generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge of main trunk, no conflicts this time

Browse Source
This commit is contained in:
Richard Levitte 2000-09-09 18:10:35 +00:00
parent dcd4d341e1
commit ef413a7ee8
12 changed files with 118 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
FAQ
View File

@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions
* Why does the linker complain about undefined symbols? * Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL? * Where can I get a compiled version of OpenSSL?
* I've compiled a program under Windows and it crashes: why? * I've compiled a program under Windows and it crashes: why?
* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why? * I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean? * I just get a load of numbers for the error output, what do they mean?
@ -182,6 +183,43 @@ otherwise the conflict will cause a program to crash: typically on the
first BIO related read or write operation. first BIO related read or write operation.
* How do I read or write a DER encoded buffer using the ASN1 functions?
You have two options. You can either use a memory BIO in conjunction
with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
i2d_XXX(), d2i_XXX() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:
unsigned char *buf, *p;
int len;
len = i2d_PKCS7(p7, NULL);
buf = OPENSSL_Malloc(len); /* or Malloc, error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
At this point buf contains the len bytes of the DER encoding of
p7.
The opposite assumes we already have len bytes in buf:
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS7 structure of NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
information.
The reason for the temporary variable 'p' is that the ASN1 functions
increment the passed pointer so it is ready to read or write the next
structure. This is often a cause of problems: without the temporary
variable the buffer pointer is changed to point just after the data
that has been read or written. This may well be uninitialized data
and attempts to free the buffer will have unpredictable results
because it no longer points to the same address.
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
This usually happens when you try compiling something using the PKCS#12 This usually happens when you try compiling something using the PKCS#12

20
INSTALL
View File

@ -124,9 +124,12 @@
OpenSSL binary ("openssl"). The libraries will be built in the top-level OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory. directory, and the binary will be in the "apps" directory.
If "make" fails, please report the problem to <openssl-bugs@openssl.org> If "make" fails, look at the output. There may be reasons for
(note that your message will be forwarded to a public mailing list). the failure that isn't a problem in OpenSSL itself (like missing
Include the output of "make report" in your message. standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be forwarded to a public mailing list). Include the
output of "make report" in your message.
[If you encounter assembler error messages, try the "no-asm" [If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.] configuration option as an immediate fix.]
@ -138,10 +141,13 @@
$ make test $ make test
If a test fails, try removing any compiler optimization flags from If a test fails, look at the output. There may be reasons for
the CFLAGS line in Makefile.ssl and run "make clean; make". Please the failure that isn't a problem in OpenSSL itself (like a missing
send a bug report to <openssl-bugs@openssl.org>, including the or malfunctioning bc). If it is a problem with OpenSSL itself,
output of "make report". try removing any compiler optimization flags from the CFLAGS line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report".
4. If everything tests ok, install OpenSSL with 4. If everything tests ok, install OpenSSL with

1
apps/rsautl.c
View File

@ -56,6 +56,7 @@
* *
*/ */
#include "apps.h" #include "apps.h"
#include <string.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/engine.h> #include <openssl/engine.h>

1
crypto/asn1/a_strex.c
View File

@ -57,6 +57,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>

4
crypto/asn1/a_time.c
View File

@ -113,11 +113,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{ {
struct tm *ts; struct tm *ts;
#if defined(THREADS) && !defined(WIN32) #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data; struct tm data;
#endif
#if defined(THREADS) && !defined(WIN32)
gmtime_r(&t,&data); gmtime_r(&t,&data);
ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */ ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
#else #else

7
crypto/asn1/a_utctm.c
View File

@ -193,7 +193,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
{ {
char *p; char *p;
struct tm *ts; struct tm *ts;
#if defined(THREADS) && !defined(WIN32) #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data; struct tm data;
#endif #endif
@ -202,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
if (s == NULL) if (s == NULL)
return(NULL); return(NULL);
#if defined(THREADS) && !defined(WIN32) #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
ts=&data; ts=&data;
#else #else
@ -285,7 +286,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
t -= offset*60; /* FIXME: may overflow in extreme cases */ t -= offset*60; /* FIXME: may overflow in extreme cases */
#if defined(THREADS) && !defined(WIN32) #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
{ struct tm data; gmtime_r(&t, &data); tm = &data; } { struct tm data; gmtime_r(&t, &data); tm = &data; }
#else #else
tm = gmtime(&t); tm = gmtime(&t);

12
crypto/bio/bss_rtcp.c
View File

@ -88,11 +88,11 @@ struct rpc_ctx {
struct rpc_msg msg; struct rpc_msg msg;
}; };
static int rtcp_write(BIO *h,char *buf,int num); static int rtcp_write(BIO *h,const char *buf,int num);
static int rtcp_read(BIO *h,char *buf,int size); static int rtcp_read(BIO *h,char *buf,int size);
static int rtcp_puts(BIO *h,char *str); static int rtcp_puts(BIO *h,const char *str);
static int rtcp_gets(BIO *h,char *str,int size); static int rtcp_gets(BIO *h,char *str,int size);
static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2); static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
static int rtcp_new(BIO *h); static int rtcp_new(BIO *h);
static int rtcp_free(BIO *data); static int rtcp_free(BIO *data);
@ -218,7 +218,7 @@ static int rtcp_read(BIO *b, char *out, int outl)
return length; return length;
} }
static int rtcp_write(BIO *b, char *in, int inl) static int rtcp_write(BIO *b, const char *in, int inl)
{ {
int status, i, segment, length; int status, i, segment, length;
struct rpc_ctx *ctx; struct rpc_ctx *ctx;
@ -247,7 +247,7 @@ static int rtcp_write(BIO *b, char *in, int inl)
return(i); return(i);
} }
static long rtcp_ctrl(BIO *b, int cmd, long num, char *ptr) static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
{ {
long ret=1; long ret=1;
@ -283,7 +283,7 @@ static int rtcp_gets(BIO *bp, char *buf, int size)
return(0); return(0);
} }
static int rtcp_puts(BIO *bp, char *str) static int rtcp_puts(BIO *bp, const char *str)
{ {
int length; int length;
if (str == NULL) return(0); if (str == NULL) return(0);

1
crypto/conf/conf_api.c
View File

@ -64,6 +64,7 @@
#endif #endif
#include <assert.h> #include <assert.h>
#include <string.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/conf_api.h> #include <openssl/conf_api.h>

18
crypto/crypto-lib.com
View File

@ -215,13 +215,13 @@ $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log" "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log"
$ LIB_STACK = "stack" $ LIB_STACK = "stack"
$ LIB_LHASH = "lhash,lh_stats" $ LIB_LHASH = "lhash,lh_stats"
$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win"
$ LIB_ERR = "err,err_all,err_prn" $ LIB_ERR = "err,err_all,err_prn"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
"e_des,e_bf,e_idea,e_des3,"+ - "e_des,e_bf,e_idea,e_des3,"+ -
"e_rc4,names,"+ - "e_rc4,names,"+ -
"e_xcbc_d,e_rc2,e_cast,e_rc5," "e_xcbc_d,e_rc2,e_cast,e_rc5"
$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
"m_dss,m_dss1,m_mdc2,m_ripemd,"+ - "m_dss,m_dss1,m_mdc2,m_ripemd,"+ -
"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
@ -280,10 +280,10 @@ $!
$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") $ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."")
$ THEN $ THEN
$! $!
$! Tell The User That The File Dosen't Exist. $! Tell The User That The File Doesn't Exist.
$! $!
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Dosen't Exist." $ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist."
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$! $!
$! Exit The Build. $! Exit The Build.
@ -315,10 +315,10 @@ $!
$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") $ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."")
$ THEN $ THEN
$! $!
$! Tell The User That The File Dosen't Exist. $! Tell The User That The File Doesn't Exist.
$! $!
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Dosen't Exist." $ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist."
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$! $!
$! Exit The Build. $! Exit The Build.
@ -531,10 +531,10 @@ $!
$ IF (F$SEARCH(SOURCE_FILE).EQS."") $ IF (F$SEARCH(SOURCE_FILE).EQS."")
$ THEN $ THEN
$! $!
$! Tell The User That The File Dosen't Exist. $! Tell The User That The File Doesn't Exist.
$! $!
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." $ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$! $!
$! Exit The Build. $! Exit The Build.
@ -917,7 +917,7 @@ $!
$ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." $ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" $ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to"
$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" $ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the"
$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" $ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file"
$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" $ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." $ WRITE SYS$OUTPUT "as that is where the scripts will look for the files."

2
crypto/des/read_pwd.c
View File

@ -161,7 +161,7 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#endif #endif
#ifdef MSDOS #if defined(MSDOS) && !defined(__CYGWIN32__)
#include <conio.h> #include <conio.h>
#define fgets(a,b,c) noecho_fgets(a,b,c) #define fgets(a,b,c) noecho_fgets(a,b,c)
#endif #endif

27
crypto/symhacks.h
View File

@ -64,23 +64,29 @@
#undef ASN1_STRING_set_default_mask_asc #undef ASN1_STRING_set_default_mask_asc
#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc #define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO #undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF #define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO #undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF #define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
#endif
#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO #undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECGINF #define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF
#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO #undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECGINF #define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF
#endif
#if 0 /* No longer needed, since safestack macro magic does the job */
/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ /* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION #undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC
#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION #undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC
#endif
/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ /* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
#undef PEM_read_NETSCAPE_CERT_SEQUENCE #undef PEM_read_NETSCAPE_CERT_SEQUENCE
@ -114,6 +120,23 @@
#undef X509_REVOKED_get_ext_by_critical #undef X509_REVOKED_get_ext_by_critical
#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic #define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
/* Hack some long CRYPTO names */
#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb
#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb
#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb
#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb
#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb
#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb
/* Hack some long SSL names */
#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx
#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk
#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk
#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
#endif /* defined VMS */ #endif /* defined VMS */

18
doc/openssl.txt
View File

@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
that will copy all the subject alternative name values from the issuer that will copy all the subject alternative name values from the issuer
certificate (if possible). certificate (if possible).
Example:
issuserAltName = issuer:copy
Authority Info Access.
The authority information access extension gives details about how to access
certain information relating to the CA. Its syntax is accessOID;location
where 'location' has the same syntax as subject alternative name (except
that email:copy is not supported). accessOID can be any valid OID but only
certain values are meaningful for example OCSP and caIssuers. OCSP gives the
location of an OCSP responder: this is used by Netscape PSM and other software.
Example:
authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
CRL distribution points. CRL distribution points.
This is a multi-valued extension that supports all the literal options of This is a multi-valued extension that supports all the literal options of