generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:OpenSSL_0_9_6h
Branches Tags
generic-library:main generic-library:OpenSSL_1_0_1-stable generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b
..
compare: generic-library:OpenSSL-engine-0_9_6
Branches Tags
generic-library:OpenSSL_1_0_1-stable generic-library:main generic-library:OpenSSL_1_0_2-stable generic-library:OpenSSL-fips-2_0-stable generic-library:OpenSSL_1_0_0-stable generic-library:OpenSSL_0_9_8-stable generic-library:OpenSSL-fips-2_0-dev generic-library:OpenSSL-fips-1_2-stable generic-library:OpenSSL-fips-0_9_8-stable generic-library:OpenSSL_0_9_7-stable generic-library:OpenSSL_0_9_8fg-stable generic-library:OpenSSL-fips2-0_9_7-stable generic-library:OpenSSL_0_9_6-stable generic-library:OpenSSL-engine-0_9_6-stable generic-library:OpenSSL-fips-0_9_7-stable generic-library:SSLeay
generic-library:OpenSSL_1_1_0-pre5 generic-library:OpenSSL_1_1_0-pre4 generic-library:OpenSSL_1_0_1s generic-library:OpenSSL_1_0_2g generic-library:OpenSSL_1_1_0-pre3 generic-library:OpenSSL-fips-2_0_12 generic-library:OpenSSL-fips-2_0_11 generic-library:OpenSSL-fips-2_0_10 generic-library:OpenSSL_1_0_1r generic-library:OpenSSL_1_0_2f generic-library:OpenSSL_1_1_0-pre2 generic-library:OpenSSL_1_1_0-pre1 generic-library:OpenSSL_0_9_8zh generic-library:OpenSSL_1_0_0t generic-library:OpenSSL_1_0_1q generic-library:OpenSSL_1_0_2e generic-library:OpenSSL_1_0_1p generic-library:OpenSSL_1_0_2d generic-library:OpenSSL_1_0_1o generic-library:OpenSSL_1_0_2c generic-library:OpenSSL_0_9_8zg generic-library:OpenSSL_1_0_0s generic-library:OpenSSL_1_0_1n generic-library:OpenSSL_1_0_2b generic-library:OpenSSL-fips-2_0_9 generic-library:OpenSSL_0_9_8zf generic-library:OpenSSL_1_0_0r generic-library:OpenSSL_1_0_1m generic-library:OpenSSL_1_0_2a generic-library:OpenSSL_0_9_8-pre-reformat generic-library:OpenSSL_0_9_8-pre-auto-reformat generic-library:OpenSSL_0_9_8-post-auto-reformat generic-library:OpenSSL_0_9_8-post-reformat generic-library:OpenSSL_1_0_0-pre-reformat generic-library:OpenSSL_1_0_0-pre-auto-reformat generic-library:OpenSSL_1_0_0-post-auto-reformat generic-library:OpenSSL_1_0_0-post-reformat generic-library:OpenSSL_1_0_1-pre-reformat generic-library:OpenSSL_1_0_1-pre-auto-reformat generic-library:OpenSSL_1_0_1-post-auto-reformat generic-library:OpenSSL_1_0_1-post-reformat generic-library:OpenSSL_1_0_2-pre-reformat generic-library:OpenSSL_1_0_2-pre-auto-reformat generic-library:OpenSSL_1_0_2-post-auto-reformat generic-library:OpenSSL_1_0_2-post-reformat generic-library:master-pre-reformat generic-library:master-pre-auto-reformat generic-library:master-post-auto-reformat generic-library:master-post-reformat generic-library:OpenSSL_1_0_2 generic-library:OpenSSL_0_9_8ze generic-library:OpenSSL_1_0_0q generic-library:OpenSSL_1_0_1l generic-library:OpenSSL_0_9_8zd generic-library:OpenSSL_1_0_0p generic-library:OpenSSL_1_0_1k generic-library:OpenSSL-fips-2_0_8 generic-library:OpenSSL_1_0_1j generic-library:OpenSSL_1_0_0o generic-library:OpenSSL_0_9_8zc generic-library:OpenSSL_1_0_2-beta3 generic-library:OpenSSL_0_9_8zb generic-library:OpenSSL_1_0_0n generic-library:OpenSSL_1_0_1i generic-library:OpenSSL_1_0_2-beta2 generic-library:OpenSSL-fips-2_0_7 generic-library:OpenSSL_1_0_1h generic-library:OpenSSL_1_0_0m generic-library:OpenSSL_0_9_8za generic-library:OpenSSL-fips-2_0_6 generic-library:OpenSSL_1_0_1g generic-library:OpenSSL_1_0_2-beta1 generic-library:OpenSSL_1_0_0l generic-library:OpenSSL_1_0_1f generic-library:OpenSSL-fips-2_0_4 generic-library:OpenSSL-fips-2_0_5 generic-library:OpenSSL-fips-2_0_3 generic-library:OpenSSL-fips-2_0_2 generic-library:OpenSSL_1_0_1e generic-library:OpenSSL_1_0_0k generic-library:OpenSSL_1_0_1d generic-library:OpenSSL_0_9_8y generic-library:OpenSSL-fips-2_0-pl1 generic-library:OpenSSL-fips-2_0_1 generic-library:OpenSSL_1_0_1c generic-library:OpenSSL_1_0_0j generic-library:OpenSSL_0_9_8x generic-library:OpenSSL_1_0_1b generic-library:OpenSSL_0_9_8w generic-library:OpenSSL_1_0_1a generic-library:OpenSSL_0_9_8v generic-library:OpenSSL_1_0_0i generic-library:OpenSSL_1_0_1 generic-library:OpenSSL_1_0_0h generic-library:OpenSSL_0_9_8u generic-library:OpenSSL_1_0_1-beta3 generic-library:OpenSSL_1_0_1-beta2 generic-library:OpenSSL-fips-2_0-rc9 generic-library:OpenSSL-fips-2_0 generic-library:OpenSSL_1_0_0g generic-library:OpenSSL_0_9_8t generic-library:OpenSSL_0_9_8s generic-library:OpenSSL_1_0_0f generic-library:OpenSSL-fips-2_0-rc8 generic-library:OpenSSL_1_0_1-beta1 generic-library:OpenSSL-fips-2_0-rc7 generic-library:OpenSSL-fips-2_0-rc6 generic-library:OpenSSL-fips-2_0-rc5 generic-library:OpenSSL-fips-2_0-rc4 generic-library:OpenSSL-fips-2_0-rc3 generic-library:OpenSSL-fips-2_0-rc2 generic-library:OpenSSL-fips-2_0-rc1 generic-library:OpenSSL-fips-1_2_3 generic-library:OpenSSL-fips-1_2_2 generic-library:OpenSSL-fips-1_2_1 generic-library:OpenSSL_1_0_0e generic-library:OpenSSL_1_0_0d generic-library:OpenSSL_0_9_8r generic-library:OpenSSL_0_9_8q generic-library:OpenSSL_1_0_0c generic-library:OpenSSL_0_9_8p generic-library:OpenSSL_1_0_0b generic-library:OpenSSL_0_9_8o generic-library:OpenSSL_1_0_0a generic-library:OpenSSL_1_0_0 generic-library:OpenSSL_0_9_8n generic-library:OpenSSL_0_9_8m generic-library:OpenSSL_0_9_8m-beta1 generic-library:OpenSSL_1_0_0-beta5 generic-library:OpenSSL_1_0_0-beta4 generic-library:OpenSSL_0_9_8l generic-library:OpenSSL_1_0_0-beta3 generic-library:OpenSSL_1_0_0-beta2 generic-library:OpenSSL_1_0_0-beta1 generic-library:OpenSSL_0_9_8k generic-library:OpenSSL_0_9_8j generic-library:OpenSSL_0_9_8i generic-library:OpenSSL_0_9_8h generic-library:OpenSSL_0_9_8g generic-library:OpenSSL_0_9_8f generic-library:OpenSSL-fips-1_2_0 generic-library:FIPS_098_TEST_8 generic-library:FIPS_098_TEST_7 generic-library:FIPS_098_TEST_6 generic-library:FIPS_098_TEST_5 generic-library:FIPS_098_TEST_4 generic-library:FIPS_098_TEST_3 generic-library:FIPS_098_TEST_2 generic-library:FIPS_098_TEST_1 generic-library:OpenSSL_0_9_7m generic-library:OpenSSL_0_9_8e generic-library:OpenSSL_0_9_7l generic-library:OpenSSL_0_9_8d generic-library:OpenSSL_0_9_8c generic-library:OpenSSL_0_9_7k generic-library:OpenSSL_0_9_7j generic-library:OpenSSL_0_9_8b generic-library:OpenSSL_FIPS_1_0 generic-library:OpenSSL_0_9_7i generic-library:OpenSSL_0_9_8a generic-library:OpenSSL_0_9_7h generic-library:OpenSSL_0_9_8 generic-library:FIPS_TEST_10 generic-library:OpenSSL_0_9_8-beta6 generic-library:OpenSSL_0_9_8-beta5 generic-library:FIPS_TEST_9 generic-library:OpenSSL_0_9_8-beta4 generic-library:OpenSSL_0_9_8-beta3 generic-library:BEN_FIPS_TEST_8 generic-library:OpenSSL_0_9_8-beta2 generic-library:OpenSSL_0_9_8-beta1 generic-library:OpenSSL_0_9_7g generic-library:OpenSSL_0_9_7f generic-library:BEN_FIPS_TEST_7 generic-library:BEN_FIPS_TEST_6 generic-library:OpenSSL_0_9_7e generic-library:OpenSSL_0_9_7d generic-library:OpenSSL-engine-0_9_6m generic-library:OpenSSL_0_9_6m generic-library:LEVITTE_after_const generic-library:LEVITTE_before_const generic-library:BEN_FIPS_TEST_5 generic-library:BEN_FIPS_TEST_4 generic-library:OpenSSL-engine-0_9_6l generic-library:OpenSSL_0_9_6l generic-library:BEN_FIPS_TEST_3 generic-library:BEN_FIPS_TEST_2 generic-library:BEN_FIPS_TEST_1 generic-library:OpenSSL-engine-0_9_6k generic-library:OpenSSL_0_9_6k generic-library:OpenSSL_0_9_7c generic-library:OpenSSL-engine-0_9_6j generic-library:OpenSSL_0_9_7b generic-library:OpenSSL_0_9_6j generic-library:OpenSSL-engine-0_9_6i generic-library:OpenSSL_0_9_6i generic-library:OpenSSL_0_9_7a generic-library:OpenSSL_0_9_7 generic-library:OpenSSL_0_9_7-beta6 generic-library:STATE_after_zlib generic-library:STATE_before_zlib generic-library:OpenSSL_0_9_7-beta5 generic-library:OpenSSL-engine-0_9_6h generic-library:OpenSSL_0_9_6h generic-library:OpenSSL_0_9_7-beta4 generic-library:OpenSSL-engine-0_9_6g generic-library:OpenSSL_0_9_6g generic-library:OpenSSL-engine-0_9_6f generic-library:OpenSSL_0_9_6f generic-library:OpenSSL_0_9_7-beta3 generic-library:OpenSSL-engine-0_9_6e generic-library:OpenSSL_0_9_6e generic-library:OpenSSL_0_9_7-beta2 generic-library:OpenSSL_0_9_7-beta1 generic-library:AFTER_COMPAQ_PATCH generic-library:BEFORE_COMPAQ_PATCH generic-library:OpenSSL-engine-0_9_6d generic-library:OpenSSL_0_9_6d generic-library:OpenSSL-engine-0_9_6d-beta1 generic-library:OpenSSL_0_9_6d-beta1 generic-library:OpenSSL-engine-0_9_6c generic-library:OpenSSL_0_9_6c generic-library:OpenSSL-engine-0_9_6b generic-library:OpenSSL_0_9_6b generic-library:OpenSSL_0_9_6a generic-library:OpenSSL-engine-0_9_6a generic-library:OpenSSL-engine-0_9_6a-beta3 generic-library:OpenSSL_0_9_6a-beta3 generic-library:OpenSSL-engine-0_9_6a-beta2 generic-library:OpenSSL_0_9_6a-beta2 generic-library:OpenSSL-engine-0_9_6a-beta1 generic-library:OpenSSL_0_9_6a-beta1 generic-library:rsaref generic-library:BEFORE_engine generic-library:OpenSSL_0_9_6-beta2 generic-library:OpenSSL_0_9_6-beta1 generic-library:OpenSSL_0_9_6 generic-library:OpenSSL-engine-0_9_6 generic-library:OpenSSL-engine-0_9_6-beta3 generic-library:OpenSSL_0_9_6-beta3 generic-library:OpenSSL-engine-0_9_6-beta2 generic-library:OpenSSL-engine-0_9_6-beta1 generic-library:OpenSSL_0_9_5 generic-library:OpenSSL_0_9_5a generic-library:OpenSSL_0_9_5a-beta2 generic-library:OpenSSL_0_9_5a-beta1 generic-library:OpenSSL_0_9_5beta2 generic-library:OpenSSL_0_9_5beta1 generic-library:OpenSSL_0_9_4 generic-library:OpenSSL_0_9_3a generic-library:OpenSSL_0_9_3 generic-library:OpenSSL_0_9_3beta2 generic-library:OpenSSL_0_9_3beta1 generic-library:OpenSSL_0_9_2b generic-library:OpenSSL_0_9_1c generic-library:SSLeay_0_9_1b generic-library:SSLeay_0_9_0b generic-library:SSLeay_0_8_1b

118 Commits
OpenSSL_0_ ... OpenSSL-en

Author SHA1 Message Date
Richard Levitte
47dc5a1321 Merge from main trunk. 2000-09-24 16:04:36 +00:00
Richard Levitte
3476515195 Merge from main trunk. 2000-09-24 09:50:31 +00:00
cvs2svn
e1db7a5e30 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-23 07:16:18 +00:00
Richard Levitte
4839df4061 Merge from main trunk. 2000-09-21 21:00:20 +00:00
Richard Levitte
9cfb6bbd29 Merge from main trunk. 2000-09-21 20:29:00 +00:00
Richard Levitte
27f00db152 Time to build beta 3 [engine]. Bump version numbers accordingly. 2000-09-21 09:27:54 +00:00
Richard Levitte
a9c33b529e Merge from main trunk. No conflicts. 2000-09-21 07:38:47 +00:00
cvs2svn
5deb47f12a This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-21 06:46:16 +00:00
Richard Levitte
775c289db5 Merge of main trunk, all conflicts resolved. 2000-09-20 17:06:25 +00:00
cvs2svn
099f5bfeba This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-20 16:55:27 +00:00
Richard Levitte
103a604932 Merge of main trunk, all conflicts resolved. 2000-09-20 16:40:10 +00:00
cvs2svn
12f49bd79d This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-20 15:52:27 +00:00
Richard Levitte
4b250a3d25 Merge of main trunk, all conflicts resolved. 2000-09-20 15:07:31 +00:00
Richard Levitte
c200ff0446 Merge of main trunk, all conflicts resolved. 2000-09-20 14:44:44 +00:00
cvs2svn
a7ce1f0514 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-20 13:55:51 +00:00
Richard Levitte
4cae3ac371 Merge of main trunk, all conflicts resolved. 2000-09-20 13:45:44 +00:00
cvs2svn
63ccddf717 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-20 03:24:37 +00:00
Richard Levitte
ce6990739e The rest of the merge in of the main trunk, a few conflicts resolved. 2000-09-17 20:37:33 +00:00
Richard Levitte
42cc160301 Merge in the main trunk, a few conflicts resolved. 2000-09-17 20:34:31 +00:00
cvs2svn
0e61cfff53 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-17 20:04:43 +00:00
Richard Levitte
f77600524f Since there are some big symbols, engine.h needs to include 
symhacks.h.
 2000-09-17 18:16:02 +00:00
Richard Levitte
ebcdd0c43e Merge from the main trunk and a 'make update'. 2000-09-17 15:56:27 +00:00
Richard Levitte
8de7587e02 Merge from main trunk. 2000-09-17 00:10:29 +00:00
cvs2svn
90ac586317 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-16 21:21:02 +00:00
Richard Levitte
15c0fb18a2 Make damn sure that it's as hard as possible to actually produce 
shared libraries from this branch...

Of course, we need to watch out whenever a merge is happening :-).
 2000-09-15 22:50:11 +00:00
Richard Levitte
f30839ecaa Merged in the main trunk, did a 'make update', added a couple of 
warnings in appropriate places about building a shared library from
the ENGINE source.
 2000-09-15 22:36:49 +00:00
cvs2svn
eb31944f81 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-15 22:12:54 +00:00
Richard Levitte
0dcf7fd543 Merge of main trunk, conflicts resolved. 2000-09-13 21:20:49 +00:00
cvs2svn
02539402af This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-13 17:27:43 +00:00
Richard Levitte
2be9694116 Merge of main trunk, conflicts resolved. 2000-09-12 08:37:51 +00:00
cvs2svn
b46ba9b1bc This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-12 01:56:57 +00:00
Richard Levitte
8e1ec9fb37 Actually, that was perfectly correct. The fault is in the checking 
elsewhere.
 2000-09-11 22:17:31 +00:00
Richard Levitte
dc005a7367 cswift_dsa_verify() incorrectly return -1 on error. 2000-09-11 22:15:53 +00:00
Richard Levitte
da867a51a0 Time to build the beta of the engine branch. Change version number 
texts accordingly.
 2000-09-11 13:28:35 +00:00
Richard Levitte
25814b9690 Merge of main trunk, no conflicts this time. 
make update
 2000-09-11 13:23:47 +00:00
Richard Levitte
0fc7c5010d Merge of main trunk, no conflicts this time 2000-09-11 10:18:56 +00:00
cvs2svn
166e1f304b This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-11 01:04:10 +00:00
Richard Levitte
ef413a7ee8 Merge of main trunk, no conflicts this time 2000-09-09 18:10:35 +00:00
Richard Levitte
dcd4d341e1 Since C compilers on VMS (perhaps with gcc being the great exception) 
do not quite follow the same rules as on Unix, we need to use the
FLAT_INC tweak to include the vendor-specific header files.
 2000-09-09 07:14:43 +00:00
Richard Levitte
61b337bd22 Synchronise VMS with Unix. 2000-09-09 07:07:54 +00:00
Richard Levitte
06b71aec85 Merge of main trunk, no conflicts this time 2000-09-09 07:03:02 +00:00
cvs2svn
527cc9841c This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-09 01:01:36 +00:00
Geoff Thorpe
6901ba7dc8 Fix a little glitch before I forget about it. (I noticed it while reading 
through the diff from Richard's last commit.)
 2000-09-07 17:09:05 +00:00
Richard Levitte
ab13064406 Integrate engine in most utilities. Now really tested yet. 2000-09-07 16:19:27 +00:00
Richard Levitte
192295a094 Merge main trunk to engine branch, all conflicts resolved. 2000-09-07 10:59:04 +00:00
cvs2svn
7dfded5c26 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-09-07 08:18:06 +00:00
Richard Levitte
28b3b4c6e6 Additional description of the engine code and why it was designed the way it was. 2000-08-01 17:29:22 +00:00
Geoff Thorpe
acab12fbe3 ENGINE_ctrl() had been insisting that the ENGINE supplied was already 
initialised for use, but one of the useful things about ENGINE_ctrl()
is that it can be a useful way to provide settings that should be
used during initialisation. Instead, I've altered the code to insist
that the engine has a valid *structural* reference (rather than a
*functional* one).
 2000-08-01 12:22:14 +00:00
Richard Levitte
1ba5b1b530 Merge from main trunk, conflicts resolved 2000-08-01 12:21:46 +00:00
Geoff Thorpe
d786112124 This commit takes care of a couple of things; 
(a) a couple of typos in the source code

(b) adds a ctrl command and handling code to enable or disable the fork()
    checking that CHIL can do when applications are calling fork() in
    their application and using the library from multiple child processes
    after the one initialisation.

(c) adds another ctrl command to prevent the initialisation of the CHIL
    library from providing mutex-handling callbacks, even if the library
    has suitable callbacks already available. This can simplify (and
    optimise) applications that do not use multi-threading.
 2000-07-31 15:05:30 +00:00
cvs2svn
bdecf23415 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-07-30 01:28:00 +00:00
Geoff Thorpe
03ef63ba69 Try to catch some memory leaks in the error case. 2000-07-26 22:11:13 +00:00
Richard Levitte
cb9c5dc571 Merge from main, all conflicts resolved. 
(I do this far too seldom...)
 2000-07-12 16:34:34 +00:00
Richard Levitte
a6f8bbcad9 Avoid the conflict between () and (void) 2000-07-12 15:14:12 +00:00
cvs2svn
9f10f9beeb This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-07-08 07:56:13 +00:00
Richard Levitte
a46229b43f Add the possibility to use an engine as random byte generator. 2000-07-07 17:13:54 +00:00
Richard Levitte
c7a48d3d00 Cut'n'paste error corrected 2000-07-07 17:08:10 +00:00
Richard Levitte
9188480827 Handle the hwcrhk private key with a bit more consistency. Also, for the 
random numbers generator, always return status 1 since the entropy is
already presumably there...
 2000-07-07 17:04:44 +00:00
Richard Levitte
2b912846b9 Some error checking when loading keys 2000-07-07 17:02:21 +00:00
Richard Levitte
854067e8e4 API change. 2000-07-07 17:00:36 +00:00
Richard Levitte
eb2f937b93 Change the overall RAND routines to actually make use of engines. 
This seems to work, but I'm a little unsure that I got it all right,
and would like this to be reviewed.
 2000-07-07 16:57:16 +00:00
Richard Levitte
64c4f5732d Add the possibility to load prvate and public keys from an engine and 
implement it for nCipher hardware.  The interface in itself should be
clear enough, but the nCipher implementation is currently not the
best when it comes to getting a passphrase from the user.  However,
getting it better is a little hard until a better user interaction
method is create.

Also, use the possibility in req, so we can start to create CSR's with
keys from the nForce box.

WARNING: I've made *no* tests yet, mostly because I didn't implement
this on the machine where I have an nForce box to play with.  All I
know is that it compiles cleanly on Linux...
 2000-07-06 18:40:10 +00:00
Richard Levitte
f3052a9eee Don't initialise the pointers to mutex functions directly in the structure. 
This is correctly taken care of by hwcrhk_init().  While we're at it, give
this engine the official name of the library used (CHIL, for Cryptographic
Hardware Interface Library).
 2000-07-05 16:00:18 +00:00
Richard Levitte
e1e9ead6fb Merge in the latest changes from the main trunk, and extra in apps/speed.c 2000-06-30 17:52:33 +00:00
Richard Levitte
5ac85984ec Check for missing engine name, and also, do not count up the number of given algorithms when an engine is given 2000-06-30 15:58:37 +00:00
Richard Levitte
e11b297730 p_CSwift_AttachKeyParam actually returns more than one kind of error. Detect the input size error, treat any that are not specially checked as 'request failed', not as 'provide parameters', and for those, add the actual status code to the error message 2000-06-30 15:54:48 +00:00
Richard Levitte
48555cf0fc Cryptoswitch actually has a few more statuses than SW_OK. Let's provide the possibility for a better granularity in error checking 2000-06-30 15:52:07 +00:00
Richard Levitte
ae02fc5348 Make it possible to turn off compilation of hardware support through 
the configuration parameter 'no-hw'.
 2000-06-30 11:02:02 +00:00
Richard Levitte
93e147dd32 `make update' 2000-06-29 21:26:46 +00:00
Richard Levitte
3257904c56 It makes much more sense and is much more consistent with the rest of 
OpenSSL to have to opt out hardware support instead of having to opt
it in.  And since the hardware support modules are self-contained and
actually check that the vendor stuff is loadable, it still works as
expected, or at least, so I think...
 2000-06-29 21:20:14 +00:00
Richard Levitte
2a7619d762 Give the programmer of extra engines the possibility to actually make 
it functional :-).
 2000-06-29 16:33:59 +00:00
Richard Levitte
70d03c4f59 Make the use of logstream thread-safe. 2000-06-29 16:32:34 +00:00
Richard Levitte
5971d37400 Use the new control to add a log stream. 2000-06-29 16:17:28 +00:00
Richard Levitte
d813a428a7 When closing the hwcrhk engine, also remove the reference to the 
logstream.
 2000-06-29 16:16:50 +00:00
Richard Levitte
3b2972d8d9 Add the possibility to control some engine internals. 2000-06-29 14:26:07 +00:00
Richard Levitte
2165d91196 Rename 'hwcrhk' to 'ncipher' in all public symbols. Redo the logging function so it takes a BIO. Make module-local functions static 2000-06-29 13:00:07 +00:00
Richard Levitte
fc99c92835 The error ENGINE_R_HWCRYPTOHOOK_REPORTS should never have been used 2000-06-29 12:58:52 +00:00
Richard Levitte
1dde74f229 Rename 'hwcrhk' to 'ncipher' in all public symbols 2000-06-26 23:15:16 +00:00
Geoff Thorpe
665b5ab5a7 Strange how one line can make a world of difference, particularly when 
the one line turns an error return value into a success return value.
:-) "openssl speed -engine hwcrhk rsa1024" now passes through ok.
 2000-06-26 15:58:33 +00:00
Geoff Thorpe
13232559fc Get rid of those annoying "?"s from cvs update :-) 2000-06-26 13:36:04 +00:00
Richard Levitte
1b2f8b6e2a Things merged from the main trunk, among others some well needed Win32 
fixes.
 2000-06-23 22:24:53 +00:00
Geoff Thorpe
ccd98b43ed 'make update' in the engine branch. 2000-06-20 14:12:35 +00:00
Geoff Thorpe
d32e8acf08 Now that the branch has been updated with the DSO changes in the head, 
correct the DSO-dependant code in the engine code.
 2000-06-20 13:59:48 +00:00
Richard Levitte
d8c4d0e819 Merge of stuff from main trunk, all conflicts resolved, and addition 
of dynamic lock support in the nCipher code.
 2000-06-19 17:35:39 +00:00
Richard Levitte
b215f70a0e Merge of stuff from main trunk, all conflicts resolved, and addition 
of dynamic lock support in the nCipher code.
 2000-06-19 17:28:22 +00:00
Richard Levitte
7ed20a2158 Merge of stuff from main trunk, all conflicts resolved. 2000-06-19 14:44:57 +00:00
Geoff Thorpe
6c62150674 The README for the engine code was quite out of date. Hopefully it is 
now less so.
 2000-06-15 17:50:08 +00:00
Geoff Thorpe
aa23a57918 (1) In the atalla initialisation, use the test from Ben's earlier 
Atalla code to see if the accelerator is running.
(2) Turn some spaces into tabs.
 2000-06-15 17:32:42 +00:00
Geoff Thorpe
8e2c277353 Ah, ok so my problem had been typographical rather than philosophical. 
It's cute to observe that Atalla having no RSA-specific form of mod_exp
causes a DSA server to achieve about 6 times as many signatures per
second than an RSA server. :-)
 2000-06-15 17:14:45 +00:00
Geoff Thorpe
f18ef82a9f Little typo. 2000-06-14 17:54:28 +00:00
Geoff Thorpe
cc015c48db This adds Atalla support code to the ENGINE framework. If you have an 
Atalla card, you should be able to compile with the "hw-atalla" switch
with "./config" or "perl Configure", and then you can use the command-
line switch "-engine atalla" inside speed, s_cient and s_server (after
checking out note (1)).

Notes:
  (1) I've turned on native name translation when loading the shared-
      library, but this means that the Unix shared library needs to be
      libatasi.so rather than atasi.so. I got around this in my testing
      by creating a symbollic link from /usr/lib/libatasi.so to the real
      library, but something better will be needed. It also assumes in
      win32 that the DLL will be called atasi.dll - but as I don't have
      a win32/atalla environment to try I have no idea yet if this is
      the case.
  (2) Currently DSA verifies are not accelerated because I haven't yet
      got a mod_exp-based variant of BN_mod_exp2_mont() that yields
      correct results.
  (3) Currently the "init()" doesn't fail if the shared library can
      load successfully but the card is not operational. In this case,
      the ENGINE_init() call will succeed, but all RSA, DSA, DH, and
      the two BN_*** operations will fail until the ENGINE is switched
      back to something that does work. I expect to correct this next.
  (4) Although the API for the Atalla card just has the one crypto
      function suggesting an RSA private key operation - this is in
      fact just a straight mod_exp function that ignores all the RSA
      key parameters except the (private) exponent and modulus. This is
      why the only accelerator work is taking place inside the mod_exp
      function and there's no optimisation of RSA private key operations
      based on CRT etc.
 2000-06-14 17:04:10 +00:00
Richard Levitte
9a4051050c Geoff inspired me to nullify some pointers if initialisation went 
wrong.  Additionally, just give a new value to hndidx once.
 2000-06-14 16:57:57 +00:00
Geoff Thorpe
4c4ea428cc DSO_bind() is effectively a method-specific wrapper for dlopen() or 
whatever the underlying API is. It must return (void *) because shared
libraries can expose functions, structures, or whatever. However, some
compilers give loads of warnings about casted function pointers through
this code, so I am explicitly casting them to the right prototypes.
 2000-06-14 14:28:16 +00:00
Geoff Thorpe
28e94dc70d I'm working on Atalla ENGINE code, and the existing bn_exp.c hooks 
(initiated by ./config and the presence of SDK headers) are conflicting.
 2000-06-14 13:27:47 +00:00
Geoff Thorpe
f812743544 If initialisation fails for any reason, the global function pointers 
should be NULL'd out.
 2000-06-14 13:24:37 +00:00
Geoff Thorpe
87f3435f78 This hooks the "hwcrhk" engine Richard just submitted into the default 
engine list if HW_NCIPHER is defined. I want to play :-)
 2000-06-13 18:11:38 +00:00
Richard Levitte
86787f93d6 - merged in the latest from the main trunk, fixed all conflicts 
- implemented nCipher support via the nfhwcrhk library (not well tested).
- make update + make depend
 2000-06-13 16:21:06 +00:00
Geoff Thorpe
05d909c549 * Migrate the engine code's Malloc + Free calls to the newer 
OPENSSL_malloc and OPENSSL_free.

* 3 "normal" files (crypto/rsa/rsa_lib.c, crypto/dsa/dsa_lib.c
  and crypto/dh/dh_lib.c) had their Malloc's and Free's missed
  when Richard merged the changes across to this branch -
  probably because those files have been changed in this branch
  and gave some grief to the merge - so I've changed them
  manually here.
 2000-06-09 11:42:02 +00:00
Richard Levitte
d44c7dcf00 Merge in code from main trunk to BRANCH_engine. 2000-06-08 11:00:37 +00:00
cvs2svn
5decfb7002 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-06-01 22:19:22 +00:00
Geoff Thorpe
50008364a6 Update the relevant parts of the docs with the ENGINE changes. I've also 
unbolded a few bits that looked unecessary.
 2000-05-30 13:52:45 +00:00
Richard Levitte
6a1129837a Main trunk changes merged into BRANCH_engine. There were no 
conflicts, which is a good thing.  Propper tagging of merge point
done.
 2000-05-30 07:16:56 +00:00
cvs2svn
20ca3d49e7 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-05-30 02:21:16 +00:00
Geoff Thorpe
f156d5495d "handle", "h" and even "e" were probably not the best terms to use. The 
original idea of "handle" was that it represented a functional reference
to an ENGINE (rather than just a pointer), but on reflection I think
this now looks a little more readable.
 2000-05-29 16:24:42 +00:00
Geoff Thorpe
96d7e0ece7 This adds DSA signature verification to the CryptoSwift support. 2000-05-29 13:01:34 +00:00
Geoff Thorpe
974e22704d "make update" 2000-05-29 11:21:29 +00:00
Geoff Thorpe
835475a2d6 Tie DSA into the engine framework as with RSA and DH so far. I've verified 
this integration with a web-server using CryptoSwift engine code with RSA
and DSA certificates (and with EDH cipher suites).
 2000-05-29 11:07:38 +00:00
Geoff Thorpe
a26f2b5e62 General tidy up of existing code, and add first half of DSA support for 
CryptoSwift (this currently only does signing, verification will be
hooked in shortly).
 2000-05-29 10:59:46 +00:00
Geoff Thorpe
67e08eb185 The engine code has changed the "[get|set]_default_method" functions 
a bit, so bring libeay.num up to date.
 2000-05-29 04:55:26 +00:00
Geoff Thorpe
0b4cb28f39 Update dependencies courtesy of "make update". Changes to libeay.num 
coming up soon after some more tinkering.

Submitted by:
Reviewed by:
PR:
 2000-05-29 00:54:36 +00:00
Geoff Thorpe
9c5ed502ee This hooks the DH code into the engine framework in the same way that has 
already been done for RSA. The others (DSA + RAND) will probably follow
in the near future too, but DH is easiest to test with RSA because one
can just force the use of the EDH cipher-suites.
 2000-05-29 00:46:47 +00:00
Geoff Thorpe
6111f7408b Provide command line options to s_client and s_server to select an 
"engine" to use.
 2000-05-28 23:00:20 +00:00
Geoff Thorpe
b6577e040e The switch to having an (ENGINE *) handle inside each RSA structure rather 
than (RSA_METHOD *) required a couple of functions to change shape. I
didn't really pick the best shape to change RSA_set_method into though. :-)

There's nothing really appropriate to return from RSA_set_method; the
temptation to return an "old handle" fails when you consider that the
caller might ignore the return value and so botch up the reference
counting, this wasn't an issue before because there was no reference
counting.
 2000-05-28 22:54:51 +00:00
Geoff Thorpe
bb51f21728 Update the test program to compile and run with the changes I just made 
to ENGINE_new (and ENGINE_get_struct_size).
 2000-05-26 15:43:28 +00:00
Geoff Thorpe
0e0e569cbf Prevent calling code from doing the allocation of the ENGINE structure. 
This was a bad idea in the first place, in particular it would have made
it trickier to implement error-handling, particularly when shutting down
third-party shared libraries etc.
 2000-05-26 15:21:47 +00:00
Richard Levitte
71c8e9f1c3 Added Geoff's latest changes, which seems to mostly be DH stuff and a 
README.  Oh, and a test program.
 2000-05-25 21:21:03 +00:00
Richard Levitte
e759b095d4 Add code and changes to implement the ENGINE mechanism. These are the 
patches that Geoff had in a patch file in his play directory.

NOTE for openssl-cvs:  THIS IS A CVS BRANCH (BRANCH_engine).  IT IS
NOT FOR THE FAINTHEARTED TO PLAY WITH.  The code works as it is, but
it's not at all sure it ends up in the OpenSSL distributio in this
form, so do not get dependent on it!

Those rsyncing the repository are considered warned!
 2000-05-25 19:55:54 +00:00
cvs2svn
afa0598f06 This commit was manufactured by cvs2svn to create branch 'BRANCH_engine'. 2000-05-25 13:20:12 +00:00
584 changed files with 11696 additions and 18407 deletions
Expand all files Collapse all files

907
CHANGES
View File

@@ -2,909 +2,6 @@
OpenSSL CHANGES
_______________
Changes between 0.9.6g and 0.9.6h [21 Dec 2002]
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
memory from it's contents. This is done with a counter that will
place alternating values in each byte. This can be used to solve
two issues: 1) the removal of calls to memset() by highly optimizing
compilers, and 2) cleansing with other values than 0, since those can
be read through on certain media, for example a swap space on disk.
[Geoff Thorpe]
*) Bugfix: client side session caching did not work with external caching,
because the session->cipher setting was not restored when reloading
from the external cache. This problem was masked, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
(Found by Steve Haslam <steve@araqnid.ddts.net>.)
[Lutz Jaenicke]
*) Fix client_certificate (ssl/s2_clnt.c): The permissible total
length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
[Zeev Lieber <zeev-l@yahoo.com>]
*) Undo an undocumented change introduced in 0.9.6e which caused
repeated calls to OpenSSL_add_all_ciphers() and
OpenSSL_add_all_digests() to be ignored, even after calling
EVP_cleanup().
[Richard Levitte]
*) Change the default configuration reader to deal with last line not
being properly terminated.
[Richard Levitte]
*) Change X509_NAME_cmp() so it applies the special rules on handling
DN values that are of type PrintableString, as well as RDNs of type
emailAddress where the value has the type ia5String.
[stefank@valicert.com via Richard Levitte]
*) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
the bitwise-OR of the two for use by the majority of applications
wanting this behaviour, and update the docs. The documented
behaviour and actual behaviour were inconsistent and had been
changing anyway, so this is more a bug-fix than a behavioural
change.
[Geoff Thorpe, diagnosed by Nadav Har'El]
*) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
(the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
[Bodo Moeller]
*) Fix initialization code race conditions in
SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
ssl2_get_cipher_by_char(),
ssl3_get_cipher_by_char().
[Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
*) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
the cached sessions are flushed, as the remove_cb() might use ex_data
contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
(see [openssl.org #212]).
[Geoff Thorpe, Lutz Jaenicke]
*) Fix typo in OBJ_txt2obj which incorrectly passed the content
length, instead of the encoding length to d2i_ASN1_OBJECT.
[Steve Henson]
Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
*) [In 0.9.6g-engine release:]
Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
[Lynn Gazis <lgazis@rainbow.com>]
Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
supplied buffer.
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
[Lutz Jaenicke]
*) Fix EVP_dsa_sha macro.
[Nils Larsch]
*) New option
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
that was added in OpenSSL 0.9.6d.
As the countermeasure turned out to be incompatible with some
broken SSL implementations, the new option is part of SSL_OP_ALL.
SSL_OP_ALL is usually employed when compatibility with weird SSL
implementations is desired (e.g. '-bugs' option to 's_client' and
's_server'), so the new option is automatically set in many
applications.
[Bodo Moeller]
*) Changes in security patch:
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
supplied buffer. (CAN-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
happen in practice.
[Ben Laurie (CHATS)]
*) Various temporary buffers to hold ASCII versions of integers were
too small for 64 bit platforms. (CAN-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized session ID to a client. (CAN-2002-0656)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL2 protocol - an attacker could
supply an oversized client master key. (CAN-2002-0656)
[Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.
[Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
*) Check various X509_...() return values in apps/req.c.
[Nils Larsch <nla@trustcenter.de>]
*) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
an end-of-file condition would erronously be flagged, when the CRLF
was just at the end of a processed block. The bug was discovered when
processing data through a buffering memory BIO handing the data to a
BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
<ptsekov@syntrex.com> and Nedelcho Stanev.
[Lutz Jaenicke]
*) Implement a countermeasure against a vulnerability recently found
in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
before application data chunks to avoid the use of known IVs
with data potentially chosen by the attacker.
[Bodo Moeller]
*) Fix length checks in ssl3_get_client_hello().
[Bodo Moeller]
*) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
to prevent ssl3_read_internal() from incorrectly assuming that
ssl3_read_bytes() found application data while handshake
processing was enabled when in fact s->s3->in_read_app_data was
merely automatically cleared during the initial handshake.
[Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
*) Fix object definitions for Private and Enterprise: they were not
recognized in their shortname (=lowercase) representation. Extend
obj_dat.pl to issue an error when using undefined keywords instead
of silently ignoring the problem (Svenning Sorensen
<sss@sss.dnsalias.net>).
[Lutz Jaenicke]
*) Fix DH_generate_parameters() so that it works for 'non-standard'
generators, i.e. generators other than 2 and 5. (Previously, the
code did not properly initialise the 'add' and 'rem' values to
BN_generate_prime().)
In the new general case, we do not insist that 'generator' is
actually a primitive root: This requirement is rather pointless;
a generator of the order-q subgroup is just as good, if not
better.
[Bodo Moeller]
*) Map new X509 verification errors to alerts. Discovered and submitted by
Tom Wu <tom@arcot.com>.
[Lutz Jaenicke]
*) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
returning non-zero before the data has been completely received
when using non-blocking I/O.
[Bodo Moeller; problem pointed out by John Hughes]
*) Some of the ciphers missed the strength entry (SSL_LOW etc).
[Ben Laurie, Lutz Jaenicke]
*) Fix bug in SSL_clear(): bad sessions were not removed (found by
Yoram Zahavi <YoramZ@gilian.com>).
[Lutz Jaenicke]
*) Add information about CygWin 1.3 and on, and preserve proper
configuration for the versions before that.
[Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
*) Make removal from session cache (SSL_CTX_remove_session()) more robust:
check whether we deal with a copy of a session and do not delete from
the cache in this case. Problem reported by "Izhar Shoshani Levi"
<izhar@checkpoint.com>.
[Lutz Jaenicke]
*) Do not store session data into the internal session cache, if it
is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
flag is set). Proposed by Aslam <aslam@funk.com>.
[Lutz Jaenicke]
*) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
value is 0.
[Richard Levitte]
*) [In 0.9.6d-engine release:]
Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
[Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
*) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
variable as an indication that a ClientHello message has been
received. As the flag value will be lost between multiple
invocations of ssl3_accept when using non-blocking I/O, the
function may not be aware that a handshake has actually taken
place, thus preventing a new session from being added to the
session cache.
To avoid this problem, we now set s->new_session to 2 instead of
using a local variable.
[Lutz Jaenicke, Bodo Moeller]
*) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
if the SSL_R_LENGTH_MISMATCH error is detected.
[Geoff Thorpe, Bodo Moeller]
*) New 'shared_ldflag' column in Configure platform table.
[Richard Levitte]
*) Fix EVP_CIPHER_mode macro.
["Dan S. Camper" <dan@bti.net>]
*) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
type, we must throw them away by setting rr->length to 0.
[D P Chang <dpc@qualys.com>]
Changes between 0.9.6b and 0.9.6c [21 dec 2001]
*) Fix BN_rand_range bug pointed out by Dominikus Scherkl
<Dominikus.Scherkl@biodata.com>. (The previous implementation
worked incorrectly for those cases where range = 10..._2 and
3*range is two bits longer than range.)
[Bodo Moeller]
*) Only add signing time to PKCS7 structures if it is not already
present.
[Steve Henson]
*) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
OBJ_ld_ce should be OBJ_id_ce.
Also some ip-pda OIDs in crypto/objects/objects.txt were
incorrect (cf. RFC 3039).
[Matt Cooper, Frederic Giudicelli, Bodo Moeller]
*) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
returns early because it has nothing to do.
[Andy Schneider <andy.schneider@bjss.co.uk>]
*) [In 0.9.6c-engine release:]
Fix mutex callback return values in crypto/engine/hw_ncipher.c.
[Andy Schneider <andy.schneider@bjss.co.uk>]
*) [In 0.9.6c-engine release:]
Add support for Cryptographic Appliance's keyserver technology.
(Use engine 'keyclient')
[Cryptographic Appliances and Geoff Thorpe]
*) Add a configuration entry for OS/390 Unix. The C compiler 'c89'
is called via tools/c89.sh because arguments have to be
rearranged (all '-L' options must appear before the first object
modules).
[Richard Shapiro <rshapiro@abinitio.com>]
*) [In 0.9.6c-engine release:]
Add support for Broadcom crypto accelerator cards, backported
from 0.9.7.
[Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
*) [In 0.9.6c-engine release:]
Add support for SureWare crypto accelerator cards from
Baltimore Technologies. (Use engine 'sureware')
[Baltimore Technologies and Mark Cox]
*) [In 0.9.6c-engine release:]
Add support for crypto accelerator cards from Accelerated
Encryption Processing, www.aep.ie. (Use engine 'aep')
[AEP Inc. and Mark Cox]
*) Add a configuration entry for gcc on UnixWare.
[Gary Benson <gbenson@redhat.com>]
*) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
messages are stored in a single piece (fixed-length part and
variable-length part combined) and fix various bugs found on the way.
[Bodo Moeller]
*) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
instead. BIO_gethostbyname() does not know what timeouts are
appropriate, so entries would stay in cache even when they have
become invalid.
[Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
*) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
faced with a pathologically small ClientHello fragment that does
not contain client_version: Instead of aborting with an error,
simply choose the highest available protocol version (i.e.,
TLS 1.0 unless it is disabled). In practice, ClientHello
messages are never sent like this, but this change gives us
strictly correct behaviour at least for TLS.
[Bodo Moeller]
*) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
[Bodo Moeller; problem pointed out by Niko Baric]
*) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
(sent using the client's version number) if client_version is
smaller than the protocol version in use. Also change
ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
the client will at least see that alert.
[Bodo Moeller]
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
correctly.
[Bodo Moeller]
*) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
client receives HelloRequest while in a handshake.
[Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
should end in 'break', not 'goto end' which circuments various
cleanups done in state SSL_ST_OK. But session related stuff
must be disabled for SSL_ST_OK in the case that we just sent a
HelloRequest.
Also avoid some overhead by not calling ssl_init_wbio_buffer()
before just sending a HelloRequest.
[Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
Similar changes are not required for the SSL 2.0 implementation
because the number of padding bytes is sent in clear for SSL 2.0,
and the extra bytes are just ignored. However ssl/s2_pkt.c
failed to verify that the purported number of padding bytes is in
the legal range.
[Bodo Moeller]
*) Add OpenUNIX-8 support including shared libraries
(Boyd Lynn Gerber <gerberb@zenez.com>).
[Lutz Jaenicke]
*) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
'wristwatch attack' using huge encoding parameters (cf.
James H. Manger's CRYPTO 2001 paper). Note that the
RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
encoding parameters and hence was not vulnerable.
[Bodo Moeller]
*) BN_sqr() bug fix.
[Ulf M<>ller, reported by Jim Ellis <jim.ellis@cavium.com>]
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
followed by modular reduction.
[Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
*) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
equivalent based on BN_pseudo_rand() instead of BN_rand().
[Bodo Moeller]
*) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
This function was broken, as the check for a new client hello message
to handle SGC did not allow these large messages.
(Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
[Lutz Jaenicke]
*) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
[Lutz Jaenicke]
*) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
[Lutz Jaenicke]
*) Rework the configuration and shared library support for Tru64 Unix.
The configuration part makes use of modern compiler features and
still retains old compiler behavior for those that run older versions
of the OS. The shared library support part includes a variant that
uses the RPATH feature, and is available through the special
configuration target "alpha-cc-rpath", which will never be selected
automatically.
[Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
*) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
with the same message size as in ssl3_get_certificate_request().
Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
messages might inadvertently be reject as too long.
[Petr Lampa <lampa@fee.vutbr.cz>]
*) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
[Andy Polyakov]
*) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was
ignored and the verify_callback() set in the SSL_CTX at the time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
[Lutz Jaenicke]
*) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
explicitly to NULL, as at least on Solaris 8 this seems not always to be
done automatically (in contradiction to the requirements of the C
standard). This made problems when used from OpenSSH.
[Lutz Jaenicke]
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used
BN_rand_range(priv_key, dh->p).
BN_rand_range() is not necessary for Diffie-Hellman, and this
specific range makes Diffie-Hellman unnecessarily inefficient if
dh->length (recommended exponent length) is much smaller than the
length of dh->p. We could use BN_rand_range() if the order of
the subgroup was stored in the DH structure, but we only have
dh->length.
So switch back to
BN_rand(priv_key, l, ...)
where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
otherwise.
[Bodo Moeller]
*) In
RSA_eay_public_encrypt
RSA_eay_private_decrypt
RSA_eay_private_encrypt (signing)
RSA_eay_public_decrypt (signature verification)
(default implementations for RSA_public_encrypt,
RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
always reject numbers >= n.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
to synchronize access to 'locking_thread'. This is necessary on
systems where access to 'locking_thread' (an 'unsigned long'
variable) is not atomic.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
*before* setting the 'crypto_lock_rand' flag. The previous code had
a race condition if 0 is a valid thread ID.
[Travis Vitek <vitek@roguewave.com>]
*) Add support for shared libraries under Irix.
[Albert Chin-A-Young <china@thewrittenword.com>]
*) Add configuration option to build on Linux on both big-endian and
little-endian MIPS.
[Ralf Baechle <ralf@uni-koblenz.de>]
*) Add the possibility to create shared libraries on HP-UX.
[Richard Levitte]
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
PRNG state recovery was possible based on the output of
one PRNG request appropriately sized to gain knowledge on
'md' followed by enough consecutive 1-byte PRNG requests
to traverse all of 'state'.
1. When updating 'md_local' (the current thread's copy of 'md')
during PRNG output generation, hash all of the previous
'md_local' value, not just the half used for PRNG output.
2. Make the number of bytes from 'state' included into the hash
independent from the number of PRNG bytes requested.
The first measure alone would be sufficient to avoid
Markku-Juhani's attack. (Actually it had never occurred
to me that the half of 'md_local' used for chaining was the
half from which PRNG output bytes were taken -- I had always
assumed that the secret half would be used.) The second
measure makes sure that additional data from 'state' is never
mixed into 'md_local' in small portions; this heuristically
further strengthens the PRNG.
[Bodo Moeller]
*) Fix crypto/bn/asm/mips3.s.
[Andy Polyakov]
*) When only the key is given to "enc", the IV is undefined. Print out
an error message in this case.
[Lutz Jaenicke]
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
*) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
positive and less than q.
[Bodo Moeller]
*) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
used: it isn't thread safe and the add_lock_callback should handle
that itself.
[Paul Rose <Paul.Rose@bridge.com>]
*) Verify that incoming data obeys the block size in
ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
[Bodo Moeller]
*) Fix OAEP check.
[Ulf M<>ller, Bodo M<>ller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
means that the probability of guessing a valid ciphertext is
around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
paper.)
Before 0.9.5, the countermeasure (hide the error by generating a
random 'decryption result') did not work properly because
ERR_clear_error() was missing, meaning that SSL_get_error() would
detect the supposedly ignored error.
Both problems are now fixed.
[Bodo Moeller]
*) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
(previously it was 1024).
[Bodo Moeller]
*) Fix for compatibility mode trust settings: ignore trust settings
unless some valid trust or reject settings are present.
[Steve Henson]
*) Fix for blowfish EVP: its a variable length cipher.
[Steve Henson]
*) Fix various bugs related to DSA S/MIME verification. Handle missing
parameters in DSA public key structures and return an error in the
DSA routines if parameters are absent.
[Steve Henson]
*) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
in the current directory if neither $RANDFILE nor $HOME was set.
RAND_file_name() in 0.9.6a returned NULL in this case. This has
caused some confusion to Windows users who haven't defined $HOME.
Thus RAND_file_name() is changed again: e_os.h can define a
DEFAULT_HOME, which will be used if $HOME is not set.
For Windows, we use "C:"; on other platforms, we still require
environment variables.
*) Move 'if (!initialized) RAND_poll()' into regions protected by
CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
having multiple threads call RAND_poll() concurrently.
[Bodo Moeller]
*) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
combination of a flag and a thread ID variable.
Otherwise while one thread is in ssleay_rand_bytes (which sets the
flag), *other* threads can enter ssleay_add_bytes without obeying
the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller]
*) Change bctest again: '-x' expressions are not available in all
versions of 'test'.
[Bodo Moeller]
Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
*) Fix a couple of memory leaks in PKCS7_dataDecode()
[Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
*) Change Configure and Makefiles to provide EXE_EXT, which will contain
the default extension for executables, if any. Also, make the perl
scripts that use symlink() to test if it really exists and use "cp"
if it doesn't. All this made OpenSSL compilable and installable in
CygWin.
[Richard Levitte]
*) Fix for asn1_GetSequence() for indefinite length constructed data.
If SEQUENCE is length is indefinite just set c->slen to the total
amount of data available.
[Steve Henson, reported by shige@FreeBSD.org]
[This change does not apply to 0.9.7.]
*) Change bctest to avoid here-documents inside command substitution
(workaround for FreeBSD /bin/sh bug).
For compatibility with Ultrix, avoid shell functions (introduced
in the bctest version that searches along $PATH).
[Bodo Moeller]
*) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
with des_encrypt() defined on some operating systems, like Solaris
and UnixWare.
[Richard Levitte]
*) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
On the Importance of Eliminating Errors in Cryptographic
Computations, J. Cryptology 14 (2001) 2, 101-119,
http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
[Ulf Moeller]
*) MIPS assembler BIGNUM division bug fix.
[Andy Polyakov]
*) Disabled incorrect Alpha assembler code.
[Richard Levitte]
*) Fix PKCS#7 decode routines so they correctly update the length
after reading an EOC for the EXPLICIT tag.
[Steve Henson]
[This change does not apply to 0.9.7.]
*) Fix bug in PKCS#12 key generation routines. This was triggered
if a 3DES key was generated with a 0 initial byte. Include
PKCS12_BROKEN_KEYGEN compilation option to retain the old
(but broken) behaviour.
[Steve Henson]
*) Enhance bctest to search for a working bc along $PATH and print
it when found.
[Tim Rice <tim@multitalents.net> via Richard Levitte]
*) Fix memory leaks in err.c: free err_data string if necessary;
don't write to the wrong index in ERR_set_error_data.
[Bodo Moeller]
*) Implement ssl23_peek (analogous to ssl23_read), which previously
did not exist.
[Bodo Moeller]
*) Replace rdtsc with _emit statements for VC++ version 5.
[Jeremy Cooper <jeremy@baymoo.org>]
*) Make it possible to reuse SSLv2 sessions.
[Richard Levitte]
*) In copy_email() check for >= 0 as a return value for
X509_NAME_get_index_by_NID() since 0 is a valid index.
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
*) Avoid coredump with unsupported or invalid public keys by checking if
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
PKCS7_verify() fails with non detached data.
[Steve Henson]
*) Don't use getenv in library functions when run as setuid/setgid.
New function OPENSSL_issetugid().
[Ulf Moeller]
*) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
due to incorrect handling of multi-threading:
1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
3. Count how many times MemCheck_off() has been called so that
nested use can be treated correctly. This also avoids
inband-signalling in the previous code (which relied on the
assumption that thread ID 0 is impossible).
[Bodo Moeller]
*) Add "-rand" option also to s_client and s_server.
[Lutz Jaenicke]
*) Fix CPU detection on Irix 6.x.
[Kurt Hockenbury <khockenb@stevens-tech.edu> and
"Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
was empty.
[Steve Henson]
[This change does not apply to 0.9.7.]
*) Use the cached encoding of an X509_NAME structure rather than
copying it. This is apparently the reason for the libsafe "errors"
but the code is actually correct.
[Steve Henson]
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
Bleichenbacher's DSA attack.
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
to be set and top=0 forces the highest bit to be set; top=-1 is new
and leaves the highest bit random.
[Ulf Moeller, Bodo Moeller]
*) In the NCONF_...-based implementations for CONF_... queries
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
a temporary CONF structure with the data component set to NULL
(which gives segmentation faults in lh_retrieve).
Instead, use NULL for the CONF pointer in CONF_get_string and
CONF_get_number (which may use environment variables) and directly
return NULL from CONF_get_section.
[Bodo Moeller]
*) Fix potential buffer overrun for EBCDIC.
[Ulf Moeller]
*) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
keyUsage if basicConstraints absent for a CA.
[Steve Henson]
*) Make SMIME_write_PKCS7() write mail header values with a format that
is more generally accepted (no spaces before the semicolon), since
some programs can't parse those values properly otherwise. Also make
sure BIO's that break lines after each write do not create invalid
headers.
[Richard Levitte]
*) Make the CRL encoding routines work with empty SEQUENCE OF. The
macros previously used would not encode an empty SEQUENCE OF
and break the signature.
[Steve Henson]
[This change does not apply to 0.9.7.]
*) Zero the premaster secret after deriving the master secret in
DH ciphersuites.
[Steve Henson]
*) Add some EVP_add_digest_alias registrations (as found in
OpenSSL_add_all_digests()) to SSL_library_init()
aka OpenSSL_add_ssl_algorithms(). This provides improved
compatibility with peers using X.509 certificates
with unconventional AlgorithmIdentifier OIDs.
[Bodo Moeller]
*) Fix for Irix with NO_ASM.
["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
*) ./config script fixes.
[Ulf Moeller, Richard Levitte]
*) Fix 'openssl passwd -1'.
[Bodo Moeller]
*) Change PKCS12_key_gen_asc() so it can cope with non null
terminated strings whose length is passed in the passlen
parameter, for example from PEM callbacks. This was done
by adding an extra length parameter to asc2uni().
[Steve Henson, reported by <oddissey@samsung.co.kr>]
*) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
call failed, free the DSA structure.
[Bodo Moeller]
*) Fix to uni2asc() to cope with zero length Unicode strings.
These are present in some PKCS#12 files.
[Steve Henson]
*) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
when writing a 32767 byte record.
[Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
*) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
(RSA objects have a reference count access to which is protected
by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
so they are meant to be shared between threads.)
[Bodo Moeller, Geoff Thorpe; original patch submitted by
"Reddie, Steven" <Steven.Reddie@ca.com>]
*) Fix a deadlock in CRYPTO_mem_leaks().
[Bodo Moeller]
*) Use better test patterns in bntest.
[Ulf M<>ller]
*) rand_win.c fix for Borland C.
[Ulf M<>ller]
*) BN_rshift bugfix for n == 0.
[Bodo Moeller]
*) Add a 'bctest' script that checks for some known 'bc' bugs
so that 'make test' does not abort just because 'bc' is broken.
[Bodo Moeller]
*) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original
result of the server certificate verification.)
[Lutz Jaenicke]
*) Fix ssl3_pending: If the record in s->s3->rrec is not of type
SSL3_RT_APPLICATION_DATA, return 0.
Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
[Bodo Moeller]
*) Fix SSL_peek:
Both ssl2_peek and ssl3_peek, which were totally broken in earlier
releases, have been re-implemented by renaming the previous
implementations of ssl2_read and ssl3_read to ssl2_read_internal
and ssl3_read_internal, respectively, and adding 'peek' parameters
to them. The new ssl[23]_{read,peek} functions are calls to
ssl[23]_read_internal with the 'peek' flag set appropriately.
A 'peek' parameter has also been added to ssl3_read_bytes, which
does the actual work for ssl3_read_internal.
[Bodo Moeller]
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
the method-specific "init()" handler. Also clean up ex_data after
calling the method-specific "finish()" handler. Previously, this was
happening the other way round.
[Geoff Thorpe]
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
The previous value, 12, was not always sufficient for BN_mod_exp().
[Bodo Moeller]
*) Make sure that shared libraries get the internal name engine with
the full version number and not just 0. This should mark the
shared libraries as not backward compatible. Of course, this should
be changed again when we can guarantee backward binary compatibility.
[Richard Levitte]
*) Fix typo in get_cert_by_subject() in by_dir.c
[Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
*) Rework the system to generate shared libraries:
- Make note of the expected extension for the shared libraries and
if there is a need for symbolic links from for example libcrypto.so.0
to libcrypto.so.0.9.7. There is extended info in Configure for
that.
- Make as few rebuilds of the shared libraries as possible.
- Still avoid linking the OpenSSL programs with the shared libraries.
- When installing, install the shared libraries separately from the
static ones.
[Richard Levitte]
*) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
and not in SSL_clear because the latter is also used by the
accept/connect functions; previously, the settings made by
SSL_set_read_ahead would be lost during the handshake.
[Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
*) Correct util/mkdef.pl to be selective about disabled algorithms.
Previously, it would create entries for disableed algorithms no
matter what.
[Richard Levitte]
*) Added several new manual pages for SSL_* function.
[Lutz Jaenicke]
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced
@@ -1254,7 +351,7 @@
default is static libraries only, and the OpenSSL programs
are always statically linked for now, but there are
preparations for dynamic linking in place.
This has been tested on Linux and Tru64.
This has been tested on Linux and True64.
[Richard Levitte]
*) Randomness polling function for Win9x, as described in:
@@ -2981,7 +2078,7 @@
copied!)
[Bodo Moeller]
*) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
*) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
worked.
*) Fix problems with no-hmac etc.

463
Configure
View File

@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
@@ -23,14 +23,20 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# support isn't compiled.
# no-hw do not compile support for any crypto hardware.
# rsaref use RSAref
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# [no-]shared [don't] try to create shared libraries when supported.
# IT IS NOT RECOMMENDED TO USE "shared"! Since this is a
# development branch, the positions of the ENGINE symbols
# in the transfer vector are constantly moving, so binary
# backward compatibility can't be guaranteed in any way.
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
@@ -92,15 +98,10 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
my $mips3_irix_asm="asm/mips3.o::::::::";
# There seems to be boundary faults in asm/alpha.s.
#my $alpha_asm="asm/alpha.o::::::::";
my $alpha_asm="::::::::";
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -119,10 +120,10 @@ my %table=(
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
@@ -135,45 +136,41 @@ my %table=(
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
# but keep the assembler modules.
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
####
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
####
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
#### SPARC Linux setups
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
# !!!Folowing can't be even tested yet!!!
# We have to wait till 64-bit glibc for SPARC is operational!!!
#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -184,17 +181,17 @@ my %table=(
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
# N64 ABI builds.
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -226,45 +223,41 @@ my %table=(
#
#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# Since there is mention of this in shlib/hpux10-cc.sh
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
# egcs. gcc 2.8.1 is also broken.
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
# please report your OS and compiler version to the openssl-bugs@openssl.org
# mailing list.
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux-gcc fails, try this one:
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X on Motorola 68k platforms with gcc
"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# HPUX 10.X config. Supports threads.
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# If hpux10-gcc fails, try this one:
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
@@ -275,43 +268,13 @@ my %table=(
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
#### PARISC Linux setups
"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
# from the older DEC C Compiler to the newer compiler. It's now the
# same as the preferred entry, alpha-cc. If you are still using the
# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
# you should use `alphaold-cc'.
#
# "What's in a name? That which we call a rose
# By any other word would smell as sweet."
#
# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
#
# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
# vendor compiler, use alphaold-cc.
# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
#
# There's also an alternate target available (which `config' will never
# select) called alpha-cc-rpath. This target builds an RPATH into the
# shared libraries, which is very convenient on Tru64 since binaries
# linked against that shared library will automatically inherit that RPATH,
# and hence know where to look for the openssl libraries, even if they're in
# an odd place.
#
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
#
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
#
# This probably belongs in a different section.
#
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
@@ -326,34 +289,31 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
# assembler versions -- currently defunct:
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
# NCR MP-RAS UNIX ver 02.03.01
@@ -362,43 +322,22 @@ my %table=(
# QNX 4
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
# QNX 6
"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
# Linux on ARM
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
# UnixWare 2.0x fails destest with -O
"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# UnixWare 2.1
"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# UnixWare 2.0
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# UnixWare 7
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# OpenUNIX 8
"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
#
# Cray T90 and similar (SDSC)
# Cray T90 (SDSC)
# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
# defined. The T90 ints and longs are 8 bytes long, and apparently the
# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
@@ -408,10 +347,7 @@ my %table=(
#'Taking the address of a bit field is not allowed. '
#'An expression with bit field exists as the operand of "sizeof" '
# (written by Wayne Schroeder <schroede@SDSC.EDU>)
#
# j90 is considered the base machine type for unicos machines,
# so this configuration is now called "cray-j90" ...
"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
#
# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -425,19 +361,13 @@ my %table=(
# DGUX, 88100.
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
# SCO 3 - Tim Rice <tim@multitalents.net>
"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
# SCO cc.
"sco5-cc", "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
"sco5-cc-pentium", "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
"sco5-cc", "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
@@ -448,12 +378,6 @@ my %table=(
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
# You need to compile using the c89.sh wrapper in the tools directory, because the
# IBM compiler does not like the -L switch after any object modules.
#
"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# Windows NT, Microsoft Visual C++ 4.0
"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
@@ -472,12 +396,8 @@ my %table=(
# and its library files in util/pl/*)
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
# CygWin32
"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -486,58 +406,24 @@ my %table=(
##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
# Some OpenBSD from Bob Beck <beck@obtuse.com>
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
##### MacOS X (a.k.a. Rhapsody) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
##### Sony NEWS-OS 4.x
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
##### VxWorks for various targets
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
##### Compaq Non-Stop Kernel (Tandem)
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
BC-16 Mingw32);
my $idx = 0;
my $idx_cc = $idx++;
my $idx_cflags = $idx++;
my $idx_unistd = $idx++;
my $idx_thread_cflag = $idx++;
my $idx_lflags = $idx++;
my $idx_bn_ops = $idx++;
my $idx_bn_obj = $idx++;
my $idx_des_obj = $idx++;
my $idx_bf_obj = $idx++;
my $idx_md5_obj = $idx++;
my $idx_sha1_obj = $idx++;
my $idx_cast_obj = $idx++;
my $idx_rc4_obj = $idx++;
my $idx_rmd160_obj = $idx++;
my $idx_rc5_obj = $idx++;
my $idx_dso_scheme = $idx++;
my $idx_shared_target = $idx++;
my $idx_shared_cflag = $idx++;
my $idx_shared_ldflag = $idx++;
my $idx_shared_extension = $idx++;
my $idx_ranlib = $idx++;
my $prefix="";
my $openssldir="";
my $exe_ext="";
my $install_prefix="";
my $no_threads=0;
my $no_shared=1;
@@ -565,10 +451,10 @@ my $md5_obj="";
my $sha1_obj="";
my $rmd160_obj="";
my $processor="";
my $default_ranlib;
my $ranlib;
my $perl;
$default_ranlib= &which("ranlib") or $default_ranlib="true";
$ranlib=&which("ranlib") or $ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
@@ -583,7 +469,6 @@ my $libs;
my $target;
my $options;
my $symlink;
my $make_depend=0;
my @argvcopy=@ARGV;
my $argvstring="";
@@ -608,16 +493,24 @@ PROCESS_ARGS:
foreach (@argvcopy)
{
s /^-no-/no-/; # some people just can't read the instructions
if (/^--test-sanity$/)
{
exit(&test_sanity());
}
elsif (/^no-asm$/)
if (/^no-asm$/)
{
$no_asm=1;
$flags .= "-DNO_ASM ";
$openssl_other_defines .= "#define NO_ASM\n";
}
elsif (/^no-hw-(.+)$/)
{
my $hw=$1;
$hw =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_HW_$hw ";
$openssl_other_defines .= "#define NO_HW_$hw\n";
}
elsif (/^no-hw$/)
{
$flags .= "-DNO_HW ";
$openssl_other_defines .= "#define NO_HW\n";
}
elsif (/^no-dso$/)
{ $no_dso=1; }
elsif (/^no-threads$/)
@@ -626,7 +519,7 @@ PROCESS_ARGS:
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
elsif (/^shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
@@ -741,17 +634,12 @@ if ($target eq "LIST") {
exit 0;
}
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
print "Configuring for $target\n";
&usage if (!defined($table{$target}));
my $IsWindows=scalar grep /^$target$/,@WinTargets;
$exe_ext=".exe" if ($target eq "Cygwin");
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
@@ -764,29 +652,9 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
print "IsWindows=$IsWindows\n";
my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
my $cc = $fields[$idx_cc];
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $bn_obj = $fields[$idx_bn_obj];
my $des_obj = $fields[$idx_des_obj];
my $bf_obj = $fields[$idx_bf_obj];
my $md5_obj = $fields[$idx_md5_obj];
my $sha1_obj = $fields[$idx_sha1_obj];
my $cast_obj = $fields[$idx_cast_obj];
my $rc4_obj = $fields[$idx_rc4_obj];
my $rmd160_obj = $fields[$idx_rmd160_obj];
my $rc5_obj = $fields[$idx_rc5_obj];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
$cflags="$flags$cflags" if ($flags ne "");
# The DSO code currently always implements all functions so that no
@@ -861,27 +729,17 @@ if ($threads)
}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
if ($shared_target ne "")
my $shared_mark1 = "";
my $shared_mark2 = "";
if ($shared_cflag ne "")
{
if ($shared_cflag ne "")
{
$cflags = "$shared_cflag $cflags";
}
$cflags = "$shared_cflag $cflags";
if (!$no_shared)
{
#$shared_mark = "\$(SHARED_LIBS)";
$shared_mark1 = ".shlib-clean.";
$shared_mark2 = ".shlib.";
}
}
else
{
$no_shared = 1;
}
if ($ranlib eq "")
{
$ranlib = $default_ranlib;
}
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
@@ -911,10 +769,6 @@ if ($rmd160_obj =~ /\.o$/)
$cflags.=" -DRMD160_ASM";
}
# "Stringify" the C flags string. This permits it to be made part of a string
# and works as well on command lines.
$cflags =~ s/([\\\"])/\\\1/g;
my $version = "unknown";
my $major = "unknown";
my $minor = "unknown";
@@ -967,7 +821,6 @@ while (<IN>)
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@@ -978,7 +831,6 @@ while (<IN>)
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -992,27 +844,9 @@ while (<IN>)
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^PERL=.*/PERL= $perl/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
{
my $sotmp = $1;
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
{
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
print OUT $_."\n";
}
close(IN);
@@ -1195,13 +1029,11 @@ if($IsWindows) {
EOF
close(OUT);
} else {
my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
my $make_targets = "";
$make_targets .= " links" if $symlink;
$make_targets .= " depend" if $depflags ne "" && $make_depend;
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or exit $?
if $make_targets ne "";
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
if $symlink;
### (system 'make depend') == 0 or exit $? if $depflags ne "";
# Run "make depend" manually if you want to be able to delete
# the source code files of ciphers you left out.
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1211,15 +1043,6 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne "" && !$make_depend) {
print <<EOF;
Since you've disabled at least one algorithm, you need to do the following
before building:
make depend
EOF
}
}
@@ -1310,9 +1133,8 @@ sub print_table_entry
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
my $bn_obj,my $des_obj,my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
my $shared_ldflag,my $shared_extension,my $ranlib)=
split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
print <<EOF
@@ -1335,44 +1157,5 @@ sub print_table_entry
\$dso_scheme = $dso_scheme
\$shared_target= $shared_target
\$shared_cflag = $shared_cflag
\$shared_ldflag = $shared_ldflag
\$shared_extension = $shared_extension
\$ranlib = $ranlib
EOF
}
sub test_sanity
{
my $errorcnt = 0;
print STDERR "=" x 70, "\n";
print STDERR "=== SANITY TESTING!\n";
print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
print STDERR "=" x 70, "\n";
foreach $target (sort keys %table)
{
@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
print STDERR " in the previous field\n";
}
elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
print STDERR " in the following field\n";
}
elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
{
$errorcnt++;
print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
print STDERR " valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
}
}
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}

679
FAQ
View File

@@ -1,25 +1,20 @@
OpenSSL - Frequently Asked Questions
--------------------------------------
[MISC] Miscellaneous questions
* Which is the current version of OpenSSL?
* Where is the documentation?
* How can I contact the OpenSSL developers?
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
* How do I check the authenticity of the OpenSSL distribution?
[LEGAL] Legal questions
* Do I need patent licenses to use OpenSSL?
* Can I use OpenSSL with GPL software?
[USER] Questions on using the OpenSSL applications
* Is OpenSSL thread-safe?
* Why do I get a "PRNG not seeded" error message?
* Why do I get an "unable to write 'random state'" error message?
* Why does the linker complain about undefined symbols?
* Where can I get a compiled version of OpenSSL?
* I've compiled a program under Windows and it crashes: why?
* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
* Why do I get errors about unknown algorithms?
* How do I create certificates or certificate requests?
* Why can't I create certificate requests?
* Why does <SSL program> fail with a certificate verify error?
@@ -27,43 +22,17 @@ OpenSSL - Frequently Asked Questions
* How can I create DSA certificates?
* Why can't I make an SSL connection using a DSA certificate?
* How can I remove the passphrase on a private key?
* Why can't I use OpenSSL certificates with SSL client authentication?
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
[BUILD] Questions about building and testing OpenSSL
* Why does the linker complain about undefined symbols?
* Why can't the OpenSSH configure script detect OpenSSL?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
* Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
* What is special about OpenSSL on Redhat?
* Why does the OpenSSL test suite fail on MacOS X?
[PROG] Questions about programming with OpenSSL
* Is OpenSSL thread-safe?
* I've compiled a program under Windows and it crashes: why?
* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
* Why do I get errors about unknown algorithms?
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
===============================================================================
[MISC] ========================================================================
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.6h was released on 5 December 2002.
OpenSSL 0.9.6 was released on September 24th, 2000.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -109,46 +78,6 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
<URL: http://www.openssl.org>.
* Where can I get a compiled version of OpenSSL?
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to install OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
A number of Linux and *BSD distributions include OpenSSL.
* Why aren't tools like 'autoconf' and 'libtool' used?
autoconf will probably be used in future OpenSSL versions. If it was
less Unix-centric, it might have been used much earlier.
* What is an 'engine' version?
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
We provide MD5 digests and ASC signatures of each tarball.
Use MD5 to check that a tarball from a mirror site is identical:
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
You can check authenticity using pgp or gpg. You need the OpenSSL team
member public key used to sign it (download it from a key server). Then
just do:
pgp TARBALL.asc
[LEGAL] =======================================================================
* Do I need patent licenses to use OpenSSL?
The patents section of the README file lists patents that may apply to
@@ -160,25 +89,17 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using
./config no-rc5 no-idea
* Can I use OpenSSL with GPL software?
* Is OpenSSL thread-safe?
On many systems including the major Linux and BSD distributions, yes (the
GPL does not place restrictions on using libraries that are part of the
normal operating system distribution).
Yes (with limitations: an SSL connection may not concurrently be used
by multiple threads). On Windows and many Unix systems, OpenSSL
automatically uses the multi-threaded versions of the standard
libraries. If your platform is not one of these, consult the INSTALL
file.
On other systems, the situation is less clear. Some GPL software copyright
holders claim that you infringe on their rights if you use OpenSSL with
their software on operating systems that don't normally include OpenSSL.
Multi-threaded applications must provide two callback functions to
OpenSSL. This is described in the threads(3) manpage.
If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using
GPL software developed by others, you may want to ask the copyright holder
for permission to use their software with OpenSSL.
[USER] ========================================================================
* Why do I get a "PRNG not seeded" error message?
@@ -187,7 +108,6 @@ correctly. Many open source operating systems provide a "randomness
device" that serves this purpose. On other systems, applications have
to call the RAND_add() or RAND_seed() function with appropriate data
before generating keys or performing public key encryption.
(These functions initialize the pseudo-random number generator, PRNG.)
Some broken applications do not do this. As of version 0.9.5, the
OpenSSL functions that need randomness report an error if the random
@@ -197,177 +117,27 @@ application you are using. It is likely that it never worked
correctly. OpenSSL 0.9.5 and later make the error visible by refusing
to perform potentially insecure encryption.
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
details. Starting with version 0.9.7, OpenSSL will automatically look
for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
/etc/entropy.
On systems without /dev/urandom, it is a good idea to use the Entropy
Gathering Demon; see the RAND_egd() manpage for details.
Most components of the openssl command line utility automatically try
to seed the random number generator from a file. The name of the
default seeding file is determined as follows: If environment variable
RANDFILE is set, then it names the seeding file. Otherwise if
environment variable HOME is set, then the seeding file is $HOME/.rnd.
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
default seeding file at all. OpenSSL 0.9.6b and later will behave
similarly to 0.9.6a, but will use a default of "C:\" for HOME on
Windows systems if the environment variable has not been set.
Most components of the openssl command line tool try to use the
file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
for seeding the PRNG. If this file does not exist or is too short,
the "PRNG not seeded" error message may occur.
If the default seeding file does not exist or is too short, the "PRNG
not seeded" error message may occur.
The openssl command line utility will write back a new state to the
default seeding file (and create this file if necessary) unless
there was no sufficient seeding.
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
Use the "-rand" option of the OpenSSL command line tools instead.
The $RANDFILE environment variable and $HOME/.rnd are only used by the
OpenSSL command line tools. Applications using the OpenSSL library
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
0.9.5 does not do this and will fail on systems without /dev/urandom
when trying to password-encrypt an RSA key! This is a bug in the
library; try a later version instead.]
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which
adds a /dev/random device and make sure it gets used, usually through
$RANDFILE. There are probably similar patches for the other Solaris
versions. An official statement from Sun with respect to /dev/random
support can be found at
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
However, be warned that /dev/random is usually a blocking device, which
may have some effects on OpenSSL.
A third party /dev/random solution for Solaris is available at
http://www.cosy.sbg.ac.at/~andi/
versions. However, be warned that /dev/random is usually a blocking
device, which may have some effects on OpenSSL.
* Why do I get an "unable to write 'random state'" error message?
Sometimes the openssl command line utility does not abort with
a "PRNG not seeded" error message, but complains that it is
"unable to write 'random state'". This message refers to the
default seeding file (see previous answer). A possible reason
is that no default filename is known because neither RANDFILE
nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
current directory in this case, but this has changed with 0.9.6a.)
* How do I create certificates or certificate requests?
Check out the CA.pl(1) manual page. This provides a simple wrapper round
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
out the manual pages for the individual utilities and the certificate
extensions documentation (currently in doc/openssl.txt).
* Why can't I create certificate requests?
You typically get the error:
unable to find 'distinguished_name' in config
problems making Certificate Request
This is because it can't find the configuration file. Check out the
DIAGNOSTICS section of req(1) for more information.
* Why does <SSL program> fail with a certificate verify error?
This problem is usually indicated by log messages saying something like
"unable to get local issuer certificate" or "self signed certificate".
When a certificate is verified its root CA must be "trusted" by OpenSSL
this typically means that the CA certificate must be placed in a directory
or file and the relevant program configured to read it. The OpenSSL program
'verify' behaves in a similar way and issues similar error messages: check
the verify(1) program manual page for more information.
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
This is almost certainly because you are using an old "export grade" browser
which only supports weak encryption. Upgrade your browser to support 128 bit
ciphers.
* How can I create DSA certificates?
Check the CA.pl(1) manual page for a DSA certificate example.
* Why can't I make an SSL connection to a server using a DSA certificate?
Typically you'll see a message saying there are no shared ciphers when
the same setup works fine with an RSA certificate. There are two possible
causes. The client may not support connections to DSA servers most web
browsers (including Netscape and MSIE) only support connections to servers
supporting RSA cipher suites. The other cause is that a set of DH parameters
has not been supplied to the server. DH parameters can be created with the
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
check the source to s_server in apps/s_server.c for an example.
* How can I remove the passphrase on a private key?
Firstly you should be really *really* sure you want to do this. Leaving
a private key unencrypted is a major security risk. If you decide that
you do have to do this check the EXAMPLES sections of the rsa(1) and
dsa(1) manual pages.
* Why can't I use OpenSSL certificates with SSL client authentication?
What will typically happen is that when a server requests authentication
it will either not include your certificate or tell you that you have
no client certificates (Netscape) or present you with an empty list box
(MSIE). The reason for this is that when a server requests a client
certificate it includes a list of CAs names which it will accept. Browsers
will only let you select certificates from the list on the grounds that
there is little point presenting a certificate which the server will
reject.
The solution is to add the relevant CA certificate to your servers "trusted
CA list". How you do this depends on the server software in uses. You can
print out the servers list of acceptable CAs using the OpenSSL s_client tool:
openssl s_client -connect www.some.host:443 -prexit
If your server only requests certificates on certain URLs then you may need
to manually issue an HTTP GET command to get the list when s_client connects:
GET /some/page/needing/a/certificate.html
If your CA does not appear in the list then this confirms the problem.
* Why does my browser give a warning about a mismatched hostname?
Browsers expect the server's hostname to match the value in the commonName
(CN) field of the certificate. If it does not then you get a warning.
* How do I install a CA certificate into a browser?
The usual way is to send the DER encoded certificate to the browser as
MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
link. On MSIE certain extensions such as .der or .cacert may also work, or you
can import the certificate using the certificate import wizard.
You can convert a certificate to DER form using the command:
openssl x509 -in ca.pem -outform DER -out ca.der
Occasionally someone suggests using a command such as:
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever name they choose.
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
Maybe the compilation was interrupted, and make doesn't notice that
@@ -392,197 +162,25 @@ If none of these helps, you may want to try using the current snapshot.
If the problem persists, please submit a bug report.
* Why does the OpenSSL test fail with "bc: command not found"?
* Where can I get a compiled version of OpenSSL?
You didn't install "bc", the Unix calculator. If you want to run the
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to install OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
On some SCO installations or versions, bc has a bug that gets triggered
when you run the test suite (using "make test"). The message returned is
"bc: 1 not implemented".
The best way to deal with this is to find another implementation of bc
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
* Why does the OpenSSL test fail with "bc: stack empty"?
On some DG/ux versions, bc seems to have a too small stack for calculations
that the OpenSSL bntest throws at it. This gets triggered when you run the
test suite (using "make test"). The message returned is "bc: stack empty".
The best way to deal with this is to find another implementation of bc
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
to build something, probably a table. The problem is clearly in the
optimization code, because if one eliminates optimization completely (-O0),
the compilation goes through (and the compiler consumes about 2MB of resident
memory instead of 240MB or whatever one's limit is currently).
There are three options to solve this problem:
1. set your current data segment size soft limit higher. Experience shows
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
kbytes to set the limit to.
2. If you have a hard limit that is lower than what you need and you can't
get it changed, you can compile all of OpenSSL with -O0 as optimization
level. This is however not a very nice thing to do for those who expect to
get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
----- snip:end -----
This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
* Why does the OpenSSL compilation fail with "ar: command not found"?
Getting this message is quite usual on Solaris 2, because Sun has hidden
away 'ar' and other development commands in directories that aren't in
$PATH by default. One of those directories is '/usr/ccs/bin'. The
quickest way to fix this is to do the following (it assumes you use sh
or any sh-compatible shell):
----- snip:start -----
PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
and then redo the compilation. What you should really do is make sure
'/usr/ccs/bin' is permanently in your $PATH, for example through your
'.profile' (again, assuming you use a sh-compatible shell).
* Why does the OpenSSL compilation fail on Win32 with VC++?
Sometimes, you may get reports from VC++ command line (cl) that it
can't find standard include files like stdio.h and other weirdnesses.
One possible cause is that the environment isn't correctly set up.
To solve that problem, one should run VCVARS32.BAT which is found in
the 'bin' subdirectory of the VC++ installation directory (somewhere
under 'Program Files'). This needs to be done prior to running NMAKE,
and the changes are only valid for the current DOS session.
* What is special about OpenSSL on Redhat?
Red Hat Linux (release 7.0 and later) include a preinstalled limited
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
is disabled in this version. The same may apply to other Linux distributions.
Users may therefore wish to install more or all of the features left out.
To do this you MUST ensure that you do not overwrite the openssl that is in
/usr/bin on your Red Hat machine. Several packages depend on this file,
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
libraries that come with Red Hat 7.0 onwards have different names and so are
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
/lib/libcrypto.so.2 respectively).
Please note that we have been advised by Red Hat attempting to recompile the
openssl rpm with all the cryptography enabled will not work. All other
packages depend on the original Red Hat supplied openssl package. It is also
worth noting that due to the way Red Hat supplies its packages, updates to
openssl on each distribution never change the package version, only the
build number. For example, on Red Hat 7.1, the latest openssl package has
version number 0.9.6 and build number 9 even though it contains all the
relevant updates in packages up to and including 0.9.6b.
A possible way around this is to persuade Red Hat to produce a non-US
version of Red Hat Linux.
FYI: Patent numbers and expiry dates of US patents:
MDC-2: 4,908,861 13/03/2007
IDEA: 5,214,703 25/05/2010
RC5: 5,724,428 03/03/2015
* Why does the OpenSSL test suite fail on MacOS X?
If the failure happens when running 'make test' and the RC4 test fails,
it's very probable that you have OpenSSL 0.9.6b delivered with the
operating system (you can find out by running '/usr/bin/openssl version')
and that you were trying to build OpenSSL 0.9.6d. The problem is that
the loader ('ld') in MacOS X has a misfeature that's quite difficult to
go around and has linked the programs "openssl" and the test programs
with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
libraries you just built.
Look in the file PROBLEMS for a more detailed explanation and for possible
solutions.
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Yes (with limitations: an SSL connection may not concurrently be used
by multiple threads). On Windows and many Unix systems, OpenSSL
automatically uses the multi-threaded versions of the standard
libraries. If your platform is not one of these, consult the INSTALL
file.
Multi-threaded applications must provide two callback functions to
OpenSSL. This is described in the threads(3) manpage.
A number of Linux and *BSD distributions include OpenSSL.
* I've compiled a program under Windows and it crashes: why?
This is usually because you've missed the comment in INSTALL.W32.
Your application must link against the same version of the Win32
C-Runtime against which your openssl libraries were linked. The
default version for OpenSSL is /MD - "Multithreaded DLL".
If you are using Microsoft Visual C++'s IDE (Visual Studio), in
many cases, your new project most likely defaulted to "Debug
Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
program will crash, typically on the first BIO related read or write
operation.
For each of the six possible link stage configurations within Win32,
your application must link against the same by which OpenSSL was
built. If you are using MS Visual C++ (Studio) this can be changed
by:
1. Select Settings... from the Project Menu.
2. Select the C/C++ Tab.
3. Select "Code Generation from the "Category" drop down list box
4. Select the Appropriate library (see table below) from the "Use
run-time library" drop down list box. Perform this step for both
your debug and release versions of your application (look at the
top left of the settings panel to change between the two)
Single Threaded /ML - MS VC++ often defaults to
this for the release
version of a new project.
Debug Single Threaded /MLd - MS VC++ often defaults to
this for the debug version
of a new project.
Multithreaded /MT
Debug Multithreaded /MTd
Multithreaded DLL /MD - OpenSSL defaults to this.
Debug Multithreaded DLL /MDd
Note that debug and release libraries are NOT interchangeable. If you
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
This is usually because you've missed the comment in INSTALL.W32. You
must link with the multithreaded DLL version of the VC++ runtime library
otherwise the conflict will cause a program to crash: typically on the
first BIO related read or write operation.
* How do I read or write a DER encoded buffer using the ASN1 functions?
@@ -661,39 +259,174 @@ is forgetting to load OpenSSL's table of algorithms with
OpenSSL_add_all_algorithms(). See the manual page for more information.
* How do I create certificates or certificate requests?
Check out the CA.pl(1) manual page. This provides a simple wrapper round
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
out the manual pages for the individual utilities and the certificate
extensions documentation (currently in doc/openssl.txt).
* Why can't I create certificate requests?
You typically get the error:
unable to find 'distinguished_name' in config
problems making Certificate Request
This is because it can't find the configuration file. Check out the
DIAGNOSTICS section of req(1) for more information.
* Why does <SSL program> fail with a certificate verify error?
This problem is usually indicated by log messages saying something like
"unable to get local issuer certificate" or "self signed certificate".
When a certificate is verified its root CA must be "trusted" by OpenSSL
this typically means that the CA certificate must be placed in a directory
or file and the relevant program configured to read it. The OpenSSL program
'verify' behaves in a similar way and issues similar error messages: check
the verify(1) program manual page for more information.
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
This is almost certainly because you are using an old "export grade" browser
which only supports weak encryption. Upgrade your browser to support 128 bit
ciphers.
* How can I create DSA certificates?
Check the CA.pl(1) manual page for a DSA certificate example.
* Why can't I make an SSL connection to a server using a DSA certificate?
Typically you'll see a message saying there are no shared ciphers when
the same setup works fine with an RSA certificate. There are two possible
causes. The client may not support connections to DSA servers most web
browsers (including Netscape and MSIE) only support connections to servers
supporting RSA cipher suites. The other cause is that a set of DH parameters
has not been supplied to the server. DH parameters can be created with the
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
check the source to s_server in apps/s_server.c for an example.
* How can I remove the passphrase on a private key?
Firstly you should be really *really* sure you want to do this. Leaving
a private key unencrypted is a major security risk. If you decide that
you do have to do this check the EXAMPLES sections of the rsa(1) and
dsa(1) manual pages.
* Why can't the OpenSSH configure script detect OpenSSL?
Several reasons for problems with the automatic detection exist.
OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
Sometimes the distribution has installed an older version in the system
locations that is detected instead of a new one installed. The OpenSSL
library might have been compiled for another CPU or another mode (32/64 bits).
Permissions might be wrong.
There is a problem with OpenSSH 1.2.2p1, in that the configure script
can't find the installed OpenSSL libraries. The problem is actually
a small glitch that is easily solved with the following patch to be
applied to the OpenSSH distribution:
The general answer is to check the config.log file generated when running
the OpenSSH configure script. It should contain the detailed information
on why the OpenSSL library was not detected or considered incompatible.
* Can I use OpenSSL's SSL library with non-blocking I/O?
Yes; make sure to read the SSL_get_error(3) manual page!
A pitfall to avoid: Don't assume that SSL_read() will just read from
the underlying transport or that SSL_write() will just write to it --
it is also possible that SSL_write() cannot do any useful work until
there is data to read, or that SSL_read() cannot do anything until it
is possible to send data. One reason for this is that the peer may
request a new TLS/SSL handshake at any time during the protocol,
requiring a bi-directional message exchange; both SSL_read() and
SSL_write() will try to continue any pending handshake.
----- snip:start -----
--- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000
+++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000
@@ -152,10 +152,10 @@
AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
if test ! -z "$ssldir" ; then
- LIBS="$saved_LIBS -L$ssldir"
+ LIBS="$saved_LIBS -L$ssldir/lib"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
- LIBS="$LIBS -R$ssldir"
+ LIBS="$LIBS -R$ssldir/lib"
fi
fi
LIBS="$LIBS -lcrypto"
--- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000
+++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000
@@ -1890,10 +1890,10 @@
echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
if test ! -z "$ssldir" ; then
- LIBS="$saved_LIBS -L$ssldir"
+ LIBS="$saved_LIBS -L$ssldir/lib"
CFLAGS="$CFLAGS -I$ssldir/include"
if test "x$need_dash_r" = "x1" ; then
- LIBS="$LIBS -R$ssldir"
+ LIBS="$LIBS -R$ssldir/lib"
fi
fi
LIBS="$LIBS -lcrypto"
----- snip:end -----
* Why doesn't my server application receive a client certificate?
* Why does the OpenSSL test fail with "bc: command not found"?
Due to the TLS protocol definition, a client will only send a certificate,
if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.
You didn't install "bc", the Unix calculator. If you want to run the
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
===============================================================================
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
On some SCO installations or versions, bc has a bug that gets triggered when
you run the test suite (using "make test"). The message returned is "bc:
1 not implemented". The best way to deal with this is to find another
implementation of bc and compile/install it. For example, GNU bc (see
http://www.gnu.org/software/software.html for download instructions) can
be safely used.
* Why does the OpenSSL compilation fail on Alpha True64 Unix?
On some Alpha installations running True64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
to build something, probably a table. The problem is clearly in the
optimization code, because if one eliminates optimization completely (-O0),
the compilation goes through (and the compiler consumes about 2MB of resident
memory instead of 240MB or whatever one's limit is currently).
There are three options to solve this problem:
1. set your current data segment size soft limit higher. Experience shows
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
kbytes to set the limit to.
2. If you have a hard limit that is lower than what you need and you can't
get it changed, you can compile all of OpenSSL with -O0 as optimization
level. This is however not a very nice thing to do for those who expect to
get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
----- snip:end -----
This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
* Why does the OpenSSL compilation fail with "ar: command not found"?
Getting this message is quite usual on Solaris 2, because Sun has hidden
away 'ar' and other development commands in directories that aren't in
$PATH by default. One of those directories is '/usr/ccs/bin'. The
quickest way to fix this is to do the following (it assumes you use sh
or any sh-compatible shell):
----- snip:start -----
PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
and then redo the compilation. What you should really do is make sure
'/usr/ccs/bin' is permanently in your $PATH, for example through your
'.profile' (again, assuming you use a sh-compatible shell).

40
INSTALL
View File

@@ -7,11 +7,8 @@
To install OpenSSL, you will need:
* make
* Perl 5
* an ANSI C compiler
* a development environment in form of development libraries and C
header files
* a supported Unix operating system
Quick Start
@@ -46,6 +43,9 @@
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
rsaref Build with RSADSI's RSAREF toolkit (this assumes that
librsaref.a is in the library search path).
no-threads Don't try to build with support for multi-threaded
applications.
@@ -57,7 +57,10 @@
shared In addition to the usual static libraries, create shared
libraries on platforms where it's supported. See "Note on
shared libraries" below.
shared libraries" below. THIS IS NOT RECOMMENDED! Since
this is a development branch, the positions of the ENGINE
symbols in the transfer vector are constantly moving, so
binary backward compatibility can't be guaranteed in any way.
no-asm Do not use assembler code.
@@ -125,14 +128,11 @@
directory, and the binary will be in the "apps" directory.
If "make" fails, look at the output. There may be reasons for
the failure that aren't problems in OpenSSL itself (like missing
the failure that isn't a problem in OpenSSL itself (like missing
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
via http://www.openssl.org/rt2.html and will be forwarded to a public
mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
message will be forwarded to a public mailing list). Include the
output of "make report" in your message.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
@@ -150,8 +150,7 @@
try removing any compiler optimization flags from the CFLAGS line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/rt2.html.
"make report".
4. If everything tests ok, install OpenSSL with
@@ -273,11 +272,6 @@
Note on shared libraries
------------------------
Shared library is currently an experimental feature. The only reason to
have them would be to conserve memory on systems where several program
are using OpenSSL. Binary backward compatibility can't be guaranteed
before OpenSSL version 1.0.
For some systems, the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems,
the shared libraries are currently not created by default, but giving
@@ -285,15 +279,3 @@
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
Note on random number generation
--------------------------------
Availability of cryptographically secure random numbers is required for
secret key generation. OpenSSL provides several options to seed the
internal PRNG. If not properly seeded, the internal PRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
On systems without /dev/urandom (or similar) device, it may be necessary
to install additional support software to obtain random seed.
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.

8
INSTALL.MacOS
View File

@@ -1,7 +1,7 @@
OpenSSL - Port To The Macintosh OS 9 or Earlier
===============================================
OpenSSL - Port To The Macintosh
===============================
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
@@ -42,7 +42,7 @@ Installation procedure:
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as openssl source tree,
i.e. in the parent directory to the one where this very file,
namely INSTALL.MacOS. For more information about GUSI, see
namely INSTALL.MacOS. For more informations about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)

10
INSTALL.VMS
View File

@@ -8,7 +8,6 @@ Intro:
This file is divided in the following parts:
Requirements - Mandatory reading.
Checking the distribution - Mandatory reading.
Compilation - Mandatory reading.
Logical names - Mandatory reading.
@@ -20,15 +19,6 @@ This file is divided in the following parts:
TODO - Things that are to come.
Requirements:
=============
To build and install OpenSSL, you will need:
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
[Note: OpenSSL has only been tested with DEC C. Compiling with
a different ANSI C compiler may require some work]
Checking the distribution:
==========================

65
INSTALL.W32
View File

@@ -2,19 +2,16 @@
INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
Heres a few comments about building OpenSSL in Windows environments. Most
of this is tested on Win32 but it may also work in Win 3.1 with some
Heres a few comments about building OpenSSL in Windows environments. Most of
this is tested on Win32 but it may also work in Win 3.1 with some
modification.
You need Perl for Win32. Unless you will build on Cygwin, you will need
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
For Cygwin users, there's more info in the Cygwin section.
You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
and one of the following C compilers:
* Visual C++
* Borland C
* GNU C (Mingw32 or Cygwin)
* GNU C (Mingw32 or Cygwin32)
If you want to compile in the assembly language routines with Visual C++ then
you will need an assembler. This is worth doing because it will result in
@@ -81,9 +78,8 @@
There are various changes you can make to the Win32 compile environment. By
default the library is not compiled with debugging symbols. If you add 'debug'
to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
compiled in. Note that mk1mf.pl expects the platform to be the last argument
on the command line, so 'debug' must appear before that, as all other options.
to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
compiled in.
The default Win32 environment is to leave out any Windows NT specific
features.
@@ -95,18 +91,6 @@
You can also build a static version of the library using the Makefile
ms\nt.mak
Borland C++ builder 5
---------------------
* Configure for building with Borland Builder:
> perl Configure BC-32
* Create the appropriate makefile
> ms\do_nasm
* Build
> make -f ms\bcb.mak
Borland C++ builder 3 and 4
---------------------------
@@ -150,30 +134,28 @@
> cd out
> ..\ms\test
GNU C (Cygwin)
--------------
GNU C (CygWin32)
---------------
Cygwin provides a bash shell and GNU tools environment running on
CygWin32 provides a bash shell and GNU tools environment running on
NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
with Cygwin is closer to a GNU bash environment such as Linux rather
with CygWin is closer to a GNU bash environment such as Linux rather
than other W32 makes that are based on a single makefile approach.
Cygwin implements Posix/Unix calls through cygwin1.dll, and is
CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
contrasted to Mingw32 which links dynamically to msvcrt.dll or
crtdll.dll.
To build OpenSSL using Cygwin:
To build OpenSSL using CygWin32:
* Install Cygwin (see http://sourceware.cygnus.com/cygwin)
* Install CygWin32 (see http://sourceware.cygnus.com/cygwin)
* Install Perl and ensure it is in the path (recent Cygwin perl
(version 5.6.1-2 of the latter has been reported to work) or
ActivePerl)
* Install Perl and ensure it is in the path
* Run the Cygwin bash shell
* Run the CygWin bash shell
* $ tar zxvf openssl-x.x.x.tar.gz
$ cd openssl-x.x.x
$ ./config
$ ./Configure no-threads CygWin32
[...]
$ make
[...]
@@ -182,28 +164,27 @@
This will create a default install in /usr/local/ssl.
Cygwin Notes:
CygWin32 Notes:
"make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
As of version 1.1.1 Cygwin is relatively unstable in its handling
As of version 1.1.1 CygWin32 is relatively unstable in its handling
of cr/lf issues. These make procedures succeeded with versions 1.1 and
the snapshot 20000524 (Slow!).
"bc" is not provided in the Cygwin distribution. This causes a
"bc" is not provided in the CygWin32 distribution. This causes a
non-fatal error in "make test" but is otherwise harmless. If
desired, GNU bc can be built with Cygwin without change.
desired, GNU bc can be built with CygWin32 without change.
Installation
------------
If you used the Cygwin procedure above, you have already installed and
can skip this section. For all other procedures, there's currently no real
installation procedure for Win32. There are, however, some suggestions:
There's currently no real installation procedure for Win32. There are,
however, some suggestions:
- do nothing. The include files are found in the inc32/ subdirectory,
all binaries are found in out32dll/ or out32/ depending if you built

2
LICENSE
View File

@@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

4
MacOS/GetHTTPS.src/MacSocket.cpp
View File

@@ -1287,7 +1287,7 @@ EXITPOINT:
// Send some bytes
int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength)
int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength)
{
OSErr errCode = noErr;
int bytesSent = 0;
@@ -1604,4 +1604,4 @@ EPInfo* epi = (EPInfo*) context;
}
}
}
*/
*/

2
MacOS/GetHTTPS.src/MacSocket.h
View File

@@ -62,7 +62,7 @@ int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const B
// Call this to send data on a socket
int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);
int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength);
// If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close

485
Makefile.org
View File

@@ -9,7 +9,6 @@ SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -57,9 +56,8 @@ CC= gcc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
DEPFLAG=
PEX_LIBS=
PEX_LIBS= -L. -L.. -L../.. -L../../..
EX_LIBS=
EXE_EXT=
AR=ar r
RANLIB= ranlib
PERL= perl
@@ -151,18 +149,21 @@ RMD160_ASM_OBJ= asm/rm86-out.o
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
# To do special treatment, use "directory names" starting with a period.
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
# or have that configurable.
SHLIB_MARK1=.shlib-clean.
SHLIB_MARK2=.shlib.
DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso \
bn rsa dsa dh dso engine \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -179,11 +180,7 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
SHARED_LIBS=libcrypto.so libssl.so
GENERAL= Makefile
BASENAME= openssl
@@ -193,288 +190,108 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os.h e_os2.h
HEADER= e_os.h
# When we're prepared to use shared libraries in the programs we link here
# we might remove 'clean-shared' from the targets to perform at this stage
all: clean-shared Makefile.ssl sub_all
sub_all:
@for i in $(DIRS); \
all: Makefile.ssl
@need_shlib=true; \
for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
$(MAKE) $$i; \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if echo "$(DIRS)" | \
egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
[ -n "$(SHARED_LIBS)" ]; then \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
libcrypto$(SHLIB_EXT): libcrypto.a
sub_all:
@need_shlib=true; \
for i in $(DIRS) ;\
do \
if [ "$$i" = ".shlib-clean." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) clean-shared; \
fi; \
elif [ "$$i" = ".shlib." ]; then \
if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi; \
need_shlib=false; \
else \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
fi; \
done; \
if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
$(MAKE) $(SHARED_LIBS); \
fi
libcrypto.so: libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
libssl.so: libcrypto.so libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
clean-shared:
@for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
done
link-shared:
@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for i in $(SHLIBDIRS); do \
prev=lib$$i$(SHLIB_EXT); \
for j in $${tmp:-x}; do \
( set -x; \
rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
prev=lib$$i$$j; \
done; \
done; \
fi
build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
do_bsd-gcc-shared: do_gnu-shared
do_linux-shared: do_gnu-shared
do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
linux-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
echo "" ; \
done
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -o cyg$$i.dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ) || exit 1; \
libs="$$libs -l$$i"; \
done
# This assumes that GNU utilities are *not* used
do_alpha-osf1-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
# option passed to the linker.
do_tru64-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# This assumes that GNU utilities are *not* used
# The difference between tru64-shared and tru64-shared-rpath is the
# -rpath ${INSTALLTOP}/lib passed to the linker.
do_tru64-shared-rpath:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_solaris-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# OpenServer 5 native compilers used
do_svr3-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
done ; \
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# UnixWare 7 and OpenUNIX 8 native compilers used
do_svr5-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_irix-shared:
if ${DETECT_GNU_LD}; then \
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
libs="$$libs -l$$i"; \
done; \
fi
# This assumes that GNU utilities are *not* used
do_hpux-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+vnocompatwarnings \
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
libs="$$libs -L. -l$$i"; \
done
# This assumes that GNU utilities are *not* used
do_hpux64-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
libs="$$libs -L. -l$$i"; \
done
# The following method is said to work on all platforms. Tests will
# determine if that's how it's gong to be used.
# This assumes that for all but GNU systems, GNU utilities are *not* used.
# ALLSYMSFLAGS would be:
# GNU systems: --whole-archive
# Tru64 Unix: -all
# Solaris: -z allextract
# Irix: -all
# HP/UX-32bit: -Fl
# HP/UX-64bit: +forceload
# AIX: -bnogc
# SHAREDFLAGS would be:
# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Tru64 Unix: -shared \
# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-32bit: +vnocompatwarnings -b -z +s \
# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
# AIX: -G -bE:lib$$i.exp -bM:SRE
# SHAREDCMD would be:
# GNU systems: $(CC)
# Tru64 Unix: $(CC)
# Solaris: $(CC)
# Irix: $(CC)
# HP/UX-32bit: /usr/ccs/bin/ld
# HP/UX-64bit: /usr/ccs/bin/ld
# AIX: $(CC)
ALLSYMSFLAG=-bnogc
SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
SHAREDCMD=$(CC)
do_aix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; \
ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
$(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
libs="$$libs -l$$i"; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
done
# This assumes that GNU utilities are *not* used
true64-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
( set -x; ${CC} -shared -no_archive -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
done
# This assumes that GNU utilities are *not* used
solaris-shared:
libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
rm -f lib$$i.so \
lib$$i.so.${SHLIB_MAJOR} \
lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR} \
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
libs="$$libs -L. -l$$i"; \
ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
lib$$i.so.${SHLIB_MAJOR}; \
ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
done
Makefile.ssl: Makefile.org
@@ -489,7 +306,7 @@ clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making clean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
rm -f $(LIBS); \
@@ -510,7 +327,7 @@ files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making 'files' in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
fi; \
@@ -521,21 +338,17 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making links in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
fi; \
done;
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dclean in $$i..." && \
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
fi; \
@@ -550,7 +363,7 @@ test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
@apps/openssl version -a
report:
@@ -559,16 +372,16 @@ report:
depend:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making dependencies $$i..." && \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
fi; \
done;
lint:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making lint $$i..." && \
$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
fi; \
@@ -577,58 +390,49 @@ lint:
tags:
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i && echo "making tags $$i..." && \
$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
fi; \
done;
errors:
$(PERL) util/mkerr.pl -recurse -write
perl util/mkerr.pl -recurse -write
stacks:
$(PERL) util/mkstack.pl -write
perl util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
perl util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
perl util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
perl Configure TABLE) > TABLE
update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
@$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
dist:
$(PERL) Configure dist
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='${SDIRS}' clean
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
@$(MAKE) tar
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -648,47 +452,20 @@ install: all install_docs
done;
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
if echo "$$i" | grep -v '^\.'; then \
(cd $$i; echo "installing $$i..."; \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
fi; \
done
@for i in $(LIBS) ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
fi
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -696,26 +473,30 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
@echo installing man 1 and man 5
@for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
(cd `dirname $$i`; \
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`) \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
done
@echo installing man 3 and man 7
@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
(cd `dirname $$i`; \
$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`) \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
done
shlib: all
if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
-o ./libcrypto.so.0.9.4 && rm *.o
cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
-o ./libssl.so.0.9.4 && rm *.o
# DO NOT DELETE THIS LINE -- make depend depends on it.

87
NEWS
View File

@@ -5,93 +5,6 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
o New configuration targets for Tandem OSS and A/UX.
o New OIDs for Microsoft attributes.
o Better handling of SSL session caching.
o Better comparison of distinguished names.
o Better handling of shared libraries in a mixed GNU/non-GNU environment.
o Support assembler code with Borland C.
o Fixes for length problems.
o Fixes for uninitialised variables.
o Fixes for memory leaks, some unusual crashes and some race conditions.
o Fixes for smaller building problems.
o Updates of manuals, FAQ and other instructive documents.
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
o Important building fixes on Unix.
Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
o Various important bugfixes.
Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
o Important security related bugfixes.
o Various SSL/TLS library bugfixes.
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
o RSA OAEP and random number generation fixes.
o Object identifiers corrected and added.
o Add assembler BN routines for IA64.
o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
MIPS Linux; shared library support for Irix, HP-UX.
o Add crypto accelerator support for AEP, Baltimore SureWare,
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
o Security fix: Reinsert and fix countermeasure to Bleichbacher's
attack.
o MIPS bug fix in BIGNUM.
o Bug fix in "openssl enc".
o Bug fix in X.509 printing routine.
o Bug fix in DSA verification routine and DSA S/MIME verification.
o Bug fix to make PRNG thread-safe.
o Bug fix in RAND_file_name().
o Bug fix in compatibility mode trust settings.
o Bug fix in blowfish EVP.
o Increase default size for BIO buffering filter.
o Compatibility fixes in some scripts.
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
o Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
o Security fix: check the result of RSA-CRT to reduce the
possibility of deducing the private key from an incorrectly
calculated signature.
o Security fix: prevent Bleichenbacher's DSA attack.
o Security fix: Zero the premaster secret after deriving the
master secret in DH ciphersuites.
o Reimplement SSL_peek(), which had various problems.
o Compatibility fix: the function des_encrypt() renamed to
des_encrypt1() to avoid clashes with some Unixen libc.
o Bug fixes for Win32, HP/UX and Irix.
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
memory checking routines.
o Bug fixes for RSA operations in threaded environments.
o Bug fixes in misc. openssl applications.
o Remove a few potential memory leaks.
o Add tighter checks of BIGNUM routines.
o Shared library support has been reworked for generality.
o More documentation.
o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
o Some documentation for BIO and SSL libraries.

58
PROBLEMS
View File

@@ -1,58 +0,0 @@
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
[NOTE: This is currently undergoing tests, and may be removed soon]
This is really a misfeature in ld, which seems to look for .dylib libraries
along the whole library path before it bothers looking for .a libraries. This
means that -L switches won't matter unless OpenSSL is built with shared
library support.
The workaround may be to change the following lines in apps/Makefile.ssl and
test/Makefile.ssl:
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
to:
LIBCRYPTO=../libcrypto.a
LIBSSL=../libssl.a
It's possible that something similar is needed for shared library support
as well. That hasn't been well tested yet.
Another solution that many seem to recommend is to move the libraries
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
directory, build and install OpenSSL and anything that depends on your
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
original places. Note that the version numbers on those two libraries
may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is.
* Parallell make leads to errors
While running tests, running a parallell make is a bad idea. Many test
scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
* Bugs in gcc 3.0 triggered
According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
We recommend that you upgrade gcc to as high a 3.x version as you can.

33
README
View File

@@ -1,7 +1,7 @@
OpenSSL 0.9.6h 5 Dec 2002
OpenSSL 0.9.6 [engine] 24 Sep 2000
Copyright (c) 1998-2002 The OpenSSL Project
Copyright (c) 1998-2000 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -62,7 +62,7 @@
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
based ASCII-binary encoding which supports encryption with a
based ascii-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
@@ -97,7 +97,7 @@
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
rumored to exist. This is not a definitive list.
rumoured to exist. This is not a definitive list.
RSA Security holds software patents on the RC5 algorithm. If you
intend to use this cipher, you must contact RSA Security for
@@ -107,8 +107,8 @@
only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
be contacted if that algorithm is to be used, their web page is
http://www.ascom.ch/.
INSTALLATION
@@ -119,15 +119,8 @@
INSTALL.VMS.
Read the documentation in the doc/ directory. It is quite rough, but it
lists the functions; you will probably have to look at the code to work out
how to use them. Look at the example programs.
PROBLEMS
--------
For some platforms, there are some known problems that may affect the user
or application author. We try to collect those in doc/PROBLEMS, with current
thoughts on how they should be solved in a future of OpenSSL.
lists the functions, you will probably have to look at the code to work out
how to used them. Look at the example programs.
SUPPORT
-------
@@ -153,13 +146,11 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project via the Request Tracker
(http://www.openssl.org/rt2.html) by mail to:
Report the bug to the OpenSSL project at:
openssl-bugs@openssl.org
Note that mail to openssl-bugs@openssl.org is recorded in the publicly
readable request tracker database and is forwarded to a public
Note that mail to openssl-bugs@openssl.org is forwarded to a public
mailing list. Confidential mail may be sent to openssl-security@openssl.org
(PGP key available from the key servers).
@@ -173,9 +164,7 @@
textual explanation of what your patch does.
Note: For legal reasons, contributions from the US can be accepted only
if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
if a copy of the patch is sent to crypt@bxa.doc.gov
The preferred format for changes is "diff -u" output. You might
generate it like this:

6
README.ENGINE
View File

@@ -5,7 +5,7 @@
With OpenSSL 0.9.6, a new component has been added to support external
crypto devices, for example accelerator cards. The component is called
ENGINE, and has still a pretty experimental status and almost no
documentation. It's designed to be fairly easily extensible by the
documentation. It's designed to be faily easily extensible by the
calling programs.
There's currently built-in support for the following crypto devices:
@@ -48,7 +48,7 @@
No external crypto device is chosen unless you say so. You have actively
tell the openssl utility commands to use it through a new command line
switch called "-engine". And if you want to use the ENGINE library to
do something similar, you must also explicitly choose an external crypto
do something similar, you must also explicitely choose an external crypto
device, or the built-in crypto routines will be used, just as in the
default OpenSSL distribution.
@@ -56,7 +56,7 @@
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with CryptoSwift on
It seems like the ENGINE part doesn't work too well with Cryptoswift on
Win32. A quick test done right before the release showed that trying
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
an attempt is made to write at memory address 0x00000002.

47
STATUS
View File

@@ -1,18 +1,9 @@
OpenSSL STATUS Last modified at
______________ $Date: 2002/12/05 21:40:43 $
______________ $Date: 2000/09/24 16:04:33 $
DEVELOPMENT STATE
o OpenSSL 0.9.7: Under development...
o OpenSSL 0.9.6h: Released on December 5th, 2002
o OpenSSL 0.9.6g: Released on August 9th, 2002
o OpenSSL 0.9.6f: Released on August 8th, 2002
o OpenSSL 0.9.6e: Released on July 30th, 2002
o OpenSSL 0.9.6d: Released on May 9th, 2002
o OpenSSL 0.9.6c: Released on December 21st, 2001
o OpenSSL 0.9.6b: Released on July 9th, 2001
o OpenSSL 0.9.6a: Released on April 5th, 2001
o OpenSSL 0.9.6: Released on September 24th, 2000
o OpenSSL 0.9.5a: Released on April 1st, 2000
o OpenSSL 0.9.5: Released on February 28th, 2000
@@ -24,44 +15,38 @@
RELEASE SHOWSTOPPERS
o none
AVAILABLE PATCHES
o
o CA.pl patch (Damien Miller)
IN PROGRESS
o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement.
Enhanced certificate chain verification.
Proper (or at least usable) certificate chain verification.
Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
o Geoff and Richard are currently working on:
ENGINE (the new code that gives hardware support among others).
o Richard is currently working on:
UI (User Interface)
UTIL (a new set of library functions to support some higher level
functionality that is currently missing).
Dynamic thread-lock support.
Shared library support for VMS.
Kerberos 5 authentication
Constification
OCSP
NEEDS PATCH
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
or an error is reported
o "OpenSSL STATUS" is never up-to-date.
o non-blocking socket on AIX
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file
OPEN ISSUES
o internal_verify doesn't know about X509.v3 (basicConstraints
CA flag ...)
o The Makefile hierarchy and build mechanism is still not a round thing:
1. The config vs. Configure scripts
@@ -104,14 +89,4 @@
WISHES
o SRP in TLS.
[wished by:
Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
Tom Holroyd <tomh@po.crl.go.jp>]
See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
as well as http://www-cs-students.stanford.edu/~tjw/srp/.
Tom Holroyd tells us there is a SRP patch for OpenSSH at
http://members.tripod.com/professor_tom/archives/, that could
be useful.
o

1433
TABLE
View File

File diff suppressed because it is too large Load Diff

755
apps/Makefile.ssl
View File

File diff suppressed because it is too large Load Diff

6
apps/app_rand.c
View File

@@ -177,10 +177,8 @@ long app_RAND_load_files(char *name)
if (*n == '\0') break;
egd=RAND_egd(n);
if (egd > 0)
tot+=egd;
else
tot+=RAND_load_file(n,-1);
if (egd > 0) tot+=egd;
tot+=RAND_load_file(n,-1);
if (last) break;
}
if (tot > 512)

22
apps/apps.c
View File

@@ -170,6 +170,8 @@ int str2fmt(char *s)
|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
else
return(FORMAT_UNDEF);
}
@@ -228,16 +230,9 @@ void program_name(char *in, char *out, int size)
q=strrchr(p,'.');
if (q == NULL)
q = p + strlen(p);
strncpy(out,p,size-1);
if (q-p >= size)
{
out[size-1]='\0';
}
else
{
out[q-p]='\0';
}
q = in+size;
strncpy(out,p,q-p);
out[q-p]='\0';
}
#else
void program_name(char *in, char *out, int size)
@@ -762,7 +757,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
{
char *buf;
char buf[256];
char mline = 0;
int indent = 0;
if(title) BIO_puts(out, title);
@@ -771,10 +766,9 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
indent = 4;
}
if(lflags == XN_FLAG_COMPAT) {
buf = X509_NAME_oneline(nm, 0, 0);
BIO_puts(out, buf);
X509_NAME_oneline(nm,buf,256);
BIO_puts(out,buf);
BIO_puts(out, "\n");
OPENSSL_free(buf);
} else {
if(mline) BIO_puts(out, "\n");
X509_NAME_print_ex(out, nm, indent, lflags);

4
apps/apps.h
View File

@@ -92,10 +92,8 @@ int WIN32_rename(char *oldname,char *newname);
#define MAIN(a,v) main(a,v)
#ifndef NON_MAIN
LHASH *config=NULL;
BIO *bio_err=NULL;
#else
extern LHASH *config;
extern BIO *bio_err;
#endif
@@ -164,6 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
/* Since this is currently inofficial, let's give it a high number */
#define FORMAT_ENGINE 127
#define NETSCAPE_CERT_HDR "certificate"

5
apps/asn1pars.c
View File

@@ -181,7 +181,7 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file (output format is always DER\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -noout arg don't produce any output\n");
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n");
@@ -192,6 +192,7 @@ bad:
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err," ASN1 blob wrappings\n");
BIO_printf(bio_err," -out filename output DER encoding to file\n");
goto end;
}
@@ -328,6 +329,6 @@ end:
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_free(osk);
OBJ_cleanup();
OPENSSL_EXIT(ret);
EXIT(ret);
}

2
apps/ca-cert.srl
View File

@@ -1 +1 @@
07
05

68
apps/ca.c
View File

@@ -74,6 +74,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
@@ -82,7 +83,7 @@
# else
# include <unixlib.h>
# endif
# elif !defined(VXWORKS)
# else
# include <sys/file.h>
# endif
#endif
@@ -167,6 +168,7 @@ static char *ca_usage[]={
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
@@ -216,6 +218,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
bad:
@@ -439,6 +448,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -543,7 +570,7 @@ bad:
goto err;
}
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
if(key) OPENSSL_cleanse(key,strlen(key));
if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
@@ -606,14 +633,12 @@ bad:
that to access(). However, time's too short to do that just
now.
*/
#ifndef VXWORKS
if (access(outdir,R_OK|W_OK|X_OK) != 0)
{
BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
perror(outdir);
goto err;
}
#endif
if (stat(outdir,&sb) != 0)
{
@@ -831,14 +856,9 @@ bad:
}
if (verbose)
{
if (BN_is_zero(serial))
BIO_printf(bio_err,"next serial number is 00\n");
else
{
if ((f=BN_bn2hex(serial)) == NULL) goto err;
BIO_printf(bio_err,"next serial number is %s\n",f);
OPENSSL_free(f);
}
if ((f=BN_bn2hex(serial)) == NULL) goto err;
BIO_printf(bio_err,"next serial number is %s\n",f);
OPENSSL_free(f);
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
@@ -1115,7 +1135,7 @@ bad:
}
if ((crldays == 0) && (crlhours == 0))
{
BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
goto err;
}
@@ -1227,11 +1247,7 @@ bad:
X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
#ifndef VMS
strcat(buf[0],".new");
#else
strcat(buf[0],"-new");
#endif
if (BIO_write_filename(out,buf[0]) <= 0)
{
perror(dbfile);
@@ -1241,11 +1257,7 @@ bad:
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
#ifndef VMS
strcat(buf[1],".old");
#else
strcat(buf[1],"-old");
#endif
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1282,7 +1294,7 @@ err:
X509_CRL_free(crl);
CONF_free(conf);
OBJ_cleanup();
OPENSSL_EXIT(ret);
EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
@@ -1347,7 +1359,7 @@ static BIGNUM *load_serial(char *serialfile)
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
BIO_printf(bio_err,"error converting number from bin to BIGNUM");
goto err;
}
err:
@@ -1735,10 +1747,7 @@ again2:
BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
if (BN_is_zero(serial))
row[DB_serial]=BUF_strdup("00");
else
row[DB_serial]=BN_bn2hex(serial);
row[DB_serial]=BN_bn2hex(serial);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
@@ -2152,10 +2161,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
row[i]=NULL;
row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
if (BN_is_zero(bn))
row[DB_serial]=BUF_strdup("00");
else
row[DB_serial]=BN_bn2hex(bn);
row[DB_serial]=BN_bn2hex(bn);
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{

2
apps/ciphers.c
View File

@@ -202,6 +202,6 @@ end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
OPENSSL_EXIT(ret);
EXIT(ret);
}

2
apps/crl.c
View File

@@ -364,7 +364,7 @@ end:
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
OPENSSL_EXIT(ret);
EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)

4
apps/crl2p7.c
View File

@@ -166,7 +166,7 @@ bad:
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
OPENSSL_EXIT(1);
EXIT(1);
}
ERR_load_crypto_strings();
@@ -278,7 +278,7 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
OPENSSL_EXIT(ret);
EXIT(ret);
}
/*

41
apps/dgst.c
View File

@@ -66,6 +66,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
@@ -73,13 +74,14 @@
#undef PROG
#define PROG dgst_main
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
EVP_PKEY *key, unsigned char *sigin, int siglen);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
const EVP_MD *md=NULL,*m;
@@ -87,16 +89,17 @@ int MAIN(int argc, char **argv)
BIO *bmd=NULL;
BIO *out = NULL;
const char *name;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
int separator=0;
int debug=0;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
int out_bin = -1, want_pub = 0, do_verify = 0;
char out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *engine=NULL;
apps_startup();
@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
sigfile=*(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
}
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
@@ -327,7 +354,7 @@ int MAIN(int argc, char **argv)
end:
if (buf != NULL)
{
OPENSSL_cleanse(buf,BUFSIZE);
memset(buf,0,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
@@ -335,10 +362,10 @@ end:
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
OPENSSL_EXIT(err);
EXIT(err);
}
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
EVP_PKEY *key, unsigned char *sigin, int siglen)
{
int len;

31
apps/dh.c
View File

@@ -69,6 +69,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *infile,*outfile,*prog,*engine;
apps_startup();
@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -319,6 +346,6 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
OPENSSL_EXIT(ret);
EXIT(ret);
}
#endif

30
apps/dhparam.c
View File

@@ -121,6 +121,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *inrand=NULL;
char *inrand=NULL,*engine=NULL;
int num = 0, g = 0;
apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -249,6 +257,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (g && !num)
num = DEFBITS;
@@ -506,7 +532,7 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
OPENSSL_EXIT(ret);
EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */

31
apps/dsa.c
View File

@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *infile,*outfile,*prog,*engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
engine=NULL;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -293,6 +320,6 @@ end:
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
OPENSSL_EXIT(ret);
EXIT(ret);
}
#endif

10
apps/dsaparam.c
View File

@@ -69,6 +69,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG dsaparam_main
@@ -90,11 +91,12 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*inrand=NULL;
char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
@@ -176,7 +178,7 @@ bad:
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text print as text\n");
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
@@ -311,7 +313,7 @@ bad:
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p,bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\t\treturn(NULL);\n");
printf("\treturn(dsa);\n\t}\n");
}
@@ -357,7 +359,7 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)

45
apps/enc.c
View File

@@ -70,6 +70,7 @@
#include <openssl/md5.h>
#endif
#include <openssl/pem.h>
#include <openssl/engine.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
static const char magic[]="Salted__";
char mbuf[8]; /* should be 1 smaller than magic */
char *strbuf=NULL;
@@ -99,8 +101,9 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *cipher=NULL,*c;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
char *engine = NULL;
apps_startup();
@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
BIO_printf(bio_err,"Cipher Types\n");
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
@@ -314,6 +323,24 @@ bad:
argv++;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (bufsize != NULL)
{
unsigned long n;
@@ -506,23 +533,15 @@ bad:
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
OPENSSL_cleanse(str,SIZE);
memset(str,0,SIZE);
else
OPENSSL_cleanse(str,strlen(str));
memset(str,0,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,8))
{
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL))
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey,key,24))
{
BIO_printf(bio_err,"invalid hex key value\n");
@@ -604,7 +623,7 @@ end:
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
OPENSSL_EXIT(ret);
EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)

2
apps/errstr.c
View File

@@ -121,5 +121,5 @@ int MAIN(int argc, char **argv)
ret++;
}
}
OPENSSL_EXIT(ret);
EXIT(ret);
}

35
apps/gendh.c
View File

@@ -70,6 +70,7 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
char *engine=NULL;
BIO *out=NULL;
apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 use 5 as the generator value\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
@@ -184,7 +211,7 @@ end:
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)

29
apps/gendsa.c
View File

@@ -68,6 +68,7 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
char *engine=NULL;
apps_startup();
@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -153,6 +162,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -220,6 +247,6 @@ end:
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
OPENSSL_EXIT(ret);
EXIT(ret);
}
#endif

32
apps/genrsa.c
View File

@@ -69,6 +69,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define DEFBITS 512
#undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
char *engine=NULL;
char *inrand=NULL;
BIO *out=NULL;
@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -167,6 +176,24 @@ bad:
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -186,7 +213,8 @@ bad:
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
@@ -224,7 +252,7 @@ err:
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)

3
apps/makeapps.com
View File

@@ -1077,7 +1077,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
$!
$! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
$!
$! Special Threads For OpenVMS v7.1 Or Later
$!
@@ -1133,7 +1133,6 @@ $!
$! Save directory information
$!
$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "APPS]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$!

4
apps/nseq.c
View File

@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
OPENSSL_EXIT(1);
EXIT(1);
}
if (infile) {
@@ -162,6 +162,6 @@ end:
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
OPENSSL_EXIT(ret);
EXIT(ret);
}

8
apps/openssl.c
View File

@@ -77,19 +77,19 @@ static unsigned long MS_CALLBACK hash(FUNCTION *a);
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
LHASH *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
LHASH *config=NULL;
BIO *bio_err=NULL;
#endif
int main(int Argc, char *Argv[])
{
ARGS arg;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#define PROG_NAME_SIZE 16
char pname[PROG_NAME_SIZE];
FUNCTION f,*fp;
MS_STATIC char *prompt,buf[1024],config_name[256];
int n,i,ret=0;
@@ -215,7 +215,7 @@ end:
BIO_free(bio_err);
bio_err=NULL;
}
OPENSSL_EXIT(ret);
EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"

7
apps/passwd.c
View File

@@ -272,7 +272,6 @@ int MAIN(int argc, char **argv)
}
while (!done);
}
ret = 0;
err:
ERR_print_errors(bio_err);
@@ -284,7 +283,7 @@ err:
BIO_free(in);
if (out)
BIO_free_all(out);
OPENSSL_EXIT(ret);
EXIT(ret);
}
@@ -316,7 +315,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_out = out_buf + 6;
salt_len = strlen(salt_out);
assert(salt_len <= 8);
@@ -498,6 +497,6 @@ err:
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
OPENSSL_EXIT(1);
EXIT(1);
}
#endif

2
apps/pca-cert.srl
View File

@@ -1 +1 @@
07
01

40
apps/pkcs12.c
View File

@@ -66,6 +66,7 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#define PROG pkcs12_main
@@ -92,6 +93,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
char *engine=NULL;
apps_startup();
@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
args++;
CAfile = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else badarg = 1;
} else badarg = 1;
@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
if (engine != NULL) {
if((e = ENGINE_by_id(engine)) == NULL) {
BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;
@@ -480,10 +503,9 @@ int MAIN(int argc, char **argv)
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
/* Free first certificate */
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
}
sk_X509_free(chain2);
if (vret) {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
@@ -510,6 +532,8 @@ int MAIN(int argc, char **argv)
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
/* ucert is part of certs so it is already freed */
ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -597,6 +621,7 @@ int MAIN(int argc, char **argv)
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -666,7 +691,7 @@ int MAIN(int argc, char **argv)
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
OPENSSL_EXIT(ret);
EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
@@ -747,10 +772,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
print_attribs (out, bag->attrib, "Bag Attributes");
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
return 0;
if (!(pkey = EVP_PKCS82PKEY (p8))) {
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
}
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);

33
apps/pkcs7.c
View File

@@ -67,6 +67,7 @@
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG pkcs7_main
@@ -82,13 +83,15 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=1;
int ret=0;
char *engine=NULL;
apps_startup();
@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
OPENSSL_EXIT(1);
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
EXIT(1);
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -289,5 +316,5 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
OPENSSL_EXIT(ret);
EXIT(ret);
}

33
apps/pkcs8.c
View File

@@ -62,6 +62,7 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/engine.h>
#include "apps.h"
#define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
char *engine=NULL;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
if (!args[1]) goto bad;
passargout= *(++args);
}
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
return (1);
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
return (1);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
return (1);
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
return (1);
@@ -236,8 +266,7 @@ int MAIN(int argc, char **argv)
if(passout) p8pass = passout;
else {
p8pass = pass;
if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
return (1);
EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,

37
apps/rand.c
View File

@@ -9,6 +9,7 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
int base64 = 0;
BIO *out = NULL;
int num = -1;
char *engine=NULL;
apps_startup();
@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto err;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto err;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -144,5 +173,5 @@ err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
OPENSSL_EXIT(ret);
EXIT(ret);
}

95
apps/req.c
View File

@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define SECTION "req"
@@ -140,6 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
#ifndef NO_DSA
DSA *dsa_params=NULL;
#endif
@@ -152,6 +154,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *engine=NULL;
char *extensions = NULL;
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
@@ -195,6 +198,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@ -283,7 +291,7 @@ int MAIN(int argc, char **argv)
goto end;
}
if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
dtmp=X509_get_pubkey(xtmp);
if (dtmp->type == EVP_PKEY_DSA)
dsa_params=DSAparams_dup(dtmp->pkey.dsa);
EVP_PKEY_free(dtmp);
@@ -375,6 +383,7 @@ bad:
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
BIO_printf(bio_err," -keyform arg key file format\n");
BIO_printf(bio_err," -keyout arg file to send the key to\n");
@@ -383,7 +392,8 @@ bad:
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
@@ -422,7 +432,7 @@ bad:
if (template != NULL)
{
long errline = -1;
long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
@@ -521,24 +531,55 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
if (keyfile != NULL)
if (engine != NULL)
{
if (BIO_read_filename(in,keyfile) <= 0)
if((e = ENGINE_by_id(engine)) == NULL)
{
perror(keyfile);
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (keyfile != NULL)
{
if (keyform == FORMAT_ENGINE)
{
if (!e)
{
BIO_printf(bio_err,"no engine specified\n");
goto end;
}
pkey = ENGINE_load_private_key(e, keyfile, NULL);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
if (BIO_read_filename(in,keyfile) <= 0)
{
perror(keyfile);
goto end;
}
if (keyform == FORMAT_ASN1)
pkey=d2i_PrivateKey_bio(in,NULL);
else if (keyform == FORMAT_PEM)
{
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
passin);
}
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
goto end;
}
}
if (pkey == NULL)
@@ -684,15 +725,16 @@ loop:
if (newreq || x509)
{
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
if (pkey == NULL)
{
BIO_printf(bio_err,"you need to specify a private key\n");
goto end;
}
#ifndef NO_DSA
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
if (req == NULL)
{
req=X509_REQ_new();
@@ -718,14 +760,17 @@ loop:
/* Set version to V3 */
if(!X509_set_version(x509ss, 2)) goto end;
if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
X509_set_issuer_name(x509ss,
X509_REQ_get_subject_name(req));
X509_gmtime_adj(X509_get_notBefore(x509ss),0);
X509_gmtime_adj(X509_get_notAfter(x509ss),
(long)60*60*24*days);
X509_set_subject_name(x509ss,
X509_REQ_get_subject_name(req));
tmppkey = X509_REQ_get_pubkey(req);
if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
X509_set_pubkey(x509ss,tmppkey);
EVP_PKEY_free(tmppkey);
/* Set up V3 context struct */
@@ -909,7 +954,7 @@ end:
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
OPENSSL_EXIT(ex);
EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
@@ -956,7 +1001,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
if(!i) goto err;
if (!X509_REQ_set_pubkey(req,pkey)) goto err;
X509_REQ_set_pubkey(req,pkey);
ret=1;
err:

29
apps/rsa.c
View File

@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG rsa_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *engine=NULL;
int modulus=0;
apps_startup();
@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@ bad:
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
ERR_load_crypto_strings();
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
@@ -389,7 +416,7 @@ end:
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
OPENSSL_EXIT(ret);
EXIT(ret);
}
#else /* !NO_RSA */

29
apps/rsautl.c
View File

@@ -55,13 +55,11 @@
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef NO_RSA
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
@@ -82,6 +80,7 @@ int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
char *keyfile = NULL;
@@ -95,6 +94,7 @@ int MAIN(int argc, char **argv)
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
int rsa_inlen, rsa_outlen = 0;
int keysize;
char *engine=NULL;
int ret = 1;
@@ -117,6 +117,9 @@ int MAIN(int argc, char **argv)
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1) badarg = 1;
keyfile = *(++argv);
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1) badarg = 1;
engine = *(++argv);
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
@@ -151,6 +154,24 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
@@ -280,6 +301,7 @@ static void usage()
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
@@ -291,4 +313,3 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
}
#endif

52
apps/s_client.c
View File

@@ -79,7 +79,7 @@ typedef unsigned int u_int;
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -153,7 +153,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
@@ -181,7 +181,8 @@ int MAIN(int argc, char **argv)
int prexit = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
char *engine_id=NULL;
ENGINE *e=NULL;
#ifdef WINDOWS
struct timeval tv;
#endif
@@ -319,10 +320,10 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-nbio") == 0)
{ c_nbio=1; }
#endif
else if (strcmp(*argv,"-rand") == 0)
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
engine_id = *(++argv);
}
else
{
@@ -340,14 +341,7 @@ bad:
goto end;
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
app_RAND_load_file(NULL, bio_err, 0);
if (bio_c_out == NULL)
{
@@ -364,6 +358,30 @@ bad:
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (c_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
@@ -768,14 +786,14 @@ end:
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
OPENSSL_EXIT(ret);
EXIT(ret);
}
@@ -896,7 +914,5 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio,"---\n");
if (peer != NULL)
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
BIO_flush(bio);
}

101
apps/s_server.c
View File

@@ -83,7 +83,7 @@ typedef unsigned int u_int;
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
@@ -177,6 +177,7 @@ static int s_debug=0;
static int s_quiet=0;
static int hack=0;
static char *engine_id=NULL;
#ifdef MONOLITH
static void s_server_init(void)
@@ -199,6 +200,7 @@ static void s_server_init(void)
s_debug=0;
s_quiet=0;
hack=0;
engine_id=NULL;
}
#endif
@@ -243,7 +245,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
static int local_argc=0;
@@ -253,10 +255,10 @@ static char **local_argv;
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
static int ebcdic_write(BIO *b, const char *in, int inl);
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_write(BIO *b, char *in, int inl);
static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
static int ebcdic_puts(BIO *bp, const char *str);
static int ebcdic_puts(BIO *bp, char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
@@ -321,7 +323,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
return(ret);
}
static int ebcdic_write(BIO *b, const char *in, int inl)
static int ebcdic_write(BIO *b, char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
@@ -354,7 +356,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
return(ret);
}
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
{
long ret;
@@ -373,7 +375,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
int i, ret=0;
int i, ret;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
@@ -392,7 +394,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
return (ret < 0 && i == 0) ? ret : i;
}
static int ebcdic_puts(BIO *bp, const char *str)
static int ebcdic_puts(BIO *bp, char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
@@ -413,7 +415,7 @@ int MAIN(int argc, char *argv[])
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
char *inrand=NULL;
ENGINE *e=NULL;
#ifndef NO_DH
DH *dh=NULL;
#endif
@@ -568,10 +570,10 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
else if (strcmp(*argv,"-rand") == 0)
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
engine_id= *(++argv);
}
else
{
@@ -589,14 +591,7 @@ bad:
goto end;
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
app_RAND_load_file(NULL, bio_err, 0);
if (bio_s_out == NULL)
{
@@ -624,6 +619,29 @@ bad:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
if (engine_id != NULL)
{
if((e = ENGINE_by_id(engine_id)) == NULL)
{
BIO_printf(bio_err,"invalid engine\n");
ERR_print_errors(bio_err);
goto end;
}
if (s_debug)
{
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
0, bio_err, 0);
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
ENGINE_free(e);
}
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
@@ -691,8 +709,7 @@ bad:
#ifndef NO_RSA
#if 1
if (!no_tmp_rsa)
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
#else
if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
{
@@ -741,7 +758,7 @@ end:
BIO_free(bio_s_out);
bio_s_out=NULL;
}
OPENSSL_EXIT(ret);
EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -1043,7 +1060,7 @@ err:
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
OPENSSL_cleanse(buf,bufsize);
memset(buf,0,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
@@ -1250,7 +1267,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
#if !defined(MSDOS) && !defined(VXWORKS)
#ifndef MSDOS
sleep(1);
#endif
continue;
@@ -1352,29 +1369,15 @@ static int www_body(char *hostname, int s, unsigned char *context)
/* skip the '/' */
p= &(buf[5]);
dot = 1;
dot=0;
for (e=p; *e != '\0'; e++)
{
if (e[0] == ' ')
break;
switch (dot)
{
case 1:
dot = (e[0] == '.') ? 2 : 0;
break;
case 2:
dot = (e[0] == '.') ? 3 : 0;
break;
case 3:
dot = (e[0] == '/') ? -1 : 0;
break;
}
if (dot == 0)
dot = (e[0] == '/') ? 1 : 0;
if (e[0] == ' ') break;
if ( (e[0] == '.') &&
(strncmp(&(e[-1]),"/../",4) == 0))
dot=1;
}
dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
if (*e == '\0')
{
@@ -1398,11 +1401,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
break;
}
#if 0
/* append if a directory lookup */
if (e[-1] == '/')
strcat(p,"index.html");
#endif
/* if a directory, do the index thang */
if (stat(p,&st_buf) < 0)
@@ -1414,13 +1415,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
}
if (S_ISDIR(st_buf.st_mode))
{
#if 0 /* must check buffer size */
strcat(p,"/index.html");
#else
BIO_puts(io,text);
BIO_printf(io,"'%s' is a directory\r\n",p);
break;
#endif
}
if ((file=BIO_new_file(p,"r")) == NULL)

31
apps/s_time.c
View File

@@ -82,7 +82,7 @@
#include "wintext.h"
#endif
#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
#define TIMES
#endif
@@ -102,7 +102,7 @@
#undef TIMES
#endif
#if !defined(TIMES) && !defined(VXWORKS)
#ifndef TIMES
#include <sys/timeb.h>
#endif
@@ -116,11 +116,6 @@
#include <sys/param.h>
#endif
#ifdef VXWORKS
#include <tickLib.h>
#undef SIGALRM
#endif
/* The following if from times(3) man page. It may need to be changed
*/
#ifndef HZ
@@ -144,8 +139,6 @@
#undef BUFSIZZ
#define BUFSIZZ 1024*10
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))
@@ -375,22 +368,6 @@ static double tm_Time_F(int s)
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
return((ret == 0.0)?1e-6:ret);
}
#elif defined(VXWORKS)
{
static unsigned long tick_start, tick_end;
if( s == START )
{
tick_start = tickGet();
return 0;
}
else
{
tick_end = tickGet();
ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
return((ret == 0.0)?1e-6:ret);
}
}
#else /* !times() */
static struct timeb tstart,tend;
long i;
@@ -466,7 +443,7 @@ int MAIN(int argc, char **argv)
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
/* OPENSSL_EXIT(1); */
/* EXIT(1); */
}
if (!(perform & 1)) goto next;
@@ -633,7 +610,7 @@ end:
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
OPENSSL_EXIT(ret);
EXIT(ret);
}
/***********************************************************************

16
apps/server.pem
View File

@@ -1,17 +1,17 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
-----BEGIN CERTIFICATE-----
MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
itAE+OjGF+PFKbwX8Q==
Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
FUGcPZf9ND22Etc+AQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD

2
apps/sess_id.c
View File

@@ -272,7 +272,7 @@ bad:
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)

39
apps/smime.c
View File

@@ -64,6 +64,7 @@
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#undef PROG
#define PROG smime_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
args = argv + 1;
char *engine=NULL;
args = argv + 1;
ret = 1;
while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
inrand = *args;
} else badarg = 1;
need_rand = 1;
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -290,7 +298,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
@@ -298,6 +306,24 @@ int MAIN(int argc, char **argv)
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -414,10 +440,7 @@ int MAIN(int argc, char **argv)
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
} else if(operation == SMIME_SIGN) {
p7 = PKCS7_sign(signer, key, other, in, flags);
if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
BIO_printf(bio_err, "Can't rewind input file\n");
goto end;
}
BIO_reset(in);
} else {
if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
@@ -457,9 +480,9 @@ int MAIN(int argc, char **argv)
} else if(operation == SMIME_VERIFY) {
STACK_OF(X509) *signers;
if(PKCS7_verify(p7, other, store, indata, out, flags)) {
BIO_printf(bio_err, "Verification successful\n");
BIO_printf(bio_err, "Verification Successful\n");
} else {
BIO_printf(bio_err, "Verification failure\n");
BIO_printf(bio_err, "Verification Failure\n");
goto end;
}
signers = PKCS7_get0_signers(p7, other, flags);

78
apps/speed.c
View File

@@ -81,13 +81,14 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
#if defined(__FreeBSD__)
# define USE_TOD
#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
# define TIMES
#endif
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
# define TIMEB
#endif
@@ -115,7 +116,7 @@
#include <sys/timeb.h>
#endif
#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
#error "It seems neither struct tms nor struct timeb is supported in this platform!"
#endif
@@ -224,7 +225,7 @@ static double Time_F(int s, int usertime)
#ifdef USE_TOD
if(usertime)
{
{
static struct rusage tstart,tend;
if (s == START)
@@ -284,23 +285,7 @@ static double Time_F(int s, int usertime)
# if defined(TIMES) && defined(TIMEB)
else
# endif
# ifdef VXWORKS
{
static unsigned long tick_start, tick_end;
if( s == START )
{
tick_start = tickGet();
return 0;
}
else
{
tick_end = tickGet();
ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
return((ret < 0.001)?0.001:ret);
}
}
# elif defined(TIMEB)
# ifdef TIMEB
{
static struct timeb tstart,tend;
long i;
@@ -319,7 +304,6 @@ static double Time_F(int s, int usertime)
}
}
# endif
#endif
}
@@ -327,6 +311,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e;
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
#define ALGOR_NUM 15
@@ -335,9 +320,7 @@ int MAIN(int argc, char **argv)
#define DSA_NUM 3
long count,rsa_count;
int i,j,k;
#ifndef NO_RSA
unsigned rsa_num;
#endif
#ifndef NO_MD2
unsigned char md2[MD2_DIGEST_LENGTH];
#endif
@@ -489,6 +472,37 @@ int MAIN(int argc, char **argv)
{
if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
usertime = 0;
else
if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
{
argc--;
argv++;
if(argc == 0)
{
BIO_printf(bio_err,"no engine given\n");
goto end;
}
if((e = ENGINE_by_id(*argv)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
*argv);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
/* Free our "structural" reference. */
ENGINE_free(e);
/* It will be increased again further down. We just
don't want speed to confuse an engine with an
algorithm, especially when none is given (which
means all of them should be run) */
j--;
}
else
#ifndef NO_MD2
if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
else
@@ -536,7 +550,7 @@ int MAIN(int argc, char **argv)
#ifdef RSAref
if (strcmp(*argv,"rsaref") == 0)
{
RSA_set_default_method(RSA_PKCS1_RSAref());
RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
}
else
@@ -544,7 +558,7 @@ int MAIN(int argc, char **argv)
#ifndef RSA_NULL
if (strcmp(*argv,"openssl") == 0)
{
RSA_set_default_method(RSA_PKCS1_SSLeay());
RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
j--;
}
else
@@ -689,11 +703,12 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"\n");
#endif
#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
#ifdef TIMES
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
goto end;
}
argc--;
@@ -850,7 +865,6 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef NO_DSA
dsa_c[R_DSA_512][0]=count/1000;
dsa_c[R_DSA_512][1]=count/1000/2;
for (i=1; i<DSA_NUM; i++)
@@ -868,7 +882,6 @@ int MAIN(int argc, char **argv)
}
}
}
#endif
#define COND(d) (count < (d))
#define COUNT(d) (d)
@@ -1194,7 +1207,7 @@ int MAIN(int argc, char **argv)
{
BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
ERR_print_errors(bio_err);
rsa_doit[j] = 0;
dsa_doit[j] = 0;
}
else
{
@@ -1400,6 +1413,7 @@ int MAIN(int argc, char **argv)
#endif
mret=0;
end:
ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf);
if (buf2 != NULL) OPENSSL_free(buf2);
#ifndef NO_RSA
@@ -1412,7 +1426,7 @@ end:
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
OPENSSL_EXIT(mret);
EXIT(mret);
}
static void print_message(char *s, long num, int length)

29
apps/spkac.c
View File

@@ -69,6 +69,7 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
apps_startup();
@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
spksect= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
goto end;
}
@@ -170,6 +179,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if(keyfile) {
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -288,5 +315,5 @@ end:
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
OPENSSL_EXIT(ret);
EXIT(ret);
}

30
apps/verify.c
View File

@@ -65,6 +65,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG verify_main
@@ -78,6 +79,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,ret=1;
int purpose = -1;
char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
char *engine=NULL;
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto end;
engine= *(++argv);
}
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
break;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
if (CAfile) {
@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
@@ -213,7 +239,7 @@ end:
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)

2
apps/version.c
View File

@@ -128,5 +128,5 @@ int MAIN(int argc, char **argv)
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
end:
OPENSSL_EXIT(ret);
EXIT(ret);
}

37
apps/x509.c
View File

@@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/engine.h>
#undef PROG
#define PROG x509_main
@@ -121,7 +122,7 @@ static char *x509_usage[]={
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial arg - serial file\n",
" -CAserial - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -129,6 +130,7 @@ static char *x509_usage[]={
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
@@ -145,6 +147,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
@@ -175,6 +178,7 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0;
char *engine=NULL;
reqfile=0;
@@ -233,7 +237,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-CAkeyform") == 0)
{
if (--argc < 1) goto bad;
CAkeyformat=str2fmt(*(++argv));
CAformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-days") == 0)
{
@@ -337,6 +341,11 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
@@ -420,6 +429,24 @@ bad:
goto end;
}
if (engine != NULL)
{
if((e = ENGINE_by_id(engine)) == NULL)
{
BIO_printf(bio_err,"invalid engine \"%s\"\n",
engine);
goto end;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
BIO_printf(bio_err,"can't use that engine\n");
goto end;
}
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
/* Free our "structural" reference. */
ENGINE_free(e);
}
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
@@ -447,7 +474,7 @@ bad:
if (extfile)
{
long errorline = -1;
long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
@@ -867,10 +894,8 @@ bad:
BIO_printf(bio_err,"Generating certificate request\n");
#ifndef NO_DSA
if (pk->type == EVP_PKEY_DSA)
digest=EVP_dss1();
#endif
rq=X509_to_X509_REQ(x,pk,digest);
EVP_PKEY_free(pk);
@@ -961,7 +986,7 @@ end:
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
OPENSSL_EXIT(ret);
EXIT(ret);
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,

0
certs/expired/rsa-ssca.pem → certs/rsa-ssca.pem
View File

235
config
View File

@@ -49,18 +49,10 @@ if [ "x$XREL" != "x" ]; then
echo "whatever-whatever-sco5"; exit 0
;;
4.2MP)
if [ "x$VERSION" = "x2.01" ]; then
echo "${MACHINE}-whatever-unixware201"; exit 0
elif [ "x$VERSION" = "x2.02" ]; then
echo "${MACHINE}-whatever-unixware202"; exit 0
elif [ "x$VERSION" = "x2.03" ]; then
echo "${MACHINE}-whatever-unixware203"; exit 0
elif [ "x$VERSION" = "x2.1.1" ]; then
if [ "x$VERSION" = "x2.1.1" ]; then
echo "${MACHINE}-whatever-unixware211"; exit 0
elif [ "x$VERSION" = "x2.1.2" ]; then
echo "${MACHINE}-whatever-unixware212"; exit 0
elif [ "x$VERSION" = "x2.1.3" ]; then
echo "${MACHINE}-whatever-unixware213"; exit 0
else
echo "${MACHINE}-whatever-unixware2"; exit 0
fi
@@ -68,11 +60,6 @@ if [ "x$XREL" != "x" ]; then
4.2)
echo "whatever-whatever-unixware1"; exit 0
;;
OpenUNIX)
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
fi
;;
5)
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
echo "${MACHINE}-sco-unixware7"; exit 0
@@ -92,14 +79,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "m68k-apple-aux3"; exit 0
;;
AIX:[3456789]:4:*)
echo "${MACHINE}-ibm-aix43"; exit 0
;;
AIX:*:[56789]:*)
echo "${MACHINE}-ibm-aix43"; exit 0
;;
AIX:*)
echo "${MACHINE}-ibm-aix"; exit 0
;;
@@ -189,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
;;
NetBSD:*:*:*386*)
echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
NetBSD:*)
@@ -200,33 +179,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-whatever-openbsd"; exit 0
;;
OpenUNIX:*)
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
;;
OSF1:*:*:*alpha*)
OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
case "$OSFMAJOR" in
4|5)
echo "${MACHINE}-dec-tru64"; exit 0
;;
1|2|3)
echo "${MACHINE}-dec-osf"; exit 0
;;
*)
echo "${MACHINE}-dec-osf"; exit 0
;;
esac
echo "${MACHINE}-dec-osf"; exit 0
;;
QNX:*)
case "$RELEASE" in
case "$VERSION" in
4*)
echo "${MACHINE}-whatever-qnx4"
;;
6*)
echo "${MACHINE}-whatever-qnx6"
;;
*)
echo "${MACHINE}-whatever-qnx"
;;
@@ -242,10 +203,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "ppc-apple-rhapsody"; exit 0
;;
Darwin:*)
echo "ppc-apple-darwin"; exit 0
;;
SunOS:5.*)
echo "${MACHINE}-whatever-solaris2"; exit 0
;;
@@ -298,29 +255,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "mips-sony-newsos4"; exit 0;
;;
CYGWIN*)
case "$RELEASE" in
[bB]*|1.0|1.[12].*)
echo "${MACHINE}-whatever-cygwin_pre1.3"
;;
*)
echo "${MACHINE}-whatever-cygwin"
;;
esac
exit 0
;;
*"CRAY T3E")
echo "t3e-cray-unicosmk"; exit 0;
;;
*CRAY*)
echo "j90-cray-unicos"; exit 0;
;;
NONSTOP_KERNEL*)
echo "nsr-tandem-nsk"; exit 0;
;;
esac
#
@@ -385,33 +319,17 @@ done
# figure out if gcc is available and if so we use it otherwise
# we fallback to whatever cc does on the system
GCCVER=`(gcc -dumpversion) 2>/dev/null`
GCCVER=`(gcc --version) 2>/dev/null`
if [ "$GCCVER" != "" ]; then
CC=gcc
# then strip off whatever prefix egcs prepends the number with...
# Hopefully, this will work for any future prefixes as well.
GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
# Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
# does give us what we want though, so we use that. We just just the
# major and minor version numbers.
# then strip off whatever prefix Cygnus prepends the number with...
GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
# peak single digit before and after first dot, e.g. 2.95.1 gives 29
GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
else
CC=cc
fi
GCCVER=${GCCVER:-0}
if [ "$SYSTEM" = "HP-UX" ];then
# By default gcc is a ILP32 compiler (with long long == 64).
GCC_BITS="32"
if [ $GCCVER -ge 30 ]; then
# PA64 support only came in with gcc 3.0.x.
# We look for the preprocessor symbol __LP64__ indicating
# 64bit bit long and pointer. sizeof(int) == 32 on HPUX64.
if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
GCC_BITS="64"
fi
fi
fi
if [ "$SYSTEM" = "SunOS" ]; then
# check for WorkShop C, expected output is "cc: blah-blah C x.x"
CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -475,17 +393,10 @@ case "$GUESSOS" in
;;
mips4-sgi-irix64)
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
# Do not stop if /dev/tty is unavailable
(read waste < /dev/tty) || true
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
options="$options -mips4"
else
options="$options -mips3"
fi
echo " invoke './Configre irix64-mips4-$CC' *manually*."
echo " Type Ctrl-C if you don't want to continue."
read waste < /dev/tty
options="$options -mips4"
OUT="irix-mips3-$CC"
;;
alpha-*-linux2)
@@ -502,71 +413,28 @@ case "$GUESSOS" in
esac
fi
;;
mips-*-linux?)
cat >dummy.c <<EOF
#include <stdio.h> /* for printf() prototype */
int main (argc, argv) int argc; char *argv[]; {
#ifdef __MIPSEB__
printf ("linux-%s\n", argv[1]);
#endif
#ifdef __MIPSEL__
printf ("linux-%sel\n", argv[1]);
#endif
return 0;
}
EOF
${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
rm dummy dummy.c
;;
ppc64-*-linux2)
#Use the standard target for PPC architecture until we create a
#special one for the 64bit architecture.
OUT="linux-ppc" ;;
mips-*-linux?) OUT="linux-mips" ;;
ppc-*-linux2) OUT="linux-ppc" ;;
m68k-*-linux*) OUT="linux-m68k" ;;
ia64-*-linux?) OUT="linux-ia64" ;;
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
sparc64-*-linux2)
#Before we can uncomment following lines we have to wait at least
#till 64-bit glibc for SPARC is operational:-(
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type return if you want to continue, Ctrl-C to abort."
# Do not stop if /dev/tty is unavailable
#(read waste < /dev/tty) || true
#echo " Type Ctrl-C if you don't want to continue."
#read waste < /dev/tty
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
case ${KARCH:-sun4} in
sun4u*) OUT="linux-sparcv9" ;;
sun4m) OUT="linux-sparcv8" ;;
sun4d) OUT="linux-sparcv8" ;;
*) OUT="linux-sparcv7" ;;
esac ;;
parisc-*-linux2)
CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
CPUSCHEDULE=`awk '/^cpu.[ ]: PA/{print substr($3,3)}' /proc/cpuinfo`
# ??TODO ?? Model transformations
# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
# assuming no further arch. identification will ever be used by GCC.
# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
# for these chips in the future.
# PA7300LC -> 7100LC (1.1)
# PA8200 -> 8000 (2.0)
# PA8500 -> 8000 (2.0)
# PA8600 -> 8000 (2.0)
CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
# Finish Model transformations
options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
OUT="linux-parisc" ;;
arm*-*-linux2) OUT="linux-elf-arm" ;;
s390-*-linux2) OUT="linux-s390" ;;
s390x-*-linux?) OUT="linux-s390x" ;;
*-*-linux2) OUT="linux-elf" ;;
*-*-linux1) OUT="linux-aout" ;;
sun4u*-*-solaris2)
@@ -574,9 +442,8 @@ EOF
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
# Do not stop if /dev/tty is unavailable
(read waste < /dev/tty) || true
echo " Type Ctrl-C if you don't want to continue."
read waste < /dev/tty
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
@@ -595,57 +462,47 @@ EOF
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
*-*-openbsd) OUT="OpenBSD" ;;
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
*-*-osf) OUT="alphaold-cc" ;;
*-*-tru64) OUT="alpha-cc" ;;
*-*-OpenUNIX*)
if [ "$CC" = "gcc" ]; then
OUT="OpenUNIX-8-gcc"
else
OUT="OpenUNIX-8"
fi
;;
*-*-osf) OUT="alpha-cc" ;;
*-*-unixware7) OUT="unixware-7" ;;
*-*-UnixWare7) OUT="unixware-7" ;;
*-*-Unixware7) OUT="unixware-7" ;;
*-*-unixware20*) OUT="unixware-2.0" ;;
*-*-unixware21*) OUT="unixware-2.1" ;;
*-*-UnixWare20*) OUT="unixware-2.0" ;;
*-*-UnixWare21*) OUT="unixware-2.1" ;;
*-*-Unixware20*) OUT="unixware-2.0" ;;
*-*-Unixware21*) OUT="unixware-2.1" ;;
*-*-unixware[1-2]*) OUT="unixware-2.0" ;;
*-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
*-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
*-siemens-sysv4) OUT="SINIX" ;;
*-hpux1*)
if [ $CC = "gcc" ];
then
if [ $GCC_BITS = "64" ]; then
OUT="hpux64-parisc-gcc"
else
OUT="hpux-parisc-gcc"
fi
else
OUT="hpux-parisc-$CC"
fi
options="$options -D_REENTRANT" ;;
*-hpux1*) OUT="hpux-parisc-$CC"
options="$options -D_REENTRANT" ;;
*-hpux) OUT="hpux-parisc-$CC" ;;
# these are all covered by the catchall below
# *-aix) OUT="aix-$CC" ;;
# *-dgux) OUT="dgux" ;;
mips-sony-newsos4) OUT="newsos4-gcc" ;;
*-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
*-*-cygwin) OUT="Cygwin" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
nsr-tandem-nsk) OUT="tandem-c89" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
# NB: This atalla support has been superceded by the ENGINE support
# That contains its own header and definitions anyway. Support can
# be enabled or disabled on any supported platform without external
# headers, eg. by adding the "hw-atalla" switch to ./config or
# perl Configure
#
# See whether we can compile Atalla support
if [ -f /usr/include/atasi.h ]
then
options="$options -DATALLA"
fi
#if [ -f /usr/include/atasi.h ]
#then
# options="$options -DATALLA"
#fi
#get some basic shared lib support (behnke@trustcenter.de)
case "$OUT" in
solaris-*-gcc)
if [ "$SHARED" = "true" ]
then
options="$options -DPIC -fPIC"
fi
;;
esac
# gcc < 2.8 does not support -mcpu=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -666,7 +523,7 @@ case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
do
if [ ! -d crypto/$i ]
then
@@ -716,7 +573,7 @@ OUT="$PREFIX$OUT"
$PERL ./Configure LIST | grep "$OUT" > /dev/null
if [ $? = "0" ]; then
echo Configuring for $OUT
#echo Configuring for $OUT
if [ "$TEST" = "true" ]; then
echo $PERL ./Configure $OUT $options

31
crypto/Makefile.ssl
View File

@@ -6,7 +6,7 @@ DIR= crypto
TOP= ..
CC= cc
INCLUDE= -I. -I../include
INCLUDES= -I.. -I../.. -I../../include
INCLUDES= -I.. -I../../include
CFLAG= -g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@@ -27,15 +27,15 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso \
bn rsa dsa dh dso engine \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
SRC= $(LIBSRC)
@@ -51,11 +51,11 @@ all: buildinf.h lib subdirs
buildinf.h: ../Makefile.ssl
( echo "#ifndef MK1MF_BUILD"; \
echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
echo ' #define PLATFORM "$(PLATFORM)"'; \
echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
echo '#endif' ) >buildinf.h
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
echo " #define CFLAGS \"$(CC) $(CFLAG)\""; \
echo " #define PLATFORM \"$(PLATFORM)\""; \
echo " #define DATE \"`date`\""; \
echo "#endif" ) >buildinf.h
testapps:
if echo ${SDIRS} | fgrep ' des '; \
@@ -90,8 +90,7 @@ links:
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
$(RANLIB) $(LIB)
@touch lib
libs:
@@ -129,12 +128,12 @@ lint:
depend:
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
@for i in $(SDIRS) ;\
do \
(cd $$i; echo "making depend in crypto/$$i..."; \
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
done;
clean:
@@ -185,9 +184,6 @@ mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
mem_clr.o: ../include/openssl/symhacks.h
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -201,6 +197,3 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
uid.o: ../include/openssl/symhacks.h

146
crypto/asn1/Makefile.ssl
View File

@@ -75,8 +75,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
$(RANLIB) $(LIB)
@touch lib
files:
@@ -104,7 +103,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -936,40 +935,40 @@ t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_bitst.o: ../cryptlib.h
t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_crl.o: ../cryptlib.h
t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -985,20 +984,20 @@ t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_req.o: ../cryptlib.h
t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1024,20 +1023,20 @@ t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_x509.o: ../cryptlib.h
t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1310,20 +1309,21 @@ x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x_x509.o: ../cryptlib.h
x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

7
crypto/asn1/a_bitstr.c
View File

@@ -89,6 +89,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
if (a == NULL) return(0);
len=a->length;
ret=1+len;
if (pp == NULL) return(ret);
if (len > 0)
{
@@ -116,10 +118,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
}
else
bits=0;
ret=1+len;
if (pp == NULL) return(ret);
p= *pp;
*(p++)=(unsigned char)bits;
@@ -226,7 +224,6 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
w=n/8;
v=1<<(7-(n&0x07));
iv= ~v;
if (!value) v=0;
a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */

13
crypto/asn1/a_enum.c
View File

@@ -205,18 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
else ret->type=V_ASN1_ENUMERATED;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
if (ret->length < len+4)
{
unsigned char *new_data=
OPENSSL_realloc(ret->data, len+4);
if (!new_data)
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
goto err;
}
ret->data=new_data;
}
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:

2
crypto/asn1/a_gentm.c
View File

@@ -203,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
if (s == NULL)
return(NULL);
#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
#if defined(THREADS) && !defined(WIN32)
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
ts=&data;
#else

11
crypto/asn1/a_int.c
View File

@@ -451,16 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
if (ret->length < len+4)
{
unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
if (!new_data)
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
goto err;
}
ret->data=new_data;
}
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:

4
crypto/asn1/a_set.c
View File

@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
}
pStart = p; /* Catch the beg of Setblobs*/
if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
we will store the SET blobs */
for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
pTempMem = OPENSSL_malloc(totSize);
/* Copy to temp mem */
p = pTempMem;

68
crypto/asn1/a_sign.c
View File

@@ -55,59 +55,6 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <time.h>
@@ -140,14 +87,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
else
a=algor2;
if (a == NULL) continue;
if (type->pkey_type == NID_dsaWithSHA1)
{
/* special case: RFC 2459 tells us to omit 'parameters'
* with id-dsa-with-sha1 */
ASN1_TYPE_free(a->parameter);
a->parameter = NULL;
}
else if ((a->parameter == NULL) ||
if ( (a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
@@ -199,10 +139,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
OPENSSL_cleanse(&ctx,sizeof(ctx));
memset(&ctx,0,sizeof(ctx));
if (buf_in != NULL)
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
return(outl);
}

4
crypto/asn1/a_strex.c
View File

@@ -519,7 +519,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
if(!in) return -1;
if(!*out || !in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
@@ -528,6 +528,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
*out = stmp.data;
if(out) *out = stmp.data;
return stmp.length;
}

6
crypto/asn1/a_strnid.c
View File

@@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p)
mask = strtoul(p + 5, &end, 0);
if(*end) return 0;
} else if(!strcmp(p, "nombstr"))
mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
else if(!strcmp(p, "pkix"))
mask = ~((unsigned long)B_ASN1_T61STRING);
mask = ~B_ASN1_T61STRING;
else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
else if(!strcmp(p, "default"))
mask = 0xFFFFFFFFL;
@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
if(tbl) {
mask = tbl->mask;
if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
tbl->minsize, tbl->maxsize);
} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
if(ret <= 0) return NULL;

2
crypto/asn1/a_time.c
View File

@@ -113,7 +113,7 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
struct tm *ts;
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
struct tm data;
gmtime_r(&t,&data);

12
crypto/asn1/a_utctm.c
View File

@@ -203,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
if (s == NULL)
return(NULL);
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
ts=&data;
#else
@@ -246,8 +246,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
ts=(struct tm *)localtime(&t);
}
#endif
if (ts == NULL)
return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
{
@@ -272,9 +270,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
{
struct tm *tm;
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
struct tm data;
#endif
int offset;
int year;
@@ -291,9 +286,8 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
t -= offset*60; /* FIXME: may overflow in extreme cases */
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
gmtime_r(&t, &data);
tm = &data;
#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
{ struct tm data; gmtime_r(&t, &data); tm = &data; }
#else
tm = gmtime(&t);
#endif

2
crypto/asn1/a_verify.c
View File

@@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_VerifyInit(&ctx,type);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
memset(buf_in,0,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

4
crypto/asn1/asn1.h
View File

@@ -834,6 +834,8 @@ void ASN1_HEADER_free(ASN1_HEADER *a);
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
void ERR_load_ASN1_strings(void);
/* Not used that much at this point, except for the first two */
ASN1_METHOD *X509_asn1_meth(void);
ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
@@ -875,7 +877,6 @@ void ASN1_STRING_TABLE_cleanup(void);
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -1147,3 +1148,4 @@ void ERR_load_ASN1_strings(void);
}
#endif
#endif

17
crypto/asn1/asn1_lib.c
View File

@@ -57,7 +57,6 @@
*/
#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
@@ -125,13 +124,15 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
(int)(omax+ *pp));
#endif
if (*plength > (omax - (p - *pp)))
#if 0
if ((p+ *plength) > (omax+ *pp))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
#endif
*pp=p;
return(ret|inf);
err:
@@ -142,7 +143,7 @@ err:
static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
{
unsigned char *p= *pp;
unsigned long ret=0;
long ret=0;
int i;
if (max-- < 1) return(0);
@@ -158,8 +159,6 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
i= *p&0x7f;
if (*(p++) & 0x80)
{
if (i > sizeof(long))
return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -171,10 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
else
ret=i;
}
if (ret > LONG_MAX)
return 0;
*pp=p;
*rl=(long)ret;
*rl=ret;
return(1);
}
@@ -304,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
return(0);
}
if (c->inf == (1|V_ASN1_CONSTRUCTED))
c->slen= *length;
c->slen= *length+ *(c->pp)-c->p;
c->eos=0;
return(1);
}
@@ -410,7 +407,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
void asn1_add_error(unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
char buf1[16],buf2[16];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);

23
crypto/asn1/asn1_mac.h
View File

@@ -196,9 +196,6 @@ err:\
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
if ((c.slen != 0) && \
(M_ASN1_next == \
@@ -392,9 +389,6 @@ err:\
if ((a != NULL) && (sk_##type##_num(a) != 0)) \
M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
@@ -458,15 +452,6 @@ err:\
ret+=ASN1_object_size(1,v,mtag); \
}
#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
if (a)\
{ \
v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
V_ASN1_UNIVERSAL, \
IS_SEQUENCE); \
ret+=ASN1_object_size(1,v,mtag); \
}
/* Put Macros */
#define M_ASN1_I2D_put(a,f) f(a,&p)
@@ -551,14 +536,6 @@ err:\
IS_SEQUENCE); \
}
#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
if (a) \
{ \
ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
IS_SEQUENCE); \
}
#define M_ASN1_I2D_seq_total() \
r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
if (pp == NULL) return(r); \

1
crypto/asn1/d2i_dhp.c
View File

@@ -87,7 +87,6 @@ DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
}
M_ASN1_BIT_STRING_free(bs);
bs = NULL;
M_ASN1_D2I_Finish_2(a);

1
crypto/asn1/d2i_dsap.c
View File

@@ -84,7 +84,6 @@ DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
M_ASN1_BIT_STRING_free(bs);
bs = NULL;
M_ASN1_D2I_Finish_2(a);

1
crypto/asn1/d2i_r_pr.c
View File

@@ -108,7 +108,6 @@ RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
goto err_bn;
M_ASN1_INTEGER_free(bs);
bs = NULL;
M_ASN1_D2I_Finish_2(a);
err_bn:

4
crypto/asn1/n_pkey.c
View File

@@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
OPENSSL_cleanse(buf,256);
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
@@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
OPENSSL_cleanse(buf,256);
memset(buf,0,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);

2
crypto/asn1/p7_lib.c
View File

@@ -307,14 +307,12 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
}
if (Tinf == (1|V_ASN1_CONSTRUCTED))
{
c.q=c.p;
if (!ASN1_check_infinite_end(&c.p,c.slen))
{
c.error=ERR_R_MISSING_ASN1_EOS;
c.line=__LINE__;
goto err;
}
c.slen-=(c.p-c.q);
}
}
else

4
crypto/asn1/p8_pkey.c
View File

@@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */
if (a->pkey->value.octet_string)
OPENSSL_cleanse(a->pkey->value.octet_string->data,
a->pkey->value.octet_string->length);
memset (a->pkey->value.octet_string->data,
0, a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey);
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
OPENSSL_free (a);

88
crypto/asn1/t_pkey.c
View File

@@ -96,34 +96,10 @@ int RSA_print(BIO *bp, RSA *x, int off)
char str[128];
const char *s;
unsigned char *m=NULL;
int ret=0;
size_t buf_len=0, i;
int i,ret=0;
if (x->n)
buf_len = (size_t)BN_num_bytes(x->n);
if (x->e)
if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
buf_len = i;
if (x->d)
if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
buf_len = i;
if (x->p)
if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
buf_len = i;
if (x->q)
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
buf_len = i;
if (x->dmp1)
if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
buf_len = i;
if (x->dmq1)
if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
buf_len = i;
if (x->iqmp)
if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
buf_len = i;
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
i=RSA_size(x);
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
if (m == NULL)
{
RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -185,25 +161,22 @@ int DSA_print(BIO *bp, DSA *x, int off)
{
char str[128];
unsigned char *m=NULL;
int ret=0;
size_t buf_len=0,i;
int i,ret=0;
BIGNUM *bn=NULL;
if (x->p)
buf_len = (size_t)BN_num_bytes(x->p);
if (x->q)
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
buf_len = i;
if (x->g)
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
buf_len = i;
if (x->priv_key)
if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
buf_len = i;
if (x->pub_key)
if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
buf_len = i;
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
if (x->p != NULL)
bn=x->p;
else if (x->priv_key != NULL)
bn=x->priv_key;
else if (x->pub_key != NULL)
bn=x->pub_key;
/* larger than needed but what the hell :-) */
if (bn != NULL)
i=BN_num_bytes(bn)*2;
else
i=256;
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
if (m == NULL)
{
DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -308,15 +281,10 @@ int DHparams_print_fp(FILE *fp, DH *x)
int DHparams_print(BIO *bp, DH *x)
{
unsigned char *m=NULL;
int reason=ERR_R_BUF_LIB,ret=0;
size_t buf_len=0, i;
int reason=ERR_R_BUF_LIB,i,ret=0;
if (x->p)
buf_len = (size_t)BN_num_bytes(x->p);
if (x->g)
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
buf_len = i;
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
i=BN_num_bytes(x->p);
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
if (m == NULL)
{
reason=ERR_R_MALLOC_FAILURE;
@@ -366,18 +334,10 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
int DSAparams_print(BIO *bp, DSA *x)
{
unsigned char *m=NULL;
int reason=ERR_R_BUF_LIB,ret=0;
size_t buf_len=0, i;
int reason=ERR_R_BUF_LIB,i,ret=0;
if (x->p)
buf_len = (size_t)BN_num_bytes(x->p);
if (x->q)
if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
buf_len = i;
if (x->g)
if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
buf_len = i;
m=(unsigned char *)OPENSSL_malloc(buf_len+10);
i=BN_num_bytes(x->p);
m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
if (m == NULL)
{
reason=ERR_R_MALLOC_FAILURE;

2
crypto/asn1/t_x509.c
View File

@@ -349,8 +349,6 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
ll=80-2-obase;
s=X509_NAME_oneline(name,buf,256);
if (!*s)
return 1;
s++; /* skip the first slash */
l=ll;

10
crypto/asn1/x_crl.c
View File

@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION);
M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
i2d_X509_REVOKED);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
ret->nextUpdate=NULL;
M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
ret->extensions = NULL;
M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
return(ret);
M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);

6
crypto/asn1/x_name.c
View File

@@ -141,12 +141,10 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
}
size+=i2d_X509_NAME_ENTRY(ne,NULL);
}
ret+=ASN1_object_size(1,size,V_ASN1_SET);
if (fe != NULL)
{
/* SET OF needed only if entries is non empty */
ret+=ASN1_object_size(1,size,V_ASN1_SET);
fe->size=size;
}
r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);

4
crypto/asn1/x_pubkey.c
View File

@@ -156,7 +156,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
i=i2d_DSAparams(dsa,NULL);
if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
p=(unsigned char *)OPENSSL_malloc(i);
pp=p;
i2d_DSAparams(dsa,&pp);
a->parameter=ASN1_TYPE_new();
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
a=key->algor;
if (ret->type == EVP_PKEY_DSA)
{
if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
if (a->parameter->type == V_ASN1_SEQUENCE)
{
ret->pkey.dsa->write_params=0;
p=a->parameter->value.sequence->data;

5
crypto/bf/Makefile.ssl
View File

@@ -44,8 +44,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
$(RANLIB) $(LIB)
@touch lib
# elf
@@ -96,7 +95,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

4
crypto/bf/bftest.c
View File

@@ -63,8 +63,6 @@
#include <string.h>
#include <stdlib.h>
#include "../e_os.h"
#ifdef NO_BF
int main(int argc, char *argv[])
{
@@ -277,7 +275,7 @@ int main(int argc, char *argv[])
else
ret=test();
EXIT(ret);
exit(ret);
return(0);
}

19
crypto/bio/Makefile.ssl
View File

@@ -49,8 +49,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
$(RANLIB) $(LIB)
@touch lib
files:
@@ -78,7 +77,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -96,13 +95,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
b_dump.o: ../cryptlib.h
b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
b_print.o: ../cryptlib.h
b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

37
crypto/bio/b_print.c
View File

@@ -56,13 +56,6 @@
* [including the GNU Public Licence.]
*/
/* disable assert() unless BIO_DEBUG has been defined */
#ifndef BIO_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
/*
* Stolen from tjh's ssl/ssl_trc.c stuff.
*/
@@ -76,7 +69,6 @@
#ifndef NO_SYS_TYPES_H
#include <sys/types.h>
#endif
#include <openssl/bn.h> /* To get BN_LLONG properly defined */
#include <openssl/bio.h>
#ifdef BN_LLONG
@@ -109,18 +101,14 @@
* o ... (for OpenSSL)
*/
#ifdef HAVE_LONG_DOUBLE
#if HAVE_LONG_DOUBLE
#define LDOUBLE long double
#else
#define LDOUBLE double
#endif
#if HAVE_LONG_LONG
# if defined(WIN32) && !defined(__GNUC__)
# define LLONG _int64
# else
# define LLONG long long
# endif
#define LLONG long long
#else
#define LLONG long
#endif
@@ -163,7 +151,7 @@ static void _dopr(char **sbuffer, char **buffer,
/* some handy macros */
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
#define MAX(p,q) ((p >= q) ? p : q)
static void
_dopr(
@@ -514,13 +502,13 @@ fmtint(
convert[place] = 0;
zpadlen = max - place;
spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
spadlen = 0;
if (flags & DP_F_ZERO) {
zpadlen = OSSL_MAX(zpadlen, spadlen);
zpadlen = MAX(zpadlen, spadlen);
spadlen = 0;
}
if (flags & DP_F_MINUS)
@@ -576,7 +564,7 @@ pow10(int exp)
}
static long
roundv(LDOUBLE value)
round(LDOUBLE value)
{
long intpart;
intpart = (long) value;
@@ -628,7 +616,7 @@ fmtfp(
/* we "cheat" by converting the fractional part to integer by
multiplying by a factor of 10 */
fracpart = roundv((pow10(max)) * (ufvalue - intpart));
fracpart = round((pow10(max)) * (ufvalue - intpart));
if (fracpart >= pow10(max)) {
intpart++;
@@ -652,7 +640,7 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
} while (fracpart && (fplace < 20));
if (fplace == 20)
fplace--;
fconvert[fplace] = 0;
@@ -723,13 +711,12 @@ doapr_outch(
if (buffer) {
while (*currlen >= *maxlen) {
if (*buffer == NULL) {
assert(*sbuffer != NULL);
if (*maxlen == 0)
*maxlen = 1024;
*buffer = OPENSSL_malloc(*maxlen);
if (*currlen > 0) {
assert(*sbuffer != NULL);
if (*currlen > 0)
memcpy(*buffer, *sbuffer, *currlen);
}
*sbuffer = NULL;
} else {
*maxlen += 1024;
@@ -769,9 +756,7 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
{
int ret;
size_t retlen;
char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable
in small-stack environments, like threads
or DOS programs. */
MS_STATIC char hugebuf[1024*10];
char *hugebufp = hugebuf;
size_t hugebufsize = sizeof(hugebuf);
char *dynbuf = NULL;

58
crypto/bio/b_sock.c
View File

@@ -72,9 +72,9 @@
#endif
#ifdef SO_MAXCONN
#define MAX_LISTEN SO_MAXCONN
#elif defined(SOMAXCONN)
#define MAX_LISTEN SOMAXCONN
#elif defined(SO_MAXCONN)
#define MAX_LISTEN SO_MAXCONN
#else
#define MAX_LISTEN 32
#endif
@@ -95,10 +95,8 @@ static struct ghbn_cache_st
} ghbn_cache[GHBN_NUM];
static int get_ip(const char *str,unsigned char *ip);
#if 0
static void ghbn_free(struct hostent *a);
static struct hostent *ghbn_dup(struct hostent *a);
#endif
int BIO_get_host_ip(const char *str, unsigned char *ip)
{
int i;
@@ -115,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
/* At this point, we have something that is most probably correct
in some way, so let's init the socket. */
if (BIO_sock_init() != 1)
return 0; /* don't generate another error code here */
if (!BIO_sock_init())
return(0); /* don't generate another error code here */
/* If the string actually contained an IP address, we need not do
anything more */
@@ -268,7 +266,6 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
return(1);
}
#if 0
static struct hostent *ghbn_dup(struct hostent *a)
{
struct hostent *ret;
@@ -345,27 +342,21 @@ static void ghbn_free(struct hostent *a)
if (a->h_name != NULL) OPENSSL_free(a->h_name);
OPENSSL_free(a);
}
#endif
struct hostent *BIO_gethostbyname(const char *name)
{
#if 1
/* Caching gethostbyname() results forever is wrong,
* so we have to let the true gethostbyname() worry about this */
return gethostbyname(name);
#else
struct hostent *ret;
int i,lowi=0,j;
unsigned long low= (unsigned long)-1;
/* return(gethostbyname(name)); */
# if 0
/* It doesn't make sense to use locking here: The function interface
* is not thread-safe, because threads can never be sure when
* some other thread destroys the data they were given a pointer to.
*/
#if 0 /* It doesn't make sense to use locking here: The function interface
* is not thread-safe, because threads can never be sure when
* some other thread destroys the data they were given a pointer to.
*/
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
# endif
#endif
j=strlen(name);
if (j < 128)
{
@@ -393,21 +384,20 @@ struct hostent *BIO_gethostbyname(const char *name)
* parameter is 'char *', instead of 'const char *'
*/
ret=gethostbyname(
# ifndef CONST_STRICT
#ifndef CONST_STRICT
(char *)
# endif
#endif
name);
if (ret == NULL)
goto end;
if (j > 128) /* too big to cache */
{
# if 0
/* If we were trying to make this function thread-safe (which
* is bound to fail), we'd have to give up in this case
* (or allocate more memory). */
#if 0 /* If we were trying to make this function thread-safe (which
* is bound to fail), we'd have to give up in this case
* (or allocate more memory). */
ret = NULL;
# endif
#endif
goto end;
}
@@ -431,14 +421,12 @@ struct hostent *BIO_gethostbyname(const char *name)
ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
}
end:
# if 0
#if 0
CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
# endif
return(ret);
#endif
return(ret);
}
int BIO_sock_init(void)
{
#ifdef WINDOWS
@@ -531,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
{
int ret=0;
struct sockaddr_in server,client;
int s=INVALID_SOCKET,cs;
int s= -1,cs;
unsigned char ip[4];
unsigned short port;
char *str=NULL,*e;
char *str,*e;
const char *h,*p;
unsigned long l;
int err_num;
if (BIO_sock_init() != 1) return(INVALID_SOCKET);
if (!BIO_sock_init()) return(INVALID_SOCKET);
if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
@@ -565,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
h="*";
}
if (!BIO_get_port(p,&port)) goto err;
if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
memset((char *)&server,0,sizeof(server));
server.sin_family=AF_INET;
@@ -575,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
server.sin_addr.s_addr=INADDR_ANY;
else
{
if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
l=(unsigned long)
((unsigned long)ip[0]<<24L)|
((unsigned long)ip[1]<<16L)|

2
crypto/bio/bf_buff.c
View File

@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int buffer_new(BIO *h);
static int buffer_free(BIO *data);
static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
#define DEFAULT_BUFFER_SIZE 4096
#define DEFAULT_BUFFER_SIZE 1024
static BIO_METHOD methods_buffer=
{

12
crypto/bio/bf_lbuf.c
View File

@@ -200,7 +200,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
}
}
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, "<*<", 3);
#endif
i=BIO_write(b->next_bio,
@@ -210,13 +210,13 @@ BIO_write(b->next_bio, "<*<", 3);
ctx->obuf_len = orig_olen;
BIO_copy_next_retry(b);
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, ">*>", 3);
#endif
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, ">*>", 3);
#endif
if (i < ctx->obuf_len)
@@ -229,20 +229,20 @@ BIO_write(b->next_bio, ">*>", 3);
buffer if a NL was found and there is anything to write. */
if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
{
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, "<*<", 3);
#endif
i=BIO_write(b->next_bio,in,p - in);
if (i <= 0)
{
BIO_copy_next_retry(b);
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, ">*>", 3);
#endif
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}
#if 0
#ifdef DEBUG
BIO_write(b->next_bio, ">*>", 3);
#endif
num+=i;

2
crypto/bio/bf_nbio.c
View File

@@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
{
NBIO_TEST *nt;
if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
nt->lrn= -1;
nt->lwn= -1;
bi->ptr=(char *)nt;

10
crypto/bio/bio.h
View File

@@ -356,8 +356,8 @@ typedef struct bio_f_buffer_ctx_struct
#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -431,7 +431,7 @@ int BIO_read_filename(BIO *b,const char *name);
#define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
#define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
@@ -588,6 +588,8 @@ int BIO_sock_init(void );
void BIO_sock_cleanup(void);
int BIO_set_tcp_ndelay(int sock,int turn_on);
void ERR_load_BIO_strings(void );
BIO *BIO_new_socket(int sock, int close_flag);
BIO *BIO_new_fd(int fd, int close_flag);
BIO *BIO_new_connect(char *host_port);
@@ -613,7 +615,6 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_BIO_strings(void);
/* Error codes for the BIO functions. */
@@ -683,3 +684,4 @@ void ERR_load_BIO_strings(void);
}
#endif
#endif

23
crypto/bio/bss_bio.c
View File

@@ -7,18 +7,9 @@
* for which no specific BIO method is available.
* See ssl/ssltest.c for some hints on how this can be used. */
/* BIO_DEBUG implies BIO_PAIR_DEBUG */
#ifdef BIO_DEBUG
# ifndef BIO_PAIR_DEBUG
# define BIO_PAIR_DEBUG
# endif
#endif
/* disable assert() unless BIO_PAIR_DEBUG has been defined */
#ifndef BIO_PAIR_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
# undef NDEBUG /* avoid conflicting definitions */
# define NDEBUG
#endif
#include <assert.h>
@@ -32,12 +23,7 @@
#include <openssl/crypto.h>
#include "openssl/e_os.h"
/* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
#if defined(VXWORKS)
# undef SSIZE_MAX
# define SSIZE_MAX INT_MAX
#elif !defined(SSIZE_MAX)
#ifndef SSIZE_MAX
# define SSIZE_MAX INT_MAX
#endif
@@ -488,8 +474,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_C_GET_WRITE_BUF_SIZE:
ret = (long) b->size;
break;
num = (long) b->size;
case BIO_C_MAKE_BIO_PAIR:
{

2
crypto/bio/bss_log.c
View File

@@ -75,7 +75,7 @@
# include <starlet.h>
#elif defined(__ultrix)
# include <sys/syslog.h>
#elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
#elif !defined(MSDOS) /* Unix */
# include <syslog.h>
#endif

Some files were not shown because too many files have changed in this diff Show More