dir == NULL)
{
int save_errno = errno; /* Probably not needed, but I'm paranoid */
free(*ctx);
*ctx = NULL;
errno = save_errno;
return 0;
}
}
direntry = readdir((*ctx)->dir);
if (direntry == NULL)
{
return 0;
}
strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
(*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
return (*ctx)->entry_name;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
if (ctx != NULL && *ctx != NULL)
{
int ret = closedir((*ctx)->dir);
free(*ctx);
switch (ret)
{
case 0:
return 1;
case -1:
return 0;
default:
break;
}
}
errno = EINVAL;
return 0;
}

199
crypto/openssl/crypto/LPdir_vms.c Normal file
View File

@ -0,0 +1,199 @@
/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <descrip.h>
#include <namdef.h>
#include <rmsdef.h>
#include <libfildef.h>
#include <lib$routines.h>
#include <strdef.h>
#include <str$routines.h>
#include <stsdef.h>
#ifndef LPDIR_H
#include "LPdir.h"
#endif
/* Because some compiler options hide this macor */
#ifndef EVMSERR
#define EVMSERR 65535 /* error for non-translatable VMS errors */
#endif
struct LP_dir_context_st
{
unsigned long VMS_context;
#ifdef NAML$C_MAXRSS
char filespec[NAML$C_MAXRSS+1];
char result[NAML$C_MAXRSS+1];
#else
char filespec[256];
char result[256];
#endif
struct dsc$descriptor_d filespec_dsc;
struct dsc$descriptor_d result_dsc;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
int status;
char *p, *r;
size_t l;
unsigned long flags = 0;
#ifdef NAML$C_MAXRSS
flags |= LIB$M_FIL_LONG_NAMES;
#endif
if (ctx == NULL || directory == NULL)
{
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL)
{
size_t filespeclen = strlen(directory);
char *filespec = NULL;
/* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen-1] != ']'
&& directory[filespeclen-1] != '>'
&& directory[filespeclen-1] != ':')
{
errno = EINVAL;
return 0;
}
filespeclen += 4; /* "*.*;" */
if (filespeclen >
#ifdef NAML$C_MAXRSS
NAML$C_MAXRSS
#else
255
#endif
)
{
errno = ENAMETOOLONG;
return 0;
}
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL)
{
errno = ENOMEM;
return 0;
}
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
strcpy((*ctx)->filespec,directory);
strcat((*ctx)->filespec,"*.*;");
(*ctx)->filespec_dsc.dsc$w_length = filespeclen;
(*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
(*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
(*ctx)->result_dsc.dsc$w_length = 0;
(*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
(*ctx)->result_dsc.dsc$a_pointer = 0;
}
(*ctx)->result_dsc.dsc$w_length = 0;
(*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
(*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
(*ctx)->result_dsc.dsc$a_pointer = 0;
status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
&(*ctx)->VMS_context, 0, 0, 0, &flags);
if (status == RMS$_NMF)
{
errno = 0;
vaxc$errno = status;
return NULL;
}
if(!$VMS_STATUS_SUCCESS(status))
{
errno = EVMSERR;
vaxc$errno = status;
return NULL;
}
/* Quick, cheap and dirty way to discard any device and directory,
since we only want file names */
l = (*ctx)->result_dsc.dsc$w_length;
p = (*ctx)->result_dsc.dsc$a_pointer;
r = p;
for (; *p; p++)
{
if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
{
p++;
}
else if (*p == ':' || *p == '>' || *p == ']')
{
l -= p + 1 - r;
r = p + 1;
}
else if (*p == ';')
{
l = p - r;
break;
}
}
strncpy((*ctx)->result, r, l);
(*ctx)->result[l] = '\0';
str$free1_dx(&(*ctx)->result_dsc);
return (*ctx)->result;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
if (ctx != NULL && *ctx != NULL)
{
int status = lib$find_file_end(&(*ctx)->VMS_context);
free(*ctx);
if(!$VMS_STATUS_SUCCESS(status))
{
errno = EVMSERR;
vaxc$errno = status;
return 0;
}
return 1;
}
errno = EINVAL;
return 0;
}

155
crypto/openssl/crypto/LPdir_win.c Normal file
View File

@ -0,0 +1,155 @@
/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <windows.h>
#include <tchar.h>
#ifndef LPDIR_H
#include "LPdir.h"
#endif
/* We're most likely overcautious here, but let's reserve for
broken WinCE headers and explicitly opt for UNICODE call.
Keep in mind that our WinCE builds are compiled with -DUNICODE
[as well as -D_UNICODE]. */
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindFirstFile FindFirstFileW
#endif
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindNextFile FindNextFileW
#endif
#ifndef NAME_MAX
#define NAME_MAX 255
#endif
struct LP_dir_context_st
{
WIN32_FIND_DATA ctx;
HANDLE handle;
char entry_name[NAME_MAX+1];
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
struct dirent *direntry = NULL;
if (ctx == NULL || directory == NULL)
{
errno = EINVAL;
return 0;
}
errno = 0;
if (*ctx == NULL)
{
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL)
{
errno = ENOMEM;
return 0;
}
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
if (sizeof(TCHAR) != sizeof(char))
{
TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */
size_t index = 0,len_0 = strlen(directory) + 1;
wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
if (wdir == NULL)
{
free(*ctx);
*ctx = NULL;
errno = ENOMEM;
return 0;
}
#ifdef LP_MULTIBYTE_AVAILABLE
if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
#endif
for (index = 0; index < len_0; index++)
wdir[index] = (TCHAR)directory[index];
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
free(wdir);
}
else
(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
if ((*ctx)->handle == INVALID_HANDLE_VALUE)
{
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
}
else
{
if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
{
return 0;
}
}
if (sizeof(TCHAR) != sizeof(char))
{
TCHAR *wdir = (*ctx)->ctx.cFileName;
size_t index, len_0 = 0;
while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
len_0++;
#ifdef LP_MULTIBYTE_AVAILABLE
if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
sizeof((*ctx)->entry_name), NULL, 0))
#endif
for (index = 0; index < len_0; index++)
(*ctx)->entry_name[index] = (char)wdir[index];
}
else
strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
sizeof((*ctx)->entry_name)-1);
(*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
return (*ctx)->entry_name;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
if (ctx != NULL && *ctx != NULL)
{
FindClose((*ctx)->handle);
free(*ctx);
*ctx = NULL;
return 1;
}
errno = EINVAL;
return 0;
}

30
crypto/openssl/crypto/LPdir_win32.c Normal file
View File

@ -0,0 +1,30 @@
/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define LP_SYS_WIN32
#define LP_MULTIBYTE_AVAILABLE
#include "LPdir_win.c"

31
crypto/openssl/crypto/LPdir_wince.c Normal file
View File

@ -0,0 +1,31 @@
/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define LP_SYS_WINCE
/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently
under investigation what the exact conditions would be */
#include "LPdir_win.c"

179
crypto/openssl/crypto/Makefile
View File

@ -1,48 +1,46 @@
#
# SSLeay/crypto/Makefile
# OpenSSL/crypto/Makefile
#
DIR= crypto
TOP= ..
CC= cc
INCLUDE= -I. -I$(TOP) -I../include
# INCLUDES targets sudbirs!
INCLUDES= -I.. -I../.. -I../../include
CFLAG= -g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP= /usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
RM= rm -f
AR= ar r
RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
done;
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDE) $(CFLAG)
ASFLAGS= $(INCLUDE) $(ASFLAG)
AFLAGS=$(ASFLAGS)
LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa dh dso engine aes \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
SRC= $(LIBSRC)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER)
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
@ -59,39 +57,49 @@ buildinf.h: ../Makefile
echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
echo '#endif' ) >buildinf.h
x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
uplink.o: ../ms/uplink.c
$(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
uplink-cof.s: ../ms/uplink.pl
$(PERL) ../ms/uplink.pl coff > $@
x86_64cpuid.s: x86_64cpuid.pl
$(PERL) x86_64cpuid.pl $@
ia64cpuid.s: ia64cpuid.S
$(CC) $(CFLAGS) -E ia64cpuid.S > $@
testapps:
if echo ${SDIRS} | fgrep ' des '; \
then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
[ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \
then cd des && $(MAKE) -e des; fi )
[ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making all in crypto/$$i..." && \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making 'files' in crypto/$$i..." && \
$(MAKE) PERL='${PERL}' files ); \
done;
@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
@for i in $(SDIRS); do \
(cd $$i && echo "making links in crypto/$$i..." && \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
done;
@target=links; $(RECURSIVE_MAKE)
lib: $(LIBOBJ)
# lib: and $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
$(LIB): $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
shared: buildinf.h lib subdirs
if [ -n "$(SHARED_LIBS)" ]; then \
@ -99,119 +107,98 @@ shared: buildinf.h lib subdirs
fi
libs:
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making libs in crypto/$$i..." && \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
done;
tests:
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making tests in crypto/$$i..." && \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
done;
@target=lib; $(RECURSIVE_MAKE)
install:
@for i in $(EXHEADER) ;\
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making install in crypto/$$i..." && \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
done;
@target=install; $(RECURSIVE_MAKE)
lint:
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making lint in crypto/$$i..." && \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
done;
@target=lint; $(RECURSIVE_MAKE)
depend:
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making depend in crypto/$$i..." && \
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
done;
@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean:
rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making clean in crypto/$$i..." && \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
done;
rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making dclean in crypto/$$i..." && \
$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
done;
@target=dclean; $(RECURSIVE_MAKE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cpt_err.o: ../include/openssl/symhacks.h cpt_err.c
cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c
cryptlib.o: cryptlib.h
cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
cversion.o: cryptlib.h cversion.c
ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
ex_data.o: ex_data.c
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem.o: mem.c
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
o_str.o: o_str.h
mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem_dbg.o: mem_dbg.c
o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
o_dir.o: LPdir_unix.c o_dir.c o_dir.h
o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
o_str.o: o_str.c o_str.h
o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
o_time.o: o_time.h
tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
tmdiff.o: tmdiff.c
tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
uid.o: ../include/openssl/symhacks.h uid.c
uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c

40
crypto/openssl/crypto/aes/Makefile
View File

@ -8,16 +8,14 @@ CC= cc
CPP= $(CC) -E
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP= /usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
AES_ASM_OBJ=aes_core.o aes_cbc.o
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
GENERAL=Makefile
#TEST=aestest.c
@ -26,7 +24,7 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o $(AES_ASM_OBJ)
SRC= $(LIBSRC)
@ -47,6 +45,16 @@ lib: $(LIBOBJ)
$(LIBOBJ): $(LIBSRC)
aes-ia64.s: asm/aes-ia64.S
$(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@ -55,10 +63,9 @@ links:
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install: installs
installs:
@for i in $(EXHEADER) ; \
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
@ -73,6 +80,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
@ -80,17 +88,17 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
aes_cfb.o: aes_cfb.c aes_locl.h
aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
aes_core.o: aes_core.c aes_locl.h
aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

10
crypto/openssl/crypto/aes/aes.h
View File

@ -52,7 +52,7 @@
#ifndef HEADER_AES_H
#define HEADER_AES_H
#include <openssl/e_os2.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_AES
#error AES is disabled.
@ -66,17 +66,17 @@
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
#if defined(OPENSSL_FIPS)
#define FIPS_AES_SIZE_T int
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* This should be a hidden type, but EVP requires that the size be known */
struct aes_key_st {
#ifdef AES_LONG
unsigned long rd_key[4 *(AES_MAXNR + 1)];
#else
unsigned int rd_key[4 *(AES_MAXNR + 1)];
#endif
int rounds;
};
typedef struct aes_key_st AES_KEY;

44
crypto/openssl/crypto/aes/aes_cbc.c
View File

@ -66,6 +66,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
unsigned long n;
unsigned long len = length;
unsigned char tmp[AES_BLOCK_SIZE];
const unsigned char *iv = ivec;
assert(in && out && key && ivec);
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@ -73,22 +74,39 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
for(n=0; n < AES_BLOCK_SIZE; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
memcpy(ivec, out, AES_BLOCK_SIZE);
out[n] = in[n] ^ iv[n];
AES_encrypt(out, out, key);
iv = out;
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
for(n=0; n < len; ++n)
tmp[n] = in[n] ^ ivec[n];
out[n] = in[n] ^ iv[n];
for(n=len; n < AES_BLOCK_SIZE; ++n)
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, AES_BLOCK_SIZE);
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
out[n] = iv[n];
AES_encrypt(out, out, key);
iv = out;
}
memcpy(ivec,iv,AES_BLOCK_SIZE);
} else if (in != out) {
while (len >= AES_BLOCK_SIZE) {
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= iv[n];
iv = in;
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
AES_decrypt(in,tmp,key);
for(n=0; n < len; ++n)
out[n] = tmp[n] ^ iv[n];
iv = in;
}
memcpy(ivec,iv,AES_BLOCK_SIZE);
} else {
while (len >= AES_BLOCK_SIZE) {
memcpy(tmp, in, AES_BLOCK_SIZE);
@ -102,10 +120,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
if (len) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
AES_decrypt(tmp, out, key);
for(n=0; n < len; ++n)
out[n] = tmp[n] ^ ivec[n];
out[n] ^= ivec[n];
for(n=len; n < AES_BLOCK_SIZE; ++n)
out[n] = tmp[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
}
}

69
crypto/openssl/crypto/aes/aes_cfb.c
View File

@ -114,6 +114,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
#include "e_os.h"
/* The input and output encrypted as though 128bit cfb mode is being
* used. The extra state information to record how much of the
@ -157,61 +158,35 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
/* This expects a single block of size nbits for both in and out. Note that
it corrupts any extra bits in the last byte of out */
/* Untested, once it is working, it will be optimised */
void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
const int nbits,const AES_KEY *key,
unsigned char *ivec,const int enc)
{
int n;
int n,rem,num;
unsigned char ovec[AES_BLOCK_SIZE*2];
assert(in && out && key && ivec);
if(enc)
{
if (nbits<=0 || nbits>128) return;
/* fill in the first half of the new IV with the current IV */
memcpy(ovec,ivec,AES_BLOCK_SIZE);
/* construct the new IV */
AES_encrypt(ivec,ovec,key);
/* encrypt the input */
for(n=0 ; n < (nbits+7)/8 ; ++n)
out[n]=in[n]^ovec[n];
/* fill in the first half of the new IV with the current IV */
memcpy(ovec,ivec,AES_BLOCK_SIZE);
/* and put the ciphertext in the second half */
memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
/* now the remaining bits */
if(nbits%8 != 0)
AES_encrypt(ivec,ivec,key);
num = (nbits+7)/8;
if (enc) /* encrypt the input */
for(n=0 ; n < num ; ++n)
out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
else /* decrypt the input */
for(n=0 ; n < num ; ++n)
out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
/* shift ovec left... */
rem = nbits%8;
num = nbits/8;
if(rem==0)
memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
else
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
{
ovec[n]<<=nbits%8;
ovec[n]|=ovec[n+1]>>(8-nbits%8);
}
/* finally, move it back into place */
memcpy(ivec,ovec,AES_BLOCK_SIZE);
}
else
{
/* construct the new IV in the first half of ovec */
AES_encrypt(ivec,ovec,key);
/* decrypt the input */
for(n=0 ; n < (nbits+7)/8 ; ++n)
out[n]=in[n]^ovec[n];
/* fill in the first half of the new IV with the current IV */
memcpy(ovec,ivec,AES_BLOCK_SIZE);
/* append the ciphertext */
memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
/* now the remaining bits */
if(nbits%8 != 0)
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
{
ovec[n]<<=nbits%8;
ovec[n]|=ovec[n+1]>>(8-nbits%8);
}
/* finally, move it back into place */
memcpy(ivec,ovec,AES_BLOCK_SIZE);
}
ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
/* it is not necessary to cleanse ovec, since the IV is not secret */
}

25
crypto/openssl/crypto/aes/aes_core.c
View File

@ -37,11 +37,8 @@
#include <stdlib.h>
#include <openssl/aes.h>
#include <openssl/fips.h>
#include "aes_locl.h"
#ifndef OPENSSL_FIPS
/*
Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
@ -56,6 +53,13 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
Td4[x] = Si[x].[01, 01, 01, 01];
*/
#ifdef AES_ASM
extern const u32 AES_Te[5][256];
#define Te0 AES_Te[0]
#define Te1 AES_Te[1]
#define Te2 AES_Te[2]
#define Te3 AES_Te[3]
#else
static const u32 Te0[256] = {
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@ -255,7 +259,6 @@ static const u32 Te2[256] = {
0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
};
static const u32 Te3[256] = {
0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
@ -321,6 +324,7 @@ static const u32 Te3[256] = {
0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
};
#endif
static const u32 Te4[256] = {
0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
@ -387,6 +391,14 @@ static const u32 Te4[256] = {
0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
};
#ifdef AES_ASM
extern const u32 AES_Td[5][256];
#define Td0 AES_Td[0]
#define Td1 AES_Td[1]
#define Td2 AES_Td[2]
#define Td3 AES_Td[3]
#else
static const u32 Td0[256] = {
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@ -540,7 +552,6 @@ static const u32 Td2[256] = {
0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
@ -652,6 +663,7 @@ static const u32 Td3[256] = {
0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
};
#endif
static const u32 Td4[256] = {
0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
@ -876,6 +888,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
return 0;
}
#ifndef AES_ASM
/*
* Encrypt a single block
* in and out can overlap
@ -1258,4 +1271,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
PUTU32(out + 12, s3);
}
#endif /* ndef OPENSSL_FIPS */
#endif /* AES_ASM */

6
crypto/openssl/crypto/aes/aes_locl.h
View File

@ -62,7 +62,7 @@
#include <stdlib.h>
#include <string.h>
#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
@ -71,7 +71,11 @@
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
#endif
#ifdef AES_LONG
typedef unsigned long u32;
#else
typedef unsigned int u32;
#endif
typedef unsigned short u16;
typedef unsigned char u8;

1531
crypto/openssl/crypto/aes/asm/aes-586.pl Executable file
View File

File diff suppressed because it is too large Load Diff

1652
crypto/openssl/crypto/aes/asm/aes-ia64.S Normal file
View File

File diff suppressed because it is too large Load Diff

1298
crypto/openssl/crypto/asn1/Makefile
View File

File diff suppressed because it is too large Load Diff

21
crypto/openssl/crypto/asn1/a_bitstr.c
View File

@ -113,11 +113,12 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
return(ret);
}
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
long len)
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
const unsigned char **pp, long len)
{
ASN1_BIT_STRING *ret=NULL;
unsigned char *p,*s;
const unsigned char *p;
unsigned char *s;
int i;
if (len < 1)
@ -164,7 +165,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
*pp=p;
return(ret);
err:
ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
M_ASN1_BIT_STRING_free(ret);
return(NULL);
@ -182,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
iv= ~v;
if (!value) v=0;
if (a == NULL)
return 0;
a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
if (a == NULL) return(0);
if ((a->length < (w+1)) || (a->data == NULL))
{
if (!value) return(1); /* Don't need to set */
@ -194,8 +197,12 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
a->length,
w+1);
if (c == NULL) return(0);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
if (c == NULL)
{
ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
return 0;
}
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;
a->length=w+1;
}

4
crypto/openssl/crypto/asn1/a_bool.c
View File

@ -75,10 +75,10 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
return(r);
}
int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
{
int ret= -1;
unsigned char *p;
const unsigned char *p;
long len;
int inf,tag,xclass;
int i=0;

22
crypto/openssl/crypto/asn1/a_bytes.c
View File

@ -60,14 +60,15 @@
#include "cryptlib.h"
#include <openssl/asn1.h>
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
/* type is a 'bitmap' of acceptable string types.
*/
ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int type)
{
ASN1_STRING *ret=NULL;
unsigned char *p,*s;
const unsigned char *p;
unsigned char *s;
long len;
int inf,tag,xclass;
int i=0;
@ -153,11 +154,12 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
return(r);
}
ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
int Ptag, int Pclass)
ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int Ptag, int Pclass)
{
ASN1_STRING *ret=NULL;
unsigned char *p,*s;
const unsigned char *p;
unsigned char *s;
long len;
int inf,tag,xclass;
int i=0;
@ -185,7 +187,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
if (inf & V_ASN1_CONSTRUCTED)
{
ASN1_CTX c;
ASN1_const_CTX c;
c.pp=pp;
c.p=p;
@ -247,7 +249,7 @@ err:
* them into the one structure that is then returned */
/* There have been a few bug fixes for this function from
* Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
{
ASN1_STRING *os=NULL;
BUF_MEM b;
@ -268,7 +270,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
{
if (c->inf & 1)
{
c->eos=ASN1_check_infinite_end(&c->p,
c->eos=ASN1_const_check_infinite_end(&c->p,
(long)(c->max-c->p));
if (c->eos) break;
}
@ -296,7 +298,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
num+=os->length;
}
if (!asn1_Finish(c)) goto err;
if (!asn1_const_Finish(c)) goto err;
a->length=num;
if (a->data != NULL) OPENSSL_free(a->data);

32
crypto/openssl/crypto/asn1/a_d2i_fp.c
View File

@ -66,11 +66,10 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
#ifndef NO_OLD_ASN1
#ifndef OPENSSL_NO_FP_API
char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
unsigned char **x)
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
{
BIO *b;
char *ret;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
@ -84,12 +83,11 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
}
#endif
char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
unsigned char **x)
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
{
BUF_MEM *b = NULL;
unsigned char *p;
char *ret=NULL;
const unsigned char *p;
void *ret=NULL;
int len;
len = asn1_d2i_read_bio(in, &b);
@ -107,14 +105,14 @@ err:
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{
BUF_MEM *b = NULL;
unsigned char *p;
const unsigned char *p;
void *ret=NULL;
int len;
len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err;
p=(unsigned char *)b->data;
p=(const unsigned char *)b->data;
ret=ASN1_item_d2i(x,&p,len, it);
err:
if (b != NULL) BUF_MEM_free(b);
@ -129,7 +127,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
if ((b=BIO_new(BIO_s_file())) == NULL)
{
ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
return(NULL);
}
BIO_set_fp(b,in,BIO_NOCLOSE);
@ -146,7 +144,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
unsigned char *p;
int i;
int ret=-1;
ASN1_CTX c;
ASN1_const_CTX c;
int want=HEADER_SIZE;
int eos=0;
#if defined(__GNUC__) && defined(__ia64)
@ -160,7 +158,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
b=BUF_MEM_new();
if (b == NULL)
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
return -1;
}
@ -173,13 +171,13 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
i=BIO_read(in,&(b->data[len]),want);
if ((i < 0) && ((len-off) == 0))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
if (i > 0)
@ -199,7 +197,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
if (e != ASN1_R_TOO_LONG)
goto err;
else
ERR_get_error(); /* clear error */
ERR_clear_error(); /* clear error */
}
i=c.p-p;/* header length */
off+=i; /* end of data */
@ -228,7 +226,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
want-=(len-off);
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
while (want > 0)
@ -236,7 +234,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
i=BIO_read(in,&(b->data[len]),want);
if (i <= 0)
{
ASN1err(ASN1_F_ASN1_D2I_BIO,
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}

9
crypto/openssl/crypto/asn1/a_digest.c
View File

@ -65,20 +65,25 @@
# include <sys/types.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
#ifndef NO_ASN1_OLD
int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
unsigned char *md, unsigned int *len)
{
int i;
unsigned char *str,*p;
i=i2d(data,NULL);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
{
ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
return(0);
}
p=str;
i2d(data,&p);

18
crypto/openssl/crypto/asn1/a_dup.c
View File

@ -62,22 +62,23 @@
#ifndef NO_OLD_ASN1
char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
{
unsigned char *b,*p;
long i;
const unsigned char *p2;
int i;
char *ret;
if (x == NULL) return(NULL);
i=(long)i2d(x,NULL);
b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
i=i2d(x,NULL);
b=OPENSSL_malloc(i+10);
if (b == NULL)
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
p= b;
i=i2d(x,&p);
p= b;
ret=d2i(NULL,&p,i);
p2= b;
ret=d2i(NULL,&p2,i);
OPENSSL_free(b);
return(ret);
}
@ -91,7 +92,8 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
{
unsigned char *b = NULL, *p;
unsigned char *b = NULL;
const unsigned char *p;
long i;
void *ret;
@ -99,7 +101,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
i=ASN1_item_i2d(x,&b,it);
if (b == NULL)
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
p= b;
ret=ASN1_item_d2i(NULL,&p,i, it);
OPENSSL_free(b);

14
crypto/openssl/crypto/asn1/a_enum.c
View File

@ -59,6 +59,7 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/bn.h>
/*
* Code for ENUMERATED type: identical to INTEGER apart from a different tag.
@ -67,12 +68,13 @@
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
{
int i,j,k;
int j,k;
unsigned int i;
unsigned char buf[sizeof(long)+1];
long d;
a->type=V_ASN1_ENUMERATED;
if (a->length < (sizeof(long)+1))
if (a->length < (int)(sizeof(long)+1))
{
if (a->data != NULL)
OPENSSL_free(a->data);
@ -116,7 +118,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
else if (i != V_ASN1_ENUMERATED)
return -1;
if (a->length > sizeof(long))
if (a->length > (int)sizeof(long))
{
/* hmm... a bit ugly */
return(0xffffffffL);
@ -147,7 +149,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
goto err;
}
if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
else ret->type=V_ASN1_ENUMERATED;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
@ -156,7 +158,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
if (!new_data)
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
goto err;
}
ret->data=new_data;
@ -175,6 +177,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
return(ret);
}

14
crypto/openssl/crypto/asn1/a_gentm.c
View File

@ -181,7 +181,7 @@ err:
return(0);
}
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{
ASN1_GENERALIZEDTIME t;
@ -192,8 +192,9 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
{
if (s != NULL)
{
ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length);
if (!ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length))
return 0;
s->type=V_ASN1_GENERALIZEDTIME;
}
return(1);
@ -223,7 +224,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (p == NULL)
{
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
ERR_R_MALLOC_FAILURE);
return(NULL);
}
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;

6
crypto/openssl/crypto/asn1/a_hdr.c
View File

@ -76,17 +76,17 @@ int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
M_ASN1_I2D_finish();
}
ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
if (ret->meth != NULL)
{
M_ASN1_D2I_get(ret->data,ret->meth->d2i);
M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
}
else
{

Some files were not shown because too many files have changed in this diff Show More