generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:OpenSSL_0_9_3
Branches Tags
generic-library:main generic-library:OpenSSL_1_0_1-stable generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b
..
compare: generic-library:SSLeay_0_9_1b
Branches Tags
generic-library:OpenSSL_1_0_1-stable generic-library:main generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b

1 Commits
OpenSSL_0_ ... SSLeay_0_9

Author SHA1 Message Date
cvs2svn
162d5f30be This commit was manufactured by cvs2svn to create tag 'SSLeay_0_9_1b'. 1998-12-21 11:00:57 +00:00
1115 changed files with 77266 additions and 72101 deletions
Expand all files Collapse all files

3
.cvsignore
View File

@@ -1,3 +0,0 @@
Makefile.ssl
MINFO
makefile.one

1244
CHANGES
View File

File diff suppressed because it is too large Load Diff

65
COPYRIGHT Normal file
View File

@@ -0,0 +1,65 @@
Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions
apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation
included with this distribution is covered by the same copyright terms
except that the holder is Tim Hudson (tjh@cryptsoft.com).
Please note that MD2, MD5 and IDEA are publically available standards
that contain sample implementations, I have re-coded them in my own
way but there is nothing special about those implementations. The DES
library is another mater :-).
Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of the parts of the library used.
This can be in the form of a textual message at program startup or
in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
"This product includes cryptographic software written by
Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library
being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from
the apps directory (application code) you must include an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The licence and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distribution licence
[including the GNU Public Licence.]
The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.

803
Configure
View File

@@ -1,37 +1,17 @@
:
eval 'exec perl -S $0 ${1+"$@"}'
if $running_under_some_shell;
##
## Configure -- OpenSSL source tree configuration script
##
require 5.000;
use strict;
# see INSTALL for instructions.
my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#!/usr/local/bin/perl
#
# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
# --prefix option is given; /usr/local/ssl otherwise)
# --prefix prefix for the OpenSSL include, lib and bin directories
# (Default: the OPENSSLDIR directory)
# see PROBLEMS for instructions on what sort of things to do when
# tracking a bug --tjh
#
# --install_prefix Additional prefix for package builders (empty by
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
# extra options
# -DRSAref build to use RSAref
# -DNO_IDEA build with no IDEA algorithm
# -DNO_RC4 build with no RC4 algorithm
# -DNO_RC2 build with no RC2 algorithm
# -DNO_BF build with no Blowfish algorithm
# -DNO_DES build with no DES/3DES algorithm
# -DNO_MD2 build with no MD2 algorithm
#
# rsaref use RSAref
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# no-asm do not use assembler
# 386 generate 80386 code
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
# dependancies but needs to more registers, good for RISC CPU's
@@ -52,77 +32,72 @@ my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no
# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
# array lookups instead of pointer use.
# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2 intel specific version (generic version is more efficient).
# BF_PTR2 use a pentium/intel specific version.
# MD5_ASM use some extra md5 assember,
# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
# RMD160_ASM use some extra ripemd160 assember,
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# MD2_CHAR slags pentium pros
my $x86_gcc_opts="RC4_INDEX MD2_INT";
$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
# Don't worry about these normally
my $tcc="cc";
my $tflags="-fast -Xa";
my $tbn_mul="";
my $tlib="-lnsl -lsocket";
$tcc="cc";
$tflags="-fast -Xa";
$tbn_mul="";
$tlib="-lnsl -lsocket";
#$bits1="SIXTEEN_BIT ";
#$bits2="THIRTY_TWO_BIT ";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
$bits1="THIRTY_TWO_BIT ";
$bits2="SIXTY_FOUR_BIT ";
my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
$x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
$x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
$x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
$x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
#config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
# des_asm:bf_asm
my %table=(
#"b", "$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
#"bl-4c-2c", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
#"bl-4c-ri", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
%table=(
#"b", "$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
#"bl-4c-2c", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
#"bl-4c-ri", "$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
#"b2-is-ri-dp", "$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
# Our development configs
"purify", "purify gcc:-g -DPURIFY -Wall:(unknown):-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:(unknown):-lefence::::",
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:(unknown):::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"debug-bodo", "gcc:-DL_ENDIAN -O3 -g -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"dist", "cc:-O:(unknown):::::",
# A few of my development configs
"purify", "purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
"dist", "cc:-O -DNOPROTO::::",
# Basic configs that should work on any box
"gcc", "gcc:-O3:(unknown)::BN_LLONG:::",
"cc", "cc:-O:(unknown):::::",
"gcc", "gcc:-O3::BN_LLONG:::",
"cc", "cc:-O -DNOPROTO -DNOCONST:::::",
# Solaris setups
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
"solaris-usparc-gcc","gcc:-O3 -fomit-frame-pointer -mcpu=ultrasparc -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
"solaris-usparc-oldgcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
"debug-solaris-sparc-gcc","gcc:-O3 -g -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
"debug-solaris-usparc-gcc","gcc:-O3 -g -mcpu=ultrasparc -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o::",
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
# SC4 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# My solaris setups
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
# DO NOT use /xO[34] on sparc with SC3.0.
# It is broken, and will not pass the tests
"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
# SC4.0 is ok, better than gcc, except for the bignum stuff.
# -fast slows things like DES down quite a lot
"solaris-sparc-cc","cc:-xarch=v8 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
"solaris-usparc-cc","cc:-xtarget=ultra -xarch=v8plus -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
"solaris64-usparc-cc","cc:-xtarget=ultra -xarch=v9 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
-lsocket -lnsl:\
BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
# Sunos configs, assuming sparc for the gcc one.
##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST:(unknown)::DES_UNROLL:::",
"sunos-gcc","gcc:-O3 -mv8:(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
# SGI configurations. If the box is rather old (r3000 cpu), you will
# probably have to remove the '-mips2' flag. I've only been using
@@ -130,65 +105,52 @@ my %table=(
# I've recently done 32 and 64 bit mips assember, it make this RSA
# 3 times faster, use if at all possible.
#"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
"irix-mips3-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN:(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:::",
"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:::",
"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:(unknown):::::",
# This is the n64 mode build. (Untested!)
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS:(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:::",
"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:asm/mips1.o::",
"irix64-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/mips1.o::",
"irix64-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
# This is the n64 mode build.
"irix-n64-cc", "cc:-64 -O2 -use_readonly_const -DTERMIOS::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:asm/mips3_64.o::",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or gcc.
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# HPUX 10.X config. Supports threads.
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
# HPUX config. I've been building on HPUX 9, so the options may be
# different on version 10. The pa-risc2.o assember file is 2 times
# faster than the old asm/pa-risc.o version but it may not run on old
# PA-RISC CPUs. If you have problems, swap back to the old one.
# Both were generated by gcc, so use the C version with the PA-RISC specific
# options turned on if you are using gcc.
"hpux-cc", "cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
"hpux-kr-cc", "cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
"hpux-gcc", "gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
# assembler versions -- currently defunct:
##"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
##"alpha-cc", "cc:-tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
##"alpha164-cc", "cc:-tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
"alpha-cc", "cc:-tune host -O4 -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
"alpha164-cc", "cc:-tune host -fast -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
#"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486:(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
"nextstep", "cc:-O3 -Wall:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-x86", "gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
#"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
"nextstep", "cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
# NCR MP-RAS UNIX ver 02.03.01
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
# UnixWare 2.0
"unixware-2.0","cc:-O -DFILIO_H:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
"aix-cc", "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
#
# Cray T90 (SDSC)
@@ -201,209 +163,115 @@ my %table=(
#'Taking the address of a bit field is not allowed. '
#'An expression with bit field exists as the operand of "sizeof" '
# (written by Wayne Schroeder <schroede@SDSC.EDU>)
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
#
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
#
# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
# another use. Basically, the problem is that the T3E uses some bit fields
# for some st_addr stuff, and then sizeof and address-of fails
# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
# did not like it.
"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
# DGUX, 88100.
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer:(unknown)::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
# SCO cc.
"sco5-cc", "cc::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
"sco5-cc", "cc::-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN:-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
"SINIX","cc:-O -DSNI:(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
"SINIX-N","/usr/ucb/cc:-O2 -misaligned:(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
# Sinix RM400
"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
# Windows NT, Microsoft Visual C++ 4.0
"VC-NT","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
"VC-WIN32","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
"VC-WIN16","cl::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-W31-16","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
"VC-W31-32","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-MSDOS","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# hmm... bug in perl under NT, I need to concatinate :-(
"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Borland C++ 4.5
"BC-32","bcc32::(unknown)::BN_LLONG DES_PTR RC4_INDEX:::",
"BC-16","bcc::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
"BC-32","bcc32:::DES_PTR RC4_INDEX:::",
"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# CygWin32
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown):BN_LLONG $x86_gcc_des $x86_gcc_opts:",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN:(unknown)::::::",
"ultrix-gcc","gcc:-O3 -DL_ENDIAN:(unknown)::::::",
# K&R C is no longer supported; you need gcc on old Ultrix installations
##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:(unknown)::::::",
# Our old Ultrix box :-). -O2 breaks some of the bignum stuff (now fixed,
# it is a compiler bug, look in bug/ultrixcc.c for example code.
"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:::asm/mips1.o:::",
# Some OpenBSD from Bob Beck <beck@obtuse.com>
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
BC-16 CygWin32 Mingw32);
$no_asm=0;
$postfix="org";
$Makefile="Makefile.ssl";
$des_locl="crypto/des/des_locl.h";
$des ="crypto/des/des.h";
$bn ="crypto/bn/bn.h";
$md2 ="crypto/md2/md2.h";
$rc4 ="crypto/rc4/rc4.h";
$rc4_locl="crypto/rc4/rc4_locl.h";
$idea ="crypto/idea/idea.h";
$rc2 ="crypto/rc2/rc2.h";
$bf ="crypto/bf/bf_locl.h";
$bn_asm ="bn_asm.o";
$des_enc="des_enc.o fcrypt_b.o";
$bf_enc ="bf_enc.o";
$cast_enc="c_enc.o";
$rc4_enc="rc4_enc.o";
$rc5_enc="rc5_enc.o";
$md5_obj="";
$sha1_obj="";
$rmd160_obj="";
my $prefix="";
my $openssldir="";
my $install_prefix="";
my $no_threads=0;
my $threads=0;
my $no_asm=0;
my @skip=();
my $Makefile="Makefile.ssl";
my $des_locl="crypto/des/des_locl.h";
my $des ="crypto/des/des.h";
my $bn ="crypto/bn/bn.h";
my $md2 ="crypto/md2/md2.h";
my $rc4 ="crypto/rc4/rc4.h";
my $rc4_locl="crypto/rc4/rc4_locl.h";
my $idea ="crypto/idea/idea.h";
my $rc2 ="crypto/rc2/rc2.h";
my $bf ="crypto/bf/bf_locl.h";
my $bn_asm ="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
my $rc4_enc="rc4_enc.o";
my $rc5_enc="rc5_enc.o";
my $md5_obj="";
my $sha1_obj="";
my $rmd160_obj="";
my $processor="";
my $ranlib;
my $perl;
if ($#ARGV < 0)
{
&bad_target;
exit(1);
}
$ranlib=&which("ranlib") or $ranlib="true";
$perl=&which("perl5") or $perl=&which("perl") or $perl="perl";
&usage if ($#ARGV < 0);
my $flags="";
my $depflags="";
my $libs="";
my $target="";
my $options="";
$flags="";
foreach (@ARGV)
{
if (/^no-asm$/)
if ($_ =~ /^no-asm$/)
{ $no_asm=1; }
elsif (/^no-threads$/)
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
elsif (/^no-(.+)$/)
elsif ($_ =~ /^-/)
{
my $algo=$1;
push @skip,$algo;
$algo =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_$algo ";
$depflags .= "-DNO_$algo ";
}
elsif (/^386$/)
{ $processor=386; }
elsif (/^rsaref$/)
{
$libs.= "-lRSAglue -lrsaref ";
$flags.= "-DRSAref ";
}
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/)
if ($_ =~ /^-[lL](.*)$/)
{
$libs.=$_." ";
}
elsif (/^-[^-]/ or /^\+/)
elsif ($_ =~ /^-D(.*)$/)
{
$flags.=$_." ";
}
elsif (/^--prefix=(.*)$/)
{
$prefix=$1;
}
elsif (/^--openssldir=(.*)$/)
{
$openssldir=$1;
}
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
}
else
{
print STDERR $usage;
exit(1);
die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n";
}
}
elsif ($_ =~ /^([^:]+):(.+)$/)
{
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
$target=$1;
}
else
{
die "target already defined - $target\n" if ($target ne "");
$target=$_;
if (!defined($table{$target}))
{
&bad_target;
exit(1);
}
}
$options .= $_ unless $_ eq $target;
}
}
&usage if (!defined($table{$target}));
if (!defined($table{$target}))
{
&bad_target;
exit(1);
}
my $IsWindows=scalar grep /^$target$/,@WinTargets;
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
print "IsWindows=$IsWindows\n";
(my $cc,my $cflags,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj,
$cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)=
split(/\s*:\s*/,$table{$target});
$cflags="$flags$cflags" if ($flags ne "");
my $thread_cflags;
if ($thread_cflag ne "(unknown)" && !$no_threads)
{
# If we know how to do it, support threads by default.
$threads = 1;
}
if ($thread_cflag eq "(unknown)")
{
# If the user asked for "threads", hopefully they also provided
# any system-dependent compiler options that are necessary.
$thread_cflags="-DTHREADS $cflags"
}
else
{
$thread_cflags="-DTHREADS $thread_cflag $cflags"
}
$lflags="$libs$lflags"if ($libs ne "");
if ($no_asm)
@@ -412,17 +280,9 @@ if ($no_asm)
$sha1_obj=$md5_obj=$rmd160_obj="";
}
if ($threads)
{
$cflags=$thread_cflags;
}
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
#$bn_obj="$bn1";
$bn_obj = $bn_asm unless $bn_obj ne "";
($bn1)=split(/\s+/,$bn_obj);
$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
$bn_obj="$bn1";
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
@@ -445,50 +305,17 @@ if ($rmd160_obj =~ /\.o$/)
$cflags.=" -DRMD160_ASM";
}
my $version = "unknown";
my $major = "unknown";
my $minor = "unknown";
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
}
close(IN);
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
{
$major=$1;
$minor=$2;
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
my $sdirs=0;
$n=&file_new($Makefile);
open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
open(OUT,">".$n) || die "unable to read $n:$!\n";
while (<IN>)
{
chop;
$sdirs = 1 if /^SDIRS=/;
$sdirs = 0 unless /\\$/;
if ($sdirs) {
my $dir;
foreach $dir (@skip) {
s/$dir//;
}
}
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
s/^OPTIONS=.*$/OPTIONS=$options/;
s/^CC=.*$/CC= $cc/;
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
@@ -497,18 +324,16 @@ while (<IN>)
s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^PERL=.*/PERL= $perl/;
print OUT $_."\n";
}
close(IN);
close(OUT);
&Rename($Makefile,&file_old($Makefile));
&Rename($n,$Makefile);
print "CC =$cc\n";
print "CFLAG =$cflags\n";
print "EX_LIBS =$lflags\n";
print "BN_ASM =$bn_obj\n";
print "BN_MULW =$bn_obj\n";
print "DES_ENC =$des_obj\n";
print "BF_ENC =$bf_obj\n";
print "CAST_ENC =$cast_obj\n";
@@ -517,26 +342,21 @@ print "RC5_ENC =$rc5_obj\n";
print "MD5_OBJ_ASM =$md5_obj\n";
print "SHA1_OBJ_ASM =$sha1_obj\n";
print "RMD160_OBJ_ASM=$rmd160_obj\n";
print "PROCESSOR =$processor\n";
print "RANLIB =$ranlib\n";
print "PERL =$perl\n";
my $des_ptr=0;
my $des_risc1=0;
my $des_risc2=0;
my $des_unroll=0;
my $bn_ll=0;
my $def_int=2;
my $rc4_int=$def_int;
my $md2_int=$def_int;
my $idea_int=$def_int;
my $rc2_int=$def_int;
my $rc4_idx=0;
my $bf_ptr=0;
my @type=("char","short","int","long");
my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
my $des_int;
$des_ptr=0;
$des_risc1=0;
$des_risc2=0;
$des_unroll=0;
$bn_ll=0;
$def_int=2;
$rc4_int=$def_int;
$md2_int=$def_int;
$idea_int=$def_int;
$rc2_int=$def_int;
$rc4_idx=0;
$bf_ptr=0;
@type=("char","short","int","long");
($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
foreach (sort split(/\s+/,$bn_ops))
{
@@ -564,13 +384,13 @@ foreach (sort split(/\s+/,$bn_ops))
($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
}
open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
(($in=$bn) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($bn);
open(IN,"<".$in) || die "unable to read $bn:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#define\s+OPENSSLDIR/)
{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
if (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
@@ -582,10 +402,38 @@ while (<IN>)
{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
elsif (/^\#define\s+DES_LONG\s+.*/)
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($bn,&file_old($bn));
&Rename($n,$bn);
(($in=$des) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($des);
open(IN,"<".$in) || die "unable to read $des:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^\#define\s+DES_LONG\s+.*/)
{ printf OUT "#define DES_LONG unsigned %s\n",
($des_int)?'int':'long'; }
elsif (/^\#(define|undef)\s+DES_PTR/)
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($des,&file_old($des));
&Rename($n,$des);
(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($des_locl);
open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^\#(define|undef)\s+DES_PTR/)
{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
elsif (/^\#(define|undef)\s+DES_RISC1/)
{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
@@ -593,32 +441,113 @@ while (<IN>)
{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
elsif (/^\#(define|undef)\s+DES_UNROLL/)
{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
elsif (/^#define\s+RC4_INT\s/)
{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
elsif (/^#((define)|(undef))\s+RC4_INDEX/)
{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
elsif (/^#(define|undef)\s+I386_ONLY/)
{ printf OUT "#%s I386_ONLY\n", ($processor == 386)?
"define":"undef"; }
elsif (/^#define\s+MD2_INT\s/)
{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
elsif (/^#define\s+IDEA_INT\s/)
{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
elsif (/^#define\s+RC2_INT\s/)
{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
elsif (/^#(define|undef)\s+BF_PTR/)
{
printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
}
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($des_locl,&file_old($des_locl));
&Rename($n,$des_locl);
# Fix the date
(($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($rc4);
open(IN,"<".$in) || die "unable to read $rc4:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#define\s+RC4_INT\s/)
{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($rc4,&file_old($rc4));
&Rename($n,$rc4);
(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($rc4_locl);
open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#((define)|(undef))\s+RC4_INDEX/)
{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($rc4_locl,&file_old($rc4_locl));
&Rename($n,$rc4_locl);
(($in=$md2) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($md2);
open(IN,"<".$in) || die "unable to read $bn:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#define\s+MD2_INT\s/)
{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($md2,&file_old($md2));
&Rename($n,$md2);
(($in=$idea) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($idea);
open(IN,"<".$in) || die "unable to read $idea:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#define\s+IDEA_INT\s/)
{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($idea,&file_old($idea));
&Rename($n,$idea);
(($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($rc2);
open(IN,"<".$in) || die "unable to read $rc2:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#define\s+RC2_INT\s/)
{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($rc2,&file_old($rc2));
&Rename($n,$rc2);
(($in=$bf) =~ s/\.([^.]+)/.$postfix/);
$n=&file_new($bf);
open(IN,"<".$in) || die "unable to read $bf:$!\n";
open(OUT,">$n") || die "unable to read $n:$!\n";
while (<IN>)
{
if (/^#(define|undef)\s+BF_PTR/)
{
printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
}
else
{ print OUT $_; }
}
close(IN);
close(OUT);
&Rename($bf,&file_old($bf));
&Rename($n,$bf);
print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
print "SIXTY_FOUR_BIT mode\n" if $b64;
@@ -638,115 +567,29 @@ print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
print "BF_PTR used\n" if $bf_ptr == 1;
print "BF_PTR2 used\n" if $bf_ptr == 2;
if($IsWindows) {
open (OUT,">crypto/date.h") || die "Can't open date.h";
printf OUT "#define DATE \"%s\"\n", scalar gmtime();
close(OUT);
system "perl crypto/objects/obj_dat.pl <crypto/objects/objects.h >crypto/objects/obj_dat.h";
} else {
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
### (system 'make depend') == 0 or exit $? if $depflags ne "";
# Run "make depend" manually if you want to be able to delete
# the source code files of ciphers you left out.
&dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
}
my $pwd;
if($IsWindows) {
$pwd="(current directory)";
} else {
$pwd =`pwd`;
chop($pwd);
}
print <<EOF;
NOTE: The OpenSSL header files have been moved from include/*.h
to include/openssl/*.h. To include OpenSSL header files, now
directives of the form
#include <openssl/foo.h>
should be used instead of #include <foo.h>.
These new file locations allow installing the OpenSSL header
files in /usr/local/include/openssl/ and should help avoid
conflicts with other libraries.
To compile programs that use the old form <foo.h>,
usually an additional compiler option will suffice: E.g., add
-I$prefix/include/openssl
or
-I$pwd/include/openssl
to the CFLAGS in the Makefile of the program that you want to compile
(and leave all the original -I...'s in place!).
Please make sure that no old OpenSSL header files are around:
The include directory should now be empty except for the openssl
subdirectory.
EOF
print <<\EOF if (!$no_threads && !$threads);
The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
See file INSTALL for details.
EOF
exit(0);
sub usage
sub bad_target
{
print STDERR $usage;
print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
print STDERR "pick os/compiler from:";
my $j=0;
my $i;
$j=0;
foreach $i (sort keys %table)
{
next if $i =~ /^debug/;
print STDERR "\n" if ($j++ % 4) == 0;
printf(STDERR "%-18s ",$i);
}
foreach $i (sort keys %table)
{
next if $i !~ /^debug/;
next if /^b-/;
print STDERR "\n" if ($j++ % 4) == 0;
printf(STDERR "%-18s ",$i);
}
print STDERR "\n";
exit(1);
}
sub which
sub Rename
{
my($name)=@_;
my $path;
foreach $path (split /:/, $ENV{PATH})
{
if (-x "$path/$name")
{
return "$path/$name" unless ($name eq "perl" and
system("$path/$name -e " . '\'exit($]<5.0);\''));
}
}
local($from,$to)=@_;
unlink($to);
rename($from,$to) || die "unable to rename $from to $to:$!\n";
}
sub dofile
{
my $f; my $p; my %m; my @a; my $k; my $ff;
($f,$p,%m)=@_;
open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
@a=<IN>;
close(IN);
foreach $k (keys %m)
{
grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
}
($ff=$f) =~ s/\..*$//;
open(OUT,">$ff.new") || die "unable to open $f:$!\n";
print OUT @a;
close(OUT);
rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
rename("$ff.new",$f) || die "unable to rename $ff.new\n";
}
sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }

316
HISTORY Normal file
View File

@@ -0,0 +1,316 @@
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a new errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.

551
CHANGES.SSLeay → HISTORY.066
View File

@@ -1,529 +1,4 @@
This file contains the changes for the SSLeay library up to version
0.9.0b. For later changes, see the file "CHANGES".
SSLeay CHANGES
______________
Changes between 0.8.x and 0.9.0b
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a new errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.
Changes between 0.8.0 and 0.8.1
*) Mostly bug fixes.
There is an Ephemeral DH cipher problem which is fixed.
SSLeay 0.8.0
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
Changes between 0.7.x and 0.8.0
*) There have been lots of changes, mostly the addition of SSLv3.
There have been many additions from people and amongst
others, C2Net has assisted greatly.
Changes between 0.7.x and 0.7.x
*) Internal development version only
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
SSLeay 0.6.5
SSLeay 0.6.5
After quite some time (3 months), the new release. I have been very busy
for the last few months and so this is mostly bug fixes and improvments.
@@ -582,7 +57,7 @@ The main changes in this release
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
- RC2 key setup is now compatable with Netscape.
- Modifed server side of SSL implementation, big performance difference when
using session-id reuse.
using session-id reuse.
0.6.3
@@ -711,16 +186,16 @@ The wrappers are easy to write
function_fp(fp,x)
FILE *fp;
{
BIO *b;
int ret;
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=function_bio(b,x);
BIO_free(b);
return(ret);
}
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=function_bio(b,x);
BIO_free(b);
return(ret);
}
Remember, there are no functions that take FILE * in SSLeay when
compiled for Windows 3.1 DLL's.
@@ -761,8 +236,8 @@ The list of things to read and do
dgst -d
s_client -state (this uses a callback placed in the SSL state loop and
will be used else-where to help debug/monitor what
is happening.)
will be used else-where to help debug/monitor what
is happening.)
doc/why.doc
doc/bio.doc <- hmmm, needs lots of work.

7
HISTORY.090 Normal file
View File

@@ -0,0 +1,7 @@
- A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
sent in the client random, thanks to
Edward Bishop <ebishop@spyglass.com>
- Changed some BIGNUM api stuff.
- I Deleted the HISTORY.090 I was working on and when I found out, it was
permanently gone :-(

252
INSTALL
View File

@@ -1,252 +1,6 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
[See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
and INSTALL.VMS for installing on OpenVMS systems.]
To install OpenSSL, you will need:
* Perl 5
* an ANSI C compiler
* a supported Unix operating system
Quick Start
-----------
If you want to just get on with it, do:
$ ./config
$ make
$ make test
$ make install
[If any of these steps fails, see section Installation in Detail below.]
This will build and install OpenSSL in the default location, which is (for
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
run config like this:
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
Configuration Options
---------------------
There are several options to ./config to customize the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
or the directory specified by --openssldir.
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
rsaref Build with RSADSI's RSAREF toolkit (this assumes that
librsaref.a is in the library search path).
no-threads Don't try to build with support for multi-threaded
applications.
threads Build with support for multi-threaded applications.
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
more efficient, but requires at least a 486).
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
-Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
Installation in Detail
----------------------
1a. Configure OpenSSL for your operation system automatically:
$ ./config [options]
This guesses at your operating system (and compiler, if necessary) and
configures OpenSSL based on this guess. Run ./config -t to see
if it guessed correctly. If it did not get it correct or you want to
use a different compiler then go to step 1b. Otherwise go to step 2.
On some systems, you can include debugging information as follows:
$ ./config -d [options]
1b. Configure OpenSSL for your operating system manually
OpenSSL knows about a range of different operating system, hardware and
compiler combinations. To see the ones it knows about, run
$ ./Configure
Pick a suitable name from the list that matches your system. For most
operating systems there is a choice between using "cc" or "gcc". When
you have identified your system (and if necessary compiler) use this name
as the argument to ./Configure. For example, a "linux-elf" user would
run:
$ ./Configure linux-elf [options]
If your system is not available, you will have to edit the Configure
program and add the correct configuration for your system. The
generic configurations "cc" or "gcc" should usually work.
Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
2. Build OpenSSL by running:
$ make
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
Include the output of "./config -t" and the OpenSSL version
number in your message.
3. After a successful build, the libraries should be tested. Run:
$ make test
If a test fails, try removing any compiler optimization flags from
the CFLAGS line in Makefile.ssl and run "make clean; make". Please
send a bug report to <openssl-bugs@openssl.org>, including the
output of "openssl version -a" and of the failed test.
4. If everything tests ok, install OpenSSL with
$ make install
This will create the installation directory (if it does not exist) and
then the following subdirectories:
certs Initially empty, this is the default location
for certificate files.
misc Various scripts.
private Initially empty, this is the default location
for private key files.
If you didn't chose a different installation prefix, the
following additional subdirectories will be created:
bin Contains the openssl binary and a few other
utility programs.
include/openssl Contains the header files needed if you want to
compile programs with libcrypto or libssl.
lib Contains the OpenSSL library files themselves.
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
it can easily be packaged, can use
$ make INSTALL_PREFIX=/tmp/package-root install
(or specify "--install_prefix=/tmp/package-root" as a configure
option). The specified prefix will be prepended to all
installation target filenames.
NOTE: The header files used to reside directly in the include
directory, but have now been moved to include/openssl so that
OpenSSL can co-exist with other libraries which use some of the
same filenames. This means that applications that use OpenSSL
should now use C preprocessor directives of the form
#include <openssl/ssl.h>
instead of "#include <ssl.h>", which was used with library versions
up to OpenSSL 0.9.2b.
If you install a new version of OpenSSL over an old library version,
you should delete the old header files in the include directory.
Compatibility issues:
* COMPILING existing applications
To compile an application that uses old filenames -- e.g.
"#include <ssl.h>" --, it will usually be enough to find
the CFLAGS definition in the application's Makefile and
add a C option such as
-I/usr/local/ssl/include/openssl
to it.
But don't delete the existing -I option that points to
the ..../include directory! Otherwise, OpenSSL header files
could not #include each other.
* WRITING applications
To write an application that is able to handle both the new
and the old directory layout, so that it can still be compiled
with library versions up to OpenSSL 0.9.2b without bothering
the user, you can proceed as follows:
- Always use the new filename of OpenSSL header files,
e.g. #include <openssl/ssl.h>.
- Create a directory "incl" that contains only a symbolic
link named "openssl", which points to the "include" directory
of OpenSSL.
For example, your application's Makefile might contain the
following rule, if OPENSSLDIR is a pathname (absolute or
relative) of the directory where OpenSSL resides:
incl/openssl:
-mkdir incl
cd $(OPENSSLDIR) # Check whether the directory really exists
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
You will have to add "incl/openssl" to the dependencies
of those C files that include some OpenSSL header file.
- Add "-Iincl" to your CFLAGS.
With these additions, the OpenSSL header files will be available
under both name variants if an old library version is used:
Your application can reach them under names like <openssl/foo.h>,
while the header files still are able to #include each other
with names of the form <foo.h>.
Note on multi-threading
-----------------------
For some systems, the OpenSSL Configure script knows what compiler options
are needed to generate a library that is suitable for multi-threaded
applications. On these systems, support for multi-threading is enabled
by default; use the "no-threads" option to disable (this should never be
necessary).
On other systems, to enable support for multi-threading, you will have
to specify at least two options: "threads", and a system-dependent option.
(The latter is "-D_REENTRANT" on various systems.) The default in this
case, obviously, is not to include support for multi-threading (but
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
--------------------------------------------------------------------------------
The orignal Unix build instructions from SSLeay follow.
Note: some of this may be out of date and no longer applicable
--------------------------------------------------------------------------------
# Installation of SSLeay.
# It depends on perl for a few bits but those steps can be skipped and
# the top level makefile edited by hand
# When bringing the SSLeay distribution back from the evil intel world
# of Windows NT, do the following to make it nice again under unix :-)

218
INSTALL.VMS
View File

@@ -1,218 +0,0 @@
VMS Installation instructions
written by Richard Levitte
<richard@levitte.org>
Intro:
======
This file is divided in the following parts:
Compilation - Mandatory reading.
Test - Mandatory reading.
Installation - Mandatory reading.
Backward portability - Read if it's an issue.
Possible bugs or quirks - A few warnings on things that
may go wrong or may surprise you.
Report - How to get in touch with me.
Compilation:
============
I've used the very good command procedures written by Robert Byer
<byer@mail.all-net.net>, and just slightly modified them, making
them slightly more general and easier to maintain.
You can actually compile in almost any directory separately. Look
for a command procedure name xxx-LIB.COM (in the library directories)
or MAKExxx.COM (in the program directories) and read the comments at
the top to understand how to use them. However, if you want to
compile all you can get, the simplest is to use MAKEVMS.COM in the top
directory. The syntax is trhe following:
@MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
<option> must be one of the following:
ALL Just build "everything".
DATE Just build the "[.INCLUDE]DATE.H" file.
SOFTLINKS Just copies some files, to simulate Unix soft links.
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
TEST Just build the "test" programs for OpenSSL.
APPS Just build the "application" programs for OpenSSL.
<rsaref-p> must be one of the following:
RSAREF compile using the RSAREF Library
NORSAREF compile without using RSAREF
Note: The RSAREF libraries are NOT INCLUDED and you have to
download it from "ftp://ftp.rsa.com/rsaref". You have to
get the ".tar-Z" file as the ".zip" file dosen't have the
directory structure stored. You have to extract the file
into the [.RSAREF] directory as that is where the scripts
will look for the files.
Note 2: I have never done this, so I've no idea if it works or not.
<debug-p> must be one of the following:
DEBUG compile with debugging info (will not optimize)
NODEBUG compile without debugging info (will optimize)
<compiler> must be one of the following:
VAXC For VAX C.
DECC For DEC C.
GNUC For GNU C.
You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
named LIBSSL.OLB, and you will find a bunch of useful programs in
[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
just to test them. For production use, make sure you install first, see
Installation below.
Note: Some programs in this package require a TCP/IP library.
Note 2: if you want to compile the crypto library only, please make sure
you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
A lot of things will break if you don't.
Test:
=====
Testing is very simple, just do the following:
@[.TEST]TESTS
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
it's an ugly hack!) and rebuild. Please send a bug report to
<openssl-bugs@openssl.org>, including the output of "openssl version -a"
and of the failed test.
Installation:
=============
Installation is easy, just do the following:
@INSTALL <root>
<root> is the directory in which everything will be installed,
subdirectories, libraries, header files, programs and startup command
procedures.
In the [.VMS] subdirectory of the installation, you will find the
following command procedures:
OPENSSL_STARTUP.COM
defines all needed logical names. Takes one argument that
tells it in what logical name table to insert the logical
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
call should look like this:
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
OPENSSL_UTILS.COM
sets up the symbols to the applications. Should be called
from for example SYS$MANAGER:SYLOGIN.COM
The logical names that are set up are the following:
SSLROOT a dotted concealed logical name pointing at the
root directory.
SSLCERTS Initially an empty directory, this is the default
location for certificate files.
SSLMISC Various scripts.
SSLPRIVATE Initially an empty directory, this is the default
location for private key files.
SSLEXE Contains the openssl binary and a few other utility
programs.
SSLINCLUDE Contains the header files needed if you want to
compile programs with libcrypto or libssl.
SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
and LIBSSL.OLB) themselves.
OPENSSL Same as SSLINCLUDE. This is because the standard
way to include OpenSSL header files from version
0.9.3 and on is:
#include <openssl/header.h>
For more info on this issue, see the INSTALL. file
(the NOTE in section 4 of "Installation in Detail").
You don't need to "deleting old header files"!!!
Backward portability:
=====================
One great problem when you build a library is making sure it will work
on as many versions of VMS as possible. Especially, code compiled on
OpenVMS version 7.x and above tend to be unusable in version 6.x or
lower, because some C library routines have changed names internally
(the C programmer won't usually see it, because the old name is
maintained through C macros). One obvious solution is to make sure
you have a development machine with an old enough version of OpenVMS.
However, if you are stuck with a bunch of Alphas running OpenVMS version
7.1, you seem to be out of luck. Fortunately, the DEC C header files
are cluttered with conditionals that make some declarations and definitions
dependent on the OpenVMS version or the C library version, *and* you
can use those macros to simulate older OpenVMS or C library versions,
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
correct values. In the compilation scripts, I've provided the possibility
for the user to influense the creation of such macros, through a bunch of
symbols, all having names starting with USER_. Here's the list of them:
USER_CCFLAGS - Used to give additional qualifiers to the
compiler. It can't be used to define macros
since the scripts will do such things as well.
To do such things, use USER_CCDEFS.
USER_CCDEFS - Used to define macros on the command line. The
value of this symbol will be inserted inside a
/DEFINE=(...).
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
inserted inside a /DISABLE=WARNING=(...).
So, to maintain backward compatibility with older VMS versions, do the
following before you start compiling:
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
$ USER_CCDISABLEWARNINGS := PREOPTW
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
that those macros have been changed.
Note: Currently, this is only usefull for library compilation. The
programs will still be linked with the current version of the
C library shareable image, and will thus complain if they are
faced with an older version of the same C library shareable image.
This will probably be fixed in a future revision of OpenSSL.
Possible bugs or quirks:
========================
I'm not perfectly sure all the programs will use the SSLCERTS:
directory by default, it may very well be that you have to give them
extra arguments. Please experiment.
Report:
=======
I maintain a few mailinglists for bug reports and such on software that
I develop/port/enhance/destroy. Please look at http://www.free.lp.se/
for further info.
--
Richard Levitte <richard@levitte.org>
1999-03-09

127
LICENSE
View File

@@ -1,127 +0,0 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

145
INSTALL.W32 → MICROSOFT
View File

@@ -1,148 +1,3 @@
INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
Heres a few comments about building OpenSSL in Windows environments. Most of
this is tested on Win32 but it may also work in Win 3.1 with some
modification. See the end of this file for Eric's original comments.
You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
and one of the following C compilers:
* Visual C++
* Borland C
* GNU C (Mingw32 or Cygwin32)
If you are compiling from a tarball or a CVS snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
Visual C++
----------
Firstly you should run Configure and build the Win32 Makefiles:
> perl Configure VC-WIN32
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section: you probably wont be able to compile it as it
stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\ntdll.mak
If all is well it should compile and you will have some DLLs and executables
in out32dll. If you want to try the tests then do:
> cd out32dll
> ..\ms\test
Tweaks:
There are various changes you can make to the Win32 compile environment. If
you have the MASM assembler 'ml' then you can try the assembly language code.
To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
here to make a debugging version of the library.
The default Win32 environment is to leave out any Windows NT specific
features.
If you want to enable the NT specific features of OpenSSL (currently only the
logging BIO) follow the instructions above but call the batch file do_nt.bat
instead of do_ms.bat.
You can also build a static version of the library using the Makefile
ms\nt.mak
Borland C++ builder 3 and 4
---------------------------
* Setup PATH. First must be GNU make then bcb4/bin
* Run ms\bcb4.bat
* Run make:
> make -f bcb.mak
GNU C (Mingw32)
---------------
To build OpenSSL, you need the Mingw32 package and GNU make.
* Compiler installation:
Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
<ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
C:\egcs-1.1.2\mingw32.bat to set the PATH.
* Compile OpenSSL:
> perl Configure Mingw32
> ms\mw.bat
This will create the library and binaries in out.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
link with libeay32.a and libssl32.a instead.
See troubleshooting if you get error messages about functions not having
a number assigned.
* You can now try the tests:
> cd out
> ..\ms\test
Troubleshooting
---------------
Since the Win32 build is only occasionally tested it may not always compile
cleanly. If you get an error about functions not having numbers assigned
when you run ms\do_ms then this means the Win32 ordinal files are not up to
date. You can do:
> perl util\mkdef.pl crypto ssl update
then ms\do_ms should not give a warning any more. However the numbers that
get assigned by this technique may not match those that eventually get
assigned in the CVS tree: so anything linked against this version of the
library may need to be recompiled.
If you get errors about unresolved externals then this means that either you
didn't read the note above about functions not having numbers assigned or
someone forgot to add a function to the header file.
In this latter case check out the header file to see if the function is
defined in the header file.
If you get warnings in the code then the compilation will halt.
The default Makefile for Win32 halts whenever any warnings occur. Since VC++
has its own ideas about warnings which don't always match up to other
environments this can happen. The best fix is to edit the file with the
warning in and fix it. Alternatively you can turn off the halt on warnings by
editing the CFLAG line in the Makefile and deleting the /WX option.
You might get compilation errors. Again you will have to fix these or report
them.
One final comment about compiling applications linked to the OpenSSL library.
If you don't use the multithreaded DLL runtime library (/MD option) your
program will almost certainly crash: see the original SSLeay description
below for more details.
--------------------------------------------------------------------------------
The orignal Windows build instructions from SSLeay follow.
Note: some of this may be out of date and no longer applicable. In particular
the Crypto_malloc_init() comment appears to be wrong: you always need to use
the same runtime library as the DLL itself.
--------------------------------------------------------------------------------
The Microsoft World.
The good news, to build SSLeay for the Microsft World

1019
MINFO Normal file
View File

File diff suppressed because it is too large Load Diff

261
Makefile.org → Makefile.ssl
View File

@@ -1,21 +1,36 @@
##
## Makefile for OpenSSL
##
VERSION=
MAJOR=
MINOR=
PLATFORM=dist
OPTIONS=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
#
# Makefile for all the SSL related library routines and utilities
VERSION = 0.9.1b
PLATFORM=debug
#
# make install will install:
# libraries into $INSTALLTOP/lib
# headers into $INSTALLTOP/include
# utilities into $INSTALLTOP/bin
#
# By default INSTALLTOP is set to /usr/local/ssl
# If you want things install elsewere, consider running
# perl util/ssldir.pl /new/path
#
# Interesting Mailing Lists:
# ssl-bugs@mincom.oz.au
# ssl-users@mincom.oz.au
#
# To join the Mailing Lists:
# ssl-bugs-request@mincom.oz.au
# ssl-users-request@mincom.oz.au
#
# If you must get hold of people directly (we much prefer the above
# lists to be used if the question is of general interest!):
# Eric Young <eay@cryptsoft.com>
# Tim Hudson <tjh@cryptsoft.com>
# or both <ssleay@cryptsoft.com>
#
# The primary distribution of SSLeay is from
# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
#
# NOCONST - Define for C compilers that don't like the const key word.
# NOPROTO - Define in if your compiler does not support prototypes.
# RSAref - Define if we are to link with RSAref.
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
@@ -30,7 +45,7 @@ OPENSSLDIR=/usr/local/ssl
# number generator is initalised.
# SSL_ALLOW_ADH - define if you want the server to be able to use the
# SSLv3 anon-DH ciphers.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# SSL_ALLOW_ENULL - define if you want the server to be able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
@@ -49,13 +64,10 @@ OPENSSLDIR=/usr/local/ssl
CC= gcc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
DEPFLAG=
CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
PEX_LIBS= -L. -L.. -L../.. -L../../..
EX_LIBS=
EX_LIBS= -lefence
AR=ar r
RANLIB= ranlib
PERL= perl
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@@ -72,13 +84,9 @@ BN_ASM= bn_asm.o
#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
DES_ENC= asm/dx86-out.o asm/yx86-out.o
DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
@@ -87,7 +95,7 @@ DES_ENC= asm/dx86-out.o asm/yx86-out.o
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
BF_ENC= asm/bx86-out.o
BF_ENC= bf_enc.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
@@ -96,7 +104,7 @@ BF_ENC= asm/bx86-out.o
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
CAST_ENC= asm/cx86-out.o
CAST_ENC= c_enc.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
@@ -105,7 +113,7 @@ CAST_ENC= asm/cx86-out.o
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC4_ENC= asm/rx86-out.o
RC4_ENC= rc4_enc.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
@@ -114,7 +122,7 @@ RC4_ENC= asm/rx86-out.o
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
RC5_ENC= asm/r586-out.o
RC5_ENC= rc5_enc.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
@@ -122,36 +130,38 @@ RC5_ENC= asm/r586-out.o
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
MD5_ASM_OBJ= asm/mx86-out.o
MD5_ASM_OBJ=
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
SHA1_ASM_OBJ= asm/sx86-out.o
SHA1_ASM_OBJ=
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
RMD160_ASM_OBJ= asm/rm86-out.o
RMD160_ASM_OBJ=
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
DIRS= crypto ssl rsaref apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
evp pem asn1 x509 conf txt_db pkcs7 comp
# If you change the INSTALLTOP, make sure to also change the values
# in crypto/location.h
INSTALLTOP=/usr/local/ssl
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
@@ -162,178 +172,167 @@ SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep
MISC= COPYRIGHT Configure HISTORY.090 HISTORY.066 INSTALL Makefile.ssl \
Makefile \
README TODO HISTORY README.066 README.080 README.090 \
VERSION PROBLEMS MINFO makefile.one e_os.h \
MICROSOFT makevms.com config PATENTS
WDIRS= windows
LIBS= libcrypto.a libssl.a
GENERAL= Makefile
BASENAME= openssl
BASENAME= SSLeay
NAME= $(BASENAME)-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
EXHEADER= e_os.h e_os2.h
EXHEADER= e_os.h
HEADER= e_os.h
all: Makefile.ssl
all:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
(cd $$i; echo "making $$i..."; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
done;
sub_all:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
(cd $$i; echo "making $$i..."; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
done;
linux-shared:
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.a lib$$i.so \
lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
-Wl,-S,-soname=lib$$i.so.${MAJOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive -lc ) || exit 1; \
rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
done;
@set -x; \
for i in ${SHLIBDIRS}; do \
ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
ln -s lib$$i.so.${MAJOR} lib$$i.so; \
done;
Makefile.ssl: Makefile.org
@echo "Makefile.ssl is older than Makefile.org."
@echo "Reconfigure the source tree (via 'perl Configure' or 'sh config')"
@echo "and update the error lists (via 'make errors'), please."
@false
libclean:
rm -f *.a */lib */*/lib
/bin/rm *.a */lib */*/lib
clean:
rm -f shlib/*.o *.o core a.out fluff *.map
/bin/rm -f shlib/*.o *.o core a.out fluff *.map
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
(cd $$i; echo "cleaning $$i..."; \
$(MAKE) SDIRS='${SDIRS}' clean ); \
/bin/rm -f $(LIBS); \
done;
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
/bin/rm -f *.a *.o speed.* *.map *.so .pure core
/bin/rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
/bin/rm -fr $$i/*; \
done
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
perl util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
files: MINFO
perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
(cd $$i; echo "making 'files' in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' files ); \
done;
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@-mkdir -p include/openssl 2>/dev/null
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
done;
dclean:
rm -f *.bak
/bin/rm -f Makefile;
./util/point.sh Makefile.ssl Makefile;
$(TOP)/util/mklink.sh include $(EXHEADER) ;
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
(cd $$i; echo "making links in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' links ); \
done;
# @(cd apps; sh ./mklinks)
@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
dclean:
/bin/rm -f *.bak
@for i in $(DIRS) ;\
do \
(cd $$i; echo "undoing makedepend in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' dclean ); \
done;
rehash:
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
test: tests
tests: rehash
@(cd test && echo "testing..." && \
tests:
(cd test; echo "testing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
@apps/openssl version -a
@apps/ssleay version -a
depend:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making dependancies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
(cd $$i; echo "making dependancies $$i..."; \
$(MAKE) SDIRS='${SDIRS}' depend ); \
done;
lint:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
(cd $$i; echo "making lint $$i..."; \
$(MAKE) SDIRS='${SDIRS}' lint ); \
done;
tags:
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
(cd $$i; echo "making tags $$i..."; \
$(MAKE) SDIRS='${SDIRS}' tags ); \
done;
errors:
perl util/mkerr.pl -recurse -write
@for i in $(DIRS) ;\
do \
(cd $$i; echo "making errors in $$i..."; \
$(MAKE) SDIRS='${SDIRS}' errors ); \
done;
tar:
@tar --norecurse -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
ls -l ../$(TARFILE).gz
@(cd ..;\
mv $(BASENAME) $(NAME); \
export STUFF; \
for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
do \
STUFF="$$STUFF $(NAME)/$$i"; \
done; \
tar cf $(NAME)/$(TARFILE) $$STUFF; \
mv $(NAME) $(BASENAME) )
gzip -f $(TARFILE)
dist:
$(PERL) Configure dist
perl Configure dist
perl util/up_ver.pl ${VERSION}
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='${SDIRS}' clean
@$(MAKE) SDIRS='${SDIRS}' dclean
@(cd apps; sh ./rmlinks)
@$(MAKE) makefile.one
@$(MAKE) tar
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
install: all
@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/bin 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/lib 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/misc 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/certs 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/private 2>/dev/null
@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/lib 2>/dev/null
@for i in $(EXHEADER) ;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
done
@for i in $(LIBS) ;\
do \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
cp $$i $(INSTALLTOP)/lib; \
sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALLTOP)/lib/$$i ); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

54
NEWS
View File

@@ -1,54 +0,0 @@
NEWS
====
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes
o Added `openssl ca -revoke' option for revoking a certificate
o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
o Source tree cleanups: removed lots of obsolete files
o Thawte SXNet, certificate policies and CRL distribution points
extension support
o Preliminary (experimental) S/MIME support
o Support for ASN.1 UTF8String and VisibleString
o Full integration of PKCS#12 code
o Sparc assembler bignum implementation, optimized hash functions
o Option to disable selected ciphers
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
o Fixed a security hole related to session resumption
o Fixed RSA encryption routines for the p < q case
o "ALL" in cipher lists now means "everything except NULL ciphers"
o Support for Triple-DES CBCM cipher
o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
o First support for new TLSv1 ciphers
o Added a few new BIOs (syslog BIO, reliable BIO)
o Extended support for DSA certificate/keys.
o Extended support for Certificate Signing Requests (CSR)
o Initial support for X.509v3 extensions
o Extended support for compression inside the SSL record layer
o Overhauled Win32 builds
o Cleanups and fixes to the Big Number (BN) library
o Support for ASN.1 GeneralizedTime
o Splitted ASN.1 SETs from SEQUENCEs
o ASN1 and PEM support for Netscape Certificate Sequences
o Overhauled Perl interface
o Lots of source tree cleanups.
o Lots of memory leak fixes.
o Lots of bug fixes.
Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
o Integration of the popular NO_RSA/NO_DSA patches
o Initial support for compression inside the SSL record layer
o Added BIO proxy and filtering functionality
o Extended Big Number (BN) library
o Added RIPE MD160 message digest
o Addeed support for RC2/64bit cipher
o Extended ASN.1 parser routines
o Adjustations of the source tree for CVS
o Support for various new platforms

13
PATENTS Normal file
View File

@@ -0,0 +1,13 @@
RSA Data Security holds software patents on the RSA and RC5 algorithms.
If there ciphers are used used inside the USA (and Japan?), you must contact
RSA Data Security for licencing conditions. Their web page is
http://www.rsa.com
RC4 is a trademark of RSA Data Security, so use of this label should perhaps
only me used with RSA Data Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany,
Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.
They should be contacted if that algorithm is to be used, their web page is
http://www.ascom.ch

50
PROBLEMS Normal file
View File

@@ -0,0 +1,50 @@
If you have any problems with SSLeay then please take the following
steps:
Remove the ASM version of the BN routines (edit Configure)
Remove the compiler optimisation flags
Add in the compiler debug flags (-g)
Note: if using gcc then remove -fomit-frame-pointer before you try
to debug things.
If you wish to report a bug then please include the following information
in any bug report:
SSLeay Details
- Version, most of these details can be got from the
'ssleay version -a' command.
Operating System Details
- OS Name
- OS Version
- Hardware platform
Compiler Details
- Name
- Version
Application Details
- Name
- Version
Problem Description
- include steps that will reproduce the problem (if known)
Stack Traceback (if the application dumps core)
For example:
SSLeay-0.5.1a
SunOS 5.3, SPARC, SunC 3.0
SSLtelnet-0.7
Core dumps when using telnet with SSL support in bn_mul() with
the following stack trackback
...
Report the bug to either
ssleay@mincom.oz.au (Eric and Tim)
or
ssl-bugs@mincom.oz.au (mailing list of active developers)
Tim Hudson
tjh@mincom.oz.au

322
README
View File

@@ -1,205 +1,173 @@
SSLeay 0.9.1a 06-Jul-1998
Copyright (c) 1997, Eric Young
All rights reserved.
OpenSSL 0.9.2b 22-Mar-1999
This directory contains Eric Young's (eay@cryptsoft.com) implementation
of SSL and supporting libraries.
Copyright (c) 1998-1999 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
The current version of this library is available from
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
DESCRIPTION
-----------
There are patches to a number of internet applications which can be found in
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is managed
by a worldwide community of volunteers that use the Internet to communicate,
plan, and develop the OpenSSL toolkit and its related documentation.
A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com>
can be found at
http://www.psy.uq.oz.au/~ftp/Crypto
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill the conditions of both licenses.
Additional documentation is being slowly written by Eric Young, and is being
added to http://www.cryptsoft.com/ssleay/doc. It will normally also be
available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
OVERVIEW
--------
This Library and programs are FREE for commercial and non-commercial
usage. The only restriction is that I must be attributed with the
development of this code. See the COPYRIGHT file for more details.
Donations would still be accepted :-).
The OpenSSL toolkit includes:
THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
libssl.a:
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
both SSLv2, SSLv3 and TLSv1 in the one server and client.
The package includes
libcrypto.a:
General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
actually logically part of it. It includes routines for the following:
libssl.a:
My implementation of SSLv2, SSLv3 and the required code to support
both SSLv2 and SSLv3 in the one server.
Ciphers
libdes - EAY's libdes DES encryption package which has been floating
around the net for a few years. It includes 15
'modes/variations' of DES (1, 2 and 3 key versions of ecb,
cbc, cfb and ofb; pcbc and a more general form of cfb and
ofb) including desx in cbc mode, a fast crypt(3), and
routines to read passwords from the keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
libcrypto.a:
General encryption and X509 stuff needed by SSL but not
actually logically part of it. It includes routines for the following:
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
MDC2 message digest. A DES based hash that is popular on smart cards.
Ciphers
libdes - My libdes DES encryption package which has been floating
around the net for a few years. It includes 15
'modes/variations' of DES (1, 2 and 3 key versions of ecb,
cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
including desx in cbc mode,
a fast crypt(3), and routines to read passwords from the
keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
Public Key
RSA encryption/decryption/generation.
There is no limit on the number of bits.
DSA encryption/decryption/generation.
There is no limit on the number of bits.
Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
MDC2 message digest. A DES based hash that is polular on smart cards.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ascii-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
Public Key
RSA encryption/decryption/generation. There is no limit
on the number of bits.
DSA encryption/decryption/generation. There is no limit on the
number of bits.
Diffie-Hellman key-exchange/key generation. There is no limit
on the number of bits.
Systems
The normal digital envelope routines and base64 encoding. Higher
level access to ciphers and digests by name. New ciphers can be
loaded at run time. The BIO io system which is a simple non-blocking
IO abstraction. Current methods supported are file descriptors,
sockets, socket accept, socket connect, memory buffer, buffering, SSL
client/server, file pointer, encryption, digest, non-blocking testing
and null.
X509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ascii-binary encoding which supports encryption with
a private key.
Program to generate RSA and DSA certificate requests and to
generate RSA and DSA certificates.
Data structures
A dynamically growing hashing system
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
Systems
The normal digital envelope routines and base64 encoding.
Higher level access to ciphers and digests by name. New ciphers can be
loaded at run time.
The BIO io system which is a simple non-blocking IO abstraction.
Current methods supported are file descriptors, sockets,
socket accept, socket connect, memory buffer, buffering,
SSL client/server, file pointer, encryption, digest,
non-blocking testing and null.
Data structures
A dynamically growing hashing system
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
openssl:
A command line tool which provides the following functions:
Programs in this package include
enc - a general encryption program that can encrypt/decrypt using
one of 17 different cipher/mode combinations. The
input/output can also be converted to/from base64
ascii encoding.
dgst - a generate message digesting program that will generate
message digests for any of md2, md5, sha (sha-0 or sha-1)
or mdc2.
asn1parse - parse and display the structure of an asn1 encoded
binary file.
rsa - Manipulate RSA private keys.
dsa - Manipulate DSA private keys.
dh - Manipulate Diffie-Hellman parameter files.
dsaparam- Manipulate and generate DSA parameter files.
crl - Manipulate certificate revocation lists.
crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
x509 - Manipulate x509 certificates, self-sign certificates.
req - Manipulate PKCS#10 certificate requests and also
generate certificate requests.
genrsa - Generates an arbitrary sized RSA private key.
gendh - Generates a set of Diffie-Hellman parameters, the prime
will be a strong prime.
ca - Create certificates from PKCS#10 certificate requests.
This program also maintains a database of certificates
issued.
verify - Check x509 certificate signatures.
speed - Benchmark SSLeay's ciphers.
s_server- A test SSL server.
s_client- A test SSL client.
s_time - Benchmark SSL performance of SSL server programs.
errstr - Convert from SSLeay hex error codes to a readable form.
Documents avaliable are
A Postscript and html reference manual
(written by Tim Hudson tjh@cryptsoft.com).
enc - a general encryption program that can encrypt/decrypt using
one of 17 different cipher/mode combinations. The
input/output can also be converted to/from base64
ascii encoding.
dgst - a generate message digesting program that will generate
message digests for any of md2, md5, sha (sha-0 or sha-1)
or mdc2.
asn1parse - parse and display the structure of an asn1 encoded
binary file.
rsa - Manipulate RSA private keys.
dsa - Manipulate DSA private keys.
dh - Manipulate Diffie-Hellman parameter files.
dsaparam- Manipulate and generate DSA parameter files.
crl - Manipulate certificate revocation lists.
crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
x509 - Manipulate x509 certificates, self-sign certificates.
req - Manipulate PKCS#10 certificate requests and also
generate certificate requests.
genrsa - Generates an arbitrary sized RSA private key.
gendsa - Generates DSA parameters.
gendh - Generates a set of Diffie-Hellman parameters, the prime
will be a strong prime.
ca - Create certificates from PKCS#10 certificate requests.
This program also maintains a database of certificates
issued.
verify - Check x509 certificate signatures.
speed - Benchmark OpenSSL's ciphers.
s_server- A test SSL server.
s_client- A test SSL client.
s_time - Benchmark SSL performance of SSL server programs.
errstr - Convert from OpenSSL hex error codes to a readable form.
nseq - Netscape certificate sequence utility
PATENTS
-------
A list of text protocol references I used.
An initial version of the library manual.
Various companies hold various patents for various algorithms in various
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
rumoured to exist. This is not a definitive list.
To install this package, read the INSTALL file.
For the Microsoft word, read MICROSOFT
This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
RSA Data Security holds software patents on the RSA and RC5 algorithms. If
their ciphers are used used inside the USA (and Japan?), you must contact RSA
Data Security for licensing conditions. Their web page is
http://www.rsa.com/.
Multithreading has been tested under Windows NT and Solaris 2.5.1
RC4 is a trademark of RSA Data Security, so use of this label should perhaps
only be used with RSA Data Security's permission.
Due to time constraints, the current release has only be rigorously tested
on Solaris 2.[45], Linux and Windows NT.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
be contacted if that algorithm is to be used, their web page is
http://www.ascom.ch/.
For people in the USA, it is possible to compile SSLeay to use RSA
Inc.'s public key library, RSAref. From my understanding, it is
claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
Read doc/rsaref.doc on how to build with RSAref.
INSTALLATION
------------
Read the documentation in the doc directory. It is quite rough,
but it lists the functions, you will probably have to look at
the code to work out how to used them. I will be working on
documentation. Look at the example programs.
To install this package under a Unix derivative, read the INSTALL file. For
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
INSTALL.VMS.
There should be a SSL reference manual which is being put together by
Tim Hudson (tjh@cryptsoft.com) in the same location as this
distribution. This contains a lot more information that is very
useful. For a description of X509 Certificates, their use, and
certification, read rfc1421, rfc1422, rfc1423 and rfc1424. ssl/README
also goes over the mechanism.
For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
We have setup some mailing lists for use by people that are interested
in helping develop this code and/or ask questions.
ssl-bugs@mincom.oz.au
ssl-users@mincom.oz.au
ssl-bugs-request@mincom.oz.au
ssl-users-request@mincom.oz.au
Read the documentation in the doc/ directory. It is quite rough, but it
lists the functions, you will probably have to look at the code to work out
how to used them. Look at the example programs.
I have recently read about a new form of software, that which is in
a permanent state of beta release. Linux and Netscape are 2 good
examples of this, and I would also add SSLeay to this category.
The Current stable release is 0.6.6. It has a few minor problems.
0.8.0 is not call compatable so make sure you have the correct version
of SSLeay to link with.
SUPPORT
-------
eric (Jun 1997)
If you have any problems with OpenSSL then please take the following steps
first:
Eric Young (eay@cryptsoft.com)
86 Taunton St.
Annerley 4103.
Australia.
- Remove ASM versions of libraries
- Remove compiler optimisation flags
- Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
before you try to debug things)
If you wish to report a bug then please include the following information in
any bug report:
OpenSSL Details
- Version, most of these details can be got from the
'openssl version -a' command.
Operating System Details
- On Unix systems: Output of './config -t'
- OS Name, Version
- Hardware platform
Compiler Details
- Name
- Version
Application Details
- Name
- Version
Problem Description
- include steps that will reproduce the problem (if known)
Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project at:
openssl-bugs@openssl.org
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
would like to submit a patch, send it to openssl-dev@openssl.org.
Please be sure to include a textual explanation of what your patch
does.
The preferred format for changes is "diff -u" output. You might
generate it like this:
# cd openssl-work
# [your changes]
# ./Configure dist; make clean
# cd ..
# diff -urN openssl-orig openssl-work > mydiffs.patch

27
README.066 Normal file
View File

@@ -0,0 +1,27 @@
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
eric

147
README.080 Normal file
View File

@@ -0,0 +1,147 @@
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO

8
README.090 Normal file
View File

@@ -0,0 +1,8 @@
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)

137
STATUS
View File

@@ -1,137 +0,0 @@
OpenSSL STATUS Last modified at
______________ $Date: 1999/05/20 01:42:57 $
DEVELOPMENT STATE
o OpenSSL 0.9.3: Freezed... only bugfixes and cleanups allowed!
Proposed release date: Mon May 24th, 1999
Release manager: Ben Laurie <ben@openssl.org>
!! Important: Any non-bugfix, non-cleanup
!! and non-documentation commits should
!! be approved by Ben, first.
o OpenSSL 0.9.2b: Released on March 22th, 1999
o OpenSSL 0.9.1c: Released on December 23th, 1998
RELEASE SHOWSTOPPERS
o BSD/OS: assembler functions must not have leading underscores
AVAILABLE PATCHES
o OCSP (titchenert@certco.com)
o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
IN PROGRESS
o Steve is currently working on (in no particular order):
Proper (or at least usable) certificate chain verification.
Documentation on X509 V3 extension code.
PKCS #8 and PKCS#5 v2.0 support.
Private key, certificate and CRL API and implementation.
Checking and bugfixing PKCS#7 (S/MIME code).
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
not in the original SSLeay-0.9.1.b release. Plus other minor
tidying.
o Ralf is currently working on:
1. Support for SSL_set_default_verify_paths(),
SSL_load_verify_locations(), SSL_get_cert_store() and
SSL_set_cert_store() functions which work like their existing
SSL_CTX_xxx() variants but on a per connection basis. That's needed
to let us provide full-featured per-URL client verification in
mod_ssl or Apache-SSL.
=> It still dumps core, so I suspend this and investigate
again for OpenSSL 0.9.3.
2. The perl/ stuff to make it really work the first time ;-)
=> I'll investigate a few more hours for OpenSSL 0.9.2
3. The new documentation set in POD format under doc/
=> I'll investigate a few more hours for OpenSSL 0.9.2
4. More cleanups to get rid of obsolete/old/ugly files in the
source tree which are not really needed.
=> Done all which were possible with my personal knowledge
o Ben is currently working on:
1. Function Prototype Thought Police issues.
2. Integrated documentation.
3. New TLS Ciphersuites.
4. Anything else that takes his fancy.
NEEDS PATCH
o broken demos
o salzr@certco.com (Rich Salz): Bug in X509_name_print
<29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
o [ Compilation warnings: ctype-related int vs. char ]
=> now casts (unsigned char), maybe those arrays should have
members of that type rather than plain char (i.e.
unsigned char *p; ....; if (isspace(*p)) ...; where it's now
char *p; ....; if (isspace((unsigned char)*p)) ...;)
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file
o dubious declaration of crypt() in des.h
OPEN ISSUES
o The Makefile hierarchy and build mechanism is still not a round thing:
1. The config vs. Configure scripts
It's the same nasty situation as for Apache with APACI vs.
src/Configure. It confuses.
Suggestion: Merge Configure and config into a single configure
script with a Autoconf style interface ;-) and remove
Configure and config. Or even let us use GNU Autoconf
itself. Then we can avoid a lot of those platform checks
which are currently in Configure.
o Support for Shared Libraries has to be added at least
for the major Unix platforms. The details we can rip from the stuff
Ralf has done for the Apache src/Configure script. Ben wants the
solution to be really simple.
Status: Ralf will look how we can easily incorporate the
compiler PIC and linker DSO flags from Apache
into the OpenSSL Configure script.
o The perl/ stuff needs a major overhaul. Currently it's
totally obsolete. Either we clean it up and enhance it to be up-to-date
with the C code or we also could replace it with the really nice
Net::SSLeay package we can find under
http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
longer time and it works fine and is a nice Perl module. Best would be
to convince the author to work for the OpenSSL project and create a
Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
us.
Status: Ralf thinks we should both contact the author of Net::SSLeay
and look how much effort it is to bring Eric's perl/ stuff up
to date.
Paul +1
o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
structure for each cipher. This may make sense for things like DES but
for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
use the EVP interface and set up the cipher parameters. The ASN1 stuff
is also foo wrt ciphers whose AlgorithmIdentifier has more than just
an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
don't work unless the key length matches the fixed value (some vendors
use a key length decided by the size of the RSA encrypted key and expect
RC2 to adapt).
o Properly initialize the PRNG in the absence of /dev/random.
o ERR_error_string(..., buf) does not know how large buf is,
there should be ERR_error_string_n(..., buf, bufsize)
or similar.
WISHES
o Mats Nilsson <mats.nilsson@xware.se>:
"Add reference counting to all substructures of X509 etc. For instance,
X509_NAME lacks a reference counter, while EVP_PKEY has one. I'm
making COM-wrappers for selected parts of SSLeay for a project of ours,
and has found this inconsistency in copy semantics annoying."

28
TODO Normal file
View File

@@ -0,0 +1,28 @@
- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
It will be reworked along with a nice general mechanism for encrypting
ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
still have not done PKCS#8 support.
- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
I will probably not get this fixed for a while, it is just there so
I could test things.
- Be able to generate DSS certificates.
- Add CRL to the X509 verification stuff, this will probably be added with
SSLv3.
+ X509 callback. I need to callback the application to retrieve certificates
and CRL.
*<- designates the things I'm activly working on.
+<- designates that which I have next in the queue.
====
X509v3 extensions
verify certificate chains
X509 cert lookup methods
RSA/DSA/DH methods mostly for smart cards
dsa cert generation

24
VERSION Normal file
View File

@@ -0,0 +1,24 @@
SSLeay 0.8.1
- Mostly bug fixes. There is an Ephemeral DH cipher problem which
is fixed.
SSLeay 0.8.0
- New release, for those that are wondering what happend to
0.7.x, call it our internal development version :-)
- There have been lots of changes, mostly the addition of SSLv3.
- There have been many additions from people and amongst
others, C2Net has assisted greatly.
SSLeay 0.6.6
SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
if your application requires 0.6.6, use it. There have been
lots of bug fixes to 0.8.x that have not been applied to 0.6.6
so use 0.8.0+ in preference.
PORTING 0.6.6 to 0.8.0
I'll be documenting this over the next few weeks but as
pressures have been increasing for making SSLv3 support
available I'm shipping it without this documentation as I
basically have not had time to write it (too busy earning a
living :-)

63
VMS/00README.1st
View File

@@ -1,63 +0,0 @@
OpenSSL 0.9.2c for VMS, README
written by Richard Levitte
<richard@levitte.org>
For a more general overview of SSLeay, read README.
If you just want to compile and install, read INSTALL.VMS
A few notes:
Things NOT done:
================
There are a bunch of directories that aren't touched on VMS so far.
If anyone wants to add those capabilities, go right ahead.
The directories not touched but that might be of interest in the
future are:
[.DEMOS]
[.TOOLS]
[.UTIL]
Things added by me:
===================
[.VMS] a directory with VMS command procedures. Right now,
there are a two of them, of which one is not finished.
Things removed:
===============
In some other patch kits, there were things very OSU-httpd specific
things. I haven't included those, because they seem to belong more
with the OSU source.
I am, however, assembling those things in a separate package.
TODO:
=====
- Description files.
- Bug fixes (of course).
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
- other... Please send me ideas.
Report bugs and such:
=====================
I maintain a few mailinglists for bug reports and such on software that
I develop/port/enhance/destroy. Please look at http://www.free.lp.se/
for further info.
--
Richard Levitte <richard@levitte.org>
1999-03-09

4
VMS/WISHLIST.TXT
View File

@@ -1,4 +0,0 @@
* Have the building procedure contain a LINK-only possibility.
Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
One way to enable that is also to go over to DESCRIP.MMS files.

65
VMS/install.com
View File

@@ -1,65 +0,0 @@
$! INSTALL.COM -- Installs the files in a given directory tree
$!
$! Author: Richard Levitte <richard@levitte.org>
$! Time of creation: 23-MAY-1998 19:22
$!
$! P1 root of the directory tree
$!
$ IF P1 .EQS. ""
$ THEN
$ WRITE SYS$OUTPUT "First argument missing."
$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
$ EXIT
$ ENDIF
$
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
- "[000000." - "][" - "[" - "]"
$ ROOT = ROOT_DEV + "[" + ROOT_DIR
$
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
$ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
$ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
$
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[000000]
$ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[VMS]
$
$ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
$ WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
$ WRITE SF "$!"
$ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
$ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
$ WRITE SF "$!"
$ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names"
$ WRITE SF "$! defined in the system logical name table."
$ WRITE SF "$!"
$ WRITE SF "$ ARCH = ""VAX"""
$ WRITE SF "$ IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLEXE SSLROOT:['ARCH'_EXE]"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLCERTS SSLROOT:[CERTS]"
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLPRIVATE SSLROOT:[PRIVATE]"
$ WRITE SF "$"
$ WRITE SF "$! This is program can include <openssl/{foo}.h>"
$ WRITE SF "$ DEFINE/NOLOG'P1 OPENSSL SSLINCLUDE:"
$ WRITE SF "$"
$ WRITE SF "$ IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
$ WRITE SF " @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
$ WRITE SF "$"
$ WRITE SF "$ EXIT"
$ CLOSE SF
$
$ COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
$
$ EXIT

1
VMS/multinet_shr.opt
View File

@@ -1 +0,0 @@
multinet:multinet_socket_library.exe/share

35
VMS/openssl_utils.com
View File

@@ -1,35 +0,0 @@
$!
$! APPS.COM
$! Written By: Robert Byer
$! Vice-President
$! A-Com Computing, Inc.
$! byer@mail.all-net.net
$!
$!
$! Slightly modified by Richard Levitte <richard@levitte.org>
$!
$ OPENSSL :== $SSLEXE:OPENSSL
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
$ REQ :== $SSLEXE:OPENSSL REQ
$ DGST :== $SSLEXE:OPENSSL DGST
$ DH :== $SSLEXE:OPENSSL DH
$ ENC :== $SSLEXE:OPENSSL ENC
$ GENDH :== $SSLEXE:OPENSSL GENDH
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
$ CA :== $SSLEXE:OPENSSL CA
$ CRL :== $SSLEXE:OPENSSL CRL
$ RSA :== $SSLEXE:OPENSSL RSA
$ DSA :== $SSLEXE:OPENSSL DSA
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
$ X509 :== $SSLEXE:OPENSSL X509
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
$ SPEED :== $SSLEXE:OPENSSL SPEED
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
$ VERSION :== $SSLEXE:OPENSSL VERSION
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS

1
VMS/socketshr_shr.opt
View File

@@ -1 +0,0 @@
socketshr/share

1
VMS/ucx_shr_decc.opt
View File

@@ -1 +0,0 @@
sys$share:ucx$ipc_shr.exe/share

1
VMS/ucx_shr_decc_log.opt
View File

@@ -1 +0,0 @@
ucx$ipc_shr/share

1
VMS/ucx_shr_vaxc.opt
View File

@@ -1 +0,0 @@
sys$library:ucx$ipc.olb/library

2
apps/.cvsignore
View File

@@ -1,2 +0,0 @@
openssl
Makefile.save

200
apps/CA.com
View File

@@ -1,200 +0,0 @@
$! CA - wrapper around ca to make it easier to use ... basically ca requires
$! some setup stuff to be done before you can use it and this makes
$! things easier between now and when Eric is convinced to fix it :-)
$!
$! CA -newca ... will setup the right stuff
$! CA -newreq ... will generate a certificate request
$! CA -sign ... will sign the generated request and output
$!
$! At the end of that grab newreq.pem and newcert.pem (one has the key
$! and the other the certificate) and cat them together and that is what
$! you want/need ... I'll make even this a little cleaner later.
$!
$!
$! 12-Jan-96 tjh Added more things ... including CA -signcert which
$! converts a certificate to a request and then signs it.
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
$! environment variable so this can be driven from
$! a script.
$! 25-Jul-96 eay Cleaned up filenames some more.
$! 11-Jun-96 eay Fixed a few filename missmatches.
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
$! 18-Apr-96 tjh Original hacking
$!
$! Tim Hudson
$! tjh@cryptsoft.com
$!
$!
$! default ssleay.cnf file has setup as per the following
$! demoCA ... where everything is stored
$
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
$
$ DAYS = "-days 365"
$ REQ = openssl + " req " + SSLEAY_CONFIG
$ CA = openssl + " ca " + SSLEAY_CONFIG
$ VERIFY = openssl + " verify"
$ X509 = openssl + " x509"
$ echo = "write sys$Output"
$!
$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
$ CATOP := 's'.demoCA
$ CAKEY := ]cakey.pem
$ CACERT := ]cacert.pem
$
$ __INPUT := SYS$COMMAND
$ RET = 1
$!
$ i = 1
$opt_loop:
$ if i .gt. 8 then goto opt_loop_end
$
$ prog_opt = F$EDIT(P'i',"lowercase")
$
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
$ THEN
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
$ exit
$ ENDIF
$!
$ IF (prog_opt .EQS. "-input")
$ THEN
$ ! Get input from somewhere other than SYS$COMMAND
$ i = i + 1
$ __INPUT = P'i'
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newcert")
$ THEN
$ ! Create a certificate.
$ DEFINE/USER SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Certificate (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newreq")
$ THEN
$ ! Create a certificate request
$ DEFINE/USER SYS$INPUT '__INPUT'
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Request (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newca")
$ THEN
$ ! If explicitly asked for or it doesn't exist then setup the directory
$ ! structure that Eric likes to manage things.
$ IF F$SEARCH(CATOP+"]serial.") .EQS. ""
$ THEN
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
$ OPEN /WRITE ser_file 'CATOP']serial.
$ WRITE ser_file "01"
$ CLOSE ser_file
$ APPEND/NEW NL: 'CATOP']index.txt
$ ENDIF
$!
$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
$ THEN
$ READ '__INPUT' FILE -
/PROMT="CA certificate filename (or enter to create)"
$ IF F$SEARCH(FILE) .NES. ""
$ THEN
$ COPY 'FILE' 'CATOP'.private'CAKEY'
$ RET=$STATUS
$ ELSE
$ echo "Making CA certificate ..."
$ DEFINE/USER SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
-out 'CATOP''CACERT' 'DAYS'
$ RET=$STATUS
$ ENDIF
$ ENDIF
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-xsign")
$ THEN
$!
$ DEFINE/USER SYS$INPUT '__INPUT'
$ CA -policy policy_anything -infiles newreq.pem
$ RET=$STATUS
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
$ THEN
$!
$ DEFINE/USER SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
$ RET=$STATUS
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-signcert")
$ THEN
$!
$ echo "Cert passphrase will be requested twice - bug?"
$ DEFINE/USER SYS$INPUT '__INPUT'
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$ DEFINE/USER SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
y
y
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-verify")
$ THEN
$!
$ i = i + 1
$ IF (p'i' .EQS. "")
$ THEN
$ DEFINE/USER SYS$INPUT '__INPUT'
$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
$ ELSE
$ j = i
$ verify_opt_loop:
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
$ IF p'j' .NES. ""
$ THEN
$ DEFINE/USER SYS$INPUT '__INPUT'
$ __tmp = p'j'
$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
$ tmp=$STATUS
$ IF tmp .NE. 0 THEN RET=tmp
$ ENDIF
$ j = j + 1
$ GOTO verify_opt_loop
$ verify_opt_loop_end:
$ ENDIF
$
$ GOTO opt_loop_end
$ ENDIF
$!
$ IF (prog_opt .NES. "")
$ THEN
$!
$ echo "Unknown argument ''prog_opt'"
$
$ EXIT 3
$ ENDIF
$
$opt_loop_continue:
$ i = i + 1
$ GOTO opt_loop
$
$opt_loop_end:
$ EXIT 'RET'

153
apps/CA.pl
View File

@@ -1,153 +0,0 @@
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
$DAYS="-days 365";
$REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
$VERIFY="openssl verify";
$X509="openssl x509";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Certificate (and private key) is in newreq.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
# if explictly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/serial";
print OUT "01\n";
close OUT;
open OUT, ">${CATOP}/index.txt";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -x509 -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
$RET=$?;
}
}
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

10
apps/CA.sh
View File

@@ -27,14 +27,14 @@
# tjh@cryptsoft.com
#
# default openssl.cnf file has setup as per the following
# default ssleay.cnf file has setup as per the following
# demoCA ... where everything is stored
DAYS="-days 365"
REQ="openssl req $SSLEAY_CONFIG"
CA="openssl ca $SSLEAY_CONFIG"
VERIFY="openssl verify"
X509="openssl x509"
REQ="ssleay req $SSLEAY_CONFIG"
CA="ssleay ca $SSLEAY_CONFIG"
VERIFY="ssleay verify"
X509="ssleay x509"
CATOP=./demoCA
CAKEY=./cakey.pem

626
apps/Makefile.ssl
View File

@@ -1,5 +1,5 @@
#
# apps/Makefile.ssl
# SSLeay/apps/Makefile.ssl
#
DIR= apps
@@ -7,38 +7,36 @@ TOP= ..
CC= cc
INCLUDES= -I../include
CFLAG= -g -static
INSTALL_PREFIX=
INSTALLTOP= /usr/local/ssl
OPENSSLDIR= /usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEDEPEND= makedepend -f Makefile.ssl
MAKEFILE= Makefile.ssl
RM= rm -f
RM= /bin/rm -f
PEX_LIBS=
EX_LIBS=
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
GENERAL=Makefile
DLIBCRYPTO=../libcrypto.a
DLIBSSL=../libssl.a
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
PROGRAM= openssl
SSLEAY= ssleay
SCRIPTS=CA.sh CA.pl der_chop
SCRIPTS=CA.sh der_chop
EXE= $(PROGRAM)
EXE= $(SSLEAY)
E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \
rsa dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12
x509 genrsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers
PROGS= $(PROGRAM).c
PROGS= $(SSLEAY).c
A_OBJ=apps.o
A_SRC=apps.c
@@ -48,18 +46,18 @@ S_SRC= s_cb.c s_socket.c
E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
pkcs7.o crl2p7.o crl.o \
rsa.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
x509.o genrsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
ciphers.o nseq.o pkcs12.o
ciphers.o
# pem_mail.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
rsa.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
x509.c genrsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
ciphers.c nseq.c
ciphers.c
# pem_mail.c
@@ -86,23 +84,20 @@ sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
install:
@for i in $(EXE); \
install: mklinks
@for i in $(EXE) $(SCRIPTS) mklinks; \
do \
(echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
done;
@for i in $(SCRIPTS); \
do \
(echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
done
@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
cp $$i $(INSTALLTOP)/bin/$$i; \
chmod 755 $(INSTALLTOP)/bin/$$i ); \
done; \
cp ssleay.cnf $(INSTALLTOP)/lib
chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
cd $(INSTALLTOP)/bin; \
/bin/sh ./mklinks; \
/bin/rm -f ./mklinks
tags:
ctags $(SRC)
@@ -110,21 +105,24 @@ tags:
tests:
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
/bin/rm -f Makefile
$(TOP)/util/point.sh Makefile.ssl Makefile ;
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
errors:
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
rm -f req
/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
/bin/rm -f req
$(DLIBSSL):
(cd ../ssl; $(MAKE))
@@ -132,557 +130,15 @@ $(DLIBSSL):
$(DLIBCRYPTO):
(cd ../crypto; $(MAKE))
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(SSLEAY)
$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
progs.h:
$(PERL) ./progs.pl $(E_EXE) >progs.h
$(RM) $(PROGRAM).o
perl ./g_ssleay.pl $(E_EXE) >progs.h
$(RM) $(SSLEAY).o
mklinks:
perl ./g_ssleay.pl $(E_EXE) >progs.h
# DO NOT DELETE THIS LINE -- make depend depends on it.
apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslv.h
apps.o: ../include/openssl/stack.h apps.h progs.h
asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
asn1pars.o: progs.h
ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
ca.o: ../include/openssl/err.h ../include/openssl/evp.h
ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ca.o: ../include/openssl/x509v3.h apps.h progs.h
ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
ciphers.o: progs.h
crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
crl.o: ../include/openssl/err.h ../include/openssl/evp.h
crl.o: ../include/openssl/idea.h ../include/openssl/md2.h
crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
crl.o: ../include/openssl/x509v3.h apps.h progs.h
crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
crl2p7.o: progs.h
dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dh.o: ../include/openssl/err.h ../include/openssl/evp.h
dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
enc.o: ../include/openssl/err.h ../include/openssl/evp.h
enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
errstr.o: progs.h
gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
req.o: ../include/openssl/des.h ../include/openssl/dh.h
req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
req.o: ../include/openssl/evp.h ../include/openssl/idea.h
req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
req.o: ../include/openssl/stack.h ../include/openssl/x509.h
req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
s_cb.o: s_apps.h
s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_client.o: progs.h s_apps.h
s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_server.o: progs.h s_apps.h
s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_time.o: progs.h s_apps.h
sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
sess_id.o: progs.h
speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
speed.o: ../include/openssl/err.h ../include/openssl/evp.h
speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
speed.o: ./testrsa.h apps.h progs.h
verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
verify.o: ../include/openssl/err.h ../include/openssl/evp.h
verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
verify.o: progs.h
version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
version.o: ../include/openssl/crypto.h ../include/openssl/des.h
version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
version.o: ../include/openssl/evp.h ../include/openssl/idea.h
version.o: ../include/openssl/md2.h ../include/openssl/md5.h
version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
x509.o: ../include/openssl/err.h ../include/openssl/evp.h
x509.o: ../include/openssl/idea.h ../include/openssl/md2.h
x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
x509.o: ../include/openssl/x509v3.h apps.h progs.h

64
apps/apps.c
View File

@@ -69,9 +69,17 @@
# include "bss_file.c"
#endif
#ifndef NOPROTO
int app_init(long mesgwin);
#else
int app_init();
#endif
#ifdef undef /* never finished - probably never will be :-) */
int args_from_file(char *file, int *argc, char **argv[])
int args_from_file(file,argc,argv)
char *file;
int *argc;
char **argv[];
{
FILE *fp;
int num,i;
@@ -149,7 +157,8 @@ int args_from_file(char *file, int *argc, char **argv[])
}
#endif
int str2fmt(char *s)
int str2fmt(s)
char *s;
{
if ((*s == 'D') || (*s == 'd'))
return(FORMAT_ASN1);
@@ -164,7 +173,10 @@ int str2fmt(char *s)
}
#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
void program_name(char *in, char *out, int size)
void program_name(in,out,size)
char *in;
char *out;
int size;
{
int i,n;
char *p=NULL;
@@ -201,28 +213,10 @@ void program_name(char *in, char *out, int size)
out[n]='\0';
}
#else
#ifdef VMS
void program_name(char *in, char *out, int size)
{
char *p=in, *q;
char *chars=":]>";
while(*chars != '\0')
{
q=strrchr(p,*chars);
if (q > p)
p = q + 1;
chars++;
}
q=strrchr(p,'.');
if (q == NULL)
q = in+size;
strncpy(out,p,q-p);
out[q-p]='\0';
}
#else
void program_name(char *in, char *out, int size)
void program_name(in,out,size)
char *in;
char *out;
int size;
{
char *p;
@@ -235,25 +229,24 @@ void program_name(char *in, char *out, int size)
out[size-1]='\0';
}
#endif
#endif
#ifdef WIN32
int WIN32_rename(char *from, char *to)
int WIN32_rename(from,to)
char *from;
char *to;
{
#ifdef WINNT
int ret;
/* Note: MoveFileEx() doesn't work under Win95, Win98 */
ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
return(ret?0:-1);
#else
unlink(to);
return MoveFile(from, to);
#endif
}
#endif
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
int chopup_args(arg,buf,argc,argv)
ARGS *arg;
char *buf;
int *argc;
char **argv[];
{
int num,len,i;
char *p;
@@ -319,7 +312,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
}
#ifndef APP_INIT
int app_init(long mesgwin)
int app_init(mesgwin)
long mesgwin;
{
return(1);
}

19
apps/apps.h
View File

@@ -59,11 +59,11 @@
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
#include "openssl/e_os.h"
#include "e_os.h"
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include "buffer.h"
#include "bio.h"
#include "crypto.h"
#include "progs.h"
#ifdef NO_STDIO
@@ -88,7 +88,7 @@ extern BIO *bio_err;
#else
#define MAIN(a,v) PROG(a,v)
#include <openssl/conf.h>
#include "conf.h"
extern LHASH *config;
extern char *default_config_file;
extern BIO *bio_err;
@@ -127,11 +127,20 @@ typedef struct args_st
int count;
} ARGS;
#ifndef NOPROTO
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#else
int should_retry();
int args_from_file();
int str2fmt();
void program_name();
int chopup_args();
#endif
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2

48
apps/asn1pars.c
View File

@@ -57,17 +57,17 @@
*/
/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
* add the -strparse option which parses nested binary structures
* add the -strparse option which parses nested binarary structures
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "err.h"
#include "evp.h"
#include "x509.h"
#include "pem.h"
/* -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin
@@ -80,14 +80,16 @@
#undef PROG
#define PROG asn1parse_main
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int i,badops=0,offset=0,ret=1,j;
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
BIO *in=NULL,*out=NULL,*b64=NULL;
int informat,indent=0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
unsigned char *tmpbuf;
BUF_MEM *buf=NULL;
STACK *osk=NULL;
@@ -121,11 +123,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
derfile= *(++argv);
}
else if (strcmp(*argv,"-i") == 0)
{
indent=1;
@@ -167,7 +164,7 @@ bad:
BIO_printf(bio_err,"%s [options] <infile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg lenth of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
@@ -175,7 +172,6 @@ bad:
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err," ASN1 blob wrappings\n");
BIO_printf(bio_err," -out filename output DER encoding to file\n");
goto end;
}
@@ -212,14 +208,6 @@ bad:
}
}
if (derfile) {
if(!(derout = BIO_new_file(derfile, "wb"))) {
BIO_printf(bio_err,"problems opening %s\n",derfile);
ERR_print_errors(bio_err);
goto end;
}
}
if ((buf=BUF_MEM_new()) == NULL) goto end;
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
@@ -253,7 +241,6 @@ bad:
tmplen=num;
for (i=0; i<sk_num(osk); i++)
{
ASN1_TYPE *atmp;
j=atoi(sk_value(osk,i));
if (j == 0)
{
@@ -262,10 +249,7 @@ bad:
}
tmpbuf+=j;
tmplen-=j;
atmp = at;
at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
ASN1_TYPE_free(atmp);
if(!at)
if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
{
BIO_printf(bio_err,"Error parsing structure\n");
ERR_print_errors(bio_err);
@@ -280,13 +264,6 @@ bad:
}
if (length == 0) length=(unsigned int)num;
if(derout) {
if(BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
{
ERR_print_errors(bio_err);
@@ -294,7 +271,6 @@ bad:
}
ret=0;
end:
BIO_free(derout);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (b64 != NULL) BIO_free(b64);

692
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

BIN
apps/cert.der Normal file
View File

Binary file not shown.

21
apps/ciphers.c
View File

@@ -63,12 +63,8 @@
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#if defined(NO_RSA) && !defined(NO_SSL2)
#define NO_SSL2
#endif
#include "err.h"
#include "ssl.h"
#undef PROG
#define PROG ciphers_main
@@ -81,18 +77,19 @@ static char *ciphers_usage[]={
NULL
};
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int ret=1,i;
int verbose=0;
char **pp;
const char *p;
char **pp,*p;
int badops=0;
SSL_CTX *ctx=NULL;
SSL *ssl=NULL;
char *ciphers=NULL;
SSL_METHOD *meth=NULL;
STACK_OF(SSL_CIPHER) *sk;
STACK *sk;
char buf[512];
BIO *STDout=NULL;
@@ -170,10 +167,10 @@ int MAIN(int argc, char **argv)
{
sk=SSL_get_ciphers(ssl);
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
for (i=0; i<sk_num(sk); i++)
{
BIO_puts(STDout,SSL_CIPHER_description(
sk_SSL_CIPHER_value(sk,i),
(SSL_CIPHER *)sk_value(sk,i),
buf,512));
}
}

89
apps/crl.c
View File

@@ -60,11 +60,10 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG crl_main
@@ -88,17 +87,24 @@ static char *crl_usage[]={
NULL
};
#ifndef NOPROTO
static X509_CRL *load_crl(char *file, int format);
#else
static X509_CRL *load_crl();
#endif
static BIO *bio_out=NULL;
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
X509_CRL *x=NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
char **pp,buf[256];
apps_startup();
@@ -136,6 +142,10 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-text") == 0)
{
outformat=FORMAT_TEXT;
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
@@ -146,8 +156,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
else if (strcmp(*argv,"-issuer") == 0)
@@ -168,6 +176,14 @@ int MAIN(int argc, char **argv)
argv++;
}
if (outformat == FORMAT_TEXT)
{
num=0;
issuer= ++num;
lastupdate= ++num;
nextupdate= ++num;
}
if (badops)
{
bad:
@@ -177,7 +193,6 @@ bad:
}
ERR_load_crypto_strings();
X509V3_add_standard_extensions();
x=load_crl(infile,informat);
if (x == NULL) { goto end; }
@@ -188,32 +203,34 @@ bad:
if (issuer == i)
{
X509_NAME_oneline(x->crl->issuer,buf,256);
BIO_printf(bio_out,"issuer= %s\n",buf);
fprintf(stdout,"issuer= %s\n",buf);
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
fprintf(stdout,"%08lx\n",
X509_NAME_hash(x->crl->issuer));
}
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
ASN1_TIME_print(bio_out,x->crl->lastUpdate);
BIO_printf(bio_out,"\n");
fprintf(stdout,"lastUpdate=");
ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
fprintf(stdout,"\n");
}
if (nextupdate == i)
{
BIO_printf(bio_out,"nextUpdate=");
fprintf(stdout,"nextUpdate=");
if (x->crl->nextUpdate != NULL)
ASN1_TIME_print(bio_out,x->crl->nextUpdate);
ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
else
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
fprintf(stdout,"NONE");
fprintf(stdout,"\n");
}
}
}
if (noout) goto end;
out=BIO_new(BIO_s_file());
if (out == NULL)
{
@@ -232,14 +249,27 @@ bad:
}
}
if (text) X509_CRL_print(out, x);
if (noout) goto end;
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x);
else if (outformat == FORMAT_TEXT)
{
X509_REVOKED *r;
STACK *sk;
sk=sk_dup(x->crl->revoked);
while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
{
fprintf(stdout,"revoked: serialNumber=");
i2a_ASN1_INTEGER(out,r->serialNumber);
fprintf(stdout," revocationDate=");
ASN1_UTCTIME_print(bio_out,r->revocationDate);
fprintf(stdout,"\n");
}
sk_free(sk);
i=1;
}
else
{
BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -248,14 +278,15 @@ bad:
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
BIO_free(out);
BIO_free(bio_out);
X509_CRL_free(x);
X509V3_EXT_cleanup();
if (out != NULL) BIO_free(out);
if (bio_out != NULL) BIO_free(bio_out);
if (x != NULL) X509_CRL_free(x);
EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
static X509_CRL *load_crl(infile, format)
char *infile;
int format;
{
X509_CRL *x=NULL;
BIO *in=NULL;
@@ -293,7 +324,7 @@ static X509_CRL *load_crl(char *infile, int format)
}
end:
BIO_free(in);
if (in != NULL) BIO_free(in);
return(x);
}

67
apps/crl2p7.c
View File

@@ -65,14 +65,19 @@
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/objects.h>
#include "err.h"
#include "evp.h"
#include "x509.h"
#include "pkcs7.h"
#include "pem.h"
#include "objects.h"
#ifndef NOPROTO
static int add_certs_from_file(STACK *stack, char *certfile);
#else
static int add_certs_from_file();
#endif
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
#undef PROG
#define PROG crl2pkcs7_main
@@ -82,7 +87,9 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
* -out arg - output file - default stdout
*/
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int i,badops=0;
BIO *in=NULL,*out=NULL;
@@ -91,9 +98,8 @@ int MAIN(int argc, char **argv)
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
STACK *certflst=NULL;
STACK *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
STACK *cert_stack=NULL;
int ret=1,nocrl=0;
apps_startup();
@@ -106,6 +112,7 @@ int MAIN(int argc, char **argv)
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
certfile=NULL;
prog=argv[0];
argc--;
@@ -139,8 +146,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_new(NULL);
sk_push(certflst,*(++argv));
certfile= *(++argv);
}
else
{
@@ -159,10 +165,9 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
EXIT(1);
}
@@ -221,20 +226,18 @@ bad:
crl=NULL; /* now part of p7 for Freeing */
}
if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
if ((cert_stack=sk_new(NULL)) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_num(certflst); i++) {
certfile = sk_value(certflst, i);
if (certfile != NULL)
{
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
BIO_printf(bio_err,"error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
sk_free(certflst);
}
if (outfile == NULL)
BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -281,42 +284,40 @@ end:
* number of certs added if successful, -1 if not.
*----------------------------------------------------------------------
*/
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
static int add_certs_from_file(stack,certfile)
STACK *stack;
char *certfile;
{
struct stat st;
BIO *in=NULL;
int count=0;
int ret= -1;
STACK_OF(X509_INFO) *sk=NULL;
STACK *sk=NULL;
X509_INFO *xi;
if ((stat(certfile,&st) != 0))
{
BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
goto end;
}
in=BIO_new(BIO_s_file());
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
{
BIO_printf(bio_err,"error opening the file, %s\n",certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
if (sk == NULL) {
BIO_printf(bio_err,"error reading the file, %s\n",certfile);
goto end;
}
if (sk == NULL) goto end;
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk))
while (sk_num(sk))
{
xi=sk_X509_INFO_shift(sk);
xi=(X509_INFO *)sk_shift(sk);
if (xi->x509 != NULL)
{
sk_X509_push(stack,xi->x509);
sk_push(stack,(char *)xi->x509);
xi->x509=NULL;
count++;
}
@@ -327,7 +328,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
end:
/* never need to Free x */
if (in != NULL) BIO_free(in);
if (sk != NULL) sk_X509_INFO_free(sk);
if (sk != NULL) sk_free(sk);
return(ret);
}

14
apps/der_chop
View File

@@ -42,13 +42,13 @@ $md4_cmd="md4";
$rsa_cmd="rsa -des -inform der ";
# this was the 0.5.x way of doing things ...
$cmd="openssl asn1parse";
$x509_cmd="openssl x509";
$crl_cmd="openssl crl";
$rc4_cmd="openssl rc4";
$md2_cmd="openssl md2";
$md4_cmd="openssl md4";
$rsa_cmd="openssl rsa -des -inform der ";
$cmd="ssleay asn1parse";
$x509_cmd="ssleay x509";
$crl_cmd="ssleay crl";
$rc4_cmd="ssleay rc4";
$md2_cmd="ssleay md2";
$md4_cmd="ssleay md4";
$rsa_cmd="ssleay rsa -des -inform der ";
&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
$depth=($opt_d =~ /^\d+$/)?$opt_d:0;

32
apps/dgst.c
View File

@@ -60,12 +60,12 @@
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "pem.h"
#undef BUFSIZE
#define BUFSIZE 1024*8
@@ -73,15 +73,22 @@
#undef PROG
#define PROG dgst_main
#ifndef NOPROTO
void do_fp(unsigned char *buf,BIO *f,int sep);
int MAIN(int argc, char **argv)
#else
void do_fp();
#endif
int MAIN(argc,argv)
int argc;
char **argv;
{
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
EVP_MD *md=NULL,*m;
BIO *in=NULL,*inp;
BIO *bmd=NULL;
const char *name;
char *name;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
int separator=0;
@@ -105,7 +112,7 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc > 0)
for (i=0; i<argc; i++)
{
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
@@ -196,7 +203,10 @@ end:
EXIT(err);
}
void do_fp(unsigned char *buf, BIO *bp, int sep)
void do_fp(buf,bp,sep)
unsigned char *buf;
BIO *bp;
int sep;
{
int len;
int i;

22
apps/dh.c
View File

@@ -56,18 +56,17 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_DH
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "bn.h"
#include "dh.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG dh_main
@@ -82,7 +81,9 @@
* -C
*/
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
DH *dh=NULL;
int i,badops=0,text=0;
@@ -151,10 +152,10 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -text check the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
goto end;
@@ -309,4 +310,3 @@ end:
if (dh != NULL) DH_free(dh);
EXIT(ret);
}
#endif

23
apps/dsa-ca.pem
View File

@@ -1,14 +1,17 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
J6zsFbSEHaQGUmfSeoM=
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
MVqOsYxGCb+kez0FoDSTgw==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

23
apps/dsa-pca.pem
View File

@@ -1,14 +1,17 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
6TicfImU7UFRn9h00j0lJQ==
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx

23
apps/dsa.c
View File

@@ -56,18 +56,17 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_DSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "dsa.h"
#include "evp.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG dsa_main
@@ -83,12 +82,14 @@
* -modulus - print the DSA public key
*/
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
char *infile,*outfile,*prog;
@@ -153,7 +154,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -253,4 +254,4 @@ end:
if (dsa != NULL) DSA_free(dsa);
EXIT(ret);
}
#endif

32
apps/dsaparam.c
View File

@@ -56,19 +56,18 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_DSA
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "bn.h"
#include "rand.h"
#include "dsa.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG dsaparam_main
@@ -84,8 +83,15 @@
* -genkey
*/
#ifndef NOPROTO
static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
int MAIN(int argc, char **argv)
#else
static void MS_CALLBACK dsa_cb();
#endif
int MAIN(argc, argv)
int argc;
char **argv;
{
DSA *dsa=NULL;
int i,badops=0,text=0;
@@ -166,7 +172,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text check the DSA parameters\n");
BIO_printf(bio_err," -C Output C code\n");
@@ -336,7 +342,10 @@ end:
EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
static void MS_CALLBACK dsa_cb(p, n, arg)
int p;
int n;
char *arg;
{
char c='*';
@@ -350,4 +359,3 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
p=n;
#endif
}
#endif

35
apps/eay.c
View File

@@ -62,34 +62,33 @@
#define MONOLITH
#define USE_SOCKETS
#include "../e_os.h"
#include "openssl/e_os.h"
#include "bio.h"
#include "stack.h"
#include "lhash.h"
#include <openssl/bio.h>
#include <openssl/stack.h>
#include <openssl/lhash.h>
#include "err.h"
#include <openssl/err.h>
#include "bn.h"
#include <openssl/bn.h>
#include "evp.h"
#include <openssl/evp.h>
#include "rand.h"
#include "conf.h"
#include "txt_db.h"
#include <openssl/rand.h>
#include <openssl/conf.h>
#include <openssl/txt_db.h>
#include "err.h"
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include "x509.h"
#include "pkcs7.h"
#include "pem.h"
#include "asn1.h"
#include "objects.h"
#define MONOLITH
#include "openssl.c"
#include "ssleay.c"
#include "apps.c"
#include "asn1pars.c"
#ifndef NO_RSA

40
apps/enc.c
View File

@@ -60,17 +60,22 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef NO_MD5
#include <openssl/md5.h>
#include "bio.h"
#include "err.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#ifdef NO_MD5
#include "md5.h"
#endif
#include <openssl/pem.h>
#include "pem.h"
#ifndef NOPROTO
int set_hex(char *in,unsigned char *out,int size);
#else
int set_hex();
#endif
#undef SIZE
#undef BSIZE
#undef PROG
@@ -79,7 +84,9 @@ int set_hex(char *in,unsigned char *out,int size);
#define BSIZE (8*1024)
#define PROG enc_main
int MAIN(int argc, char **argv)
int MAIN(argc,argv)
int argc;
char **argv;
{
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
@@ -90,7 +97,7 @@ int MAIN(int argc, char **argv)
char *hkey=NULL,*hiv=NULL;
int enc=1,printkey=0,i,base64=0;
int debug=0,olb64=0;
const EVP_CIPHER *cipher=NULL,*c;
EVP_CIPHER *cipher=NULL,*c;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 16
@@ -232,7 +239,7 @@ bad:
#ifndef NO_RC4
BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n");
#endif
#ifndef NO_RC4
@@ -270,19 +277,19 @@ bad:
LN_rc2_cfb64, LN_rc2_ofb64);
BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
LN_bf_ecb, LN_bf_cbc,
LN_bf_cfb64, LN_bf_ofb64);
BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
#endif
#ifndef NO_CAST
#ifndef NO_BLOWFISH
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
LN_cast5_ecb, LN_cast5_cbc,
LN_cast5_cfb64, LN_cast5_ofb64);
BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
#endif
#ifndef NO_RC5
#ifndef NO_BLOWFISH
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
LN_rc5_ecb, LN_rc5_cbc,
LN_rc5_cfb64, LN_rc5_ofb64);
@@ -514,7 +521,10 @@ end:
EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
int set_hex(in,out,size)
char *in;
unsigned char *out;
int size;
{
int i,n;
unsigned char j;

12
apps/errstr.c
View File

@@ -60,15 +60,17 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/lhash.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "bio.h"
#include "lhash.h"
#include "err.h"
#include "ssl.h"
#undef PROG
#define PROG errstr_main
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int i,ret=0;
char buf[256];

2
apps/ext.v3 Normal file
View File

@@ -0,0 +1,2 @@
2.99999.3 SET.ex3 SET x509v3 extension 3

114
apps/g_ssleay.pl Normal file
View File

@@ -0,0 +1,114 @@
#!/usr/local/bin/perl
$mkprog='mklinks';
$rmprog='rmlinks';
print "#ifndef NOPROTO\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV)
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
print "#else\n";
foreach (@ARGV)
{ printf "extern int %s_main();\n",$_; }
print "#endif\n";
print <<'EOF';
#ifdef SSLEAY_SRC
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
typedef struct {
int type;
char *name;
int (*func)();
} FUNCTION;
FUNCTION functions[] = {
EOF
foreach (@ARGV)
{
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
{ print "#ifndef NO_DH\n${str}#endif\n"; }
else
{ print $str; }
}
foreach ("md2","md5","sha","sha1","mdc2","rmd160")
{
push(@files,$_);
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
}
foreach (
"base64",
"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
{
push(@files,$_);
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; }
print $t;
}
print "\t{0,NULL,NULL}\n\t};\n";
print "#endif\n\n";
open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
print OUT "#!/bin/sh\nfor i in ";
foreach (@files)
{ print OUT $_." "; }
print OUT <<'EOF';
do
echo making symlink for $i
/bin/rm -f $i
ln -s ssleay $i
done
EOF
close(OUT);
chmod(0755,$mkprog);
open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
print OUT "#!/bin/sh\nfor i in ";
foreach (@files)
{ print OUT $_." "; }
print OUT <<'EOF';
do
echo removing $i
/bin/rm -f $i
done
EOF
close(OUT);
chmod(0755,$rmprog);

36
apps/gendh.c
View File

@@ -56,27 +56,34 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_DH
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "rand.h"
#include "err.h"
#include "bn.h"
#include "dh.h"
#include "x509.h"
#include "pem.h"
#define DEFBITS 512
#undef PROG
#define PROG gendh_main
#ifndef NOPROTO
static void MS_CALLBACK dh_cb(int p, int n, char *arg);
static long dh_load_rand(char *names);
int MAIN(int argc, char **argv)
#else
static void MS_CALLBACK dh_cb();
static long dh_load_rand();
#endif
int MAIN(argc, argv)
int argc;
char **argv;
{
char buffer[200];
DH *dh=NULL;
@@ -184,7 +191,10 @@ end:
EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, char *arg)
static void MS_CALLBACK dh_cb(p,n,arg)
int p;
int n;
char *arg;
{
char c='*';
@@ -199,7 +209,8 @@ static void MS_CALLBACK dh_cb(int p, int n, char *arg)
#endif
}
static long dh_load_rand(char *name)
static long dh_load_rand(name)
char *name;
{
char *p,*n;
int last;
@@ -220,4 +231,5 @@ static long dh_load_rand(char *name)
}
return(tot);
}
#endif

64
apps/gendsa.c
View File

@@ -56,34 +56,39 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_DSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "rand.h"
#include "err.h"
#include "bn.h"
#include "dsa.h"
#include "x509.h"
#include "pem.h"
#define DEFBITS 512
#undef PROG
#define PROG gendsa_main
#ifndef NOPROTO
static long dsa_load_rand(char *names);
int MAIN(int argc, char **argv)
#else
static long dsa_load_rand();
#endif
int MAIN(argc, argv)
int argc;
char **argv;
{
char buffer[200];
DSA *dsa=NULL;
int ret=1;
int ret=1,num=DEFBITS;
char *outfile=NULL;
char *inrand=NULL,*randfile,*dsaparams=NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
apps_startup();
@@ -112,16 +117,6 @@ int MAIN(int argc, char **argv)
{
dsaparams= *argv;
}
#ifndef NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
#ifndef NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
else
goto bad;
argv++;
@@ -131,25 +126,16 @@ int MAIN(int argc, char **argv)
if (dsaparams == NULL)
{
bad:
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err," -out file - output the key to 'file'\n");
#ifndef NO_DES
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#endif
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -rand file:file:...\n");
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
in=BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams)))
if (!(BIO_read_filename(in,"dsaparams")))
{
perror(dsaparams);
goto end;
@@ -188,8 +174,8 @@ bad:
dsa_load_rand(inrand));
}
BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
if (!DSA_generate_key(dsa)) goto end;
if (randfile == NULL)
@@ -197,7 +183,7 @@ bad:
else
RAND_write_file(randfile);
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL))
if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
goto end;
ret=0;
end:
@@ -208,7 +194,8 @@ end:
EXIT(ret);
}
static long dsa_load_rand(char *name)
static long dsa_load_rand(name)
char *name;
{
char *p,*n;
int last;
@@ -229,4 +216,5 @@ static long dsa_load_rand(char *name)
}
return(tot);
}
#endif

38
apps/genrsa.c
View File

@@ -56,28 +56,35 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_RSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "rand.h"
#include "err.h"
#include "bn.h"
#include "rsa.h"
#include "evp.h"
#include "x509.h"
#include "pem.h"
#define DEFBITS 512
#undef PROG
#define PROG genrsa_main
#ifndef NOPROTO
static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
static long gr_load_rand(char *names);
int MAIN(int argc, char **argv)
#else
static void MS_CALLBACK genrsa_cb();
static long gr_load_rand();
#endif
int MAIN(argc, argv)
int argc;
char **argv;
{
int ret=1;
char buffer[200];
@@ -227,7 +234,10 @@ err:
EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
static void MS_CALLBACK genrsa_cb(p, n, arg)
int p;
int n;
char *arg;
{
char c='*';
@@ -242,7 +252,8 @@ static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
#endif
}
static long gr_load_rand(char *name)
static long gr_load_rand(name)
char *name;
{
char *p,*n;
int last;
@@ -263,4 +274,5 @@ static long gr_load_rand(char *name)
}
return(tot);
}
#endif

BIN
apps/gmon.out Normal file
View File

Binary file not shown.

69
apps/install.com
View File

@@ -1,69 +0,0 @@
$! INSTALL.COM -- Installs the files in a given directory tree
$!
$! Author: Richard Levitte <richard@levitte.org>
$! Time of creation: 22-MAY-1998 10:13
$!
$! P1 root of the directory tree
$!
$ IF P1 .EQS. ""
$ THEN
$ WRITE SYS$OUTPUT "First argument missing."
$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
$ EXIT
$ ENDIF
$
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
- "[000000." - "][" - "[" - "]"
$ ROOT = ROOT_DEV + "[" + ROOT_DIR
$
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
$
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[000000]
$ IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLVEXE:
$ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLAEXE:
$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLLIB:
$
$ EXE := openssl
$
$ VEXE_DIR := [-.VAX.EXE.APPS]
$ AEXE_DIR := [-.AXP.EXE.APPS]
$
$ I = 0
$ LOOP_EXE:
$ E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
$ I = I + 1
$ IF E .EQS. "," THEN GOTO LOOP_EXE_END
$ SET NOON
$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
$ THEN
$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
$ SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
$ ENDIF
$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
$ THEN
$ COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
$ SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
$ ENDIF
$ SET ON
$ GOTO LOOP_EXE
$ LOOP_EXE_END:
$
$ SET NOON
$ COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
$ COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
$ SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
$ COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
$ SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
$ SET ON
$
$ EXIT

1137
apps/makeapps.com
View File

File diff suppressed because it is too large Load Diff

7
apps/mklinks Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb
do
echo making symlink for $i
/bin/rm -f $i
ln -s ssleay $i
done

174
apps/nseq.c
View File

@@ -1,174 +0,0 @@
/* nseq.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include "apps.h"
#undef PROG
#define PROG nseq_main
static int dump_cert_text(BIO *out, X509 *x);
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int toseq = 0;
X509 *x509 = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1;
int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-toseq")) toseq = 1;
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else badarg = 1;
args++;
}
if (badarg) {
BIO_printf (bio_err, "Netscape certificate sequence utility\n");
BIO_printf (bio_err, "Usage nseq [options]\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
EXIT(1);
}
if (infile) {
if (!(in = BIO_new_file (infile, "r"))) {
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
goto end;
}
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file (outfile, "w"))) {
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_new(NULL);
while((x509 = PEM_read_bio_X509(in, NULL, NULL)))
sk_push(seq->certs, (char *)x509);
if(!sk_num(seq->certs))
{
BIO_printf (bio_err, "Error reading certs file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
ret = 0;
goto end;
}
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {
BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
for(i = 0; i < sk_num(seq->certs); i++) {
x509 = (X509 *) sk_value(seq->certs, i);
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
}
ret = 0;
end:
BIO_free(in);
BIO_free(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
EXIT(ret);
}
static int dump_cert_text(BIO *out, X509 *x)
{
char buf[256];
X509_NAME_oneline(X509_get_subject_name(x),buf,256);
BIO_puts(out,"subject=");
BIO_puts(out,buf);
X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_puts(out,"\nissuer= ");
BIO_puts(out,buf);
BIO_puts(out,"\n");
return 0;
}

214
apps/openssl-vms.cnf
View File

@@ -1,214 +0,0 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = sys\$disk:[.demoCA # Where everything is kept
certs = $dir.certs] # Where the issued certs are kept
crl_dir = $dir.crl] # Where the issued crl are kept
database = $dir]index.txt # database index file.
new_certs_dir = $dir.newcerts] # default place for new certs.
certificate = $dir]cacert.pem # The CA certificate
serial = $dir]serial. # The current serial number
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ v3_ca]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

112
apps/openssl.c
View File

@@ -1,4 +1,4 @@
/* apps/openssl.c */
/* apps/ssleay.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -63,19 +63,19 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include "bio.h"
#include "crypto.h"
#include "lhash.h"
#include "conf.h"
#include "x509.h"
#include "pem.h"
#include "ssl.h"
#define SSLEAY /* turn off a few special case MONOLITH macros */
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#define SSLEAY_SRC
#include "apps.h"
#include "s_apps.h"
#include <openssl/err.h>
#include "err.h"
/*
#ifdef WINDOWS
@@ -83,15 +83,24 @@
#endif
*/
#ifndef NOPROTO
static unsigned long MS_CALLBACK hash(FUNCTION *a);
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
#else
static unsigned long MS_CALLBACK hash();
static int MS_CALLBACK cmp();
static LHASH *prog_init();
static int do_cmd();
#endif
LHASH *config=NULL;
char *default_config_file=NULL;
#ifdef DEBUG
static void sig_stop(int i)
static void sig_stop(i)
int i;
{
char *a=NULL;
@@ -104,7 +113,9 @@ static void sig_stop(int i)
BIO *bio_err=NULL;
#endif
int main(int Argc, char *Argv[])
int main(Argc,Argv)
int Argc;
char *Argv[];
{
ARGS arg;
#define PROG_NAME_SIZE 16
@@ -141,16 +152,12 @@ int main(int Argc, char *Argv[])
ERR_load_crypto_strings();
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
#ifndef VMS
strcat(config_name,"/");
#endif
strcat(config_name,OPENSSL_CONF);
strcat(config_name,"/lib/");
strcat(config_name,SSLEAY_CONF);
p=config_name;
}
@@ -184,7 +191,7 @@ int main(int Argc, char *Argv[])
goto end;
}
/* ok, lets enter the old 'OpenSSL>' mode */
/* ok, lets enter the old 'SSLeay>' mode */
for (;;)
{
@@ -197,7 +204,7 @@ int main(int Argc, char *Argv[])
p[0]='\0';
if (i++)
prompt=">";
else prompt="OpenSSL> ";
else prompt="SSLeay>";
fputs(prompt,stdout);
fflush(stdout);
fgets(p,n,stdin);
@@ -245,11 +252,10 @@ end:
EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
#define LIST_CIPHER_COMMANDS "list-cipher-commands"
static int do_cmd(LHASH *prog, int argc, char *argv[])
static int do_cmd(prog,argc,argv)
LHASH *prog;
int argc;
char *argv[];
{
FUNCTION f,*fp;
int i,ret=1,tp,nl;
@@ -270,34 +276,12 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
ret= -1;
goto end;
}
else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
{
int list_type;
BIO *bio_stdout;
if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
list_type = FUNC_TYPE_GENERAL;
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
list_type = FUNC_TYPE_MD;
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
for (fp=functions; fp->name != NULL; fp++)
if (fp->type == list_type)
BIO_printf(bio_stdout, "%s\n", fp->name);
BIO_free(bio_stdout);
ret=0;
goto end;
}
else
{
BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
argv[0]);
BIO_printf(bio_err, "\nStandard commands");
i=0;
fp=functions;
tp=0;
for (fp=functions; fp->name != NULL; fp++)
{
@@ -315,43 +299,27 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
{
i=1;
BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n");
"Message Digest commands - see the dgst command for more details\n");
}
else if (tp == FUNC_TYPE_CIPHER)
{
i=1;
BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
}
}
BIO_printf(bio_err,"%-15s",fp->name);
}
BIO_printf(bio_err,"\n\n");
BIO_printf(bio_err,"\nquit\n");
ret=0;
}
end:
return(ret);
}
static int SortFnByName(const void *_f1,const void *_f2)
{
const FUNCTION *f1=_f1;
const FUNCTION *f2=_f2;
if(f1->type != f2->type)
return f1->type-f2->type;
return strcmp(f1->name,f2->name);
}
static LHASH *prog_init(void)
static LHASH *prog_init()
{
LHASH *ret;
FUNCTION *f;
int i;
/* Purely so it looks nice when the user hits ? */
for(i=0,f=functions ; f->name != NULL ; ++f,++i)
;
qsort(functions,i,sizeof *functions,SortFnByName);
if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
@@ -360,12 +328,14 @@ static LHASH *prog_init(void)
return(ret);
}
static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
static int MS_CALLBACK cmp(a,b)
FUNCTION *a,*b;
{
return(strncmp(a->name,b->name,8));
}
static unsigned long MS_CALLBACK hash(FUNCTION *a)
static unsigned long MS_CALLBACK hash(a)
FUNCTION *a;
{
return(lh_strhash(a->name));
}

119
apps/openssl.cnf
View File

@@ -1,26 +1,10 @@
#
# OpenSSL example configuration file.
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
@@ -41,12 +25,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
x509_extensions = x509v3_extensions # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
@@ -84,7 +63,6 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
@@ -102,7 +80,7 @@ localityName = Locality Name (eg, city)
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
#1.organizationName_default = CryptSoft Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
@@ -113,7 +91,7 @@ commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
# SET-ex3 = SET extension number 3
SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
@@ -122,93 +100,20 @@ challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
[ x509v3_extensions ]
# These extensions are added when 'ca' signs a request.
nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
nsComment = "This is a comment"
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
# under ASN.1, the 0 bit would be encoded as 80
nsCertType = 0x40
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType
[ v3_ca]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

18
apps/pem_mail.c
View File

@@ -56,14 +56,13 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_RSA
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "apps.h"
#undef PROG
@@ -88,7 +87,9 @@ typedef struct lines_St
struct lines_st *next;
} LINES;
int main(int argc, char **argv)
int main(argc, argv)
int argc;
char **argv;
{
FILE *in;
RSA *rsa=NULL;
@@ -167,4 +168,3 @@ err:
ERR_print_errors(bio_err);
EXIT(1);
}
#endif

704
apps/pkcs12.c
View File

@@ -1,704 +0,0 @@
/* pkcs12.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/des.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#include "apps.h"
#define PROG pkcs12_main
EVP_CIPHER *enc;
#define NOKEYS 0x1
#define NOCERTS 0x2
#define INFO 0x4
#define CLCERTS 0x8
#define CACERTS 0x10
int get_cert_chain(X509 *cert, STACK **chain);
int dump_cert_text (BIO *out, X509 *x);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
int print_attribs(BIO *out, STACK *attrlst, char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK *sk);
int MAIN(int argc, char **argv)
{
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
char **args;
char *name = NULL;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
int options = 0;
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
int maciter = 1;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
apps_startup();
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
args = argv + 1;
while (*args) {
if (*args[0] == '-') {
if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
else if (!strcmp (*args, "-info")) options |= INFO;
else if (!strcmp (*args, "-chain")) chain = 1;
else if (!strcmp (*args, "-twopass")) twopass = 1;
else if (!strcmp (*args, "-nomacver")) macver = 0;
else if (!strcmp (*args, "-descert"))
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
#ifndef NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
else if (!strcmp (*args, "-nodes")) enc=NULL;
else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
keyname = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-certfile")) {
if (args[1]) {
args++;
certfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-name")) {
if (args[1]) {
args++;
name = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
if (!canames) canames = sk_new(NULL);
sk_push(canames, *args);
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-envpass")) {
if (args[1]) {
args++;
if(!(cpass = getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n", *args);
goto end;
}
noprompt = 1;
} else badarg = 1;
} else if (!strcmp (*args, "-password")) {
if (args[1]) {
args++;
cpass = *args;
noprompt = 1;
} else badarg = 1;
} else badarg = 1;
} else badarg = 1;
args++;
}
if (badarg) {
BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-export output PKCS12 file\n");
BIO_printf (bio_err, "-chain add certificate chain\n");
BIO_printf (bio_err, "-inkey file private key if not infile\n");
BIO_printf (bio_err, "-certfile f add all certs in f\n");
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
BIO_printf (bio_err, "-in infile input filename\n");
BIO_printf (bio_err, "-out outfile output filename\n");
BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
BIO_printf (bio_err, "-nocerts don't output certificates.\n");
BIO_printf (bio_err, "-clcerts only output client certificates.\n");
BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
BIO_printf (bio_err, "-nokeys don't output private keys.\n");
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
BIO_printf (bio_err, "-des encrypt private keys with DES\n");
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
#ifndef NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
BIO_printf (bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
BIO_printf (bio_err, "-envpass p set import/export password from environment\n");
goto end;
}
if(cpass) mpass = cpass;
else {
cpass = pass;
mpass = macpass;
}
ERR_load_crypto_strings();
in = BIO_new (BIO_s_file());
out = BIO_new (BIO_s_file());
if (!infile) BIO_set_fp (in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename (in, infile) <= 0) {
perror (infile);
goto end;
}
}
if (certfile) {
certsin = BIO_new (BIO_s_file());
if (BIO_read_filename (certsin, certfile) <= 0) {
perror (certfile);
goto end;
}
}
if (keyname) {
inkey = BIO_new (BIO_s_file());
if (BIO_read_filename (inkey, keyname) <= 0) {
perror (keyname);
goto end;
}
}
if (!outfile) BIO_set_fp (out, stdout, BIO_NOCLOSE);
else {
if (BIO_write_filename (out, outfile) <= 0) {
perror (outfile);
goto end;
}
}
if (twopass) {
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
}
if (export_cert) {
EVP_PKEY *key;
STACK *bags, *safes;
PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
X509 *cert, *ucert = NULL;
STACK *certs;
char *catmp;
int i, pmatch = 0;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen;
/* Get private key so we can match it to a certificate */
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL);
if (!inkey) BIO_reset(in);
if (!key) {
BIO_printf (bio_err, "Error loading private key\n");
ERR_print_errors(bio_err);
goto end;
}
certs = sk_new(NULL);
/* Load in all certs in input file */
if(!cert_load(in, certs)) {
BIO_printf(bio_err, "Error loading certificates from input\n");
ERR_print_errors(bio_err);
goto end;
}
bags = sk_new (NULL);
/* Add any more certificates asked for */
if (certsin) {
if(!cert_load(certsin, certs)) {
BIO_printf(bio_err, "Error loading certificates from certfile\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_free(certsin);
}
/* Find certificate (if any) matching private key */
for(i = 0; i < sk_num(certs); i++) {
cert = (X509 *)sk_value(certs, i);
if(X509_check_private_key(cert, key)) {
ucert = cert;
break;
}
}
if(!ucert) {
BIO_printf(bio_err, "No certificate matches private key\n");
goto end;
}
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK *chain2;
vret = get_cert_chain (ucert, &chain2);
if (vret) {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto end;
}
/* Exclude verified certificate */
for (i = 1; i < sk_num (chain2) ; i++)
sk_push(certs, sk_value (chain2, i));
sk_free(chain2);
}
/* We now have loads of certificates: include them all */
for(i = 0; i < sk_num(certs); i++) {
cert = (X509 *)sk_value(certs, i);
bag = M_PKCS12_x5092certbag(cert);
/* If it matches private key mark it */
if(cert == ucert) {
if(name) PKCS12_add_friendlyname(bag, name, -1);
X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
PKCS12_add_localkeyid(bag, keyid, keyidlen);
pmatch = 1;
} else if((catmp = sk_shift(canames)))
PKCS12_add_friendlyname(bag, catmp, -1);
sk_push(bags, (char *)bag);
}
if (canames) sk_free(canames);
if(!noprompt &&
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
if (!twopass) strcpy(macpass, pass);
/* Turn certbags into encrypted authsafe */
authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
iter, bags);
sk_pop_free(bags, PKCS12_SAFEBAG_free);
if (!authsafe) {
ERR_print_errors (bio_err);
goto end;
}
safes = sk_new (NULL);
sk_push (safes, (char *)authsafe);
/* Make a shrouded key bag */
p8 = EVP_PKEY2PKCS8 (key);
EVP_PKEY_free(key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (name) PKCS12_add_friendlyname (bag, name, -1);
if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
bags = sk_new(NULL);
sk_push (bags, (char *)bag);
/* Turn it into unencrypted safe bag */
authsafe = PKCS12_pack_p7data (bags);
sk_pop_free(bags, PKCS12_SAFEBAG_free);
sk_push (safes, (char *)authsafe);
p12 = PKCS12_init (NID_pkcs7_data);
M_PKCS12_pack_authsafes (p12, safes);
sk_pop_free(safes, PKCS7_free);
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
i2d_PKCS12_bio (out, p12);
PKCS12_free(p12);
ret = 0;
goto end;
}
if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
ERR_print_errors(bio_err);
goto end;
}
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
if (!twopass) strcpy(macpass, pass);
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
if (!PKCS12_verify_mac (p12, mpass, -1)) {
BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
}
if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors (bio_err);
goto end;
}
PKCS12_free(p12);
ret = 0;
end:
EXIT(ret);
}
int dump_cert_text (BIO *out, X509 *x)
{
char buf[256];
X509_NAME_oneline(X509_get_subject_name(x),buf,256);
BIO_puts(out,"subject=");
BIO_puts(out,buf);
X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_puts(out,"\nissuer= ");
BIO_puts(out,buf);
BIO_puts(out,"\n");
return 0;
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options)
{
STACK *asafes, *bags;
int i, bagnid;
PKCS7 *p7;
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
for (i = 0; i < sk_num (asafes); i++) {
p7 = (PKCS7 *) sk_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = M_PKCS12_unpack_p7data (p7);
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) {
BIO_printf (bio_err, "PKCS7 Encrypted data: ");
alg_print (bio_err,
p7->d.encrypted->enc_data->algorithm);
}
bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
} else continue;
if (!bags) return 0;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options)) {
sk_pop_free (bags, PKCS12_SAFEBAG_free);
return 0;
}
sk_pop_free (bags, PKCS12_SAFEBAG_free);
}
sk_pop_free (asafes, PKCS7_free);
return 1;
}
int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
int passlen, int options)
{
int i;
for (i = 0; i < sk_num (bags); i++) {
if (!dump_certs_pkeys_bag (out,
(PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
options)) return 0;
}
return 1;
}
int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
int passlen, int options)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
switch (M_PKCS12_bag_type(bag))
{
case NID_keyBag:
if (options & INFO) BIO_printf (bio_err, "Key bag\n");
if (options & NOKEYS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
p8 = bag->value.keybag;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
EVP_PKEY_free(pkey);
break;
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
BIO_printf (bio_err, "Shrouded Keybag: ");
alg_print (bio_err, bag->value.shkeybag->algor);
}
if (options & NOKEYS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
return 0;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
EVP_PKEY_free(pkey);
break;
case NID_certBag:
if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
if (options & NOCERTS) return 1;
if (PKCS12_get_attr(bag, NID_localKeyID)) {
if (options & CACERTS) return 1;
} else if (options & CLCERTS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
dump_cert_text (out, x509);
PEM_write_bio_X509 (out, x509);
X509_free(x509);
break;
case NID_safeContentsBag:
if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
print_attribs (out, bag->attrib, "Bag Attributes");
return dump_certs_pkeys_bags (out, bag->value.safes, pass,
passlen, options);
default:
BIO_printf (bio_err, "Warning unsupported bag type: ");
i2a_ASN1_OBJECT (bio_err, bag->type);
BIO_printf (bio_err, "\n");
return 1;
break;
}
return 1;
}
/* Given a single certificate return a verified chain or NULL if error */
/* Hope this is OK .... */
int get_cert_chain (X509 *cert, STACK **chain)
{
X509_STORE *store;
X509_STORE_CTX store_ctx;
STACK *chn;
int i;
X509 *x;
store = X509_STORE_new ();
X509_STORE_set_default_paths (store);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
goto err;
}
chn = sk_dup(X509_STORE_CTX_get_chain (&store_ctx));
for (i = 0; i < sk_num(chn); i++) {
x = (X509 *)sk_value(chn, i);
CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
}
i = 0;
*chain = chn;
err:
X509_STORE_CTX_cleanup(&store_ctx);
X509_STORE_free(store);
return i;
}
int alg_print (BIO *x, X509_ALGOR *alg)
{
PBEPARAM *pbe;
unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
BIO_printf (bio_err, "%s, Iteration %d\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
return 0;
}
/* Load all certificates from a given file */
int cert_load(BIO *in, STACK *sk)
{
int ret;
X509 *cert;
ret = 0;
while((cert = PEM_read_bio_X509(in, NULL, NULL))) {
ret = 1;
sk_push(sk, (char *)cert);
}
if(ret) ERR_clear_error();
return ret;
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs (BIO *out, STACK *attrlst, char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value;
int i, attr_nid;
if(!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
if(!sk_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
for(i = 0; i < sk_num(attrlst); i++) {
attr = (X509_ATTRIBUTE *) sk_value(attrlst, i);
attr_nid = OBJ_obj2nid(attr->object);
BIO_printf(out, " ");
if(attr_nid == NID_undef) {
i2a_ASN1_OBJECT (out, attr->object);
BIO_printf(out, ": ");
} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
if(sk_ASN1_TYPE_num(attr->value.set)) {
av = sk_ASN1_TYPE_value(attr->value.set, 0);
switch(av->type) {
case V_ASN1_BMPSTRING:
value = uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
Free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
default:
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
}
} else BIO_printf(out, "<No Values>\n");
}
return 1;
}
void hex_prin(BIO *out, unsigned char *buf, int len)
{
int i;
for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
}

28
apps/pkcs7.c
View File

@@ -61,12 +61,12 @@
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include "err.h"
#include "objects.h"
#include "evp.h"
#include "x509.h"
#include "pkcs7.h"
#include "pem.h"
#undef PROG
#define PROG pkcs7_main
@@ -81,7 +81,9 @@
* -print_certs
*/
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
PKCS7 *p7=NULL;
int i,badops=0;
@@ -159,7 +161,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
@@ -221,7 +223,7 @@ bad:
if (print_certs)
{
STACK_OF(X509) *certs=NULL;
STACK *certs=NULL;
STACK *crls=NULL;
i=OBJ_obj2nid(p7->type);
@@ -243,9 +245,9 @@ bad:
{
X509 *x;
for (i=0; i<sk_X509_num(certs); i++)
for (i=0; i<sk_num(certs); i++)
{
x=sk_X509_value(certs,i);
x=(X509 *)sk_value(certs,i);
X509_NAME_oneline(X509_get_subject_name(x),
buf,256);
@@ -275,9 +277,9 @@ bad:
BIO_puts(out,buf);
BIO_puts(out,"\nlast update=");
ASN1_TIME_print(out,crl->crl->lastUpdate);
ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
BIO_puts(out,"\nnext update=");
ASN1_TIME_print(out,crl->crl->nextUpdate);
ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
BIO_puts(out,"\n");
PEM_write_bio_X509_CRL(out,crl);

55
apps/progs.h
View File

@@ -1,5 +1,4 @@
/* This file was generated by progs.pl. */
#ifndef NOPROTO
extern int verify_main(int argc,char *argv[]);
extern int asn1parse_main(int argc,char *argv[]);
extern int req_main(int argc,char *argv[]);
@@ -15,7 +14,6 @@ extern int dsa_main(int argc,char *argv[]);
extern int dsaparam_main(int argc,char *argv[]);
extern int x509_main(int argc,char *argv[]);
extern int genrsa_main(int argc,char *argv[]);
extern int gendsa_main(int argc,char *argv[]);
extern int s_server_main(int argc,char *argv[]);
extern int s_client_main(int argc,char *argv[]);
extern int speed_main(int argc,char *argv[]);
@@ -25,10 +23,34 @@ extern int pkcs7_main(int argc,char *argv[]);
extern int crl2pkcs7_main(int argc,char *argv[]);
extern int sess_id_main(int argc,char *argv[]);
extern int ciphers_main(int argc,char *argv[]);
extern int nseq_main(int argc,char *argv[]);
extern int pkcs12_main(int argc,char *argv[]);
#else
extern int verify_main();
extern int asn1parse_main();
extern int req_main();
extern int dgst_main();
extern int dh_main();
extern int enc_main();
extern int gendh_main();
extern int errstr_main();
extern int ca_main();
extern int crl_main();
extern int rsa_main();
extern int dsa_main();
extern int dsaparam_main();
extern int x509_main();
extern int genrsa_main();
extern int s_server_main();
extern int s_client_main();
extern int speed_main();
extern int s_time_main();
extern int version_main();
extern int pkcs7_main();
extern int crl2pkcs7_main();
extern int sess_id_main();
extern int ciphers_main();
#endif
#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
#ifdef SSLEAY_SRC
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
@@ -43,7 +65,9 @@ typedef struct {
FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"verify",verify_main},
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"req",req_main},
#endif
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
#ifndef NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -53,7 +77,9 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"ca",ca_main},
#endif
{FUNC_TYPE_GENERAL,"crl",crl_main},
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -64,13 +90,12 @@ FUNCTION functions[] = {
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"x509",x509_main},
#endif
#ifndef NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
#endif
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
#endif
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
#endif
@@ -88,8 +113,6 @@ FUNCTION functions[] = {
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
#endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
{FUNC_TYPE_MD,"md2",dgst_main},
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},
@@ -115,7 +138,7 @@ FUNCTION functions[] = {
#ifndef NO_RC2
{FUNC_TYPE_CIPHER,"rc2",enc_main},
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
{FUNC_TYPE_CIPHER,"bf",enc_main},
#endif
#ifndef NO_CAST
@@ -184,16 +207,16 @@ FUNCTION functions[] = {
#ifndef NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
#endif
#ifndef NO_CAST

45
apps/progs.pl
View File

@@ -1,15 +1,23 @@
#!/usr/local/bin/perl
print "/* This file was generated by progs.pl. */\n\n";
$mkprog='mklinks';
$rmprog='rmlinks';
print "#ifndef NOPROTO\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV)
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
print "#else\n";
foreach (@ARGV)
{ printf "extern int %s_main();\n",$_; }
print "#endif\n";
print <<'EOF';
#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
#ifdef SSLEAY_SRC
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
@@ -30,7 +38,8 @@ foreach (@ARGV)
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) )
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -66,7 +75,7 @@ foreach (
elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; }
print $t;
@@ -75,3 +84,31 @@ foreach (
print "\t{0,NULL,NULL}\n\t};\n";
print "#endif\n\n";
open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
print OUT "#!/bin/sh\nfor i in ";
foreach (@files)
{ print OUT $_." "; }
print OUT <<'EOF';
do
echo making symlink for $i
/bin/rm -f $i
ln -s ssleay $i
done
EOF
close(OUT);
chmod(0755,$mkprog);
open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
print OUT "#!/bin/sh\nfor i in ";
foreach (@files)
{ print OUT $_." "; }
print OUT <<'EOF';
do
echo removing $i
/bin/rm -f $i
done
EOF
close(OUT);
chmod(0755,$rmprog);

259
apps/req.c
View File

@@ -64,16 +64,15 @@
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include "bio.h"
#include "evp.h"
#include "rand.h"
#include "conf.h"
#include "err.h"
#include "asn1.h"
#include "x509.h"
#include "objects.h"
#include "pem.h"
#define SECTION "req"
@@ -81,7 +80,6 @@
#define KEYFILE "default_keyfile"
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
#define V3_EXTENSIONS "x509_extensions"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -107,16 +105,22 @@
* require. This format is wrong
*/
#ifndef NOPROTO
static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
char *def, char *value, int nid, int min,
int max);
static int add_attribute_object(STACK *n, char *text, char *def,
char *value, int nid,int min,int max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid,int min,int max);
static void MS_CALLBACK req_cb(int p,int n,char *arg);
static int req_fix_data(int nid,int *type,int len,int min,int max);
static int check_end(char *str, char *end);
static int add_oid_section(LHASH *conf);
#else
static int make_REQ();
static int add_attribute_object();
static int add_DN_object();
static void MS_CALLBACK req_cb();
static int req_fix_data();
#endif
#ifndef MONOLITH
static char *default_config_file=NULL;
static LHASH *config=NULL;
@@ -127,7 +131,9 @@ static LHASH *req_conf=NULL;
#define TYPE_DSA 2
#define TYPE_DH 3
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
#ifndef NO_DSA
DSA *dsa_params=NULL;
@@ -141,11 +147,10 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *extensions = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
char *p;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
EVP_MD *md_alg=NULL,*digest=EVP_md5();
#ifndef MONOLITH
MS_STATIC char config_name[256];
#endif
@@ -216,16 +221,13 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-newkey") == 0)
{
int is_numeric;
if (--argc < 1) goto bad;
p= *(++argv);
is_numeric = p[0] >= '0' && p[0] <= '9';
if (strncmp("rsa:",p,4) == 0 || is_numeric)
if ((strncmp("rsa:",p,4) == 0) ||
((p[0] >= '0') && (p[0] <= '9')))
{
pkey_type=TYPE_RSA;
if(!is_numeric)
p+=4;
p+=4;
newkey= atoi(p);
}
else
@@ -252,10 +254,11 @@ int MAIN(int argc, char **argv)
goto end;
}
/* This will 'disapear'
* when we free xtmp */
dtmp=X509_get_pubkey(xtmp);
if (dtmp->type == EVP_PKEY_DSA)
dsa_params=DSAparams_dup(dtmp->pkey.dsa);
EVP_PKEY_free(dtmp);
X509_free(xtmp);
if (dsa_params == NULL)
{
@@ -326,7 +329,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text text form of request\n");
BIO_printf(bio_err," -noout do not output REQ\n");
@@ -340,7 +343,7 @@ bad:
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -config file request templace file.\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
@@ -351,20 +354,15 @@ bad:
}
ERR_load_crypto_strings();
X509V3_add_standard_extensions();
#ifndef MONOLITH
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
#ifndef VMS
strcat(config_name,"/");
#endif
strcat(config_name,OPENSSL_CONF);
strcat(config_name,"/lib/");
strcat(config_name,SSLEAY_CONF);
p=config_name;
}
default_config_file=p;
@@ -416,7 +414,6 @@ bad:
}
}
}
if(!add_oid_section(req_conf)) goto end;
if ((md_alg == NULL) &&
((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -425,19 +422,6 @@ bad:
digest=md_alg;
}
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, req_conf);
if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
}
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -638,12 +622,12 @@ loop:
}
if (x509)
{
EVP_PKEY *tmppkey;
X509V3_CTX ext_ctx;
if ((x509ss=X509_new()) == NULL) goto end;
/* Set version to V3 */
if(!X509_set_version(x509ss, 2)) goto end;
/* don't set the version number, for starters
* the field is null and second, null is v0
* if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
*/
ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
X509_set_issuer_name(x509ss,
@@ -653,24 +637,7 @@ loop:
(long)60*60*24*days);
X509_set_subject_name(x509ss,
X509_REQ_get_subject_name(req));
tmppkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x509ss,tmppkey);
EVP_PKEY_free(tmppkey);
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
X509V3_set_conf_lhash(&ext_ctx, req_conf);
/* Add extensions */
if(extensions && !X509V3_EXT_add_conf(req_conf,
&ext_ctx, extensions, x509ss))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
goto end;
}
X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
if (!(i=X509_sign(x509ss,pkey,digest)))
goto end;
@@ -694,10 +661,7 @@ loop:
}
i=X509_REQ_verify(req,pkey);
if (tmp) {
EVP_PKEY_free(pkey);
pkey=NULL;
}
if (tmp) pkey=NULL;
if (i < 0)
{
@@ -754,11 +718,9 @@ loop:
goto end;
}
fprintf(stdout,"Modulus=");
#ifndef NO_RSA
if (pubkey->type == EVP_PKEY_RSA)
BN_print(out,pubkey->pkey.rsa->n);
else
#endif
fprintf(stdout,"Wrong Algorithm type");
fprintf(stdout,"\n");
}
@@ -802,23 +764,24 @@ end:
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
BIO_free(in);
BIO_free(out);
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
X509V3_EXT_cleanup();
OBJ_cleanup();
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (pkey != NULL) EVP_PKEY_free(pkey);
if (req != NULL) X509_REQ_free(req);
if (x509ss != NULL) X509_free(x509ss);
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
static int make_REQ(req,pkey,attribs)
X509_REQ *req;
EVP_PKEY *pkey;
int attribs;
{
int ret=0,i;
char *p,*q;
int ret=0,i,j;
unsigned char *p,*q;
X509_REQ_INFO *ri;
char buf[100];
int nid,min,max;
@@ -877,21 +840,42 @@ start: for (;;)
v=(CONF_VALUE *)sk_value(sk,i);
p=q=NULL;
type=v->name;
if(!check_end(type,"_min") || !check_end(type,"_max") ||
!check_end(type,"_default") ||
!check_end(type,"_value")) continue;
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
for(p = v->name; *p ; p++)
if ((*p == ':') || (*p == ',') ||
(*p == '.')) {
p++;
if(*p) type = p;
/* Allow for raw OIDs */
/* [n.mm.ooo.ppp] */
for (j=0; type[j] != '\0'; j++)
{
if ( (type[j] == ':') ||
(type[j] == ',') ||
(type[j] == '.'))
p=(unsigned char *)&(type[j+1]);
if (type[j] == '[')
{
p=(unsigned char *)&(type[j+1]);
for (j++; type[j] != '\0'; j++)
if (type[j] == ']')
{
q=(unsigned char *)&(type[j]);
break;
}
break;
}
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
if (p != NULL)
type=(char *)p;
if ((nid=OBJ_txt2nid(type)) == NID_undef)
{
/* Add a new one if possible */
if ((p != NULL) && (q != NULL) && (*q == ']'))
{
*q='\0';
nid=OBJ_create((char *)p,NULL,NULL);
*q=']';
if (nid == NID_undef) goto start;
}
else
goto start;
}
sprintf(buf,"%s_default",v->name);
if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
def="";
@@ -910,7 +894,7 @@ start: for (;;)
min,max))
goto err;
}
if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
if (sk_num(ri->subject->entries) == 0)
{
BIO_printf(bio_err,"error, no objects specified in config file\n");
goto err;
@@ -971,8 +955,14 @@ err:
return(ret);
}
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid, int min, int max)
static int add_DN_object(n,text,def,value,nid,min,max)
X509_NAME *n;
char *text;
char *def;
char *value;
int nid;
int min;
int max;
{
int i,j,ret=0;
X509_NAME_ENTRY *ne=NULL;
@@ -1025,9 +1015,14 @@ err:
return(ret);
}
static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
char *def, char *value, int nid, int min,
int max)
static int add_attribute_object(n,text,def,value,nid,min,max)
STACK *n;
char *text;
char *def;
char *value;
int nid;
int min;
int max;
{
int i,z;
X509_ATTRIBUTE *xa=NULL;
@@ -1071,7 +1066,7 @@ start:
/* add object plus value */
if ((xa=X509_ATTRIBUTE_new()) == NULL)
goto err;
if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
if ((xa->value.set=sk_new_null()) == NULL)
goto err;
xa->set=1;
@@ -1097,12 +1092,12 @@ start:
{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
ASN1_TYPE_set(at,bs->type,(char *)bs);
sk_ASN1_TYPE_push(xa->value.set,at);
sk_push(xa->value.set,(char *)at);
bs=NULL;
at=NULL;
/* only one item per attribute */
if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
if (!sk_push(n,(char *)xa)) goto err;
return(1);
err:
if (xa != NULL) X509_ATTRIBUTE_free(xa);
@@ -1111,7 +1106,10 @@ err:
return(0);
}
static void MS_CALLBACK req_cb(int p, int n, char *arg)
static void MS_CALLBACK req_cb(p,n,arg)
int p;
int n;
char *arg;
{
char c='*';
@@ -1126,7 +1124,10 @@ static void MS_CALLBACK req_cb(int p, int n, char *arg)
#endif
}
static int req_fix_data(int nid, int *type, int len, int min, int max)
static int req_fix_data(nid,type,len,min,max)
int nid;
int *type;
int len,min,max;
{
if (nid == NID_pkcs9_emailAddress)
*type=V_ASN1_IA5STRING;
@@ -1157,37 +1158,3 @@ static int req_fix_data(int nid, int *type, int len, int min, int max)
}
return(1);
}
/* Check if the end of a string matches 'end' */
static int check_end(char *str, char *end)
{
int elen, slen;
char *tmp;
elen = strlen(end);
slen = strlen(str);
if(elen > slen) return 1;
tmp = str + slen - elen;
return strcmp(tmp, end);
}
static int add_oid_section(LHASH *conf)
{
char *p;
STACK *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
if(!(sktmp = CONF_get_section(conf, p))) {
BIO_printf(bio_err, "problem loading oid section %s\n", p);
return 0;
}
for(i = 0; i < sk_num(sktmp); i++) {
cnf = (CONF_VALUE *)sk_value(sktmp, i);
if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
BIO_printf(bio_err, "problem creating object %s=%s\n",
cnf->name, cnf->value);
return 0;
}
}
return 1;
}

6
apps/rmlinks Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb
do
echo removing $i
/bin/rm -f $i
done

23
apps/rsa.c
View File

@@ -56,18 +56,17 @@
* [including the GNU Public Licence.]
*/
#ifndef NO_RSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "rsa.h"
#include "evp.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG rsa_main
@@ -83,12 +82,14 @@
* -modulus - print the RSA key modulus
*/
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int ret=1;
RSA *rsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
char *infile,*outfile,*prog;
@@ -153,7 +154,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -in arg inout file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -299,4 +300,4 @@ end:
if (rsa != NULL) RSA_free(rsa);
EXIT(ret);
}
#endif

51
apps/s_apps.h
View File

@@ -56,36 +56,13 @@
* [including the GNU Public Licence.]
*/
#include <sys/types.h>
#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
#define MAX_NOFILE 32
#define NBBY 8 /* number of bits in a byte */
#ifndef FD_SETSIZE
#define FD_SETSIZE MAX_NOFILE
#endif /* FD_SETSIZE */
/* How many things we'll allow select to use. 0 if unlimited */
#define MAXSELFD MAX_NOFILE
typedef int fd_mask; /* int here! VMS prototypes int, not long */
#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/
#define NFDSHIFT 5 /* Shift based on above */
typedef fd_mask fd_set;
#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
#endif
#define PORT 4433
#define PORT_STR "4433"
#define PROTOCOL "tcp"
#ifndef NOPROTO
int do_accept(int acc_sock, int *sock, char **host);
int do_server(int port, int *ret, int (*cb) (), char *context);
int do_server(int port, int *ret, int (*cb) ());
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#else
@@ -109,7 +86,7 @@ int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
int host_ip(char *str, unsigned char ip[4]);
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H
@@ -118,3 +95,25 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
#endif
#else
int do_accept();
int do_server();
int MS_CALLBACK verify_callback();
int set_cert_stuff();
int init_client();
int init_client_ip();
int nbio_init_client_ip();
int nbio_sock_error();
int spawn();
int init_server();
int should_retry();
void sock_cleanup();
int extract_port();
int extract_host_port();
int host_ip();
long MS_CALLBACK bio_dump_cb();
void MS_CALLBACK apps_ssl_info_callback();
#endif

43
apps/s_cb.c
View File

@@ -63,15 +63,17 @@
#include "apps.h"
#undef NON_MAIN
#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "err.h"
#include "x509.h"
#include "ssl.h"
#include "s_apps.h"
int verify_depth=0;
int verify_error=X509_V_OK;
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
int MS_CALLBACK verify_callback(ok, ctx)
int ok;
X509_STORE_CTX *ctx;
{
char buf[256];
X509 *err_cert;
@@ -107,13 +109,13 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
}
@@ -121,7 +123,10 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
return(ok);
}
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
int set_cert_stuff(ctx, cert_file, key_file)
SSL_CTX *ctx;
char *cert_file;
char *key_file;
{
if (cert_file != NULL)
{
@@ -151,13 +156,9 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl);
if (x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x509);
EVP_PKEY_copy_parameters(pktmp,
SSL_get_privatekey(ssl));
EVP_PKEY_free(pktmp);
}
if (x509 != NULL)
EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
SSL_get_privatekey(ssl));
SSL_free(ssl);
*/
@@ -176,8 +177,13 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
return(1);
}
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret)
long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
BIO *bio;
int cmd;
char *argp;
int argi;
long argl;
long ret;
{
BIO *out;
@@ -200,7 +206,10 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
return(ret);
}
void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
SSL *s;
int where;
int ret;
{
char *str;
int w;

155
apps/s_client.c
View File

@@ -56,15 +56,6 @@
* [including the GNU Public Licence.]
*/
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
#if defined(__DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -73,21 +64,12 @@ typedef unsigned int u_int;
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include "x509.h"
#include "ssl.h"
#include "err.h"
#include "pem.h"
#include "s_apps.h"
#if (defined(VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
#if defined(NO_RSA) && !defined(NO_SSL2)
#define NO_SSL2
#endif
#undef PROG
#define PROG s_client_main
@@ -108,16 +90,21 @@ static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
static int c_showcerts=0;
#ifndef NOPROTO
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
#else
static void sc_usage();
static void print_stuff();
#endif
static BIO *bio_c_out=NULL;
static int c_quiet=0;
static void sc_usage(void)
static void sc_usage()
{
BIO_printf(bio_err,"usage: s_client args\n");
BIO_printf(bio_err,"usage: client args\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
@@ -131,7 +118,6 @@ static void sc_usage(void)
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
BIO_printf(bio_err," -state - print the 'ssl' states\n");
@@ -144,12 +130,14 @@ static void sc_usage(void)
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
}
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int off=0;
SSL *con=NULL,*con2=NULL;
@@ -164,7 +152,7 @@ int MAIN(int argc, char **argv)
char *cert_file=NULL,*key_file=NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
int write_tty,read_tty,write_ssl,read_ssl,tty_on;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
SSL_METHOD *meth=NULL;
@@ -183,7 +171,6 @@ int MAIN(int argc, char **argv)
c_Pause=0;
c_quiet=0;
c_debug=0;
c_showcerts=0;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -240,8 +227,6 @@ int MAIN(int argc, char **argv)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
else if (strcmp(*argv,"-showcerts") == 0)
c_showcerts=1;
else if (strcmp(*argv,"-nbio_test") == 0)
nbio_test=1;
else if (strcmp(*argv,"-state") == 0)
@@ -449,43 +434,31 @@ re_start:
}
}
ssl_pending = read_ssl && SSL_pending(con);
if (!ssl_pending)
{
#ifndef WINDOWS
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
if (write_tty) FD_SET(fileno(stdout),&writefds);
}
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
if (write_tty) FD_SET(fileno(stdout),&writefds);
}
#endif
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
if ( i < 0)
{
BIO_printf(bio_err,"bad select %d\n",
i=select(width,&readfds,&writefds,NULL,NULL);
if ( i < 0)
{
BIO_printf(bio_err,"bad select %d\n",
get_last_socket_error());
goto shut;
/* goto end; */
}
goto shut;
/* goto end; */
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
if (FD_ISSET(SSL_get_fd(con),&writefds))
{
k=SSL_write(con,&(cbuf[cbuf_off]),
(unsigned int)cbuf_len);
@@ -553,7 +526,7 @@ re_start:
}
}
#ifndef WINDOWS
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
else if (FD_ISSET(fileno(stdout),&writefds))
{
i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
@@ -573,7 +546,7 @@ re_start:
}
}
#endif
else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
else if (FD_ISSET(SSL_get_fd(con),&readfds))
{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
@@ -640,9 +613,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
if ((!c_quiet) && (cbuf[0] == 'R'))
{
BIO_printf(bio_err,"RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len=0;
read_tty=0;
write_ssl=1;
}
else
{
@@ -650,8 +623,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
cbuf_off=0;
}
write_ssl=1;
read_tty=0;
write_ssl=1;
}
#endif
}
@@ -674,38 +647,34 @@ end:
}
static void print_stuff(BIO *bio, SSL *s, int full)
static void print_stuff(bio,s,full)
BIO *bio;
SSL *s;
int full;
{
X509 *peer=NULL;
char *p;
static char *space=" ";
char buf[BUFSIZ];
STACK_OF(X509) *sk;
STACK_OF(X509_NAME) *sk2;
STACK *sk;
SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
if (full)
{
int got_a_chain = 0;
sk=SSL_get_peer_cert_chain(s);
if (sk != NULL)
{
got_a_chain = 1; /* we don't have it for SSL2 (yet) */
BIO_printf(bio,"---\nCertificate chain\n");
for (i=0; i<sk_X509_num(sk); i++)
for (i=0; i<sk_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name(
sk_X509_value(sk,i)),buf,BUFSIZ);
X509_NAME_oneline(X509_get_subject_name((X509 *)
sk_value(sk,i)),buf,BUFSIZ);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name(
sk_X509_value(sk,i)),buf,BUFSIZ);
X509_NAME_oneline(X509_get_issuer_name((X509 *)
sk_value(sk,i)),buf,BUFSIZ);
BIO_printf(bio," i:%s\n",buf);
if (c_showcerts)
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
}
}
@@ -714,8 +683,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if (peer != NULL)
{
BIO_printf(bio,"Server certificate\n");
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio,peer);
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
buf,BUFSIZ);
BIO_printf(bio,"subject=%s\n",buf);
@@ -726,13 +694,13 @@ static void print_stuff(BIO *bio, SSL *s, int full)
else
BIO_printf(bio,"no peer certificate available\n");
sk2=SSL_get_client_CA_list(s);
if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
sk=SSL_get_client_CA_list(s);
if ((sk != NULL) && (sk_num(sk) > 0))
{
BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
for (i=0; i<sk_X509_NAME_num(sk2); i++)
for (i=0; i<sk_num(sk); i++)
{
xn=sk_X509_NAME_value(sk2,i);
xn=(X509_NAME *)sk_value(sk,i);
X509_NAME_oneline(xn,buf,sizeof(buf));
BIO_write(bio,buf,strlen(buf));
BIO_write(bio,"\n",1);
@@ -745,11 +713,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
if (p != NULL)
{
/* This works only for SSL 2. In later protocol
* versions, the client does not know what other
* ciphers (in addition to the one to be used
* in the current connection) the server supports. */
BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
j=i=0;
while (*p)
@@ -780,13 +743,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"%s, Cipher is %s\n",
SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(peer);
if (peer != NULL)
BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
EVP_PKEY_bits(X509_get_pubkey(peer)));
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)

155
apps/s_server.c
View File

@@ -56,15 +56,6 @@
* [including the GNU Public Licence.]
*/
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
#if defined(__DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -73,30 +64,20 @@ typedef unsigned int u_int;
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include "lhash.h"
#include "bn.h"
#define USE_SOCKETS
#include "apps.h"
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "err.h"
#include "pem.h"
#include "x509.h"
#include "ssl.h"
#include "s_apps.h"
#if (defined(VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
#if defined(NO_RSA) && !defined(NO_SSL2)
#define NO_SSL2
#endif
#ifndef NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
#endif
static int sv_body(char *hostname, int s, unsigned char *context);
static int www_body(char *hostname, int s, unsigned char *context);
#ifndef NOPROTO
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
static int sv_body(char *hostname, int s);
static int www_body(char *hostname, int s);
static void close_accept_socket(void );
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
@@ -106,14 +87,25 @@ static DH *load_dh_param(void );
static DH *get_dh512(void);
#endif
/* static void s_server_init(void);*/
#else
static RSA MS_CALLBACK *tmp_rsa_cb();
static int sv_body();
static int www_body();
static void close_accept_socket();
static void sv_usage();
static int init_ssl_connection();
static void print_stats();
#ifndef NO_DH
static DH *load_dh_param();
static DH *get_dh512();
#endif
/* static void s_server_init(); */
#endif
#ifndef S_ISDIR
#if defined(VMS) && !defined(__DECC)
#define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
#else
#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
#endif
#endif
#ifndef NO_DH
static unsigned char dh512_p[]={
@@ -128,7 +120,7 @@ static unsigned char dh512_g[]={
0x02,
};
static DH *get_dh512(void)
static DH *get_dh512()
{
DH *dh=NULL;
@@ -158,7 +150,6 @@ extern int verify_depth;
static char *cipher=NULL;
static int s_server_verify=SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
static char *s_dcert_file=NULL,*s_dkey_file=NULL;
#ifdef FIONBIO
@@ -173,7 +164,7 @@ static int s_debug=0;
static int s_quiet=0;
#if 0
static void s_server_init(void)
static void s_server_init()
{
cipher=NULL;
s_server_verify=SSL_VERIFY_NONE;
@@ -194,20 +185,17 @@ static void s_server_init(void)
}
#endif
static void sv_usage(void)
static void sv_usage()
{
BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
@@ -217,7 +205,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n");
BIO_printf(bio_err," -quiet - No server output\n");
BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
@@ -228,18 +216,19 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -WWW - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
}
static int local_argc=0;
static char **local_argv;
static int hack=0;
int MAIN(int argc, char *argv[])
int MAIN(argc, argv)
int argc;
char *argv[];
{
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
int badop=0,bugs=0;
int ret=1;
int off=0;
@@ -301,11 +290,6 @@ int MAIN(int argc, char *argv[])
verify_depth=atoi(*(++argv));
BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
}
else if (strcmp(*argv,"-context") == 0)
{
if (--argc < 1) goto bad;
context= *(++argv);
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
@@ -495,7 +479,6 @@ bad:
goto end;
}
#ifndef NO_RSA
#if 1
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
#else
@@ -516,22 +499,19 @@ bad:
RSA_free(rsa);
BIO_printf(bio_s_out,"\n");
}
#endif
#endif
if (cipher != NULL)
SSL_CTX_set_cipher_list(ctx,cipher);
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
do_server(port,&accept_socket,www_body, context);
do_server(port,&accept_socket,www_body);
else
do_server(port,&accept_socket,sv_body, context);
do_server(port,&accept_socket,sv_body);
print_stats(bio_s_out,ctx);
ret=0;
end:
@@ -544,7 +524,9 @@ end:
EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
static void print_stats(bio,ssl_ctx)
BIO *bio;
SSL_CTX *ssl_ctx;
{
BIO_printf(bio,"%4ld items in the session cache\n",
SSL_CTX_sess_number(ssl_ctx));
@@ -569,7 +551,9 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
static int sv_body(char *hostname, int s, unsigned char *context)
static int sv_body(hostname, s)
char *hostname;
int s;
{
char *buf=NULL;
fd_set readfds;
@@ -596,12 +580,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
}
#endif
if (con == NULL) {
if (con == NULL)
con=(SSL *)SSL_new(ctx);
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
}
SSL_clear(con);
sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -631,13 +611,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
/* Note: under VMS with SOCKETSHR the second parameter is
* currently of type (int *) whereas under other systems
* it is (void *) if you don't have a cast it will choke
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
i=select(width,(void *)&readfds,NULL,NULL,NULL);
i=select(width,&readfds,NULL,NULL,NULL);
if (i <= 0) continue;
if (FD_ISSET(fileno(stdin),&readfds))
{
@@ -671,7 +645,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
}
if ((buf[0] == 'R') &&
((buf[1] == '\n') || (buf[1] == '\r')))
((buf[1] == '\0') || (buf[1] == '\r')))
{
SSL_set_verify(con,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
@@ -792,7 +766,7 @@ err:
return(ret);
}
static void close_accept_socket(void)
static void close_accept_socket()
{
BIO_printf(bio_err,"shutdown accept socket\n");
if (accept_socket >= 0)
@@ -801,10 +775,11 @@ static void close_accept_socket(void)
}
}
static int init_ssl_connection(SSL *con)
static int init_ssl_connection(con)
SSL *con;
{
int i;
const char *str;
char *str;
X509 *peer;
long verify_error;
MS_STATIC char buf[BUFSIZ];
@@ -856,7 +831,7 @@ static int init_ssl_connection(SSL *con)
}
#ifndef NO_DH
static DH *load_dh_param(void)
static DH *load_dh_param()
{
DH *ret=NULL;
BIO *bio;
@@ -871,7 +846,9 @@ err:
#endif
#if 0
static int load_CA(SSL_CTX *ctx, char *file)
static int load_CA(ctx,file)
SSL_CTX *ctx;
char *file;
{
FILE *in;
X509 *x=NULL;
@@ -891,7 +868,9 @@ static int load_CA(SSL_CTX *ctx, char *file)
}
#endif
static int www_body(char *hostname, int s, unsigned char *context)
static int www_body(hostname, s)
char *hostname;
int s;
{
char *buf=NULL;
int ret=1;
@@ -924,8 +903,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (s_nbio_test)
@@ -1006,7 +983,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
{
char *p;
X509 *peer;
STACK_OF(SSL_CIPHER) *sk;
STACK *sk;
static char *space=" ";
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
@@ -1025,10 +1002,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
* be done */
BIO_printf(io,"Ciphers supported in s_server binary\n");
sk=SSL_get_ciphers(con);
j=sk_SSL_CIPHER_num(sk);
j=sk_num(sk);
for (i=0; i<j; i++)
{
c=sk_SSL_CIPHER_value(sk,i);
c=(SSL_CIPHER *)sk_value(sk,i);
BIO_printf(io,"%-11s:%-25s",
SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c));
@@ -1234,8 +1211,9 @@ err:
return(ret);
}
#ifndef NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
SSL *s;
int export;
{
static RSA *rsa_tmp=NULL;
@@ -1243,10 +1221,12 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
{
if (!s_quiet)
{
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
BIO_flush(bio_err);
}
rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
#ifndef NO_RSA
rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
#endif
if (!s_quiet)
{
BIO_printf(bio_err,"\n");
@@ -1255,4 +1235,3 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
}
return(rsa_tmp);
}
#endif

134
apps/s_socket.c
View File

@@ -56,15 +56,6 @@
* [including the GNU Public Licence.]
*/
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
#if defined(__DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -76,18 +67,16 @@ typedef unsigned int u_int;
#undef USE_SOCKETS
#undef NON_MAIN
#include "s_apps.h"
#include <openssl/ssl.h>
#ifdef VMS
#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
#include <processes.h> /* for vfork() */
#endif
#include "ssl.h"
#ifndef NOPROTO
static struct hostent *GetHostByName(char *name);
int sock_init(void );
#else
static struct hostent *GetHostByName();
int sock_init();
#endif
#ifdef WIN16
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
#else
@@ -104,8 +93,11 @@ static FARPROC lpTopWndProc=NULL;
static FARPROC lpTopHookProc=NULL;
extern HINSTANCE _hInstance; /* nice global CRT provides */
static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
LPARAM lParam)
static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
HWND hwnd;
UINT message;
WPARAM wParam;
LPARAM lParam;
{
if (hwnd == topWnd)
{
@@ -130,7 +122,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
#endif /* WIN32 */
#endif /* WINDOWS */
void sock_cleanup(void)
void sock_cleanup()
{
#ifdef WINDOWS
if (wsa_init_done)
@@ -142,7 +134,7 @@ void sock_cleanup(void)
#endif
}
int sock_init(void)
int sock_init()
{
#ifdef WINDOWS
if (!wsa_init_done)
@@ -173,7 +165,10 @@ int sock_init(void)
return(1);
}
int init_client(int *sock, char *host, int port)
int init_client(sock, host, port)
int *sock;
char *host;
int port;
{
unsigned char ip[4];
short p=0;
@@ -186,7 +181,10 @@ int init_client(int *sock, char *host, int port)
return(init_client_ip(sock,ip,port));
}
int init_client_ip(int *sock, unsigned char ip[4], int port)
int init_client_ip(sock, ip, port)
int *sock;
unsigned char ip[4];
int port;
{
unsigned long addr;
struct sockaddr_in them;
@@ -217,25 +215,23 @@ int init_client_ip(int *sock, unsigned char ip[4], int port)
return(1);
}
int nbio_sock_error(int sock)
int nbio_sock_error(sock)
int sock;
{
int j,i;
int size;
int j,i,size;
size=sizeof(int);
/* Note: under VMS with SOCKETSHR the third parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
if (i < 0)
return(1);
else
return(j);
}
int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
int nbio_init_client_ip(sock, ip, port)
int *sock;
unsigned char ip[4];
int port;
{
unsigned long addr;
struct sockaddr_in them;
@@ -255,9 +251,7 @@ int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
if (*sock <= 0)
{
#ifdef FIONBIO
unsigned long l=1;
#endif
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
@@ -286,7 +280,10 @@ int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
return(1);
}
int do_server(int port, int *ret, int (*cb)(), char *context)
int do_server(port, ret, cb)
int port;
int *ret;
int (*cb)();
{
int sock;
char *name;
@@ -307,7 +304,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
SHUTDOWN(accept_socket);
return(0);
}
i=(*cb)(name,sock, context);
i=(*cb)(name,sock);
if (name != NULL) Free(name);
SHUTDOWN2(sock);
if (i < 0)
@@ -318,7 +315,10 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
}
}
int init_server_long(int *sock, int port, char *ip)
int init_server_long(sock, port, ip)
int *sock;
int port;
char *ip;
{
int ret=0;
struct sockaddr_in server;
@@ -332,22 +332,10 @@ int init_server_long(int *sock, int port, char *ip)
if (ip == NULL)
server.sin_addr.s_addr=INADDR_ANY;
else
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
#ifndef BIT_FIELD_LIMITS
memcpy(&server.sin_addr.s_addr,ip,4);
#else
memcpy(&server.sin_addr,ip,4);
#endif
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET) goto err;
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
(void *) &j, sizeof j);
}
#endif
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
{
#ifndef WINDOWS
@@ -368,12 +356,17 @@ err:
return(ret);
}
int init_server(int *sock, int port)
int init_server(sock,port)
int *sock;
int port;
{
return(init_server_long(sock, port, NULL));
}
int do_accept(int acc_sock, int *sock, char **host)
int do_accept(acc_sock, sock, host)
int acc_sock;
int *sock;
char **host;
{
int ret,i;
struct hostent *h1,*h2;
@@ -389,12 +382,7 @@ redoit:
memset((char *)&from,0,sizeof(from));
len=sizeof(from);
/* Note: under VMS with SOCKETSHR the fourth parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
ret=accept(acc_sock,(struct sockaddr *)&from,&len);
if (ret == INVALID_SOCKET)
{
#ifdef WINDOWS
@@ -464,8 +452,11 @@ end:
return(1);
}
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *port_ptr)
int extract_host_port(str,host_ptr,ip,port_ptr)
char *str;
char **host_ptr;
unsigned char *ip;
short *port_ptr;
{
char *h,*p;
@@ -489,7 +480,9 @@ err:
return(0);
}
int host_ip(char *str, unsigned char ip[4])
int host_ip(str,ip)
char *str;
unsigned char ip[4];
{
unsigned int in[4];
int i;
@@ -535,7 +528,9 @@ err:
return(0);
}
int extract_port(char *str, short *port_ptr)
int extract_port(str,port_ptr)
char *str;
short *port_ptr;
{
int i;
struct servent *s;
@@ -567,7 +562,8 @@ static struct ghbn_cache_st
static unsigned long ghbn_hits=0L;
static unsigned long ghbn_miss=0L;
static struct hostent *GetHostByName(char *name)
static struct hostent *GetHostByName(name)
char *name;
{
struct hostent *ret;
int i,lowi=0;
@@ -607,7 +603,11 @@ static struct hostent *GetHostByName(char *name)
}
#ifndef MSDOS
int spawn(int argc, char **argv, int *in, int *out)
int spawn(argc, argv, in, out)
int argc;
char **argv;
int *in;
int *out;
{
int pid;
#define CHILD_READ p1[0]
@@ -618,11 +618,7 @@ int spawn(int argc, char **argv, int *in, int *out)
if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
#ifdef VMS
if ((pid=vfork()) == 0)
#else
if ((pid=fork()) == 0)
#endif
{ /* child */
if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
perror("dup2");

82
apps/s_time.c
View File

@@ -59,7 +59,7 @@
#define NO_SHUTDOWN
/*-----------------------------------------
s_time - SSL client connection timer program
cntime - SSL client connection timer program
Written and donated by Larry Streepy <streepy@healthcare.com>
-----------------------------------------*/
@@ -67,29 +67,26 @@
#include <stdlib.h>
#include <string.h>
#if defined(NO_RSA) && !defined(NO_SSL2)
#define NO_SSL2
#endif
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include "x509.h"
#include "ssl.h"
#include "pem.h"
#define USE_SOCKETS
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "apps.h"
#include "s_apps.h"
#include <openssl/err.h>
#include "err.h"
#ifdef WIN32_STUFF
#include "winmain.h"
#include "wintext.h"
#endif
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
#ifndef MSDOS
#define TIMES
#endif
#ifndef VMS
#ifndef _IRIX
#include <time.h>
#endif
@@ -97,15 +94,15 @@
#include <sys/types.h>
#include <sys/times.h>
#endif
/* Depending on the VMS version, the tms structure is perhaps defined.
The __TMS macro will show if it was. If it wasn't defined, we should
undefine TIMES, since that tells the rest of the program how things
should be handled. -- Richard Levitte */
#if defined(VMS) && defined(__DECC) && !defined(__TMS)
#undef TIMES
#else /* VMS */
#include <types.h>
struct tms {
time_t tms_utime;
time_t tms_stime;
time_t tms_uchild; /* I dunno... */
time_t tms_uchildsys; /* so these names are a guess :-) */
}
#endif
#ifndef TIMES
#include <sys/timeb.h>
#endif
@@ -124,7 +121,11 @@
*/
#ifndef HZ
#ifndef CLK_TCK
#ifndef VMS
#define HZ 100.0
#else /* VMS */
#define HZ 100.0
#endif
#else /* CLK_TCK */
#define HZ ((double)CLK_TCK)
#endif
@@ -133,7 +134,6 @@
#undef PROG
#define PROG s_time_main
#undef ioctl
#define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433"
@@ -151,10 +151,18 @@
extern int verify_depth;
extern int verify_error;
#ifndef NOPROTO
static void s_time_usage(void);
static int parseArgs( int argc, char **argv );
static SSL *doConnection( SSL *scon );
static void s_time_init(void);
#else
static void s_time_usage();
static int parseArgs();
static SSL *doConnection();
static void s_time_init();
#endif
/***********************************************************************
* Static data declarations
@@ -182,7 +190,7 @@ static int t_nbio=0;
static int exitNow = 0; /* Set when it's time to exit main */
#endif
static void s_time_init(void)
static void s_time_init()
{
host=SSL_CONNECT_NAME;
t_cert_file=NULL;
@@ -210,19 +218,19 @@ static void s_time_init(void)
/***********************************************************************
* usage - display usage message
*/
static void s_time_usage(void)
static void s_time_usage()
{
static char umsg[] = "\
-time arg - max number of seconds to collect data, default %d\n\
-verify arg - turn on peer certificate verification, arg == depth\n\
-cert arg - certificate file to use, PEM format assumed\n\
-key arg - RSA file to use, PEM format assumed, key is in cert file\n\
file if not specified by this option\n\
-key arg - RSA file to use, PEM format assumed, in cert file if\n\
not specified but cert fill is.\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
-cipher - prefered cipher to use, play with 'openssl ciphers'\n\n";
-cipher - prefered cipher to use, play with 'ssleay ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
printf( "usage: client <args>\n\n" );
printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
#ifdef FIONBIO
@@ -242,7 +250,9 @@ static void s_time_usage(void)
*
* Returns 0 if ok, -1 on bad args
*/
static int parseArgs(int argc, char **argv)
static int parseArgs(argc,argv)
int argc;
char **argv;
{
int badop = 0;
@@ -367,7 +377,8 @@ bad:
#define START 0
#define STOP 1
static double tm_Time_F(int s)
static double tm_Time_F(s)
int s;
{
static double ret;
#ifdef TIMES
@@ -401,7 +412,10 @@ static double tm_Time_F(int s)
* MAIN - main processing area for client
* real name depends on MONOLITH
*/
int MAIN(int argc, char **argv)
int
MAIN(argc,argv)
int argc;
char **argv;
{
double totalTime = 0.0;
int nConn = 0;
@@ -625,7 +639,9 @@ end:
* Returns:
* SSL * = the connection pointer.
*/
static SSL *doConnection(SSL *scon)
static SSL *
doConnection(scon)
SSL *scon;
{
BIO *conn;
SSL *serverCon;
@@ -664,13 +680,7 @@ static SSL *doConnection(SSL *scon)
width=i+1;
FD_ZERO(&readfds);
FD_SET(i,&readfds);
/* Note: under VMS with SOCKETSHR the 2nd parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
select(width,(void *)&readfds,NULL,NULL,NULL);
select(width,&readfds,NULL,NULL,NULL);
continue;
}
break;

780
apps/sc.c Normal file
View File

@@ -0,0 +1,780 @@
/* apps/s_client.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_SOCKETS
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include "x509.h"
#include "ssl.h"
#include "err.h"
#include "pem.h"
#include "s_apps.h"
#ifdef WINDOWS
/* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk
<gerritvn@osi.co.za> to support the keyboard under Windows.
Tested using Win95, *should* work with NT and Win3.x
*/
#include <conio.h>
#endif
#undef PROG
#define PROG s_client_main
/*#define SSL_HOST_NAME "www.netscape.com" */
/*#define SSL_HOST_NAME "193.118.187.102" */
#define SSL_HOST_NAME "localhost"
/*#define TEST_CERT "client.pem" */ /* no default cert. */
#undef BUFSIZZ
#define BUFSIZZ 1024*8
extern int verify_depth;
extern int verify_error;
#ifdef FIONBIO
static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
#ifndef NOPROTO
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
#else
static void sc_usage();
static void print_stuff();
#endif
static BIO *bio_c_out=NULL;
static int c_quiet=0;
static void sc_usage()
{
BIO_printf(bio_err,"usage: client args\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," not specified but cert file is.\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -debug - extra output\n");
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
BIO_printf(bio_err," -state - print the 'ssl' states\n");
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
BIO_printf(bio_err," -quiet - no s_client output\n");
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
}
int MAIN(argc, argv)
int argc;
char **argv;
{
int off=0;
SSL *con=NULL,*con2=NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
short port=PORT;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
int write_tty,read_tty,write_ssl,read_ssl,tty_on;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
SSL_METHOD *meth=NULL;
BIO *sbio;
/*static struct timeval timeout={10,0};*/
#if !defined(NO_SSL2) && !defined(NO_SSL3)
meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
meth=SSLv3_client_method();
#elif !defined(NO_SSL2)
meth=SSLv2_client_method();
#endif
apps_startup();
c_Pause=0;
c_quiet=0;
c_debug=0;
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
((sbuf=Malloc(BUFSIZZ)) == NULL))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
verify_depth=0;
verify_error=X509_V_OK;
#ifdef FIONBIO
c_nbio=0;
#endif
#ifdef WINDOWS
c_nbio = 1;
#endif
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-host") == 0)
{
if (--argc < 1) goto bad;
host= *(++argv);
}
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
port=atoi(*(++argv));
if (port == 0) goto bad;
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
if (!extract_host_port(*(++argv),&host,NULL,&port))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
{
verify=SSL_VERIFY_PEER;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
}
else if (strcmp(*argv,"-cert") == 0)
{
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
else if (strcmp(*argv,"-quiet") == 0)
c_quiet=1;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
else if (strcmp(*argv,"-nbio_test") == 0)
nbio_test=1;
else if (strcmp(*argv,"-state") == 0)
state=1;
#ifndef NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if (strcmp(*argv,"-bugs") == 0)
bugs=1;
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
key_file= *(++argv);
}
else if (strcmp(*argv,"-reconnect") == 0)
{
reconnect=5;
}
else if (strcmp(*argv,"-CApath") == 0)
{
if (--argc < 1) goto bad;
CApath= *(++argv);
}
else if (strcmp(*argv,"-CAfile") == 0)
{
if (--argc < 1) goto bad;
CAfile= *(++argv);
}
else if (strcmp(*argv,"-no_tls1") == 0)
off|=SSL_OP_NO_TLSv1;
else if (strcmp(*argv,"-no_ssl3") == 0)
off|=SSL_OP_NO_SSLv3;
else if (strcmp(*argv,"-no_ssl2") == 0)
off|=SSL_OP_NO_SSLv2;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
cipher= *(++argv);
}
#ifdef FIONBIO
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badop=1;
break;
}
argc--;
argv++;
}
if (badop)
{
bad:
sc_usage();
goto end;
}
if (bio_c_out == NULL)
{
if (c_quiet)
{
bio_c_out=BIO_new(BIO_s_null());
}
else
{
if (bio_c_out == NULL)
bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
}
}
SSLeay_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (cipher != NULL)
SSL_CTX_set_cipher_list(ctx,cipher);
#if 0
else
SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
#endif
SSL_CTX_set_verify(ctx,verify,verify_callback);
if (!set_cert_stuff(ctx,cert_file,key_file))
goto end;
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
/* BIO_printf(bio_err,"error seting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
SSL_load_error_strings();
con=(SSL *)SSL_new(ctx);
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:
if (init_client(&s,host,port) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
goto end;
}
BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
#ifdef FIONBIO
if (c_nbio)
{
unsigned long l=1;
BIO_printf(bio_c_out,"turning on non blocking io\n");
if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
{
ERR_print_errors(bio_err);
goto end;
}
}
#endif
if (c_Pause & 0x01) con->debug=1;
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (nbio_test)
{
BIO *test;
test=BIO_new(BIO_f_nbio_test());
sbio=BIO_push(test,sbio);
}
if (c_debug)
{
con->debug=1;
BIO_set_callback(sbio,bio_dump_cb);
BIO_set_callback_arg(sbio,bio_c_out);
}
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
/* ok, lets connect */
width=SSL_get_fd(con)+1;
read_tty=1;
write_tty=0;
tty_on=0;
read_ssl=1;
write_ssl=1;
cbuf_len=0;
cbuf_off=0;
sbuf_len=0;
sbuf_off=0;
for (;;)
{
FD_ZERO(&readfds);
FD_ZERO(&writefds);
if (SSL_in_init(con) && !SSL_total_renegotiations(con))
{
in_init=1;
tty_on=0;
}
else
{
tty_on=1;
if (in_init)
{
in_init=0;
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
if (reconnect)
{
reconnect--;
BIO_printf(bio_c_out,"drop connection and then reconnect\n");
SSL_shutdown(con);
SSL_set_connect_state(con);
SHUTDOWN(SSL_get_fd(con));
goto re_start;
}
}
}
#ifndef WINDOWS
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
if (write_tty) FD_SET(fileno(stdout),&writefds);
}
#endif
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
#ifndef WINDOWS
i=select(width,&readfds,&writefds,NULL,NULL);
if ( i < 0)
{
BIO_printf(bio_err,"bad select %d\n",
get_last_socket_error());
goto shut;
/* goto end; */
}
if (FD_ISSET(SSL_get_fd(con),&writefds))
#else
if (write_ssl)
#endif
{
k=SSL_write(con,&(cbuf[cbuf_off]),
(unsigned int)cbuf_len);
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
cbuf_off+=k;
cbuf_len-=k;
if (k <= 0) goto end;
/* we have done a write(con,NULL,0); */
if (cbuf_len <= 0)
{
read_tty=1;
write_ssl=0;
}
else /* if (cbuf_len > 0) */
{
read_tty=0;
write_ssl=1;
}
break;
case SSL_ERROR_WANT_WRITE:
#ifndef WINDOWS
BIO_printf(bio_c_out,"write W BLOCK\n");
#endif
write_ssl=1;
read_tty=0;
break;
case SSL_ERROR_WANT_READ:
#ifndef WINDOWS
BIO_printf(bio_c_out,"write R BLOCK\n");
#endif
write_tty=0;
read_ssl=1;
write_ssl=0;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_c_out,"write X BLOCK\n");
break;
case SSL_ERROR_ZERO_RETURN:
if (cbuf_len != 0)
{
BIO_printf(bio_c_out,"shutdown\n");
goto shut;
}
else
{
read_tty=1;
write_ssl=0;
break;
}
case SSL_ERROR_SYSCALL:
if ((k != 0) || (cbuf_len != 0))
{
BIO_printf(bio_err,"write:errno=%d\n",
get_last_socket_error());
goto shut;
}
else
{
read_tty=1;
write_ssl=0;
}
break;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
}
}
#ifndef WINDOWS
else if (FD_ISSET(fileno(stdout),&writefds))
#else
else if (tty_on && write_tty)
#endif
{
i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
if (i <= 0)
{
BIO_printf(bio_c_out,"DONE\n");
goto shut;
/* goto end; */
}
sbuf_len-=i;;
sbuf_off+=i;
if (sbuf_len <= 0)
{
read_ssl=1;
write_tty=0;
}
}
#ifndef WINDOWS
else if (FD_ISSET(SSL_get_fd(con),&readfds))
#else
if (read_ssl)
#endif
{
#ifdef RENEG
{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
#endif
k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
if (k <= 0)
goto end;
sbuf_off=0;
sbuf_len=k;
read_ssl=0;
write_tty=1;
break;
case SSL_ERROR_WANT_WRITE:
#ifndef WINDOWS
BIO_printf(bio_c_out,"read W BLOCK\n");
#endif
write_ssl=1;
read_tty=0;
break;
case SSL_ERROR_WANT_READ:
#ifndef WINDOWS
BIO_printf(bio_c_out,"read R BLOCK\n");
#endif
write_tty=0;
read_ssl=1;
if ((read_tty == 0) && (write_ssl == 0))
write_ssl=1;
break;
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_c_out,"read X BLOCK\n");
break;
case SSL_ERROR_SYSCALL:
BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
goto shut;
case SSL_ERROR_ZERO_RETURN:
BIO_printf(bio_c_out,"closed\n");
goto shut;
case SSL_ERROR_SSL:
ERR_print_errors(bio_err);
goto shut;
break;
}
}
#ifndef WINDOWS
else if (FD_ISSET(fileno(stdin),&readfds))
{
i=read(fileno(stdin),cbuf,BUFSIZZ);
#else
if (tty_on && read_tty && _kbhit())
{
i = 1;
cbuf[0] = _getch();
#endif
if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
{
BIO_printf(bio_err,"DONE\n");
goto shut;
}
if ((!c_quiet) && (cbuf[0] == 'R'))
{
SSL_renegotiate(con);
read_tty=0;
write_ssl=1;
}
else
{
cbuf_len=i;
cbuf_off=0;
}
read_tty=0;
write_ssl=1;
}
}
shut:
SSL_shutdown(con);
SHUTDOWN(SSL_get_fd(con));
ret=0;
end:
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
EXIT(ret);
}
static void print_stuff(bio,s,full)
BIO *bio;
SSL *s;
int full;
{
X509 *peer=NULL;
char *p;
static char *space=" ";
char buf[BUFSIZ];
STACK *sk;
SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
if (full)
{
sk=SSL_get_peer_cert_chain(s);
if (sk != NULL)
{
BIO_printf(bio,"---\nCertificate chain\n");
for (i=0; i<sk_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name((X509 *)
sk_value(sk,i)),buf,BUFSIZ);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name((X509 *)
sk_value(sk,i)),buf,BUFSIZ);
BIO_printf(bio," i:%s\n",buf);
}
}
BIO_printf(bio,"---\n");
peer=SSL_get_peer_certificate(s);
if (peer != NULL)
{
BIO_printf(bio,"Server certificate\n");
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
buf,BUFSIZ);
BIO_printf(bio,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
buf,BUFSIZ);
BIO_printf(bio,"issuer=%s\n",buf);
}
else
BIO_printf(bio,"no peer certificate available\n");
sk=SSL_get_client_CA_list(s);
if ((sk != NULL) && (sk_num(sk) > 0))
{
BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
for (i=0; i<sk_num(sk); i++)
{
xn=(X509_NAME *)sk_value(sk,i);
X509_NAME_oneline(xn,buf,sizeof(buf));
BIO_write(bio,buf,strlen(buf));
BIO_write(bio,"\n",1);
}
}
else
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
if (p != NULL)
{
BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
j=i=0;
while (*p)
{
if (*p == ':')
{
BIO_write(bio,space,15-j%25);
i++;
j=0;
BIO_write(bio,((i%3)?" ":"\n"),1);
}
else
{
BIO_write(bio,p,1);
j++;
}
p++;
}
BIO_write(bio,"\n",1);
}
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
}
BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
c=SSL_get_current_cipher(s);
BIO_printf(bio,"%s, Cipher is %s\n",
SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c));
if (peer != NULL)
BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(X509_get_pubkey(peer)));
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
}

46
apps/sess_id.c
View File

@@ -60,37 +60,43 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include "bio.h"
#include "err.h"
#include "x509.h"
#include "pem.h"
#include "ssl.h"
#undef PROG
#define PROG sess_id_main
static char *sess_id_usage[]={
"usage: sess_id args\n",
"usage: crl args\n",
"\n",
" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
" -outform arg - output format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -text - print ssl session id details\n",
" -cert - output certificate \n",
" -cert - output certificaet \n",
" -noout - no CRL output\n",
" -context arg - set the session ID context\n",
NULL
};
#ifndef NOPROTO
static SSL_SESSION *load_sess_id(char *file, int format);
int MAIN(int argc, char **argv)
#else
static SSL_SESSION *load_sess_id();
#endif
int MAIN(argc, argv)
int argc;
char **argv;
{
SSL_SESSION *x=NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
char *infile=NULL,*outfile=NULL;
int cert=0,noout=0,text=0;
char **pp;
@@ -134,11 +140,6 @@ int MAIN(int argc, char **argv)
cert= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-context") == 0)
{
if(--argc < 1) goto bad;
context=*++argv;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -161,17 +162,6 @@ bad:
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
if(context)
{
x->sid_ctx_length=strlen(context);
if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
memcpy(x->sid_ctx,context,x->sid_ctx_length);
}
#ifdef undef
/* just testing for memory leaks :-) */
{
@@ -264,7 +254,9 @@ end:
EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
static SSL_SESSION *load_sess_id(infile, format)
char *infile;
int format;
{
SSL_SESSION *x=NULL;
BIO *in=NULL;

176
apps/speed.c
View File

@@ -78,14 +78,15 @@
#ifdef NO_STDIO
#define APPS_WIN16
#endif
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include "crypto.h"
#include "rand.h"
#include "err.h"
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
#ifndef MSDOS
#define TIMES
#endif
#ifndef VMS
#ifndef _IRIX
#include <time.h>
#endif
@@ -93,15 +94,15 @@
#include <sys/types.h>
#include <sys/times.h>
#endif
/* Depending on the VMS version, the tms structure is perhaps defined.
The __TMS macro will show if it was. If it wasn't defined, we should
undefine TIMES, since that tells the rest of the program how things
should be handled. -- Richard Levitte */
#if defined(VMS) && defined(__DECC) && !defined(__TMS)
#undef TIMES
#else /* VMS */
#include <types.h>
struct tms {
time_t tms_utime;
time_t tms_stime;
time_t tms_uchild; /* I dunno... */
time_t tms_uchildsys; /* so these names are a guess :-) */
}
#endif
#ifndef TIMES
#include <sys/timeb.h>
#endif
@@ -113,48 +114,48 @@
#endif
#ifndef NO_DES
#include <openssl/des.h>
#include "des.h"
#endif
#ifndef NO_MD2
#include <openssl/md2.h>
#include "md2.h"
#endif
#ifndef NO_MDC2
#include <openssl/mdc2.h>
#include "mdc2.h"
#endif
#ifndef NO_MD5
#include <openssl/md5.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include "md5.h"
#include "hmac.h"
#include "evp.h"
#endif
#ifndef NO_SHA
#include <openssl/sha.h>
#ifndef NO_SHA1
#include "sha.h"
#endif
#ifndef NO_RIPEMD
#include <openssl/ripemd.h>
#ifndef NO_RMD160
#include "ripemd.h"
#endif
#ifndef NO_RC4
#include <openssl/rc4.h>
#include "rc4.h"
#endif
#ifndef NO_RC5
#include <openssl/rc5.h>
#include "rc5.h"
#endif
#ifndef NO_RC2
#include <openssl/rc2.h>
#include "rc2.h"
#endif
#ifndef NO_IDEA
#include <openssl/idea.h>
#include "idea.h"
#endif
#ifndef NO_BF
#include <openssl/blowfish.h>
#ifndef NO_BLOWFISH
#include "blowfish.h"
#endif
#ifndef NO_CAST
#include <openssl/cast.h>
#include "cast.h"
#endif
#ifndef NO_RSA
#include <openssl/rsa.h>
#include "./testrsa.h"
#include "rsa.h"
#endif
#include <openssl/x509.h>
#include "x509.h"
#include "./testrsa.h"
#ifndef NO_DSA
#include "./testdsa.h"
#endif
@@ -163,7 +164,11 @@
#ifndef HZ
# ifndef CLK_TCK
# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
# define HZ 100.0
# ifndef VMS
# define HZ 100.0
# else /* VMS */
# define HZ 100.0
# endif
# else /* _BSD_CLK_TCK_ */
# define HZ ((double)_BSD_CLK_TCK_)
# endif
@@ -176,9 +181,16 @@
#define BUFSIZE ((long)1024*8+1)
int run=0;
#ifndef NOPROTO
static double Time_F(int s);
static void print_message(char *s,long num,int length);
static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
#else
static double Time_F();
static void print_message();
static void pkey_print_message();
#endif
#ifdef SIGALRM
#if defined(__STDC__) || defined(sgi) || defined(_AIX)
#define SIGRETTYPE void
@@ -186,8 +198,14 @@ static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
#define SIGRETTYPE int
#endif
#ifndef NOPROTO
static SIGRETTYPE sig_done(int sig);
static SIGRETTYPE sig_done(int sig)
#else
static SIGRETTYPE sig_done();
#endif
static SIGRETTYPE sig_done(sig)
int sig;
{
signal(SIGALRM,sig_done);
run=0;
@@ -200,7 +218,8 @@ static SIGRETTYPE sig_done(int sig)
#define START 0
#define STOP 1
static double Time_F(int s)
static double Time_F(s)
int s;
{
double ret;
#ifdef TIMES
@@ -236,10 +255,11 @@ static double Time_F(int s)
#endif
}
int MAIN(int argc, char **argv)
int MAIN(argc,argv)
int argc;
char **argv;
{
unsigned char *buf=NULL,*buf2=NULL;
des_cblock *buf_as_des_cblock = NULL;
int ret=1;
#define ALGOR_NUM 14
#define SIZE_NUM 5
@@ -257,10 +277,10 @@ int MAIN(int argc, char **argv)
unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];
#endif
#ifndef NO_SHA
#ifndef NO_SHA1
unsigned char sha[SHA_DIGEST_LENGTH];
#endif
#ifndef NO_RIPEMD
#ifndef NO_RMD160
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
#endif
#ifndef NO_RC4
@@ -275,7 +295,7 @@ int MAIN(int argc, char **argv)
#ifndef NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
BF_KEY bf_ks;
#endif
#ifndef NO_CAST
@@ -319,9 +339,9 @@ int MAIN(int argc, char **argv)
#define R_RSA_1024 1
#define R_RSA_2048 2
#define R_RSA_4096 3
#ifndef NO_RSA
RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2];
#ifndef NO_RSA
double rsa_results[RSA_NUM][2];
static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
static unsigned char *rsa_data[RSA_NUM]=
@@ -342,7 +362,7 @@ int MAIN(int argc, char **argv)
int pr_header=0;
apps_startup();
#ifndef NO_DSA
#ifdef NO_DSA
memset(dsa_key,0,sizeof(dsa_key));
#endif
@@ -361,7 +381,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"out of memory\n");
goto end;
}
buf_as_des_cblock = (des_cblock *)buf;
if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
@@ -399,13 +418,13 @@ int MAIN(int argc, char **argv)
if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
else
#endif
#ifndef NO_SHA
#ifndef NO_SHA1
if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
else
if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
else
#endif
#ifndef NO_RIPEMD
#ifndef NO_RMD160
if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
else
if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -431,7 +450,7 @@ int MAIN(int argc, char **argv)
}
else
#endif
if (strcmp(*argv,"openssl") == 0)
if (strcmp(*argv,"ssleay") == 0)
{
RSA_set_default_method(RSA_PKCS1_SSLeay());
j--;
@@ -461,7 +480,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
else
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
@@ -511,10 +530,10 @@ int MAIN(int argc, char **argv)
#ifndef NO_RC5
BIO_printf(bio_err,"rc5-cbc ");
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
BIO_printf(bio_err,"bf-cbc");
#endif
#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
BIO_printf(bio_err,"\n");
#endif
BIO_printf(bio_err,"des-cbc des-ede3 ");
@@ -582,9 +601,9 @@ int MAIN(int argc, char **argv)
#endif
#ifndef NO_DES
des_set_key(&key,sch);
des_set_key(&key2,sch2);
des_set_key(&key3,sch3);
des_set_key((C_Block *)key,sch);
des_set_key((C_Block *)key2,sch2);
des_set_key((C_Block *)key3,sch3);
#endif
#ifndef NO_IDEA
idea_set_encrypt_key(key16,&idea_ks);
@@ -598,15 +617,14 @@ int MAIN(int argc, char **argv)
#ifndef NO_RC5
RC5_32_set_key(&rc5_ks,16,key16,12);
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
BF_set_key(&bf_ks,16,key16);
#endif
#ifndef NO_CAST
CAST_set_key(&cast_ks,16,key16);
#endif
#ifndef NO_RSA
memset(rsa_c,0,sizeof(rsa_c));
#endif
#ifndef SIGALRM
BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
count=10;
@@ -615,7 +633,7 @@ int MAIN(int argc, char **argv)
count*=2;
Time_F(START);
for (i=count; i; i--)
des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
&(sch[0]),DES_ENCRYPT);
d=Time_F(STOP);
} while (d <3);
@@ -658,7 +676,6 @@ int MAIN(int argc, char **argv)
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
}
#ifndef NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
rsa_c[R_RSA_512][1]=count/400;
for (i=1; i<RSA_NUM; i++)
@@ -676,7 +693,6 @@ int MAIN(int argc, char **argv)
}
}
}
#endif
dsa_c[R_DSA_512][0]=count/1000;
dsa_c[R_DSA_512][1]=count/1000/2;
@@ -778,7 +794,7 @@ int MAIN(int argc, char **argv)
}
}
#endif
#ifndef NO_SHA
#ifndef NO_SHA1
if (doit[D_SHA1])
{
for (j=0; j<SIZE_NUM; j++)
@@ -794,7 +810,7 @@ int MAIN(int argc, char **argv)
}
}
#endif
#ifndef NO_RIPEMD
#ifndef NO_RMD160
if (doit[D_RMD160])
{
for (j=0; j<SIZE_NUM; j++)
@@ -835,8 +851,10 @@ int MAIN(int argc, char **argv)
print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
Time_F(START);
for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
des_ncbc_encrypt(buf,buf,lengths[j],sch,
&iv,DES_ENCRYPT);
des_ncbc_encrypt((C_Block *)buf,
(C_Block *)buf,
(long)lengths[j],sch,
(C_Block *)&(iv[0]),DES_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_DES],d);
@@ -851,9 +869,10 @@ int MAIN(int argc, char **argv)
print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
Time_F(START);
for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
des_ede3_cbc_encrypt(buf,buf,lengths[j],
sch,sch2,sch3,
&iv,DES_ENCRYPT);
des_ede3_cbc_encrypt((C_Block *)buf,
(C_Block *)buf,
(long)lengths[j],sch,sch2,sch3,
(C_Block *)&(iv[0]),DES_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_EDE3_DES],d);
@@ -871,7 +890,7 @@ int MAIN(int argc, char **argv)
for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
idea_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&idea_ks,
iv,IDEA_ENCRYPT);
(unsigned char *)&(iv[0]),IDEA_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_IDEA],d);
@@ -889,7 +908,7 @@ int MAIN(int argc, char **argv)
for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
RC2_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc2_ks,
iv,RC2_ENCRYPT);
(unsigned char *)&(iv[0]),RC2_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_RC2],d);
@@ -907,7 +926,7 @@ int MAIN(int argc, char **argv)
for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
RC5_32_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&rc5_ks,
iv,RC5_ENCRYPT);
(unsigned char *)&(iv[0]),RC5_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_RC5],d);
@@ -915,7 +934,7 @@ int MAIN(int argc, char **argv)
}
}
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
if (doit[D_CBC_BF])
{
for (j=0; j<SIZE_NUM; j++)
@@ -925,7 +944,7 @@ int MAIN(int argc, char **argv)
for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
BF_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&bf_ks,
iv,BF_ENCRYPT);
(unsigned char *)&(iv[0]),BF_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_BF],d);
@@ -943,7 +962,7 @@ int MAIN(int argc, char **argv)
for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
CAST_cbc_encrypt(buf,buf,
(unsigned long)lengths[j],&cast_ks,
iv,CAST_ENCRYPT);
(unsigned char *)&(iv[0]),CAST_ENCRYPT);
d=Time_F(STOP);
BIO_printf(bio_err,"%ld %s's in %.2fs\n",
count,names[D_CBC_CAST],d);
@@ -1093,7 +1112,7 @@ int MAIN(int argc, char **argv)
#ifndef NO_IDEA
printf("%s ",idea_options());
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
printf("%s ",BF_options());
#endif
fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
@@ -1168,7 +1187,10 @@ end:
EXIT(ret);
}
static void print_message(char *s, long num, int length)
static void print_message(s,num,length)
char *s;
long num;
int length;
{
#ifdef SIGALRM
BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
@@ -1183,8 +1205,12 @@ static void print_message(char *s, long num, int length)
#endif
}
static void pkey_print_message(char *str, char *str2, long num, int bits,
int tm)
static void pkey_print_message(str,str2,num,bits,tm)
char *str;
char *str2;
long num;
int bits;
int tm;
{
#ifdef SIGALRM
BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);

343
apps/ssleay.c Normal file
View File

@@ -0,0 +1,343 @@
/* apps/ssleay.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef DEBUG
#undef DEBUG
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "bio.h"
#include "crypto.h"
#include "lhash.h"
#include "conf.h"
#include "x509.h"
#include "pem.h"
#include "ssl.h"
#define SSLEAY /* turn off a few special case MONOLITH macros */
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#define SSLEAY_SRC
#include "apps.h"
#include "s_apps.h"
#include "err.h"
/*
#ifdef WINDOWS
#include "bss_file.c"
#endif
*/
#ifndef NOPROTO
static unsigned long MS_CALLBACK hash(FUNCTION *a);
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
#else
static unsigned long MS_CALLBACK hash();
static int MS_CALLBACK cmp();
static LHASH *prog_init();
static int do_cmd();
#endif
LHASH *config=NULL;
char *default_config_file=NULL;
#ifdef DEBUG
static void sig_stop(i)
int i;
{
char *a=NULL;
*a='\0';
}
#endif
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
BIO *bio_err=NULL;
#endif
int main(Argc,Argv)
int Argc;
char *Argv[];
{
ARGS arg;
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
FUNCTION f,*fp;
MS_STATIC char *prompt,buf[1024],config_name[256];
int n,i,ret=0;
int argc;
char **argv,*p;
LHASH *prog=NULL;
long errline;
arg.data=NULL;
arg.count=0;
/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
apps_startup();
#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
#ifdef SIGBUS
signal(SIGBUS,sig_stop);
#endif
#ifdef SIGSEGV
signal(SIGSEGV,sig_stop);
#endif
#endif
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
/* Lets load up our environment a little */
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
strcat(config_name,"/lib/");
strcat(config_name,SSLEAY_CONF);
p=config_name;
}
default_config_file=p;
config=CONF_load(config,p,&errline);
if (config == NULL) ERR_clear_error();
prog=prog_init();
/* first check the program name */
program_name(Argv[0],pname,PROG_NAME_SIZE);
f.name=pname;
fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
if (fp != NULL)
{
Argv[0]=pname;
ret=fp->func(Argc,Argv);
goto end;
}
/* ok, now check that there are not arguments, if there are,
* run with them, shifting the ssleay off the front */
if (Argc != 1)
{
Argc--;
Argv++;
ret=do_cmd(prog,Argc,Argv);
if (ret < 0) ret=0;
goto end;
}
/* ok, lets enter the old 'SSLeay>' mode */
for (;;)
{
ret=0;
p=buf;
n=1024;
i=0;
for (;;)
{
p[0]='\0';
if (i++)
prompt=">";
else prompt="SSLeay>";
fputs(prompt,stdout);
fflush(stdout);
fgets(p,n,stdin);
if (p[0] == '\0') goto end;
i=strlen(p);
if (i <= 1) break;
if (p[i-2] != '\\') break;
i-=2;
p+=i;
n-=i;
}
if (!chopup_args(&arg,buf,&argc,&argv)) break;
ret=do_cmd(prog,argc,argv);
if (ret < 0)
{
ret=0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err,"error in %s\n",argv[0]);
BIO_flush(bio_err);
}
BIO_printf(bio_err,"bad exit\n");
ret=1;
end:
if (config != NULL)
{
CONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);
if (arg.data != NULL) Free(arg.data);
ERR_remove_state(0);
EVP_cleanup();
ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
bio_err=NULL;
}
EXIT(ret);
}
static int do_cmd(prog,argc,argv)
LHASH *prog;
int argc;
char *argv[];
{
FUNCTION f,*fp;
int i,ret=1,tp,nl;
if ((argc <= 0) || (argv[0] == NULL))
{ ret=0; goto end; }
f.name=argv[0];
fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
if (fp != NULL)
{
ret=fp->func(argc,argv);
}
else if ((strcmp(argv[0],"quit") == 0) ||
(strcmp(argv[0],"q") == 0) ||
(strcmp(argv[0],"exit") == 0) ||
(strcmp(argv[0],"bye") == 0))
{
ret= -1;
goto end;
}
else
{
BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
argv[0]);
i=0;
fp=functions;
tp=0;
for (fp=functions; fp->name != NULL; fp++)
{
nl=0;
if (((i++) % 5) == 0)
{
BIO_printf(bio_err,"\n");
nl=1;
}
if (fp->type != tp)
{
tp=fp->type;
if (!nl) BIO_printf(bio_err,"\n");
if (tp == FUNC_TYPE_MD)
{
i=1;
BIO_printf(bio_err,
"Message Digest commands - see the dgst command for more details\n");
}
else if (tp == FUNC_TYPE_CIPHER)
{
i=1;
BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
}
}
BIO_printf(bio_err,"%-15s",fp->name);
}
BIO_printf(bio_err,"\nquit\n");
ret=0;
}
end:
return(ret);
}
static LHASH *prog_init()
{
LHASH *ret;
FUNCTION *f;
if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
for (f=functions; f->name != NULL; f++)
lh_insert(ret,(char *)f);
return(ret);
}
static int MS_CALLBACK cmp(a,b)
FUNCTION *a,*b;
{
return(strncmp(a->name,b->name,8));
}
static unsigned long MS_CALLBACK hash(a)
FUNCTION *a;
{
return(lh_strhash(a->name));
}
#undef SSLEAY

119
apps/ssleay.cnf Normal file
View File

@@ -0,0 +1,119 @@
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = x509v3_extensions # The extentions to add to the cert
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = CryptSoft Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ x509v3_extensions ]
nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
nsComment = "This is a comment"
# under ASN.1, the 0 bit would be encoded as 80
nsCertType = 0x40
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType

7
apps/testdsa.h
View File

@@ -1,7 +1,14 @@
/* NOCW */
#ifndef NOPROTO
DSA *get_dsa512(void );
DSA *get_dsa1024(void );
DSA *get_dsa2048(void );
#else
DSA *get_dsa512();
DSA *get_dsa1024();
DSA *get_dsa2048();
#endif
static unsigned char dsa512_p[]={
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,

26
apps/verify.c
View File

@@ -60,19 +60,27 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "bio.h"
#include "err.h"
#include "x509.h"
#include "pem.h"
#undef PROG
#define PROG verify_main
#ifndef NOPROTO
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx,char *file);
#else
static int MS_CALLBACK cb();
static int check();
#endif
static int v_verbose=0;
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int i,ret=1;
char *CApath=NULL,*CAfile=NULL;
@@ -146,7 +154,9 @@ end:
EXIT(ret);
}
static int check(X509_STORE *ctx, char *file)
static int check(ctx,file)
X509_STORE *ctx;
char *file;
{
X509 *x=NULL;
BIO *in=NULL;
@@ -200,7 +210,9 @@ end:
return(ret);
}
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
static int MS_CALLBACK cb(ok,ctx)
int ok;
X509_STORE_CTX *ctx;
{
char buf[256];

12
apps/version.c
View File

@@ -60,13 +60,15 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/evp.h>
#include <openssl/crypto.h>
#include "evp.h"
#include "crypto.h"
#undef PROG
#define PROG version_main
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int i,ret=0;
int cflags=0,version=0,date=0,options=0,platform=0;
@@ -105,7 +107,7 @@ int MAIN(int argc, char **argv)
if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
if (options)
{
printf("options: ");
printf("options:");
printf("%s ",BN_options());
#ifndef NO_MD2
printf("%s ",MD2_options());
@@ -119,7 +121,7 @@ int MAIN(int argc, char **argv)
#ifndef NO_IDEA
printf("%s ",idea_options());
#endif
#ifndef NO_BF
#ifndef NO_BLOWFISH
printf("%s ",BF_options());
#endif
printf("\n");

185
apps/x509.c
View File

@@ -63,15 +63,14 @@
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include "bio.h"
#include "asn1.h"
#include "err.h"
#include "bn.h"
#include "evp.h"
#include "x509.h"
#include "objects.h"
#include "pem.h"
#undef PROG
#define PROG x509_main
@@ -111,24 +110,32 @@ static char *x509_usage[]={
" missing, it is asssumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial - serial file\n",
" -text - print the certificate in text form\n",
" -text - print the certitificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
" -extfile - configuration file with X509V3 extensions to add\n",
NULL
};
#ifndef NOPROTO
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static EVP_PKEY *load_key(char *file, int format);
static X509 *load_cert(char *file, int format);
static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
LHASH *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
int create,int days, LHASH *conf, char *section);
static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
#else
static int MS_CALLBACK callb();
static EVP_PKEY *load_key();
static X509 *load_cert();
static int sign ();
static int x509_certify ();
#endif
static int reqfile=0;
int MAIN(int argc, char **argv)
int MAIN(argc, argv)
int argc;
char **argv;
{
int ret=1;
X509_REQ *req=NULL;
@@ -149,9 +156,7 @@ int MAIN(int argc, char **argv)
X509_REQ *rq=NULL;
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
char *extsect = NULL, *extfile = NULL;
EVP_MD *md_alg,*digest=EVP_md5();
reqfile=0;
@@ -213,11 +218,6 @@ int MAIN(int argc, char **argv)
goto bad;
}
}
else if (strcmp(*argv,"-extfile") == 0)
{
if (--argc < 1) goto bad;
extfile= *(++argv);
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
@@ -305,7 +305,6 @@ bad:
}
ERR_load_crypto_strings();
X509V3_add_standard_extensions();
if (!X509_STORE_set_default_paths(ctx))
{
@@ -321,34 +320,6 @@ bad:
goto end;
}
if (extfile) {
long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
if (errorline <= 0)
BIO_printf(bio_err,
"error loading the config file '%s'\n",
extfile);
else
BIO_printf(bio_err,
"error on line %ld of config file '%s'\n"
,errorline,extfile);
goto end;
}
if(!(extsect = CONF_get_string(extconf, "default",
"extensions"))) extsect = "default";
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extsect);
ERR_print_errors(bio_err);
goto end;
}
}
if (reqfile)
{
EVP_PKEY *pkey;
@@ -397,7 +368,6 @@ bad:
goto end;
}
i=X509_REQ_verify(req,pkey);
EVP_PKEY_free(pkey);
if (i < 0)
{
BIO_printf(bio_err,"Signature verification error\n");
@@ -430,9 +400,7 @@ bad:
ci->key=req->req_info->pubkey;
req->req_info->pubkey=NULL;
#else
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x,pkey);
EVP_PKEY_free(pkey);
X509_set_pubkey(x,X509_REQ_get_pubkey(req));
#endif
}
else
@@ -495,6 +463,7 @@ bad:
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
}
else
#ifndef NO_RSA
if (modulus == i)
{
EVP_PKEY *pkey;
@@ -507,21 +476,14 @@ bad:
goto end;
}
BIO_printf(STDout,"Modulus=");
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA)
BN_print(STDout,pkey->pkey.rsa->n);
else
#endif
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
BN_print(STDout,pkey->pkey.dsa->pub_key);
else
#endif
BIO_printf(STDout,"Wrong Algorithm type");
BIO_printf(STDout,"\n");
EVP_PKEY_free(pkey);
}
else
#endif
if (C == i)
{
unsigned char *d;
@@ -583,13 +545,13 @@ bad:
else if (startdate == i)
{
BIO_puts(STDout,"notBefore=");
ASN1_TIME_print(STDout,X509_get_notBefore(x));
ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
BIO_puts(STDout,"\n");
}
else if (enddate == i)
{
BIO_puts(STDout,"notAfter=");
ASN1_TIME_print(STDout,X509_get_notAfter(x));
ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
BIO_puts(STDout,"\n");
}
else if (fingerprint == i)
@@ -626,8 +588,7 @@ bad:
digest=EVP_dss1();
#endif
if (!sign(x,Upkey,days,digest,
extconf, extsect)) goto end;
if (!sign(x,Upkey,days,digest)) goto end;
}
else if (CA_flag == i)
{
@@ -643,8 +604,8 @@ bad:
#endif
if (!x509_certify(ctx,CAfile,digest,x,xca,
CApkey, CAserial,CA_createserial,days,
extconf, extsect))
CApkey,
CAserial,CA_createserial,days))
goto end;
}
else if (x509req == i)
@@ -718,23 +679,28 @@ bad:
ret=0;
end:
OBJ_cleanup();
CONF_free(extconf);
BIO_free(out);
BIO_free(STDout);
X509_STORE_free(ctx);
X509_REQ_free(req);
X509_free(x);
X509_free(xca);
EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey);
X509_REQ_free(rq);
X509V3_EXT_cleanup();
if (out != NULL) BIO_free(out);
if (STDout != NULL) BIO_free(STDout);
if (ctx != NULL) X509_STORE_free(ctx);
if (req != NULL) X509_REQ_free(req);
if (x != NULL) X509_free(x);
if (xca != NULL) X509_free(xca);
if (Upkey != NULL) EVP_PKEY_free(Upkey);
if (CApkey != NULL) EVP_PKEY_free(CApkey);
if (rq != NULL) X509_REQ_free(rq);
EXIT(ret);
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
int days, LHASH *conf, char *section)
static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
X509_STORE *ctx;
char *CAfile;
EVP_MD *digest;
X509 *x;
X509 *xca;
EVP_PKEY *pkey;
char *serialfile;
int create;
int days;
{
int ret=0;
BIO *io=NULL;
@@ -745,9 +711,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509_STORE_CTX xsc;
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
EVP_PKEY_copy_parameters(upkey,pkey);
EVP_PKEY_free(upkey);
EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
@@ -865,15 +829,6 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
/* Force a re-write */
X509_set_pubkey(x,upkey);
}
EVP_PKEY_free(upkey);
if(conf) {
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx2, conf);
if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
ret=1;
@@ -888,7 +843,9 @@ end:
return(ret);
}
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
static int MS_CALLBACK callb(ok, ctx)
int ok;
X509_STORE_CTX *ctx;
{
char buf[256];
int err;
@@ -921,7 +878,9 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
}
}
static EVP_PKEY *load_key(char *file, int format)
static EVP_PKEY *load_key(file, format)
char *file;
int format;
{
BIO *key=NULL;
EVP_PKEY *pkey=NULL;
@@ -974,7 +933,9 @@ end:
return(pkey);
}
static X509 *load_cert(char *file, int format)
static X509 *load_cert(file, format)
char *file;
int format;
{
ASN1_HEADER *ah=NULL;
BUF_MEM *buf=NULL;
@@ -1061,16 +1022,15 @@ end:
}
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest,
LHASH *conf, char *section)
static int sign(x, pkey, days, digest)
X509 *x;
EVP_PKEY *pkey;
int days;
EVP_MD *digest;
{
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_save_parameters(pktmp,1);
EVP_PKEY_free(pktmp);
EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
@@ -1083,13 +1043,6 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest,
goto err;
if (!X509_set_pubkey(x,pkey)) goto err;
if(conf) {
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx, conf);
if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return(1);
err:

4
bugs/stream.c
View File

@@ -57,11 +57,11 @@
*/
#include <stdio.h>
#include <openssl/rc4.h>
#include "rc4.h"
#ifdef NO_DES
#include <des.h>
#else
#include <openssl/des.h>
#include "des.h"
#endif
/* show how stream ciphers are not very good. The mac has no affect

59
certs/ICE-CA.pem
View File

@@ -1,59 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
Validity
Not Before: Apr 2 17:35:53 1997 GMT
Not After : Apr 2 17:35:53 1998 GMT
Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
Subject Public Key Info:
Public Key Algorithm: rsa
RSA Public Key: (512 bit)
Modulus (512 bit):
00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
49:11:a5:c9:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
0.........z.."p......e..
X509v3 Subject Key Identifier:
..~r..:..B.44fu......3
X509v3 Key Usage: critical
....
X509v3 Certificate Policies: critical
0.0...*...
X509v3 Subject Alternative Name:
0!..secude-support@darmstadt.gmd.de
X509v3 Issuer Alternative Name:
0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
X509v3 Basic Constraints: critical
0....
X509v3 CRL Distribution Points:
0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
Signature Algorithm: md5WithRSAEncryption
17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
88:73:cd:60:28:79:a3:fc:48:7a
-----BEGIN CERTIFICATE-----
MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
-----END CERTIFICATE-----

48
certs/ICE-root.pem
View File

@@ -1,48 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
Validity
Not Before: Apr 2 17:33:36 1997 GMT
Not After : Apr 2 17:33:36 1998 GMT
Subject: O=European ICE-TEL project, OU=V3-Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsa
RSA Public Key: (512 bit)
Modulus (512 bit):
00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
e7:c7:9f:41:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
........z.."p......e..
X509v3 Key Usage: critical
....
X509v3 Subject Alternative Name:
0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
X509v3 Basic Constraints: critical
0....
Signature Algorithm: md5WithRSAEncryption
76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
7e:22:9f:25:06:60:bd:79:30:3d
-----BEGIN CERTIFICATE-----
MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
fiKfJQZgvXkwPQ==
-----END CERTIFICATE-----

63
certs/ICE-user.pem
View File

@@ -1,63 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
Validity
Not Before: Apr 2 17:35:59 1997 GMT
Not After : Apr 2 17:35:59 1998 GMT
Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
Subject Public Key Info:
Public Key Algorithm: rsa
RSA Public Key: (512 bit)
Modulus (512 bit):
00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
be:3e:a4:61:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
0...~r..:..B.44fu......3
X509v3 Subject Key Identifier:
...... .*...1.*.......
X509v3 Key Usage: critical
....
X509v3 Certificate Policies: critical
0.0...*...0.......
X509v3 Subject Alternative Name:
0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
X509v3 Issuer Alternative Name:
0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
X509v3 Basic Constraints: critical
0.
X509v3 CRL Distribution Points:
0.0.......gmdca@gmd.de
Signature Algorithm: md5WithRSAEncryption
69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
9a:f7:6f:63:9b:94:99:83:d6:a4
-----BEGIN CERTIFICATE-----
MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
-----END CERTIFICATE-----

9
certs/ICE.crl
View File

@@ -1,9 +0,0 @@
-----BEGIN X509 CRL-----
MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
-----END X509 CRL-----

150
config
View File

@@ -1,11 +1,17 @@
#!/bin/sh
#
# OpenSSL config: determine the operating system and run ./Configure
# config - this is a merge of minarch and GuessOS from the Apache Group
# which then automatically runs Configure from SSLeay after
# mapping the Apache names for OSs into SSLeay names
#
# "config -h" for usage information.
# 29-May-97 eay Added no-asm option
# 27-May-97 eay Alpha linux mods
# ??-May-97 eay IRIX mods
# 16-Sep-97 tjh first cut of merged version
#
# Tim Hudson
# tjh@cryptsoft.com
#
# this is a merge of minarch and GuessOS from the Apache Group.
# Originally written by Tim Hudson <tjh@cryptsoft.com>.
# Original Apache Group comments on GuessOS
@@ -82,11 +88,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
HP-UX:*)
HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "$HPUXVER" in
11.*)
echo "${MACHINE}-hp-hpux11"; exit 0
;;
10.*)
echo "${MACHINE}-hp-hpux10"; exit 0
echo "${MACHINE}-hp-hpux10."; exit 0
;;
*)
echo "${MACHINE}-hp-hpux"; exit 0
@@ -122,27 +125,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-whatever-bsdi"; exit 0
;;
FreeBSD:3*:*:*)
echo "${MACHINE}-whatever-freebsd3"; exit 0
;;
FreeBSD:*:*:*386*)
case `sysctl -n hw.model` in
Pentium*)
echo "i586-whatever-freebsd"; exit 0
;;
*)
echo "i386-whatever-freebsd"; exit 0
;;
esac;
FreeBSD:*:*:*486*)
echo "i486-whatever-freebsd"; exit 0
;;
FreeBSD:*)
echo "${MACHINE}-whatever-freebsd"; exit 0
;;
NetBSD:*:*:*386*)
echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
NetBSD:*:*:*486*)
echo "i486-whatever-netbsd"; exit 0
;;
NetBSD:*)
@@ -201,8 +193,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-unknown-ultrix"; exit 0
;;
SINIX*|ReliantUNIX*)
echo "${MACHINE}-siemens-sysv4"; exit 0
SINIX*)
echo "${MACHINE}-sni-sysv4"; exit 0
;;
machten:*)
@@ -243,7 +235,7 @@ esac
# At this point we gone through all the one's
# we know of: Punt
echo "${MACHINE}-whatever-${SYSTEM}"
echo "${MACHINE}-whatever-${SYSTEM}|${RELEASE}|${VERSION}"
exit 0
) 2>/dev/null | (
@@ -253,6 +245,7 @@ exit 0
PREFIX=""
SUFFIX=""
VERBOSE="false"
TEST="false"
# pick up any command line args to config
@@ -260,16 +253,25 @@ for i
do
case "$i" in
-d*) PREFIX="debug-";;
-v*) VERBOSE="true";;
-t*) TEST="true";;
-h*) TEST="true"; cat <<EOF
Usage: config [options]
-h*) cat <<EOF
usage: config [options]
-d Add a debug- prefix to machine choice.
-v Verbose mode.
-t Test mode, do not run the Configure perl script.
-h This help.
Any other text will be passed to the Configure perl script.
See INSTALL for instructions.
Any other text will be passed to ther Configure perl script.
Usefull options include
no-asm Build with no assember code.
-Dxxx Add xxx define to compilation.
-Lxxx Add xxx library include path to build.
-lxxx Add xxx library to build.
eg, to build using RSAref, without assember, building to allow anon-DH
ciphers and null encryption ciphers,
config no-asm -DRSAref -DSSL_ALLOW_ADH -DSSL_ALLOW_ENULL -lrsaref
EOF
;;
*) options=$options" $i" ;;
@@ -278,41 +280,30 @@ done
# figure out if gcc is available and if so we use it otherwise
# we fallback to whatever cc does on the system
GCCVER=`(gcc -v) 2>&1`
GCCVER=`gcc -v 2>&1`
if [ $? = "0" ]; then
CC=gcc
else
CC=cc
if [ "$SYSTEM" = "SunOS" ]
then
case `cc -V 2>&1` in
*4*) CC=cc;;
*5*) CC=cc;;
*) CC=sc3;;
esac
fi
fi
# read the output of the embedded GuessOS
read GUESSOS
echo Operating system: $GUESSOS
if [ "$VERBOSE" = "true" ]; then
echo GUESSOS $GUESSOS
fi
# now map the output into SSLeay terms ... really should hack into the
# script above so we end up with values in vars but that would take
# more time that I want to waste at the moment
case "$GUESSOS" in
alpha-*-linux2) OUT="alpha-gcc" ;;
ppc-*-linux2) OUT="linux-ppc" ;;
mips-*-linux?) OUT="linux-mips" ;;
*-*-linux2) OUT="linux-elf" ;;
*-*-linux1) OUT="linux-aout" ;;
sun4u-sun-solaris2) OUT="solaris-usparc-$CC" ;;
*-*-linux) OUT="linux-aout" ;;
sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
*86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
*-*-sunos4) OUT="sunos-$CC" ;;
alpha*-*-freebsd3) OUT="FreeBSD-alpha" ;;
*-freebsd3) OUT="FreeBSD-elf" ;;
*-freebsd) OUT="FreeBSD" ;;
*86*-*-netbsd) OUT="NetBSD-x86" ;;
sun3*-*-netbsd) OUT="NetBSD-m68" ;;
@@ -323,81 +314,38 @@ case "$GUESSOS" in
*-*-openbsd) OUT="OpenBSD" ;;
*-*-osf) OUT="alpha-cc" ;;
*-*-unixware*) OUT="unixware-2.0" ;;
RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
*-siemens-sysv4) OUT="SINIX" ;;
*-sni-sysv4) OUT="SINIX" ;;
*-hpux*) OUT="hpux-$CC" ;;
# these are all covered by the catchall below
# *-hpux*) OUT="hpux-$CC" ;;
# *-aix) OUT="aix-$CC" ;;
# *-dgux) OUT="dgux" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-usparc-gcc ]
then
GCCVERMAJOR="`echo $GCCVER | sed 's/.*version \([^.]*\).*/\1/`"
GCCVERMINOR="`echo $GCCVER | sed 's/.*version[^.]*\.\([^.]*\).*/\1/`"
echo "gcc version $GCCVERMAJOR.$GCCVERMINOR.x"
if [ $GCCVERMAJOR$GCCVERMINOR -lt 28 ]
then
OUT=solaris-usparc-oldgcc
fi
fi
case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
if [ -z "$OUT" ]; then
OUT="$CC"
fi
if [ ".$PERL" = . ] ; then
for i in . `echo $PATH | sed 's/:/ /g'`; do
if [ -f "$i/perl5" ] ; then
PERL="$i/perl5"
break;
fi;
done
fi
if [ ".$PERL" = . ] ; then
for i in . `echo $PATH | sed 's/:/ /g'`; do
if [ -f "$i/perl" ] ; then
if "$i/perl" -e 'exit($]<5.0)'; then
PERL="$i/perl"
break;
fi;
fi;
done
fi
if [ ".$PERL" = . ] ; then
echo "You need Perl 5."
exit 1
fi
# run Configure to check to see if we need to specify the
# compiler for the platform ... in which case we add it on
# the end ... otherwise we leave it off
$PERL ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
perl ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
if [ $? = "0" ]; then
OUT="$OUT-$CC"
fi
OUT="$PREFIX$OUT"
$PERL ./Configure 2>&1 | grep "$OUT" > /dev/null
if [ $? = "0" ]; then
echo Configuring for $OUT
# at this point we have the answer ... which we could check again
# and then fallback to a vanilla SSLeay build but then this script
# wouldn't get updated
echo Configuring for $OUT
if [ "$TEST" = "true" ]; then
echo $PERL ./Configure $OUT $options
else
$PERL ./Configure $OUT $options
fi
if [ "$TEST" = "true" ]; then
echo ./Configure $OUT $options
else
echo "This system ($OUT) is not supported. See file INSTALL for details."
perl ./Configure $OUT $options
fi
)

4
crypto/.cvsignore
View File

@@ -1,4 +0,0 @@
lib
date.h
opensslconf.h
Makefile.save

127
crypto/Makefile.ssl
View File

@@ -8,20 +8,24 @@ CC= cc
INCLUDE= -I. -I../include
INCLUDES= -I.. -I../../include
CFLAG= -g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP= /usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEDEPEND= makedepend -f Makefile.ssl
MAKEFILE= Makefile.ssl
RM= rm -f
RM= /bin/rm -f
AR= ar r
MAKE= make -f Makefile.ssl
MAKEDEPEND= makedepend -f Makefile.ssl
MAKEFILE= Makefile.ssl
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\""
CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" " -DPLATFORM=" \"$(PLATFORM)\" "
ERR=crypto
ERRC=cpt_err
LIBS=
@@ -29,17 +33,18 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
evp pem x509 \
asn1 conf txt_db pkcs7 comp
GENERAL=Makefile README crypto-lib.com install.com
GENERAL=Makefile README
LIB= $(TOP)/libcrypto.a
LIBSRC= cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
LIBSRC= cryptlib.c mem.c cversion.c ex_data.c tmdiff.c $(ERRC).c
LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o $(ERRC).o
SRC= $(LIBSRC)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h
EXHEADER= crypto.h cryptall.h tmdiff.h
HEADER= cryptlib.h date.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -49,124 +54,108 @@ top:
all: date.h lib subdirs
date.h: ../Makefile.ssl
echo "#define DATE \"`date`\"" >date.h
date.h: ../Makefile.ssl ../VERSION
echo "#define DATE \"`date`\"" >date.h
subdirs:
@for i in $(SDIRS) ;\
do \
(cd $$i && echo "making all in crypto/$$i..." && \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
(cd $$i; echo "making all in $$i..."; \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
done;
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making 'files' in crypto/$$i..."; \
$(MAKE) PERL='${PERL}' files ); \
(cd $$i; echo "making 'files' in $$i..."; \
$(MAKE) files ); \
done;
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
@$(TOP)/util/point.sh Makefile.ssl Makefile
@for i in $(SDIRS); do \
(cd $$i; echo "making links in crypto/$$i..."; \
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
/bin/rm -f Makefile
$(TOP)/util/point.sh Makefile.ssl Makefile ;
$(TOP)/util/mklink.sh ../include $(HEADER) ;
$(TOP)/util/mklink.sh ../test $(TEST) ;
$(TOP)/util/mklink.sh ../apps $(APPS) ;
$(TOP)/util/point.sh Makefile.ssl Makefile;
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making links in $$i..."; \
$(MAKE) links ); \
done;
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
sh $(TOP)/util/ranlib.sh $(LIB)
@touch lib
libs:
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making libs in crypto/$$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
(cd $$i; echo "making libs in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
done;
tests:
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making tests in crypto/$$i..."; \
(cd $$i; echo "making tests in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
done;
install:
@for i in $(EXHEADER) ;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
(cp $$i $(INSTALLTOP)/include/$$i; \
chmod 644 $(INSTALLTOP)/include/$$i ); \
done;
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making install in crypto/$$i..."; \
(cd $$i; echo "making install in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
done;
lint:
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making lint in crypto/$$i..."; \
(cd $$i; echo "making lint in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
done;
depend:
$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
$(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making depend in crypto/$$i..."; \
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
(cd $$i; echo "making depend in $$i..."; \
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
done;
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making clean in crypto/$$i..."; \
(cd $$i; echo "making clean in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
done;
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making dclean in crypto/$$i..."; \
$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
(cd $$i; echo "making dclean in $$i..."; \
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
done;
errors:
perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
perl err/err_genc.pl -s $(ERR).h $(ERRC).c
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making errors in $$i..."; \
$(MAKE) errors ); \
done;
# DO NOT DELETE THIS LINE -- make depend depends on it.
cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/stack.h
cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cryptlib.o: ../include/openssl/stack.h cryptlib.h date.h
cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cversion.o: ../include/openssl/stack.h cryptlib.h date.h
ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
ex_data.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
tmdiff.o: ../include/openssl/stack.h ../include/openssl/tmdiff.h cryptlib.h

2
crypto/asn1/.cvsignore
View File

@@ -1,2 +0,0 @@
lib
Makefile.save

Some files were not shown because too many files have changed in this diff Show More