generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge from main trunk, conflicts resolved

Browse Source
This commit is contained in:
Richard Levitte 2000-08-01 12:21:46 +00:00
parent d786112124
commit 1ba5b1b530
51 changed files with 1725 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -11,3 +11,5 @@ maketest.log
cctest
cctest.c
cctest.a
libcrypto.so.*
libssl.so.*

61
CHANGES
View File

@ -4,6 +4,67 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
RSA_padding_check_SSLv23(), special padding was never detected
and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
version rollback attacks was not effective.
In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
[Bodo Moeller]
*) Make it possible to get hexdumps of unprintable data with 'openssl
asn1parse'. By implication, the functions ASN1_parse_dump() and
BIO_dump_indent() are added.
[Richard Levitte]
*) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
these print out strings and name structures based on various
flags including RFC2253 support and proper handling of
multibyte characters. Added options to the 'x509' utility
to allow the various flags to be set.
[Steve Henson]
*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
Also change the functions X509_cmp_current_time() and
X509_gmtime_adj() work with an ASN1_TIME structure,
this will enable certificates using GeneralizedTime in validity
dates to be checked.
[Steve Henson]
*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
negative public key encodings) on by default,
NO_NEG_PUBKEY_BUG can be set to disable it.
[Steve Henson]
*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
content octets. An i2c_ASN1_OBJECT is unnecessary because
the encoding can be trivially obtained from the structure.
[Steve Henson]
*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
not read locks (CRYPTO_r_[un]lock).
[Bodo Moeller]
*) A first attempt at creating official support for shared
libraries through configuration. I've kept it so the
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
This has been tested on Linux and True64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in:
Peter Gutmann, Software Generation of Practically Strong
Random Numbers.
[Ulf Möller]
*) Fix so PRNG is seeded in req if using an already existing
DSA key.
[Steve Henson]
*) New options to smime application. -inform and -outform
allow alternative formats for the S/MIME message including
PEM and DER. The -content option allows the content to be

59
Configure
View File

@ -32,6 +32,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# [no-]shared [don't] try to create shared libraries instead of static
# ones when possible.
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
@ -96,7 +98,7 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
my %table=(
#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
@ -250,9 +252,9 @@ my %table=(
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
#### Alpha Linux with GNU C and Compaq C setups
@ -278,7 +280,7 @@ my %table=(
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
@ -299,7 +301,7 @@ my %table=(
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
# Linux on ARM
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn",
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
# UnixWare 2.0
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
@ -399,6 +401,7 @@ my $prefix="";
my $openssldir="";
my $install_prefix="";
my $no_threads=0;
my $no_shared=1;
my $threads=0;
my $no_asm=0;
my $no_dso=0;
@ -456,6 +459,10 @@ foreach (@ARGV)
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
elsif (/^shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
elsif (/^no-(.+)$/)
@ -574,8 +581,8 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
print "IsWindows=$IsWindows\n";
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme)=
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
split(/\s*:\s*/,$table{$target} . ":" x 21 , -1);
$cflags="$flags$cflags" if ($flags ne "");
# The DSO code currently always implements all functions so that no
@ -649,6 +656,19 @@ if ($threads)
$openssl_thread_defines .= $thread_defines;
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark1 = "";
my $shared_mark2 = "";
if ($shared_cflag ne "")
{
$cflags = "$shared_cflag $cflags";
if (!$no_shared)
{
$shared_mark1 = ".shlib-clean.";
$shared_mark2 = ".shlib.";
}
}
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@ -680,13 +700,20 @@ if ($rmd160_obj =~ /\.o$/)
my $version = "unknown";
my $major = "unknown";
my $minor = "unknown";
my $shlib_version_number = "unknown";
my $shlib_version_history = "unknown";
my $shlib_major = "unknown";
my $shlib_minor = "unknown";
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
close(IN);
if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
{
@ -694,6 +721,12 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
$minor=$2;
}
if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
{
$shlib_major=$1;
$shlib_minor=$2;
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
@ -712,6 +745,10 @@ while (<IN>)
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@ -733,6 +770,10 @@ while (<IN>)
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^PERL=.*/PERL= $perl/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
print OUT $_."\n";
}
close(IN);
@ -1041,5 +1082,7 @@ sub print_table_entry
\$rmd160_obj = $rmd160_obj
\$rc5_obj = $rc5_obj
\$dso_scheme = $dso_scheme
\$shared_target= $shared_target
\$shared_cflag = $shared_cflag
EOF
}

29
INSTALL.W32
View File

@ -180,6 +180,35 @@
desired, GNU bc can be built with CygWin32 without change.
Installation
------------
There's currently no real installation procedure for Win32. There are,
however, some suggestions:
- do nothing. The include files are found in the inc32/ subdirectory,
all binaries are found in out32dll/ or out32/ depending if you built
dynamic or static libraries.
- do as is written in INSTALL.Win32 that comes with modssl:
$ md c:\openssl
$ md c:\openssl\bin
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
Troubleshooting
---------------

192
Makefile.org
View File

@ -5,8 +5,14 @@
VERSION=
MAJOR=
MINOR=
SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
PLATFORM=dist
OPTIONS=
SHLIB_TARGET=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
@ -142,7 +148,14 @@ RMD160_ASM_OBJ= asm/rm86-out.o
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
DIRS= crypto ssl rsaref apps test tools
# To do special treatment, use "directory names" starting with a period.
# When we're prepared to use shared libraries in the programs we link here
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
# or have that configurable.
SHLIB_MARK1=.shlib-clean.
SHLIB_MARK2=.shlib.
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
SHLIBDIRS= crypto ssl
# dirs in crypto to build
@ -165,7 +178,8 @@ TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
LIBS= libcrypto.a libssl.a
SHARED_LIBS=libcrypto.so libssl.so
GENERAL= Makefile
BASENAME= openssl
@ -176,36 +190,110 @@ EXHEADER= e_os.h e_os2.h
HEADER= e_os.h
all: Makefile.ssl
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done
-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-@# cd perl; $(PERL) Makefile.PL; make
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
sub_all:
@for i in $(DIRS) ;\
@need_shlib=true; \
for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
libcrypto.so: libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
libssl.so: libcrypto.so libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
clean-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
linux-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.a lib$$i.so \
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
libs=; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive -lc ) || exit 1; \
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
-Wl,--no-whole-archive -lc $$libs ) || exit 1; \
libs="$$libs -L. -l$$i"; \
( set -x; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
done;
# This assumes that GNU utilities are *not* used
true64-shared:
libs=; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none -lc $$libs ) || exit 1; \
libs="$$libs -L. -l$$i"; \
done;
# This assumes that GNU utilities are *not* used
solaris-shared:
libs=; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR} \
-z allextract lib$$i.a $$libs ) || exit 1; \
libs="$$libs -L. -l$$i"; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
done; \
@set -x; \
for i in ${SHLIBDIRS}; do \
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
done;
Makefile.ssl: Makefile.org
@ -220,9 +308,11 @@ clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
fi; \
done;
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
@ -239,8 +329,10 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
done;
links:
@ -248,16 +340,20 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
fi; \
done;
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
done;
rehash: rehash.time
@ -278,22 +374,28 @@ report:
depend:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
fi; \
done;
lint:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
done;
tags:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
fi; \
done;
errors:
@ -352,15 +454,19 @@ install: all install_docs
done;
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
fi; \
done
@for i in $(LIBS) ;\
do \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done
install_docs:

220
TABLE
View File

@ -17,6 +17,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** BC-32
$cc = bcc32
@ -35,6 +37,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** BS2000-OSD
$cc = c89
@ -53,6 +57,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** CygWin32
$cc = gcc
@ -71,6 +77,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** FreeBSD
$cc = gcc
@ -89,6 +97,8 @@ $rc4_obj = asm/rx86-out.o
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** FreeBSD-alpha
$cc = gcc
@ -107,6 +117,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** FreeBSD-elf
$cc = gcc
@ -125,6 +137,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** Mingw32
$cc = gcc
@ -143,6 +157,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** NetBSD-m68
$cc = gcc
@ -161,6 +177,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** NetBSD-sparc
$cc = gcc
@ -179,6 +197,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** NetBSD-x86
$cc = gcc
@ -197,6 +217,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** OpenBSD
$cc = gcc
@ -215,6 +237,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** OpenBSD-alpha
$cc = gcc
@ -233,6 +257,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** OpenBSD-mips
$cc = gcc
@ -251,6 +277,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** OpenBSD-x86
$cc = gcc
@ -269,6 +297,8 @@ $rc4_obj = asm/rx86-out.o
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** ReliantUNIX
$cc = cc
@ -287,6 +317,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** SINIX
$cc = cc
@ -305,6 +337,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** SINIX-N
$cc = /usr/ucb/cc
@ -323,6 +357,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-MSDOS
$cc = cl
@ -341,6 +377,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-NT
$cc = cl
@ -359,6 +397,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-W31-16
$cc = cl
@ -377,6 +417,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-W31-32
$cc = cl
@ -395,6 +437,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-WIN16
$cc = cl
@ -413,6 +457,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** VC-WIN32
$cc = cl
@ -431,6 +477,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** aix-cc
$cc = cc
@ -449,6 +497,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** aix-gcc
$cc = gcc
@ -467,6 +517,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** alpha-cc
$cc = cc
@ -485,6 +537,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** alpha-gcc
$cc = gcc
@ -503,6 +557,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** alpha164-cc
$cc = cc
@ -520,7 +576,9 @@ $cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** bsdi-elf-gcc
$cc = gcc
@ -539,6 +597,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** bsdi-gcc
$cc = gcc
@ -557,6 +617,8 @@ $rc4_obj = asm/rx86bsdi.o
$rmd160_obj = asm/rm86bsdi.o
$rc5_obj = asm/r586bsdi.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** cc
$cc = cc
@ -575,6 +637,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** cray-t3e
$cc = cc
@ -593,6 +657,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** cray-t90-cc
$cc = cc
@ -611,6 +677,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug
$cc = gcc
@ -629,6 +697,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-ben
$cc = gcc
@ -647,6 +717,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-ben-debug
$cc = gcc
@ -665,6 +737,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-ben-strict
$cc = gcc
@ -683,6 +757,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-bodo
$cc = gcc
@ -701,6 +777,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-levitte-linux-elf
$cc = gcc
@ -719,6 +797,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-linux-elf
$cc = gcc
@ -737,6 +817,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-linux-elf-noefence
$cc = gcc
@ -755,6 +837,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-rse
$cc = cc
@ -773,6 +857,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-solaris-sparcv8-cc
$cc = cc
@ -791,6 +877,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-solaris-sparcv8-gcc
$cc = gcc
@ -809,6 +897,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-solaris-sparcv9-cc
$cc = cc
@ -827,6 +917,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-solaris-sparcv9-gcc
$cc = gcc
@ -845,6 +937,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** debug-steve
$cc = gcc
@ -863,6 +957,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** debug-ulf
$cc = gcc
@ -881,6 +977,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** dgux-R3-gcc
$cc = gcc
@ -899,6 +997,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** dgux-R4-gcc
$cc = gcc
@ -917,6 +1017,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** dgux-R4-x86-gcc
$cc = gcc
@ -935,6 +1037,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** dist
$cc = cc
@ -953,6 +1057,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** gcc
$cc = gcc
@ -971,6 +1077,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** hpux-brokencc
$cc = cc
@ -989,6 +1097,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-brokengcc
$cc = gcc
@ -1007,6 +1117,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-cc
$cc = cc
@ -1025,6 +1137,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-gcc
$cc = gcc
@ -1043,6 +1157,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-parisc-cc
$cc = cc
@ -1061,6 +1177,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-parisc-cc-o4
$cc = cc
@ -1079,6 +1197,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux-parisc-gcc
$cc = gcc
@ -1097,6 +1217,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux10-brokencc
$cc = cc
@ -1115,6 +1237,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux10-brokengcc
$cc = gcc
@ -1133,6 +1257,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux10-cc
$cc = cc
@ -1151,6 +1277,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux10-gcc
$cc = gcc
@ -1169,6 +1297,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** hpux64-parisc-cc
$cc = cc
@ -1187,6 +1317,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
$shared_target=
$shared_cflag =
*** irix-cc
$cc = cc
@ -1205,6 +1337,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** irix-gcc
$cc = gcc
@ -1223,6 +1357,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** irix-mips3-cc
$cc = cc
@ -1241,6 +1377,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** irix-mips3-gcc
$cc = gcc
@ -1259,6 +1397,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** irix64-mips4-cc
$cc = cc
@ -1277,6 +1417,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** irix64-mips4-gcc
$cc = gcc
@ -1295,6 +1437,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-alpha+bwx-ccc
$cc = ccc
@ -1313,6 +1457,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-alpha+bwx-gcc
$cc = gcc
@ -1331,6 +1477,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-alpha-ccc
$cc = ccc
@ -1349,6 +1497,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-alpha-gcc
$cc = gcc
@ -1367,6 +1517,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-aout
$cc = gcc
@ -1385,6 +1537,8 @@ $rc4_obj = asm/rx86-out.o
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-elf
$cc = gcc
@ -1403,6 +1557,8 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** linux-elf-arm
$cc = gcc
@ -1421,6 +1577,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** linux-ia64
$cc = gcc
@ -1439,6 +1597,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-m68k
$cc = gcc
@ -1457,6 +1617,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-mips
$cc = gcc
@ -1475,6 +1637,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-ppc
$cc = gcc
@ -1493,6 +1657,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-sparcv7
$cc = gcc
@ -1511,6 +1677,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-sparcv8
$cc = gcc
@ -1529,6 +1697,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** linux-sparcv9
$cc = gcc
@ -1547,6 +1717,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** ncr-scde
$cc = cc
@ -1565,6 +1737,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** nextstep
$cc = cc
@ -1583,6 +1757,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** nextstep3.3
$cc = cc
@ -1601,6 +1777,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** purify
$cc = purify gcc
@ -1619,6 +1797,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** rhapsody-ppc-cc
$cc = cc
@ -1637,6 +1817,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** sco5-cc
$cc = cc
@ -1655,6 +1837,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** sco5-gcc
$cc = gcc
@ -1673,6 +1857,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** solaris-sparc-sc3
$cc = cc
@ -1691,6 +1877,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv7-cc
$cc = cc
@ -1709,6 +1897,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv7-gcc
$cc = gcc
@ -1727,6 +1917,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv8-cc
$cc = cc
@ -1745,6 +1937,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv8-gcc
$cc = gcc
@ -1763,6 +1957,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv9-cc
$cc = cc
@ -1781,6 +1977,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv9-gcc
$cc = gcc
@ -1799,6 +1997,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-sparcv9-gcc27
$cc = gcc
@ -1817,6 +2017,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris-x86-gcc
$cc = gcc
@ -1835,6 +2037,8 @@ $rc4_obj = asm/rx86-sol.o
$rmd160_obj = asm/rm86-sol.o
$rc5_obj = asm/r586-sol.o
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** solaris64-sparcv9-cc
$cc = cc
@ -1853,6 +2057,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
$shared_target=
$shared_cflag =
*** sunos-gcc
$cc = gcc
@ -1871,6 +2077,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** ultrix-cc
$cc = cc
@ -1889,6 +2097,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** ultrix-gcc
$cc = gcc
@ -1907,6 +2117,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** unixware-2.0
$cc = cc
@ -1925,6 +2137,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** unixware-2.0-pentium
$cc = cc
@ -1943,6 +2157,8 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
*** unixware-7
$cc = cc
@ -1961,3 +2177,5 @@ $rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =

80
apps/apps.c
View File

@ -655,3 +655,83 @@ end:
return(othercerts);
}
typedef struct {
char *name;
unsigned long flag;
unsigned long mask;
} NAME_EX_TBL;
int set_name_ex(unsigned long *flags, const char *arg)
{
char c;
const NAME_EX_TBL *ptbl, ex_tbl[] = {
{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
{ "dn_rev", XN_FLAG_DN_REV, 0},
{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
{ "space_eq", XN_FLAG_SPC_EQ, 0},
{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
{ NULL, 0, 0}
};
c = arg[0];
if(c == '-') {
c = 0;
arg++;
} else if (c == '+') {
c = 1;
arg++;
} else c = 1;
for(ptbl = ex_tbl; ptbl->name; ptbl++) {
if(!strcmp(arg, ptbl->name)) {
*flags &= ~ptbl->mask;
if(c) *flags |= ptbl->flag;
else *flags &= ~ptbl->flag;
return 1;
}
}
return 0;
}
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
{
char buf[256];
char mline = 0;
int indent = 0;
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
indent = 4;
}
if(lflags == XN_FLAG_COMPAT) {
X509_NAME_oneline(nm,buf,256);
BIO_puts(out,buf);
BIO_puts(out, "\n");
} else {
if(mline) BIO_puts(out, "\n");
X509_NAME_print_ex(out, nm, indent, lflags);
BIO_puts(out, "\n");
}
}

2
apps/apps.h
View File

@ -145,7 +145,9 @@ void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
#endif
int set_name_ex(unsigned long *flags, const char *arg);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
X509 *load_cert(BIO *err, char *file, int format);

17
apps/asn1pars.c
View File

@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
int informat,indent=0, noout = 0;
int informat,indent=0, noout = 0, dump = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
unsigned char *tmpbuf;
BUF_MEM *buf=NULL;
@ -149,6 +149,16 @@ int MAIN(int argc, char **argv)
length= atoi(*(++argv));
if (length == 0) goto bad;
}
else if (strcmp(*argv,"-dump") == 0)
{
dump= -1;
}
else if (strcmp(*argv,"-dlimit") == 0)
{
if (--argc < 1) goto bad;
dump= atoi(*(++argv));
if (dump <= 0) goto bad;
}
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
@ -176,6 +186,8 @@ bad:
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
BIO_printf(bio_err," -dump dump unknown data in hex form\n");
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
@ -293,7 +305,8 @@ bad:
}
}
if (!noout &&
!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
indent,dump))
{
ERR_print_errors(bio_err);
goto end;

2
apps/passwd.c
View File

@ -44,7 +44,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
/* -crypt - standard Unix password algorithm (default, only choice)
/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt

5
apps/req.c
View File

@ -587,6 +587,11 @@ bad:
BIO_printf(bio_err,"unable to load Private key\n");
goto end;
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
app_RAND_load_file(randfile, bio_err, 0);
}
}
if (newreq && (pkey == NULL))

3
apps/smime.c
View File

@ -277,8 +277,11 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
BIO_printf (bio_err, "-to addr to address\n");
BIO_printf (bio_err, "-from ad from address\n");
BIO_printf (bio_err, "-subject s subject\n");

2
apps/verify.c
View File

@ -186,7 +186,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;

26
apps/x509.c
View File

@ -128,6 +128,7 @@ static char *x509_usage[]={
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
NULL
};
@ -173,6 +174,7 @@ int MAIN(int argc, char **argv)
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0;
reqfile=0;
@ -316,6 +318,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
if(!set_name_ex(&nmflag, *(++argv))) goto bad;
}
else if (strcmp(*argv,"-setalias") == 0)
{
if (--argc < 1) goto bad;
@ -524,9 +531,8 @@ bad:
}
else
BIO_printf(bio_err,"Signature ok\n");
X509_NAME_oneline(req->req_info->subject,buf,256);
BIO_printf(bio_err,"subject=%s\n",buf);
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
@ -600,15 +606,13 @@ bad:
{
if (issuer == i)
{
X509_NAME_oneline(X509_get_issuer_name(x),
buf,256);
BIO_printf(STDout,"issuer= %s\n",buf);
print_name(STDout, "issuer= ",
X509_get_issuer_name(x), nmflag);
}
else if (subject == i)
{
X509_NAME_oneline(X509_get_subject_name(x),
buf,256);
BIO_printf(STDout,"subject=%s\n",buf);
print_name(STDout, "issuer= ",
X509_get_subject_name(x), nmflag);
}
else if (serial == i)
{
@ -1082,7 +1086,6 @@ end:
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
int err;
X509 *err_cert;
@ -1104,8 +1107,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
else
{
err_cert=X509_STORE_CTX_get_current_cert(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
BIO_printf(bio_err,"%s\n",buf);
print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
err,X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(err));

21
crypto/asn1/Makefile.ssl
View File

@ -24,7 +24,7 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \
a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
@ -39,7 +39,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \
a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
@ -284,6 +284,23 @@ a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_sign.o: ../cryptlib.h
a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
a_strex.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_strex.o: charmap.h
a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h

1
crypto/asn1/a_enum.c
View File

@ -75,6 +75,7 @@ void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
{
int len, ret;
if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
if(pp) {

1
crypto/asn1/a_int.c
View File

@ -77,6 +77,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
int len, ret;
if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
if(pp) {

41
crypto/asn1/a_object.c
View File

@ -190,24 +190,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
long length)
{
ASN1_OBJECT *ret=NULL;
{
unsigned char *p;
long len;
int tag,xclass;
int inf,i;
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
{
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
}
else ret=(*a);
ASN1_OBJECT *ret = NULL;
p= *pp;
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
if (inf & 0x80)
{
@ -220,6 +209,32 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
i=ASN1_R_EXPECTING_AN_OBJECT;
goto err;
}
ret = c2i_ASN1_OBJECT(a, &p, len);
if(ret) *pp = p;
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1_OBJECT_free(ret);
return(NULL);
}
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
long len)
{
ASN1_OBJECT *ret=NULL;
unsigned char *p;
int i;
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
{
if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
}
else ret=(*a);
p= *pp;
if ((ret->data == NULL) || (ret->length < len))
{
if (ret->data != NULL) OPENSSL_free(ret->data);

87
crypto/asn1/asn1.h
View File

@ -237,6 +237,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
#define ASN1_BMPSTRING ASN1_STRING
#define ASN1_VISIBLESTRING ASN1_STRING
#define ASN1_UTF8STRING ASN1_STRING
#define ASN1_BOOLEAN int
#else
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_ENUMERATED;
@ -253,10 +254,90 @@ typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef int ASN1_BOOLEAN;
#endif
typedef int ASN1_NULL;
/* Parameters used by ASN1_STRING_print_ex() */
/* These determine which characters to escape:
* RFC2253 special characters, control characters and
* MSB set characters
*/
#define ASN1_STRFLGS_ESC_2253 1
#define ASN1_STRFLGS_ESC_CTRL 2
#define ASN1_STRFLGS_ESC_MSB 4
/* This flag determines how we do escaping: normally
* RC2253 backslash only, set this to use backslash and
* quote.
*/
#define ASN1_STRFLGS_ESC_QUOTE 8
/* These three flags are internal use only. */
/* Character is a valid PrintableString character */
#define CHARTYPE_PRINTABLESTRING 0x10
/* Character needs escaping if it is the first character */
#define CHARTYPE_FIRST_ESC_2253 0x20
/* Character needs escaping if it is the last character */
#define CHARTYPE_LAST_ESC_2253 0x40
/* NB the internal flags are safely reused below by flags
* handled at the top level.
*/
/* If this is set we convert all character strings
* to UTF8 first
*/
#define ASN1_STRFLGS_UTF8_CONVERT 0x10
/* If this is set we don't attempt to interpret content:
* just assume all strings are 1 byte per character. This
* will produce some pretty odd looking output!
*/
#define ASN1_STRFLGS_IGNORE_TYPE 0x20
/* If this is set we include the string type in the output */
#define ASN1_STRFLGS_SHOW_TYPE 0x40
/* This determines which strings to display and which to
* 'dump' (hex dump of content octets or DER encoding). We can
* only dump non character strings or everything. If we
* don't dump 'unknown' they are interpreted as character
* strings with 1 octet per character and are subject to
* the usual escaping options.
*/
#define ASN1_STRFLGS_DUMP_ALL 0x80
#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
/* These determine what 'dumping' does, we can dump the
* content octets or the DER encoding: both use the
* RFC2253 #XXXXX notation.
*/
#define ASN1_STRFLGS_DUMP_DER 0x200
/* All the string flags consistent with RFC2253,
* escaping control characters isn't essential in
* RFC2253 but it is advisable anyway.
*/
#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB | \
ASN1_STRFLGS_UTF8_CONVERT | \
ASN1_STRFLGS_DUMP_UNKNOWN | \
ASN1_STRFLGS_DUMP_DER)
DECLARE_STACK_OF(ASN1_INTEGER)
DECLARE_ASN1_SET_OF(ASN1_INTEGER)
@ -265,6 +346,7 @@ typedef struct asn1_type_st
int type;
union {
char *ptr;
ASN1_BOOLEAN boolean;
ASN1_STRING * asn1_string;
ASN1_OBJECT * object;
ASN1_INTEGER * integer;
@ -506,6 +588,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
long length);
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
long length);
@ -722,6 +806,7 @@ char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
#ifndef NO_FP_API
char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
#ifndef NO_BIO
@ -731,7 +816,9 @@ int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
#endif
const char *ASN1_tag2str(int tag);

48
crypto/asn1/asn1_par.c
View File

@ -65,7 +65,7 @@
static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
int indent);
static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
int offset, int depth, int indent);
int offset, int depth, int indent, int dump);
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent)
{
@ -110,11 +110,16 @@ err:
int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
{
return(asn1_parse2(bp,&pp,len,0,0,indent));
return(asn1_parse2(bp,&pp,len,0,0,indent,0));
}
int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
{
return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
}
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
int depth, int indent)
int depth, int indent, int dump)
{
unsigned char *p,*ep,*tot,*op,*opp;
long len;
@ -123,7 +128,13 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
ASN1_OBJECT *o=NULL;
ASN1_OCTET_STRING *os=NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
int dump_indent;
#if 0
dump_indent = indent;
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif
p= *pp;
tot=p+length;
op=p-1;
@ -178,7 +189,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
{
r=asn1_parse2(bp,&p,(long)(tot-p),
offset+(p - *pp),depth+1,
indent);
indent,dump);
if (r == 0) { ret=0; goto end; }
if ((r == 2) || (p >= tot)) break;
}
@ -188,7 +199,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
{
r=asn1_parse2(bp,&p,(long)len,
offset+(p - *pp),depth+1,
indent);
indent,dump);
if (r == 0) { ret=0; goto end; }
}
}
@ -273,6 +284,20 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
os->length) <= 0)
goto end;
}
if (!printable && (os->length > 0)
&& dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,opp,
((dump == -1 || dump > os->length)?os->length:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
M_ASN1_OCTET_STRING_free(os);
os=NULL;
}
@ -341,6 +366,19 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
}
M_ASN1_ENUMERATED_free(bs);
}
else if (len > 0 && dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,p,
((dump == -1 || dump > len)?len:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
if (!nl)
{

2
crypto/asn1/d2i_dsap.c
View File

@ -64,7 +64,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

2
crypto/asn1/d2i_r_pu.c
View File

@ -64,7 +64,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

2
crypto/asn1/d2i_s_pu.c
View File

@ -66,7 +66,7 @@
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#ifdef NEG_PUBKEY_BUG
#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif

41
crypto/bio/b_dump.c
View File

@ -66,13 +66,20 @@
#define TRUNCATE
#define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
int BIO_dump(BIO *bio, const char *s, int len)
{
return BIO_dump_indent(bio, s, len, 0);
}
int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
{
int ret=0;
char buf[160+1],tmp[20];
char buf[288+1],tmp[20],str[128+1];
int i,j,rows,trunc;
unsigned char ch;
int dump_width;
trunc=0;
@ -81,27 +88,37 @@ int BIO_dump(BIO *bio, const char *s, int len)
trunc++;
#endif
rows=(len/DUMP_WIDTH);
if ((rows*DUMP_WIDTH)<len)
if (indent < 0)
indent = 0;
if (indent) {
if (indent > 128) indent=128;
memset(str,' ',indent);
}
str[indent]='\0';
dump_width=DUMP_WIDTH_LESS_INDENT(indent);
rows=(len/dump_width);
if ((rows*dump_width)<len)
rows++;
for(i=0;i<rows;i++) {
buf[0]='\0'; /* start with empty string */
sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
strcpy(buf,tmp);
for(j=0;j<DUMP_WIDTH;j++) {
if (((i*DUMP_WIDTH)+j)>=len) {
strcpy(buf,str);
sprintf(tmp,"%04x - ",i*dump_width);
strcat(buf,tmp);
for(j=0;j<dump_width;j++) {
if (((i*dump_width)+j)>=len) {
strcat(buf," ");
} else {
ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
strcat(buf,tmp);
}
}
strcat(buf," ");
for(j=0;j<DUMP_WIDTH;j++) {
if (((i*DUMP_WIDTH)+j)>=len)
for(j=0;j<dump_width;j++) {
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
#else
@ -119,7 +136,7 @@ int BIO_dump(BIO *bio, const char *s, int len)
}
#ifdef TRUNCATE
if (trunc > 0) {
sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
#endif

9
crypto/bio/b_sock.c
View File

@ -105,17 +105,22 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
struct hostent *he;
i=get_ip(str,ip);
if (i > 0) return(1);
if (i < 0)
{
BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
goto err;
}
/* do a gethostbyname */
/* At this point, we have something that is most probably correct
in some way, so let's init the socket. */
if (!BIO_sock_init())
return(0); /* don't generate another error code here */
/* If the string actually contained an IP address, we need not do
anything more */
if (i > 0) return(1);
/* do a gethostbyname */
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
locked = 1;
he=BIO_gethostbyname(str);

1
crypto/bio/bio.h
View File

@ -559,6 +559,7 @@ int BIO_sock_non_fatal_error(int error);
int BIO_fd_should_retry(int i);
int BIO_fd_non_fatal_error(int error);
int BIO_dump(BIO *b,const char *bytes,int len);
int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
struct hostent *BIO_gethostbyname(const char *name);
/* We might want a thread-safe interface too:

2
crypto/bn/bn_mul.c
View File

@ -631,7 +631,6 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
al=a->top;
bl=b->top;
r->neg=a->neg^b->neg;
if ((al == 0) || (bl == 0))
{
@ -647,6 +646,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
}
else
rr = r;
rr->neg=a->neg^b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
i = al-bl;

4
crypto/bn/bn_word.c
View File

@ -115,7 +115,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
a->neg=0;
i=BN_sub_word(a,w);
if (!BN_is_zero(a))
a->neg=1;
a->neg=!(a->neg);
return(i);
}
w&=BN_MASK2;
@ -140,7 +140,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
{
int i;
if (a->neg)
if (BN_is_zero(a) || a->neg)
{
a->neg=0;
i=BN_add_word(a,w);

10
crypto/crypto.h
View File

@ -244,11 +244,11 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
* unless CRYPTO_MDEBUG is defined) */
#define CRYPTO_malloc_debug_init() do {\
CRYPTO_set_mem_debug_functions(\
(void (*)())CRYPTO_dbg_malloc,\
(void (*)())CRYPTO_dbg_realloc,\
(void (*)())CRYPTO_dbg_free,\
(void (*)())CRYPTO_dbg_set_options,\
(long (*)())CRYPTO_dbg_get_options);\
CRYPTO_dbg_malloc,\
CRYPTO_dbg_realloc,\
CRYPTO_dbg_free,\
CRYPTO_dbg_set_options,\
CRYPTO_dbg_get_options);\
} while(0)
int CRYPTO_mem_ctrl(int mode);

31
crypto/err/err.c
View File

@ -560,7 +560,7 @@ const char *ERR_lib_error_string(unsigned long e)
l=ERR_GET_LIB(e);
CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
@ -568,7 +568,7 @@ const char *ERR_lib_error_string(unsigned long e)
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
@ -581,7 +581,7 @@ const char *ERR_func_error_string(unsigned long e)
l=ERR_GET_LIB(e);
f=ERR_GET_FUNC(e);
CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
@ -589,7 +589,7 @@ const char *ERR_func_error_string(unsigned long e)
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
@ -602,7 +602,7 @@ const char *ERR_reason_error_string(unsigned long e)
l=ERR_GET_LIB(e);
r=ERR_GET_REASON(e);
CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
@ -615,7 +615,7 @@ const char *ERR_reason_error_string(unsigned long e)
}
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
@ -646,7 +646,7 @@ static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
void ERR_remove_state(unsigned long pid)
{
ERR_STATE *p,tmp;
ERR_STATE *p = NULL,tmp;
if (thread_hash == NULL)
return;
@ -654,12 +654,15 @@ void ERR_remove_state(unsigned long pid)
pid=(unsigned long)CRYPTO_thread_id();
tmp.pid=pid;
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
if (lh_num_items(thread_hash) == 0)
if (thread_hash)
{
/* make sure we don't leak memory */
lh_free(thread_hash);
thread_hash = NULL;
p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
if (lh_num_items(thread_hash) == 0)
{
/* make sure we don't leak memory */
lh_free(thread_hash);
thread_hash = NULL;
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
@ -676,13 +679,13 @@ ERR_STATE *ERR_get_state(void)
pid=(unsigned long)CRYPTO_thread_id();
CRYPTO_r_lock(CRYPTO_LOCK_ERR);
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
if (thread_hash != NULL)
{
tmp.pid=pid;
ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp);
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
/* ret == the error state, if NULL, make a new one */
if (ret == NULL)

15
crypto/evp/bio_b64.c
View File

@ -370,10 +370,11 @@ static int b64_write(BIO *b, const char *in, int inl)
n-=i;
}
/* at this point all pending data has been written */
ctx->buf_off=0;
ctx->buf_len=0;
if ((in == NULL) || (inl <= 0)) return(0);
ctx->buf_off=0;
while (inl > 0)
{
n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
@ -383,14 +384,20 @@ static int b64_write(BIO *b, const char *in, int inl)
if (ctx->tmp_len > 0)
{
n=3-ctx->tmp_len;
/* There's a teoretical possibility for this */
if (n > inl)
n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
n=ctx->tmp_len;
if (n < 3)
if (ctx->tmp_len < 3)
break;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,n);
(unsigned char *)ctx->tmp,
ctx->tmp_len);
/* Since we're now done using the temporary
buffer, the length should be 0'd */
ctx->tmp_len=0;
}
else
{

53
crypto/opensslv.h
View File

@ -29,4 +29,57 @@
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.5b-dev 1 Apr 2000"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
/* The macros below are to be used for shared library (.so, .dll, ...)
* versioning. That kind of versioning works a bit differently between
* operating systems. The most usual scheme is to set a major and a minor
* number, and have the runtime loader check that the major number is equal
* to what it was at application link time, while the minor number has to
* be greater or equal to what it was at application link time. With this
* scheme, the version number is usually part of the file name, like this:
*
* libcrypto.so.0.9
*
* Some unixen also make a softlink with the major verson number only:
*
* libcrypto.so.0
*
* On True64 it works a little bit differently. There, the shared library
* version is stored in the file, and is actually a series of versions,
* separated by colons. The rightmost version present in the library when
* linking an application is stored in the application to be matched at
* run time. When the application is run, a check is done to see if the
* library version stored in the application matches any of the versions
* in the version string of the library itself.
* This version string can be constructed in any way, depending on what
* kind of matching is desired. However, to implement the same scheme as
* the one used in the other unixen, all compatible versions, from lowest
* to highest, should be part of the string. Consecutive builds would
* give the following versions strings:
*
* 3.0
* 3.0:3.1
* 3.0:3.1:3.2
* 4.0
* 4.0:4.1
*
* Notice how version 4 is completely incompatible with version, and
* therefore give the breach you can see.
*
* There may be other schemes as well that I haven't yet discovered.
*
* So, here's the way it works here: first of all, the library version
* number doesn't need at all to match the overall OpenSSL version.
* However, it's nice and more understandable if it actually does.
* The current library version is stored in the macro SHLIB_VERSION_NUMBER,
* which is just a piece of text in the format "M.m.e" (Major, minor, edit).
* For the sake of True64 and any other OS that behaves in similar ways,
* we need to keep a history of version numbers, which is done in the
* macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
#define SHLIB_VERSION_NUMBER "0.9.5b"
#endif /* HEADER_OPENSSLV_H */

9
crypto/rand/Makefile.ssl
View File

@ -83,7 +83,7 @@ md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h rand_lcl.h
rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@ -104,6 +104,13 @@ rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rand_win.o: ../../include/openssl/stack.h ../cryptlib.h rand_lcl.h
randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

152
crypto/rand/md_rand.c
View File

@ -109,8 +109,6 @@
*
*/
#define ENTROPY_NEEDED 20 /* require 160 bits = 20 bytes of randomness */
#ifdef MD_RAND_DEBUG
# ifndef NDEBUG
# define NDEBUG
@ -119,75 +117,20 @@
#include <assert.h>
#include <stdio.h>
#include <time.h>
#include <string.h>
#include "openssl/e_os.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(NO_SHA) && !defined(NO_SHA1)
#define USE_SHA1_RAND
#elif !defined(NO_MD5)
#define USE_MD5_RAND
#elif !defined(NO_MDC2) && !defined(NO_DES)
#define USE_MDC2_RAND
#elif !defined(NO_MD2)
#define USE_MD2_RAND
#else
#error No message digest algorithm available
#endif
#endif
/* Changed how the state buffer used. I now attempt to 'wrap' such
* that I don't run over the same locations the next time go through
* the 1023 bytes - many thanks to
* Robert J. LeBlanc <rjl@renaissoft.com> for his comments
*/
#if defined(USE_MD5_RAND)
#include <openssl/md5.h>
#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
#define MD_CTX MD5_CTX
#define MD_Init(a) MD5_Init(a)
#define MD_Update(a,b,c) MD5_Update(a,b,c)
#define MD_Final(a,b) MD5_Final(a,b)
#define MD(a,b,c) MD5(a,b,c)
#elif defined(USE_SHA1_RAND)
#include <openssl/sha.h>
#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
#define MD_CTX SHA_CTX
#define MD_Init(a) SHA1_Init(a)
#define MD_Update(a,b,c) SHA1_Update(a,b,c)
#define MD_Final(a,b) SHA1_Final(a,b)
#define MD(a,b,c) SHA1(a,b,c)
#elif defined(USE_MDC2_RAND)
#include <openssl/mdc2.h>
#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
#define MD_CTX MDC2_CTX
#define MD_Init(a) MDC2_Init(a)
#define MD_Update(a,b,c) MDC2_Update(a,b,c)
#define MD_Final(a,b) MDC2_Final(a,b)
#define MD(a,b,c) MDC2(a,b,c)
#elif defined(USE_MD2_RAND)
#include <openssl/md2.h>
#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
#define MD_CTX MD2_CTX
#define MD_Init(a) MD2_Init(a)
#define MD_Update(a,b,c) MD2_Update(a,b,c)
#define MD_Final(a,b) MD2_Final(a,b)
#define MD(a,b,c) MD2(a,b,c)
#endif
#include <openssl/rand.h>
#ifdef BN_DEBUG
# define PREDICT
#endif
/* #define NORAND 1 */
/* #define PREDICT 1 */
#define STATE_SIZE 1023
@ -198,6 +141,11 @@ static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
/* This should be set to 1 only when ssleay_rand_add() is called inside
an already locked state, so it doesn't try to lock and thereby cause
a hang. And it should always be reset back to 0 before unlocking. */
static int add_do_not_lock=0;
#ifdef PREDICT
int rand_predictable=0;
#endif
@ -243,10 +191,6 @@ static void ssleay_rand_add(const void *buf, int num, double add)
unsigned char local_md[MD_DIGEST_LENGTH];
MD_CTX m;
#ifdef NORAND
return;
#endif
/*
* (Based on the rand(3) manpage)
*
@ -262,7 +206,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
* hash function.
*/
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
/* use our own copies of the counters so that even
@ -294,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
{
@ -336,7 +280,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
memset((char *)&m,0,sizeof(m));
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
@ -347,9 +291,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#ifndef THREADS
#if !defined(THREADS) && !defined(WIN32)
assert(md_c[1] == md_count[1]);
#endif
}
@ -359,56 +303,6 @@ static void ssleay_rand_seed(const void *buf, int num)
ssleay_rand_add(buf, num, num);
}
static void ssleay_rand_initialize(void) /* not exported in RAND_METHOD */
{
unsigned long l;
#ifndef GETPID_IS_MEANINGLESS
pid_t curr_pid = getpid();
#endif
#ifdef DEVRANDOM
FILE *fh;
#endif
#ifdef NORAND
return;
#endif
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
/* put in some default random data, we need more than just this */
#ifndef GETPID_IS_MEANINGLESS
l=curr_pid;
RAND_add(&l,sizeof(l),0);
l=getuid();
RAND_add(&l,sizeof(l),0);
#endif
l=time(NULL);
RAND_add(&l,sizeof(l),0);
#ifdef DEVRANDOM
/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
* have this. Use /dev/urandom if you can as /dev/random may block
* if it runs out of random entries. */
if ((fh = fopen(DEVRANDOM, "r")) != NULL)
{
unsigned char tmpbuf[ENTROPY_NEEDED];
int n;
setvbuf(fh, NULL, _IONBF, 0);
n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
fclose(fh);
RAND_add(tmpbuf,sizeof tmpbuf,n);
memset(tmpbuf,0,n);
}
#endif
#ifdef PURIFY
memset(state,0,STATE_SIZE);
memset(md,0,MD_DIGEST_LENGTH);
#endif
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
initialized=1;
}
static int ssleay_rand_bytes(unsigned char *buf, int num)
{
static volatile int stirred_pool = 0;
@ -452,11 +346,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
* global 'md'.
*/
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!initialized)
ssleay_rand_initialize();
RAND_poll();
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
this locked state. */
initialized = 1;
if (!stirred_pool)
do_stir_pool = 1;
@ -519,6 +416,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
* are now ours (but other threads may use them too) */
md_count[0] += 1;
add_do_not_lock = 0; /* If this would ever be forgotten, we can
expect any evil god to eat our souls. */
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
@ -598,12 +498,12 @@ static int ssleay_rand_status(void)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!initialized)
ssleay_rand_initialize();
ret = entropy >= ENTROPY_NEEDED;
RAND_poll();
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
initialized = 1;
ret = entropy >= ENTROPY_NEEDED;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return ret;

1
crypto/rand/rand.h
View File

@ -94,6 +94,7 @@ int RAND_status(void);
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path,int bytes);
void ERR_load_RAND_strings(void);
int RAND_poll(void);
#ifdef __cplusplus
}

384
crypto/rand/rand_win.c
View File

@ -109,51 +109,246 @@
*
*/
#include "cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
#if defined(WINDOWS) || defined(WIN32)
#include "cryptlib.h"
#include <windows.h>
#include <openssl/rand.h>
/* XXX There are probably other includes missing here ... */
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(NO_SHA) && !defined(NO_SHA1)
#define USE_SHA1_RAND
#elif !defined(NO_MD5)
#define USE_MD5_RAND
#elif !defined(NO_MDC2) && !defined(NO_DES)
#define USE_MDC2_RAND
#elif !defined(NO_MD2)
#define USE_MD2_RAND
#else
#error No message digest algorithm available
#ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
#include <tlhelp32.h>
/* Intel hardware RNG CSP -- available from
* http://developer.intel.com/design/security/rng/redist_license.htm
*/
#define PROV_INTEL_SEC 22
#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
static void readtimer(void);
static void readscreen(void);
typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
DWORD, DWORD);
typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
int RAND_poll(void)
{
MEMORYSTATUS m;
HCRYPTPROV hProvider = 0;
BYTE buf[64];
DWORD w;
HWND h;
HMODULE advapi, kernel, user;
CRYPTACQUIRECONTEXT acquire;
CRYPTGENRANDOM gen;
CRYPTRELEASECONTEXT release;
/* load functions dynamically - not available on all systems */
advapi = GetModuleHandle("ADVAPI32.DLL");
kernel = GetModuleHandle("KERNEL32.DLL");
user = GetModuleHandle("USER32.DLL");
if (advapi)
{
acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
"CryptAcquireContextA");
gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
"CryptGenRandom");
release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
"CryptReleaseContext");
}
if (acquire && gen && release)
{
/* poll the CryptoAPI PRNG */
if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), 0);
#ifdef DEBUG
printf("randomness from PROV_RSA_FULL\n");
#endif
}
release(hProvider, 0);
}
/* poll the Pentium PRG with CryptoAPI */
if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), 0);
#ifdef DEBUG
printf("randomness from PROV_INTEL_SEC\n");
#endif
}
release(hProvider, 0);
}
}
/* timer data */
readtimer();
/* memory usage statistics */
GlobalMemoryStatus(&m);
RAND_add(&m, sizeof(m), 1);
/* process ID */
w = GetCurrentProcessId();
RAND_add(&w, sizeof(w), 0);
if (user)
{
GETCURSORINFO cursor;
GETFOREGROUNDWINDOW win;
GETQUEUESTATUS queue;
win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
if (win)
{
/* window handle */
h = win();
RAND_add(&h, sizeof(h), 0);
}
if (cursor)
{
/* cursor position */
cursor(buf);
RAND_add(buf, sizeof(buf), 0);
}
if (queue)
{
/* message queue status */
w = queue(QS_ALLEVENTS);
RAND_add(&w, sizeof(w), 0);
}
}
/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
* http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
* (Win 9x only, not available on NT)
*
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
*/
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
HANDLE handle;
HEAP32FIRST heap_first;
HEAP32NEXT heap_next;
HEAP32LIST heaplist_first, heaplist_next;
PROCESS32 process_first, process_next;
THREAD32 thread_first, thread_next;
MODULE32 module_first, module_next;
HEAPLIST32 hlist;
HEAPENTRY32 hentry;
PROCESSENTRY32 p;
THREADENTRY32 t;
MODULEENTRY32 m;
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CreateToolhelp32Snapshot");
heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
if (snap && heap_first && heap_next && heaplist_first &&
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
!= NULL)
{
/* heap list and heap walking */
hlist.dwSize = sizeof(HEAPLIST32);
if (heaplist_first(handle, &hlist))
do
{
RAND_add(&hlist, hlist.dwSize, 0);
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
do
RAND_add(&hentry,
hentry.dwSize, 0);
while (heap_next(&hentry));
} while (heaplist_next(handle,
&hlist));
/* process walking */
p.dwSize = sizeof(PROCESSENTRY32);
if (process_first(handle, &p))
do
RAND_add(&p, p.dwSize, 0);
while (process_next(handle, &p));
/* thread walking */
t.dwSize = sizeof(THREADENTRY32);
if (thread_first(handle, &t))
do
RAND_add(&t, t.dwSize, 0);
while (thread_next(handle, &t));
/* module walking */
m.dwSize = sizeof(MODULEENTRY32);
if (module_first(handle, &m))
do
RAND_add(&m, m.dwSize, 1);
while (module_next(handle, &m));
CloseHandle(handle);
}
}
#ifdef DEBUG
printf("Exiting RAND_poll\n");
#endif
#if defined(USE_MD5_RAND)
#include <openssl/md5.h>
#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
#define MD(a,b,c) MD5(a,b,c)
#elif defined(USE_SHA1_RAND)
#include <openssl/sha.h>
#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
#define MD(a,b,c) SHA1(a,b,c)
#elif defined(USE_MDC2_RAND)
#include <openssl/mdc2.h>
#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
#define MD(a,b,c) MDC2(a,b,c)
#elif defined(USE_MD2_RAND)
#include <openssl/md2.h>
#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
#define MD(a,b,c) MD2(a,b,c)
#endif
return(1);
}
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
double add_entropy=0;
SYSTEMTIME t;
switch (iMsg)
{
@ -182,19 +377,61 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
break;
}
GetSystemTime(&t);
readtimer();
RAND_add(&iMsg, sizeof(iMsg), add_entropy);
RAND_add(&wParam, sizeof(wParam), 0);
RAND_add(&lParam, sizeof(lParam), 0);
RAND_add(&t, sizeof(t), 0);
return (RAND_status());
}
void RAND_screen(void) /* function available for backward compatibility */
{
RAND_poll();
readscreen();
}
/* feed timing information to the PRNG */
static void readtimer(void)
{
DWORD w, cyclecount;
LARGE_INTEGER l;
static int have_perfc = 1;
#ifndef __GNUC__
static int have_tsc = 1;
if (have_tsc) {
__try {
__asm {
rdtsc
mov cyclecount, eax
}
RAND_add(&cyclecount, sizeof(cyclecount), 1);
} __except(EXCEPTION_EXECUTE_HANDLER) {
have_tsc = 0;
}
}
#else
# define have_tsc 0
#endif
if (have_perfc) {
if (QueryPerformanceCounter(&l) == 0)
have_perfc = 0;
else
RAND_add(&l, sizeof(l), 0);
}
if (!have_tsc && !have_perfc) {
w = GetTickCount();
RAND_add(&w, sizeof(w), 0);
}
}
/* feed screen contents to PRNG */
/*****************************************************************************
* Initialisation function for the SSL random generator. Takes the contents
* of the screen as random seed.
*
* Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*
@ -210,18 +447,8 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
* Microsoft has no warranty obligations or liability for any
* Sample Application Files which are modified.
*/
/*
* I have modified the loading of bytes via RAND_seed() mechanism since
* the original would have been very very CPU intensive since RAND_seed()
* does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same
* as that to digest 56 bytes. So under the old system, a screen of
* 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
* digests or digesting 2.7 mbytes. What I have put in place would
* be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
* or about 3.5 times as much.
* - eric
*/
void RAND_screen(void)
static void readscreen(void)
{
HDC hScrDC; /* screen DC */
HDC hMemDC; /* memory DC */
@ -266,11 +493,11 @@ void RAND_screen(void)
/* Copy bitmap bits from memory DC to bmbits */
GetBitmapBits(hBitmap, size, bmbits);
/* Get the MD5 of the bitmap */
/* Get the hash of the bitmap */
MD(bmbits,size,md);
/* Seed the random generator with the MD5 digest */
RAND_seed(md, MD_DIGEST_LENGTH);
/* Seed the random generator with the hash value */
RAND_add(md, MD_DIGEST_LENGTH, 0);
}
OPENSSL_free(bmbits);
@ -285,10 +512,49 @@ void RAND_screen(void)
DeleteDC(hScrDC);
}
#else
#else /* Unix version */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#include <time.h>
int RAND_poll(void)
{
unsigned long l;
pid_t curr_pid = getpid();
#ifdef DEVRANDOM
FILE *fh;
#endif
#ifdef DEVRANDOM
/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
* have this. Use /dev/urandom if you can as /dev/random may block
* if it runs out of random entries. */
if ((fh = fopen(DEVRANDOM, "r")) != NULL)
{
unsigned char tmpbuf[ENTROPY_NEEDED];
int n;
setvbuf(fh, NULL, _IONBF, 0);
n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
fclose(fh);
RAND_add(tmpbuf,sizeof tmpbuf,n);
memset(tmpbuf,0,n);
}
#endif
/* put in some default random data, we need more than just this */
l=curr_pid;
RAND_add(&l,sizeof(l),0);
l=getuid();
RAND_add(&l,sizeof(l),0);
l=time(NULL);
RAND_add(&l,sizeof(l),0);
#ifdef DEVRANDOM
return 1;
#endif
return 0;
}
#endif

2
crypto/rsa/rsa_ssl.c
View File

@ -134,7 +134,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
{
if (p[k] != 0x03) break;
}
if (k == 0)
if (k == -1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
return(-1);

75
crypto/x509/x509.h
View File

@ -138,8 +138,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
typedef struct X509_val_st
{
ASN1_UTCTIME *notBefore;
ASN1_UTCTIME *notAfter;
ASN1_TIME *notBefore;
ASN1_TIME *notAfter;
} X509_VAL;
typedef struct X509_pubkey_st
@ -320,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
#define X509_TRUST_REJECTED 2
#define X509_TRUST_UNTRUSTED 3
/* Flags specific to X509_NAME_print_ex() */
/* The field separator information */
#define XN_FLAG_SEP_MASK (0xf << 16)
#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
/* How the field name is shown */
#define XN_FLAG_FN_MASK (0x3 << 21)
#define XN_FLAG_FN_SN 0 /* Object short name */
#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
/* This determines if we dump fields we don't recognise:
* RFC2253 requires this.
*/
#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
/* Complete set of RFC2253 flags */
#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
XN_FLAG_SEP_COMMA_PLUS | \
XN_FLAG_DN_REV | \
XN_FLAG_FN_SN | \
XN_FLAG_DUMP_UNKNOWN_FIELDS)
/* readable oneline form */
#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
XN_FLAG_SEP_CPLUS_SPC | \
XN_FLAG_SPC_EQ | \
XN_FLAG_FN_SN)
/* readable multiline form */
#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB | \
XN_FLAG_SEP_MULTILINE | \
XN_FLAG_SPC_EQ | \
XN_FLAG_FN_LN)
typedef struct X509_revoked_st
{
ASN1_INTEGER *serialNumber;
ASN1_UTCTIME *revocationDate;
ASN1_TIME *revocationDate;
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
int sequence; /* load sequence */
} X509_REVOKED;
@ -336,8 +391,8 @@ typedef struct X509_crl_info_st
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_NAME *issuer;
ASN1_UTCTIME *lastUpdate;
ASN1_UTCTIME *nextUpdate;
ASN1_TIME *lastUpdate;
ASN1_TIME *nextUpdate;
STACK_OF(X509_REVOKED) *revoked;
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
} X509_CRL_INFO;
@ -737,8 +792,8 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
#endif /* !SSLEAY_MACROS */
int X509_cmp_current_time(ASN1_UTCTIME *s);
ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
int X509_cmp_current_time(ASN1_TIME *s);
ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
const char * X509_get_default_cert_area(void );
const char * X509_get_default_cert_dir(void );
@ -920,8 +975,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME * X509_get_issuer_name(X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME * X509_get_subject_name(X509 *a);
int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@ -975,10 +1030,12 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
#endif
#ifndef NO_BIO
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);

16
crypto/x509/x509_set.c
View File

@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
return(X509_NAME_set(&x->cert_info->subject,name));
}
int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
{
ASN1_UTCTIME *in;
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notBefore;
if (in != tm)
{
in=M_ASN1_UTCTIME_dup(tm);
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
M_ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore=in;
}
}
return(in != NULL);
}
int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
{
ASN1_UTCTIME *in;
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notAfter;
if (in != tm)
{
in=M_ASN1_UTCTIME_dup(tm);
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter=in;
}
}

54
crypto/x509/x509_vfy.c
View File

@ -502,10 +502,10 @@ end:
return(ok);
}
int X509_cmp_current_time(ASN1_UTCTIME *ctm)
int X509_cmp_current_time(ASN1_TIME *ctm)
{
char *str;
ASN1_UTCTIME atm;
ASN1_TIME atm;
time_t offset;
char buff1[24],buff2[24],*p;
int i,j;
@ -513,14 +513,32 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
p=buff1;
i=ctm->length;
str=(char *)ctm->data;
if ((i < 11) || (i > 17)) return(0);
memcpy(p,str,10);
p+=10;
str+=10;
if(ctm->type == V_ASN1_UTCTIME) {
if ((i < 11) || (i > 17)) return(0);
memcpy(p,str,10);
p+=10;
str+=10;
} else {
if(i < 13) return 0;
memcpy(p,str,12);
p+=12;
str+=12;
}
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
else { *(p++)= *(str++); *(p++)= *(str++); }
else
{
*(p++)= *(str++);
*(p++)= *(str++);
/* Skip any fractional seconds... */
if(*str == '.')
{
str++;
while((*str >= '0') && (*str <= '9')) str++;
}
}
*(p++)='Z';
*(p++)='\0';
@ -535,19 +553,22 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
if (*str == '-')
offset= -offset;
}
atm.type=V_ASN1_UTCTIME;
atm.type=ctm->type;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
X509_gmtime_adj(&atm,-offset*60);
i=(buff1[0]-'0')*10+(buff1[1]-'0');
if (i < 50) i+=100; /* cf. RFC 2459 */
j=(buff2[0]-'0')*10+(buff2[1]-'0');
if (j < 50) j+=100;
if(ctm->type == V_ASN1_UTCTIME)
{
i=(buff1[0]-'0')*10+(buff1[1]-'0');
if (i < 50) i+=100; /* cf. RFC 2459 */
j=(buff2[0]-'0')*10+(buff2[1]-'0');
if (j < 50) j+=100;
if (i < j) return (-1);
if (i > j) return (1);
if (i < j) return (-1);
if (i > j) return (1);
}
i=strcmp(buff1,buff2);
if (i == 0) /* wait a second then return younger :-) */
return(-1);
@ -555,13 +576,14 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
return(i);
}
ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
{
time_t t;
time(&t);
t+=adj;
return(ASN1_UTCTIME_set(s,t));
if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
return ASN1_GENERALIZEDTIME_set(s, t);
}
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)

4
doc/apps/CA.pl.pod
View File

@ -69,7 +69,7 @@ list box), otherwise the name "My Certificate" is used.
calls the B<ca> program to sign a certificate request. It expects the request
to be in the file "newreq.pem". The new certificate is written to the file
"newcert.pem" except in the case of the B<-xcert> option when it is written
"newcert.pem" except in the case of the B<-xsign> option when it is written
to standard output.
=item B<-signcert>
@ -122,7 +122,7 @@ Create the CA directories and files:
enter cacert.pem when prompted for the CA file name.
Create a DSA certificate request and privat key (a different set of parameters
Create a DSA certificate request and private key (a different set of parameters
can optionally be created first):
openssl req -out newreq.pem -newkey dsa:dsap.pem

13
doc/apps/passwd.pod
View File

@ -8,6 +8,7 @@ passwd - compute password hashes
B<openssl passwd>
[B<-crypt>]
[B<-1>]
[B<-apr1>]
[B<-salt> I<string>]
[B<-in> I<file>]
@ -22,8 +23,8 @@ The B<passwd> command computes the hash of a password typed at
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in file>, from stdin for
option B<-stdin>, and from the command line otherwise.
The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
are available.
The Unix standard algorithm B<crypt> and the MD5-based BSD password
algorithm B<1> and its Apache variant B<apr1> are available.
=head1 OPTIONS
@ -33,9 +34,13 @@ are available.
Use the B<crypt> algorithm (default).
=item B<-1>
Use the MD5 based BSD password algorithm B<1>.
=item B<-apr1>
Use the B<apr1> algorithm.
Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
=item B<-salt> I<string>
@ -64,6 +69,8 @@ to each password hash.
B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
=cut

47
doc/apps/smime.pod
View File

@ -22,8 +22,11 @@ B<openssl> B<smime>
[B<-signer file>]
[B<-recip file>]
[B<-in file>]
[B<-inform SMIME|PEM|DER>]
[B<-inkey file>]
[B<-out file>]
[B<-outform SMIME|PEM|DER>]
[B<-content file>]
[B<-to addr>]
[B<-from ad>]
[B<-subject s>]
@ -74,11 +77,37 @@ takes an input message and writes out a PEM encoded PKCS#7 structure.
the input message to be encrypted or signed or the MIME message to
be decrypted or verified.
=item B<-inform SMIME|PEM|DER>
this specifies the input format for the PKCS#7 structure. The default
is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
format change this to expect PEM and DER format PKCS#7 structures
instead. This currently only affects the input format of the PKCS#7
structure, if no PKCS#7 structure is being input (for example with
B<-encrypt> or B<-sign>) this option has no effect.
=item B<-out filename>
the message text that has been decrypted or verified or the output MIME
format message that has been signed or verified.
=item B<-outform SMIME|PEM|DER>
this specifies the output format for the PKCS#7 structure. The default
is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
format change this to write PEM and DER format PKCS#7 structures
instead. This currently only affects the output format of the PKCS#7
structure, if no PKCS#7 structure is being output (for example with
B<-verify> or B<-decrypt>) this option has no effect.
=item B<-content filename>
This specifies a file containing the detached content, this is only
useful with the B<-verify> command. This is only usable if the PKCS#7
structure is using the detached signature form where the content is
not included. This option will override any content if the input format
is S/MIME and it uses the multipart/signed MIME content type.
=item B<-text>
this option adds plain text (text/plain) MIME headers to the supplied
@ -204,7 +233,7 @@ a blank line. Piping the mail directly to sendmail is one way to
achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers: or many S/MIME clients wont display it
necessary MIME headers or many S/MIME clients wont display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.
@ -301,6 +330,22 @@ Decrypt mail:
openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
The output from Netscape form signing is a PKCS#7 structure with the
detached signature format. You can use this program to verify the
signature by line wrapping the base64 encoded structure and surrounding
it with:
-----BEGIN PKCS7----
-----END PKCS7----
and using the command,
openssl smime -verify -inform PEM -in signature.pem -content content.txt
alternatively you can base64 decode the signature and use
openssl smime -verify -inform DER -in signature.der -content content.txt
=head1 BUGS
The MIME parser isn't very clever: it seems to handle most messages that I've thrown

161
doc/apps/x509.pod
View File

@ -19,6 +19,7 @@ B<openssl> B<x509>
[B<-hash>]
[B<-subject>]
[B<-issuer>]
[B<-nameopt option>]
[B<-email>]
[B<-startdate>]
[B<-enddate>]
@ -138,6 +139,12 @@ outputs the subject name.
outputs the issuer name.
=item B<-nameopt option>
option which determine how the subject or issuer names are displayed. This
option may be used more than once to set multiple options. See the B<NAME
OPTIONS> section for more information.
=item B<-email>
outputs the email address(es) if any.
@ -335,6 +342,138 @@ specified then the extensions should either be contained in the unnamed
=back
=head1 NAME OPTIONS
The B<nameopt> command line switch determines how the subject and issuer
names are displayed. If no B<nameopt> switch is present the default "oneline"
format is used which is compatible with previous versions of OpenSSL.
Each option is described in detail below, all options can be preceded by
a B<-> to turn the option off. Only the first four will normally be used.
=over 4
=item B<compat>
use the old format. This is equivalent to specifying no name options at all.
=item B<RFC2253>
displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
B<sep_comma_plus>, B<dn_rev> and B<sname>.
=item B<oneline>
a oneline format which is more readable than RFC2253. It is equivalent to
specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
options.
=item B<multiline>
a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
B<spc_eq> and B<lname>.
=item B<esc_2253>
escape the "special" characters required by RFC2253 in a field That is
B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
and a space character at the beginning or end of a string.
=item B<esc_ctrl>
escape and control characters. That is those with ASCII values less than
0x20 (space) and the delete (0x7f) character. They are escaped using the
RFC2253 \XX notation (where XX are two hex digits representing the
character value).
=item B<esc_msb>
escape characters with the MSB set, that is with ASCII values larger than
127.
=item B<use_quote>
escapes some characters by surrounding the whole string with B<"> characters,
without the option all escaping is done with the B<\> character.
=item B<utf8>
convert all strings to UTF8 format first. This is required by RFC2253. If
you are lucky enough to have a UTF8 compatible terminal then the use
of this option (and B<not> setting B<esc_msb>) may result in the correct
display of multibyte (international) characters. Is this option is not
present then multibyte characters larger than 0xff will be represented
using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
Also if this option is off any UTF8Strings will be converted to their
character form first.
=item B<no_type>
this option does not attempt to interpret multibyte characters in any
way. That is their content octets are merely dumped as though one octet
represents each character. This is useful for diagnostic purposes but
will result in rather odd looking output.
=item B<show_type>
show the type of the ASN1 character string. The type precedes the
field contents. For example "BMPSTRING: Hello World".
=item B<dump_der>
when this option is set any fields that need to be hexdumped will
be dumped using the DER encoding of the field. Otherwise just the
content octets will be displayed. Both options use the RFC2253
B<#XXXX...> format.
=item B<dump_nostr>
dump non character string types (for example OCTET STRING) if this
option is not set then non character string types will be displayed
as though each content octet repesents a single character.
=item B<dump_all>
dump all fields. This option when used with B<dump_der> allows the
DER encoding of the structure to be unambiguously determined.
=item B<dump_unknown>
dump any field whose OID is not recognised by OpenSSL.
=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
B<sep_multiline>
these options determine the field separators. The first character is
between RDNs and the second between multiple AVAs (multiple AVAs are
very rare and their use is discouraged). The options ending in
"space" additionally place a space after the separator to make it
more readable. The B<sep_multiline> uses a linefeed character for
the RDN separator and a spaced B<+> for the AVA separator. It also
indents the fields by four characters.
=item B<dn_rev>
reverse the fields of the DN. This is required by RFC2253. As a side
effect this also reveress the order of multiple AVAs but this is
permissible.
=item B<nofname>, B<sname>, B<lname>, B<oid>
these options alter how the field name is displayed. B<nofname> does
not display the field at all. B<sname> uses the "short name" form
(CN for commonName for example). B<lname> uses the long form.
B<oid> represents the OID in numerical form and is useful for
diagnostic purpose.
=item B<spc_eq>
places spaces round the B<=> character which follows the field
name.
=back
=head1 EXAMPLES
Note: in these examples the '\' means the example should be all on one
@ -348,6 +487,19 @@ Display the certificate serial number:
openssl x509 -in cert.pem -noout -serial
Display the certificate subject name:
openssl x509 -in cert.pem -noout -subject
Display the certificate subject name in RFC2253 form:
openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
Display the certificate subject name in oneline form on a terminal
supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
@ -400,6 +552,11 @@ Trusted certificates have the lines
-----BEGIN TRUSTED CERTIFICATE----
-----END TRUSTED CERTIFICATE----
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape
and MSIE do this as do many certificates. So although this is incorrect
it is more likely to display the majority of certificates correctly.
The B<-fingerprint> option takes the digest of the DER encoded certificate.
This is commonly called a "fingerprint". Because of the nature of message
digests the fingerprint of a certificate is unique to that certificate and
@ -526,10 +683,6 @@ must be present.
=head1 BUGS
The way DNs are printed is in a "historical SSLeay" format which doesn't
follow any published standard. It should follow some standard like RFC2253
or RFC1779 with options to make the stuff more readable.
Extensions in certificates are not transferred to certificate requests and
vice versa.

2
doc/standards.txt
View File

@ -55,6 +55,8 @@ These are documents that describe things that are implemented in OpenSSL.
Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
(Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
PKCS#8: Private-Key Information Syntax Standard
PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.

4
ssl/s23_clnt.c
View File

@ -366,7 +366,9 @@ static int ssl23_get_server_hello(SSL *s)
}
s->state=SSL2_ST_GET_SERVER_HELLO_A;
s->s2->ssl2_rollback=1;
if (!(s->client_version == SSL2_VERSION))
/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
s->s2->ssl2_rollback=1;
/* setup the 5 bytes we have read so we get them from
* the sslv2 buffer */

5
ssl/s23_srvr.c
View File

@ -495,9 +495,12 @@ int ssl23_get_client_hello(SSL *s)
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
use_sslv2_strong)
use_sslv2_strong ||
(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
* (SSL 3.0 draft/RFC 2246, App. E.2) */
s->s2->ssl2_rollback=1;
/* setup the n bytes we have read so we get them from

128
util/libeay.num
View File

@ -1842,63 +1842,71 @@ CRYPTO_get_dynlock_lock_callback 2417
CRYPTO_get_dynlock_destroy_callback 2418
CRYPTO_get_dynlock_value 2419
CRYPTO_get_dynlock_create_callback 2420
ERR_load_ENGINE_strings 2421
ENGINE_set_DSA 2422
ENGINE_get_default_RSA 2423
ENGINE_get_BN_mod_exp 2424
DSA_get_default_openssl_method 2425
ENGINE_set_DH 2426
ENGINE_set_default_BN_mod_exp_crt 2427
ENGINE_init 2428
DH_get_default_openssl_method 2429
RSA_set_default_openssl_method 2430
ENGINE_finish 2431
ENGINE_get_DH 2432
ENGINE_set_default_DSA 2433
ENGINE_get_name 2434
ENGINE_get_last 2435
ENGINE_get_prev 2436
ENGINE_get_default_DH 2437
ENGINE_get_RSA 2438
ENGINE_set_default 2439
ENGINE_get_RAND 2440
ENGINE_get_first 2441
ENGINE_by_id 2442
ENGINE_get_default_BN_mod_exp_crt 2443
RSA_get_default_openssl_method 2444
ENGINE_set_RSA 2445
ENGINE_set_default_RAND 2446
ENGINE_set_BN_mod_exp 2447
ENGINE_remove 2448
ENGINE_free 2449
ENGINE_get_BN_mod_exp_crt 2450
ENGINE_get_next 2451
ENGINE_set_name 2452
ENGINE_get_default_DSA 2453
ENGINE_set_default_BN_mod_exp 2454
ENGINE_set_default_RSA 2455
ENGINE_get_default_RAND 2456
ENGINE_get_default_BN_mod_exp 2457
ENGINE_set_RAND 2458
ENGINE_set_id 2459
ENGINE_set_BN_mod_exp_crt 2460
ENGINE_set_default_DH 2461
ENGINE_new 2462
ENGINE_get_id 2463
DSA_set_default_openssl_method 2464
ENGINE_add 2465
DH_set_default_openssl_method 2466
ENGINE_get_DSA 2467
ENGINE_ctrl 2468
ENGINE_get_finish_function 2469
ENGINE_get_init_function 2470
ENGINE_set_init_function 2471
ENGINE_set_finish_function 2472
ENGINE_get_ctrl_function 2473
ENGINE_set_ctrl_function 2474
ENGINE_load_public_key 2475
ENGINE_load_private_key 2476
c2i_ASN1_BIT_STRING 2477
i2c_ASN1_BIT_STRING 2478
c2i_ASN1_INTEGER 2479
i2c_ASN1_INTEGER 2480
c2i_ASN1_BIT_STRING 2421
i2c_ASN1_BIT_STRING 2422
RAND_poll 2423
c2i_ASN1_INTEGER 2424
i2c_ASN1_INTEGER 2425
ERR_load_ENGINE_strings 2426
ENGINE_set_DSA 2427
ENGINE_get_finish_function 2428
ENGINE_get_default_RSA 2429
BIO_dump_indent 2430
ENGINE_get_BN_mod_exp 2431
ASN1_parse_dump 2432
DSA_get_default_openssl_method 2433
c2i_ASN1_OBJECT 2434
ENGINE_set_DH 2435
ENGINE_set_default_BN_mod_exp_crt 2436
ENGINE_init 2437
DH_get_default_openssl_method 2438
RSA_set_default_openssl_method 2439
ENGINE_finish 2440
ENGINE_load_public_key 2441
ENGINE_get_DH 2442
ENGINE_ctrl 2443
ENGINE_get_init_function 2444
ENGINE_set_init_function 2445
ENGINE_set_default_DSA 2446
ENGINE_get_name 2447
ENGINE_get_last 2448
ENGINE_get_prev 2449
ENGINE_get_default_DH 2450
ENGINE_get_RSA 2451
X509_NAME_print_ex_fp 2452
ASN1_STRING_print_ex_fp 2453
ENGINE_set_default 2454
ENGINE_get_RAND 2455
ENGINE_get_first 2456
ENGINE_by_id 2457
ENGINE_set_finish_function 2458
ENGINE_get_default_BN_mod_exp_crt 2459
RSA_get_default_openssl_method 2460
ENGINE_set_RSA 2461
ENGINE_load_private_key 2462
ENGINE_set_default_RAND 2463
ENGINE_set_BN_mod_exp 2464
ENGINE_remove 2465
ENGINE_free 2466
ENGINE_get_BN_mod_exp_crt 2467
ENGINE_get_next 2468
ENGINE_set_name 2469
ENGINE_get_default_DSA 2470
ENGINE_set_default_BN_mod_exp 2471
ENGINE_set_default_RSA 2472
ENGINE_get_default_RAND 2473
ENGINE_get_default_BN_mod_exp 2474
ENGINE_set_RAND 2475
ENGINE_set_id 2476
X509_NAME_print_ex 2477
ENGINE_set_BN_mod_exp_crt 2478
ENGINE_set_default_DH 2479
ENGINE_new 2480
ENGINE_get_id 2481
DSA_set_default_openssl_method 2482
ENGINE_add 2483
DH_set_default_openssl_method 2484
ASN1_STRING_print_ex 2485
ENGINE_get_DSA 2486
ENGINE_get_ctrl_function 2487
ENGINE_set_ctrl_function 2488

10
util/mk1mf.pl
View File

@ -65,6 +65,7 @@ and [options] can be one of
no-err - No error strings
dll/shlib - Build shared libraries (MS)
debug - Debug build
profile - Profiling build
gcc - Use Gcc (unix)
rsaref - Build to require RSAref
@ -217,9 +218,10 @@ $cflags.=" -DNO_SSL3" if $no_ssl3;
$cflags.=" -DNO_ERR" if $no_err;
$cflags.=" -DRSAref" if $rsaref ne "";
if ($unix)
{ $cflags="$c_flags" if ($c_flags ne ""); }
else { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
## if ($unix)
## { $cflags="$c_flags" if ($c_flags ne ""); }
##else
{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
@ -878,8 +880,10 @@ sub read_options
elsif (/^rsaref$/) { $rsaref=1; }
elsif (/^gcc$/) { $gcc=1; }
elsif (/^debug$/) { $debug=1; }
elsif (/^profile$/) { $profile=1; }
elsif (/^shlib$/) { $shlib=1; }
elsif (/^dll$/) { $shlib=1; }
elsif (/^shared$/) { } # We just need to ignore it for now...
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)

12
util/mkerr.pl
View File

@ -79,8 +79,11 @@ while (($lib, $hdr) = each %hinc)
next if($hdr eq "NONE");
print STDERR "Scanning header file $hdr\n" if $debug;
open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
my $line = "", $def= "";
my $line = "", $def= "", $linenr = 0;
while(<IN>) {
$linenr++;
print STDERR "line: $linenr\r" if $debug;
last if(/BEGIN\s+ERROR\s+CODES/);
if ($line ne '') {
$_ = $line . $_;
@ -110,7 +113,12 @@ while (($lib, $hdr) = each %hinc)
}
}
print STDERR " \r" if $debug;
$defnr = 0;
foreach (split /;/, $def) {
$defnr++;
print STDERR "def: $defnr\r" if $debug;
s/^[\n\s]*//g;
s/[\n\s]*$//g;
next if(/typedef\W/);
@ -136,6 +144,8 @@ while (($lib, $hdr) = each %hinc)
}
}
print STDERR " \r" if $debug;
next if $reindex;
# Scan function and reason codes and store them: keep a note of the

2
util/pl/linux.pl
View File

@ -12,6 +12,8 @@ $rm='/bin/rm -f';
$cc='gcc';
if ($debug)
{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
elsif ($profile)
{ $cflags="-pg -O3"; }
else
{ $cflags="-O3 -fomit-frame-pointer"; }