Compare commits
358 Commits
main
...
OpenSSL-en
Author | SHA1 | Date | |
---|---|---|---|
|
2f81b64db8 | ||
|
3001755d45 | ||
|
46e9a49165 | ||
|
df257306e3 | ||
|
d994be0508 | ||
|
6095252cf5 | ||
|
20d26fbd12 | ||
|
85994a9572 | ||
|
36800c36d6 | ||
|
c08c1f76bc | ||
|
29348d3c5c | ||
|
649ce0516a | ||
|
2f1d799c7f | ||
|
e7534d6060 | ||
|
91de3e1952 | ||
|
afa0a96b79 | ||
|
0a4110c8ff | ||
|
d1914bf7d2 | ||
|
b2ffd608e6 | ||
|
d54d6871f8 | ||
|
99ed4cbb03 | ||
|
d8dae0ea36 | ||
|
69410cf5eb | ||
|
8e4b4e10bf | ||
|
166f9b6f39 | ||
|
23f26503d1 | ||
|
093879e8be | ||
|
0f4d260782 | ||
|
db0edbb745 | ||
|
3ef63bcc6b | ||
|
980645e55e | ||
|
9d55e76dd6 | ||
|
fd509d6da5 | ||
|
7fd79b9858 | ||
|
df0017f290 | ||
|
7552d2ebc3 | ||
|
5aeaff0bc0 | ||
|
345d8d572c | ||
|
966eac3dbd | ||
|
a4348a3cd1 | ||
|
b841fc03e7 | ||
|
53fd7688ee | ||
|
5949e8e1dd | ||
|
c4157adf1e | ||
|
8aac6ad0f2 | ||
|
4ff15ba5e9 | ||
|
acc6c94a65 | ||
|
2e824f0444 | ||
|
2b4a238b5b | ||
|
f0c5491e9e | ||
|
c086616c3e | ||
|
f87ab7a42d | ||
|
696335ab46 | ||
|
322f190a18 | ||
|
c4a150c242 | ||
|
a3c5420b28 | ||
|
c99f9b8ff3 | ||
|
22b3a95d5c | ||
|
63e86149c1 | ||
|
ca8f05d093 | ||
|
b0fc31b390 | ||
|
6ceffdd121 | ||
|
9c8fd367c4 | ||
|
78a0aebbd8 | ||
|
14f4feb05b | ||
|
3ba2b94a6b | ||
|
53b80e2e43 | ||
|
7fff663991 | ||
|
3df44c0571 | ||
|
7d5376fdae | ||
|
7c99da56cf | ||
|
311d8d84bd | ||
|
8fd54b07a8 | ||
|
3ae068316b | ||
|
fd1c27897c | ||
|
c4a24b13f3 | ||
|
bb298120c9 | ||
|
c3bfe3f4cb | ||
|
d84a727178 | ||
|
e463adeff8 | ||
|
e39238e403 | ||
|
ecdf154993 | ||
|
5d92a7bef1 | ||
|
8246c0607a | ||
|
bfce617770 | ||
|
1ce60f02d3 | ||
|
bb34d6de74 | ||
|
89918b5c17 | ||
|
46859bf421 | ||
|
6cae350ad1 | ||
|
cfebe39d42 | ||
|
eb80f91278 | ||
|
7a0c6536e2 | ||
|
b5b000d77e | ||
|
6c2650a6fc | ||
|
e2cdf9c994 | ||
|
290416db2a | ||
|
ff192dce10 | ||
|
8b98de6653 | ||
|
951d8e0d6b | ||
|
b99e18bbec | ||
|
49b10f72ec | ||
|
23f0541263 | ||
|
64ed18ef20 | ||
|
72645b83bb | ||
|
b57e656095 | ||
|
2551fc047c | ||
|
a0f6331507 | ||
|
71aa7c586b | ||
|
7462f2644c | ||
|
69043fa13f | ||
|
e0b110267d | ||
|
8f1e8d274e | ||
|
a09d349071 | ||
|
e27fd320fc | ||
|
66ae107a14 | ||
|
32e692ce07 | ||
|
a5232ab0a0 | ||
|
d2f64ef725 | ||
|
842931098f | ||
|
a7a71d0ec9 | ||
|
faff87fd64 | ||
|
46ca653c83 | ||
|
c1fb6557e5 | ||
|
7525ac5aba | ||
|
4b3d91f350 | ||
|
6175b37578 | ||
|
d007411335 | ||
|
9a78b3db52 | ||
|
d553eb9616 | ||
|
e874ee0850 | ||
|
c20f373558 | ||
|
192060947c | ||
|
c14688ec73 | ||
|
ff0a0c46a7 | ||
|
c568a9820a | ||
|
493de5ad2a | ||
|
b76b87fdf5 | ||
|
30bd8e3e1f | ||
|
b98a984294 | ||
|
dac7098464 | ||
|
56cf45f968 | ||
|
b435c38af2 | ||
|
5ec27eacf0 | ||
|
30b5ce14d8 | ||
|
ed2f196afe | ||
|
b860878edc | ||
|
362771f880 | ||
|
88e89f9022 | ||
|
41aad62a78 | ||
|
3964db29c4 | ||
|
e4f165e71e | ||
|
60a9cbdf28 | ||
|
d3948ca262 | ||
|
85939d5dd7 | ||
|
532fd8ee1c | ||
|
fb3af5c813 | ||
|
6d6846417f | ||
|
47892635ad | ||
|
5b9b38f0c9 | ||
|
d8e2daf1e0 | ||
|
be29c93cf4 | ||
|
6e19a04080 | ||
|
91102def2e | ||
|
35933d170d | ||
|
270c75c2b1 | ||
|
9f44f4a081 | ||
|
37749c8872 | ||
|
dae0b520a0 | ||
|
f1a185a04a | ||
|
60f3f6ac2e | ||
|
595241e17f | ||
|
c6d14d26fd | ||
|
832e09cd23 | ||
|
879d789a42 | ||
|
07ad3257fc | ||
|
c02efd954d | ||
|
b26f6ee5f2 | ||
|
b5719e9673 | ||
|
f56412e895 | ||
|
26e922fc7f | ||
|
edcace97a8 | ||
|
8d5c834b34 | ||
|
b0eda65f1c | ||
|
2395368e7f | ||
|
95c0f198a7 | ||
|
947a85d022 | ||
|
da904c9cef | ||
|
c3970428ac | ||
|
b1d9279a41 | ||
|
c7d827fc90 | ||
|
37fe697597 | ||
|
d8616888ee | ||
|
5aa14f636f | ||
|
7b24a1a33b | ||
|
393a9b68cf | ||
|
4ae5099856 | ||
|
5c36f01000 | ||
|
6ef9d8328b | ||
|
5a9c441c6e | ||
|
d69d8b5ffa | ||
|
9aef355cf0 | ||
|
11f3f9f4a1 | ||
|
ef9088c9ec | ||
|
422830e17b | ||
|
ac0d075faa | ||
|
53195ba215 | ||
|
6b4580887e | ||
|
4c37da8051 | ||
|
381798377e | ||
|
ffade5fb96 | ||
|
0294674b44 | ||
|
771c8a7ce5 | ||
|
a307eeba84 | ||
|
1fbc936cca | ||
|
ac63f88790 | ||
|
ecfb406f1e | ||
|
df9badad4c | ||
|
c4af8daf34 | ||
|
b4ac8b1e0a | ||
|
adccc4cc7e | ||
|
bbc89d2e1f | ||
|
1e6c9fc26f | ||
|
3d4bb90138 | ||
|
c540bd2851 | ||
|
6ad0776236 | ||
|
ca7fcc65ef | ||
|
cd9bed6d1d | ||
|
c80abb148d | ||
|
757ab9b506 | ||
|
868af8e4be | ||
|
e100946038 | ||
|
5209202f3b | ||
|
73701c27b3 | ||
|
4ef897d1fc | ||
|
19a5e404cb | ||
|
e3f527177b | ||
|
f09a419c6a | ||
|
f4bdbfea66 | ||
|
f00ba75c69 | ||
|
47dc5a1321 | ||
|
3476515195 | ||
|
e1db7a5e30 | ||
|
4839df4061 | ||
|
9cfb6bbd29 | ||
|
27f00db152 | ||
|
a9c33b529e | ||
|
5deb47f12a | ||
|
775c289db5 | ||
|
099f5bfeba | ||
|
103a604932 | ||
|
12f49bd79d | ||
|
4b250a3d25 | ||
|
c200ff0446 | ||
|
a7ce1f0514 | ||
|
4cae3ac371 | ||
|
63ccddf717 | ||
|
ce6990739e | ||
|
42cc160301 | ||
|
0e61cfff53 | ||
|
f77600524f | ||
|
ebcdd0c43e | ||
|
8de7587e02 | ||
|
90ac586317 | ||
|
15c0fb18a2 | ||
|
f30839ecaa | ||
|
eb31944f81 | ||
|
0dcf7fd543 | ||
|
02539402af | ||
|
2be9694116 | ||
|
b46ba9b1bc | ||
|
8e1ec9fb37 | ||
|
dc005a7367 | ||
|
da867a51a0 | ||
|
25814b9690 | ||
|
0fc7c5010d | ||
|
166e1f304b | ||
|
ef413a7ee8 | ||
|
dcd4d341e1 | ||
|
61b337bd22 | ||
|
06b71aec85 | ||
|
527cc9841c | ||
|
6901ba7dc8 | ||
|
ab13064406 | ||
|
192295a094 | ||
|
7dfded5c26 | ||
|
28b3b4c6e6 | ||
|
acab12fbe3 | ||
|
1ba5b1b530 | ||
|
d786112124 | ||
|
bdecf23415 | ||
|
03ef63ba69 | ||
|
cb9c5dc571 | ||
|
a6f8bbcad9 | ||
|
9f10f9beeb | ||
|
a46229b43f | ||
|
c7a48d3d00 | ||
|
9188480827 | ||
|
2b912846b9 | ||
|
854067e8e4 | ||
|
eb2f937b93 | ||
|
64c4f5732d | ||
|
f3052a9eee | ||
|
e1e9ead6fb | ||
|
5ac85984ec | ||
|
e11b297730 | ||
|
48555cf0fc | ||
|
ae02fc5348 | ||
|
93e147dd32 | ||
|
3257904c56 | ||
|
2a7619d762 | ||
|
70d03c4f59 | ||
|
5971d37400 | ||
|
d813a428a7 | ||
|
3b2972d8d9 | ||
|
2165d91196 | ||
|
fc99c92835 | ||
|
1dde74f229 | ||
|
665b5ab5a7 | ||
|
13232559fc | ||
|
1b2f8b6e2a | ||
|
ccd98b43ed | ||
|
d32e8acf08 | ||
|
d8c4d0e819 | ||
|
b215f70a0e | ||
|
7ed20a2158 | ||
|
6c62150674 | ||
|
aa23a57918 | ||
|
8e2c277353 | ||
|
f18ef82a9f | ||
|
cc015c48db | ||
|
9a4051050c | ||
|
4c4ea428cc | ||
|
28e94dc70d | ||
|
f812743544 | ||
|
87f3435f78 | ||
|
86787f93d6 | ||
|
05d909c549 | ||
|
d44c7dcf00 | ||
|
5decfb7002 | ||
|
50008364a6 | ||
|
6a1129837a | ||
|
20ca3d49e7 | ||
|
f156d5495d | ||
|
96d7e0ece7 | ||
|
974e22704d | ||
|
835475a2d6 | ||
|
a26f2b5e62 | ||
|
67e08eb185 | ||
|
0b4cb28f39 | ||
|
9c5ed502ee | ||
|
6111f7408b | ||
|
b6577e040e | ||
|
bb51f21728 | ||
|
0e0e569cbf | ||
|
71c8e9f1c3 | ||
|
e759b095d4 | ||
|
afa0598f06 |
@ -1,4 +1,3 @@
|
||||
openssl.pc
|
||||
Makefile.ssl
|
||||
MINFO
|
||||
makefile.one
|
||||
|
81
FAQ
81
FAQ
@ -30,7 +30,6 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why can't I use OpenSSL certificates with SSL client authentication?
|
||||
* Why does my browser give a warning about a mismatched hostname?
|
||||
* How do I install a CA certificate into a browser?
|
||||
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
||||
|
||||
[BUILD] Questions about building and testing OpenSSL
|
||||
|
||||
@ -42,10 +41,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why does the OpenSSL compilation fail with "ar: command not found"?
|
||||
* Why does the OpenSSL compilation fail on Win32 with VC++?
|
||||
* What is special about OpenSSL on Redhat?
|
||||
* Why does the OpenSSL compilation fail on MacOS X?
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
||||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
||||
|
||||
[PROG] Questions about programming with OpenSSL
|
||||
|
||||
@ -59,7 +55,6 @@ OpenSSL - Frequently Asked Questions
|
||||
* Why can't the OpenSSH configure script detect OpenSSL?
|
||||
* Can I use OpenSSL's SSL library with non-blocking I/O?
|
||||
* Why doesn't my server application receive a client certificate?
|
||||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
||||
|
||||
===============================================================================
|
||||
|
||||
@ -68,7 +63,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.7c was released on September 30, 2003.
|
||||
OpenSSL 0.9.7d was released on March 17, 2004.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -116,11 +111,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
|
||||
|
||||
* Where can I get a compiled version of OpenSSL?
|
||||
|
||||
You can finder pointers to binary distributions in
|
||||
http://www.openssl.org/related/binaries.html .
|
||||
|
||||
Some applications that use OpenSSL are distributed in binary form.
|
||||
When using such an application, you don't need to install OpenSSL
|
||||
yourself; the application will include the required parts (e.g. DLLs).
|
||||
|
||||
If you want to install OpenSSL on a Windows system and you don't have
|
||||
If you want to build OpenSSL on a Windows system and you don't have
|
||||
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
|
||||
on how to obtain and install the free GNU C compiler.
|
||||
|
||||
@ -370,13 +368,6 @@ DO NOT DO THIS! This command will give away your CAs private key and
|
||||
reduces its security to zero: allowing anyone to forge certificates in
|
||||
whatever name they choose.
|
||||
|
||||
* Why is OpenSSL x509 DN output not conformant to RFC2253?
|
||||
|
||||
The ways to print out the oneline format of the DN (Distinguished Name) have
|
||||
been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
|
||||
interface, the "-nameopt" option could be introduded. See the manual
|
||||
page of the "openssl x509" commandline tool for details. The old behaviour
|
||||
has however been left as default for the sake of compatibility.
|
||||
|
||||
[BUILD] =======================================================================
|
||||
|
||||
@ -490,13 +481,10 @@ and then redo the compilation. What you should really do is make sure
|
||||
Sometimes, you may get reports from VC++ command line (cl) that it
|
||||
can't find standard include files like stdio.h and other weirdnesses.
|
||||
One possible cause is that the environment isn't correctly set up.
|
||||
To solve that problem for VC++ versions up to 6, one should run
|
||||
VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
|
||||
installation directory (somewhere under 'Program Files'). For VC++
|
||||
version 7 (and up?), which is also called VS.NET, the file is called
|
||||
VSVARS32.BAT instead.
|
||||
This needs to be done prior to running NMAKE, and the changes are only
|
||||
valid for the current DOS session.
|
||||
To solve that problem, one should run VCVARS32.BAT which is found in
|
||||
the 'bin' subdirectory of the VC++ installation directory (somewhere
|
||||
under 'Program Files'). This needs to be done prior to running NMAKE,
|
||||
and the changes are only valid for the current DOS session.
|
||||
|
||||
|
||||
* What is special about OpenSSL on Redhat?
|
||||
@ -532,18 +520,6 @@ IDEA: 5,214,703 25/05/2010
|
||||
RC5: 5,724,428 03/03/2015
|
||||
|
||||
|
||||
* Why does the OpenSSL compilation fail on MacOS X?
|
||||
|
||||
If the failure happens when trying to build the "openssl" binary, with
|
||||
a large number of undefined symbols, it's very probable that you have
|
||||
OpenSSL 0.9.6b delivered with the operating system (you can find out by
|
||||
running '/usr/bin/openssl version') and that you were trying to build
|
||||
OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
|
||||
MacOS X has a misfeature that's quite difficult to go around.
|
||||
Look in the file PROBLEMS for a more detailed explanation and for possible
|
||||
solutions.
|
||||
|
||||
|
||||
* Why does the OpenSSL test suite fail on MacOS X?
|
||||
|
||||
If the failure happens when running 'make test' and the RC4 test fails,
|
||||
@ -557,37 +533,6 @@ libraries you just built.
|
||||
Look in the file PROBLEMS for a more detailed explanation and for possible
|
||||
solutions.
|
||||
|
||||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
|
||||
|
||||
Failure in BN_sqr test is most likely caused by a failure to configure the
|
||||
toolkit for current platform or lack of support for the platform in question.
|
||||
Run './config -t' and './apps/openssl version -p'. Do these platform
|
||||
identifiers match? If they don't, then you most likely failed to run
|
||||
./config and you're hereby advised to do so before filing a bug report.
|
||||
If ./config itself fails to run, then it's most likely problem with your
|
||||
local environment and you should turn to your system administrator (or
|
||||
similar). If identifiers match (and/or no alternative identifier is
|
||||
suggested by ./config script), then the platform is unsupported. There might
|
||||
or might not be a workaround. Most notably on SPARC64 platforms with GNU
|
||||
C compiler you should be able to produce a working build by running
|
||||
'./config -m32'. I understand that -m32 might not be what you want/need,
|
||||
but the build should be operational. For further details turn to
|
||||
<openssl-dev@openssl.org>.
|
||||
|
||||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
|
||||
|
||||
As of 0.9.7 assembler routines were overhauled for position independence
|
||||
of the machine code, which is essential for shared library support. For
|
||||
some reason OpenBSD is equipped with an out-of-date GNU assembler which
|
||||
finds the new code offensive. To work around the problem, configure with
|
||||
no-asm (and sacrifice a great deal of performance) or patch your assembler
|
||||
according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
|
||||
For your convenience a pre-compiled replacement binary is provided at
|
||||
<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
|
||||
Reportedly elder *BSD a.out platforms also suffer from this problem and
|
||||
remedy should be same. Provided binary is statically linked and should be
|
||||
working across wider range of *BSD branches, not just OpenBSD.
|
||||
|
||||
[PROG] ========================================================================
|
||||
|
||||
* Is OpenSSL thread-safe?
|
||||
@ -754,13 +699,5 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
|
||||
SSL_CTX_set_verify() function to enable the use of client certificates.
|
||||
|
||||
|
||||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
|
||||
|
||||
For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
|
||||
versions, uniqueIdentifier was incorrectly used for X.509 certificates.
|
||||
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
|
||||
Change your code to use the new name when compiling against OpenSSL 0.9.7.
|
||||
|
||||
|
||||
===============================================================================
|
||||
|
||||
|
46
INSTALL
46
INSTALL
@ -2,12 +2,8 @@
|
||||
INSTALLATION ON THE UNIX PLATFORM
|
||||
---------------------------------
|
||||
|
||||
[Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
|
||||
and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
|
||||
INSTALL.MacOS and INSTALL.NW.
|
||||
|
||||
This document describes installation on operating systems in the Unix
|
||||
family.]
|
||||
[Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
|
||||
in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
|
||||
|
||||
To install OpenSSL, you will need:
|
||||
|
||||
@ -57,20 +53,14 @@
|
||||
This will usually require additional system-dependent options!
|
||||
See "Note on multi-threading" below.
|
||||
|
||||
no-zlib Don't try to build with support for zlib compression and
|
||||
decompression.
|
||||
|
||||
zlib Build with support for zlib compression/decompression.
|
||||
|
||||
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
|
||||
when needed. This is only supported on systems where loading
|
||||
of shared libraries is supported. This is the default choice.
|
||||
|
||||
no-shared Don't try to create shared libraries.
|
||||
|
||||
shared In addition to the usual static libraries, create shared
|
||||
libraries on platforms where it's supported. See "Note on
|
||||
shared libraries" below.
|
||||
shared libraries" below. THIS IS NOT RECOMMENDED! Since
|
||||
this is a development branch, the positions of the ENGINE
|
||||
symbols in the transfer vector are constantly moving, so
|
||||
binary backward compatibility can't be guaranteed in any way.
|
||||
|
||||
no-asm Do not use assembler code.
|
||||
|
||||
@ -160,7 +150,7 @@
|
||||
If a test fails, look at the output. There may be reasons for
|
||||
the failure that isn't a problem in OpenSSL itself (like a missing
|
||||
or malfunctioning bc). If it is a problem with OpenSSL itself,
|
||||
try removing any compiler optimization flags from the CFLAG line
|
||||
try removing any compiler optimization flags from the CFLAGS line
|
||||
in Makefile.ssl and run "make clean; make". Please send a bug
|
||||
report to <openssl-bugs@openssl.org>, including the output of
|
||||
"make report" in order to be added to the request tracker at
|
||||
@ -310,25 +300,3 @@
|
||||
to install additional support software to obtain random seed.
|
||||
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
|
||||
and the FAQ for more information.
|
||||
|
||||
Note on support for multiple builds
|
||||
-----------------------------------
|
||||
|
||||
OpenSSL is usually built in it's source tree. Unfortunately, this doesn't
|
||||
support building for multiple platforms from the same source tree very well.
|
||||
It is however possible to build in a separate tree through the use of lots
|
||||
of symbolic links, which should be prepared like this:
|
||||
|
||||
mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
|
||||
cd objtree/"`uname -s`-`uname -r`-`uname -m`"
|
||||
(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
|
||||
mkdir -p `dirname $F`
|
||||
rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
|
||||
echo $F '->' $OPENSSL_SOURCE/$F
|
||||
done
|
||||
make -f Makefile.org clean
|
||||
|
||||
OPENSSL_SOURCE is an environment variable that contains the absolute (this
|
||||
is important!) path to the OpenSSL source tree.
|
||||
|
||||
Also, operations like 'make update' should still be made in the source tree.
|
||||
|
@ -1,34 +0,0 @@
|
||||
|
||||
|
||||
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
|
||||
-------------------------------------------
|
||||
|
||||
Openssl has been ported to DOS, but only with long filename support. If
|
||||
you wish to compile on native DOS with 8+3 filenames, you will have to
|
||||
tweak the installation yourself, including renaming files with illegal
|
||||
or duplicate names.
|
||||
|
||||
You should have a full DJGPP environment installed, including the
|
||||
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
|
||||
requires that PERL and BC also be installed.
|
||||
|
||||
All of these can be obtained from the usual DJGPP mirror sites, such
|
||||
as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
|
||||
have the WATT-32 networking package installed before you try to compile
|
||||
openssl. This can be obtained from "http://www.bgnett.no/~giva/".
|
||||
The Makefile assumes that the WATT-32 code is in the directory
|
||||
specified by the environment variable WATT_ROOT. If you have watt-32
|
||||
in directory "watt32" under your main DJGPP directory, specify
|
||||
WATT_ROOT="/dev/env/DJDIR/watt32".
|
||||
|
||||
To compile openssl, start your BASH shell. Then configure for DOS by
|
||||
running "./Configure" with appropriate arguments. The basic syntax for
|
||||
DOS is:
|
||||
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
|
||||
|
||||
You may run out of DPMI selectors when running in a DOS box under
|
||||
Windows. If so, just close the BASH shell, go back to Windows, and
|
||||
restart BASH. Then run "make" again.
|
||||
|
||||
Building openssl under DJGPP has been tested with DJGPP 2.03,
|
||||
GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
|
@ -32,17 +32,17 @@ Installation procedure:
|
||||
to 42, change appropriately.
|
||||
(**) If you use SUNtar, then it might have already unbinhexed the files
|
||||
in question.
|
||||
(***) The project file was saved with CW Pro 5.3. If you have an earlier
|
||||
(***) The project file was saved with CW Pro 5.3. If you have earlier
|
||||
version and it refuses to open it, then download
|
||||
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
|
||||
overwriting the original OpenSSL.mcp.
|
||||
(****) Other targets are works in progress. If you feel like giving 'em a
|
||||
(****) Other targets are work in progress. If you feel like giving 'em a
|
||||
shot, then you should know that OpenSSL* and Lib* targets are
|
||||
supposed to be built with the GUSI, MacOS library which mimics
|
||||
BSD sockets and some other POSIX APIs. The GUSI distribution is
|
||||
expected to be found in the same directory as the openssl source tree,
|
||||
i.e., in the parent directory to the one where this very file,
|
||||
namely INSTALL.MacOS, resides. For more information about GUSI, see
|
||||
expected to be found in the same directory as openssl source tree,
|
||||
i.e. in the parent directory to the one where this very file,
|
||||
namely INSTALL.MacOS. For more information about GUSI, see
|
||||
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
|
||||
|
||||
Finally some essential comments from our generous contributor:-)
|
||||
|
437
INSTALL.NW
437
INSTALL.NW
@ -1,437 +0,0 @@
|
||||
|
||||
INSTALLATION ON THE NETWARE PLATFORM
|
||||
------------------------------------
|
||||
|
||||
Notes about building OpenSSL for NetWare.
|
||||
|
||||
|
||||
BUILD PLATFORM:
|
||||
---------------
|
||||
The build scripts (batch files, perl scripts, etc) have been developed and
|
||||
tested on W2K. The scripts should run fine on other Windows
|
||||
platforms (NT, Win9x, WinXP) but they haven't been tested. They may require
|
||||
some modifications.
|
||||
|
||||
|
||||
Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
|
||||
------------------------------------------
|
||||
OpenSSL uses the WinSock interfaces introduced in NetWare 5. Therefore,
|
||||
previous versions of NetWare, 4.x and 3.x, are not supported.
|
||||
|
||||
On NetWare there are two c-runtime libraries. There is the legacy CLIB
|
||||
interfaces and the newer LibC interfaces. Being ANSI-C libraries, the
|
||||
functionality in CLIB and LibC is similar but the LibC interfaces are built
|
||||
using Novell Kernal Services (NKS) which is designed to leverage
|
||||
multi-processor environments.
|
||||
|
||||
The NetWare port of OpenSSL can configured to build using CLIB or LibC. The
|
||||
CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LibC
|
||||
build was developed and tested using the NetWare 6.0 FCS.
|
||||
|
||||
The necessary LibC functionality ships with NetWare 6. However, earlier
|
||||
NetWare 5.x versions will require updates in order to run the OpenSSL LibC
|
||||
build.
|
||||
|
||||
|
||||
REQUIRED TOOLS:
|
||||
---------------
|
||||
Based upon the configuration and build options used, some or all of the
|
||||
following tools may be required:
|
||||
|
||||
|
||||
* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
|
||||
Used to run the various perl scripts on the build platform.
|
||||
|
||||
|
||||
* Perl 5.8.0 for NetWare v3.20 (or later) - required
|
||||
(http://developer.novell.com) Used to run the test script on NetWare
|
||||
after building.
|
||||
|
||||
|
||||
* Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare - required:
|
||||
Provides command line tools used for building.
|
||||
|
||||
Tools:
|
||||
mwccnlm.exe - C/C++ Compiler for NetWare
|
||||
mwldnlm.exe - Linker for NetWare
|
||||
mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
|
||||
|
||||
|
||||
* Assemblers - optional:
|
||||
If you intend to build using the assembly options you will need an
|
||||
assembler. Work has been completed to support two assemblers, Metrowerks
|
||||
and NASM. However, during development, a bug was found in the Metrowerks
|
||||
assembler which generates incorrect code. Until this problem is fixed,
|
||||
the Metrowerks assembler cannot be used.
|
||||
|
||||
mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
|
||||
(version 2.2 Built Aug 23, 1999 - not useable due to code
|
||||
generation bug)
|
||||
|
||||
nasmw.exe - Netwide Assembler NASM
|
||||
version 0.98 was used in development and testing
|
||||
|
||||
* Make Tool - required:
|
||||
In order to build you will need a make tool. Two make tools are
|
||||
supported, GNU make (gmake.exe) or Microsoft nmake.exe.
|
||||
|
||||
gmake.exe - GNU make for Windows (version 3.75 used for development)
|
||||
http://www.gnu.org/software/make/make.html
|
||||
|
||||
nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
|
||||
|
||||
|
||||
* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
|
||||
|
||||
CLIB - BUILDS:
|
||||
|
||||
WinSock2 Developer Components for NetWare:
|
||||
For initial development, the October 27, 2000 version was used.
|
||||
However, future versions should also work.
|
||||
|
||||
NOTE: The WinSock2 components include headers & import files for
|
||||
NetWare, but you will also need the winsock2.h and supporting
|
||||
headers (pshpack4.h, poppack.h, qos.h) delivered in the
|
||||
Microsoft SDK. Note: The winsock2.h support headers may change
|
||||
with various versions of winsock2.h. Check the dependencies
|
||||
section on the NDK WinSock2 download page for the latest
|
||||
information on dependencies.
|
||||
|
||||
|
||||
NLM and NetWare libraries for C (including CLIB and XPlat):
|
||||
If you are going to build a CLIB version of OpenSSL, you will
|
||||
need the CLIB headers and imports. The March, 2001 NDK release or
|
||||
later is recommended.
|
||||
|
||||
Earlier versions should work but haven't been tested. In recent
|
||||
versions the import files have been consolidated and function
|
||||
names moved. This means you may run into link problems
|
||||
(undefined symbols) when using earlier versions. The functions
|
||||
are available in earlier versions, but you will have to modifiy
|
||||
the make files to include additional import files (see
|
||||
openssl\util\pl\netware.pl).
|
||||
|
||||
|
||||
LIBC - BUILDS:
|
||||
|
||||
Libraries for C (LibC) - LibC headers and import files
|
||||
If you are going to build a LibC version of OpenSSL, you will
|
||||
need the LibC headers and imports. The March 14, 2002 NDK release or
|
||||
later is required.
|
||||
|
||||
NOTE: The LibC SDK includes the necessary WinSock2 support. It
|
||||
It is not necessary to download the WinSock2 Developer when building
|
||||
for LibC.
|
||||
|
||||
|
||||
BUILDING:
|
||||
---------
|
||||
Before building, you will need to set a few environment variables. You can
|
||||
set them manually or you can modify the "netware\set_env.bat" file.
|
||||
|
||||
The set_env.bat file is a template you can use to set up the path
|
||||
and environment variables you will need to build. Modify the
|
||||
various lines to point to YOUR tools and run set_env.bat.
|
||||
|
||||
netware\set_env.bat [target]
|
||||
|
||||
target - "netware-clib" - CLib NetWare build
|
||||
- "netware-libc" - LibC NetWare build
|
||||
|
||||
If you don't use set_env.bat, you will need to set up the following
|
||||
environment variables:
|
||||
|
||||
path - Set path to point to the tools you will use.
|
||||
|
||||
MWCIncludes - The location of the NDK include files.
|
||||
|
||||
CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
|
||||
LibC ex: set MWCIncludes=c:\ndk\libc\include
|
||||
|
||||
PRELUDE - The absolute path of the prelude object to link with. For
|
||||
a CLIB build it is recommended you use the "nwpre.obj" file shipped
|
||||
with the Metrowerks PDK for NetWare. For a LibC build you should
|
||||
use the "libcpre.o" file delivered with the LibC NDK components.
|
||||
|
||||
CLIB ex: set PRELUDE=c:\codewar\novell support\metrowerks support\
|
||||
libraries\runtime\nwpre.obj
|
||||
|
||||
LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
|
||||
|
||||
IMPORTS - The locaton of the NDK import files.
|
||||
|
||||
CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
|
||||
LibC ex: set IMPORTS=c:\ndk\libc\imports
|
||||
|
||||
|
||||
In order to build, you need to run the Perl scripts to configure the build
|
||||
process and generate a make file. There is a batch file,
|
||||
"netware\build.bat", to automate the process.
|
||||
|
||||
Build.bat runs the build configuration scripts and generates a make file.
|
||||
If an assembly option is specified, it also runs the scripts to generate
|
||||
the assembly code. Always run build.bat from the "openssl" directory.
|
||||
|
||||
netware\build [target] [debug opts] [assembly opts] [configure opts]
|
||||
|
||||
target - "netware-clib" - CLib NetWare build
|
||||
- "netware-libc" - LibC NetWare build
|
||||
|
||||
debug opts - "debug" - build debug
|
||||
|
||||
assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
"nw-nasm" - use NASM assembler
|
||||
"no-asm" - don't use assembly
|
||||
|
||||
configure opts- all unrecognized arguments are passed to the
|
||||
perl configure script
|
||||
|
||||
examples:
|
||||
|
||||
CLIB build, debug, without assembly:
|
||||
netware\build.bat netware-clib debug no-asm
|
||||
|
||||
LibC build, non-debug, using NASM assembly:
|
||||
netware\build.bat netware-libc nw-nasm
|
||||
|
||||
Running build.bat generates a make file to be processed by your make
|
||||
tool (gmake or nmake):
|
||||
|
||||
CLIB ex: gmake -f netware\nlm_clib.mak
|
||||
LibC ex: gmake -f netware\nlm_libc.mak
|
||||
|
||||
|
||||
You can also run the build scripts manually if you do not want to use the
|
||||
build.bat file. Run the following scripts in the "\openssl"
|
||||
subdirectory (in the order listed below):
|
||||
|
||||
perl configure no-asm [other config opts] [netware-clib|netware-libc]
|
||||
configures no assembly build for specified netware environment
|
||||
(CLIB or LibC).
|
||||
|
||||
perl util\mkfiles.pl >MINFO
|
||||
generates a listing of source files (used by mk1mf)
|
||||
|
||||
perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak
|
||||
generates the makefile for NetWare
|
||||
|
||||
gmake -f netware\nlm.mak
|
||||
build with the make tool (nmake.exe also works)
|
||||
|
||||
NOTE: If you are building using the assembly option, you must also run the
|
||||
various Perl scripts to generate the assembly files. See build.bat
|
||||
for an example of running the various assembly scripts. You must use the
|
||||
"no-asm" option to build without assembly. The configure and mk1mf scripts
|
||||
also have various other options. See the scripts for more information.
|
||||
|
||||
|
||||
The output from the build is placed in the following directories:
|
||||
|
||||
CLIB Debug build:
|
||||
out_nw_clib.dbg - static libs & test nlm(s)
|
||||
tmp_nw_clib.dbg - temporary build files
|
||||
outinc_nw_clib - necessary include files
|
||||
|
||||
CLIB Non-debug build:
|
||||
out_nw_clib - static libs & test nlm(s)
|
||||
tmp_nw_clib - temporary build files
|
||||
outinc_nw_clib - necesary include files
|
||||
|
||||
LibC Debug build:
|
||||
out_nw_libc.dbg - static libs & test nlm(s)
|
||||
tmp_nw_libc.dbg - temporary build files
|
||||
outinc_nw_libc - necessary include files
|
||||
|
||||
LibC Non-debug build:
|
||||
out_nw_libc - static libs & test nlm(s)
|
||||
tmp_nw_libc - temporary build files
|
||||
outinc_nw_libc - necesary include files
|
||||
|
||||
|
||||
TESTING:
|
||||
--------
|
||||
The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
|
||||
rsaglue.lib ) and several test programs. You should copy the test programs
|
||||
to your NetWare server and run the tests.
|
||||
|
||||
The batch file "netware\cpy_tests.bat" will copy all the necessary files
|
||||
to your server for testing. In order to run the batch file, you need a
|
||||
drive mapped to your target server. It will create an "OpenSSL" directory
|
||||
on the drive and copy the test files to it. CAUTION: If a directory with the
|
||||
name of "OpenSSL" already exists, it will be deleted.
|
||||
|
||||
To run cpy_tests.bat:
|
||||
|
||||
netware\cpy_tests [output directory] [NetWare drive]
|
||||
|
||||
output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
|
||||
NetWare drive - drive letter of mapped drive
|
||||
|
||||
CLIB ex: netware\cpy_tests out_nw_clib m:
|
||||
LibC ex: netware\cpy_tests out_nw_libc m:
|
||||
|
||||
|
||||
The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
|
||||
should be used to execute the tests. Before running the script, make sure
|
||||
your SEARCH PATH includes the "OpenSSL" directory. For example, if you
|
||||
copied the files to the "sys:" volume you use the command:
|
||||
|
||||
SEARCH ADD SYS:\OPENSSL
|
||||
|
||||
|
||||
To run do_tests.pl type (at the console prompt):
|
||||
|
||||
perl \openssl\do_tests.pl [options]
|
||||
|
||||
options:
|
||||
-p - pause after executing each test
|
||||
|
||||
The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
|
||||
which should be reviewed for errors. Any errors will be denoted by the word
|
||||
"ERROR" in the log.
|
||||
|
||||
NOTE: Currently (11/2002), the LibC test nlms report an error while loading
|
||||
when launched from the perl script (do_tests.pl). The problems are
|
||||
being addressed by the LibC development team and should be fixed in the
|
||||
next release. Until the problems are corrected, the LibC test nlms
|
||||
will have to be executed manually.
|
||||
|
||||
|
||||
DEVELOPING WITH THE OPENSSL SDK:
|
||||
--------------------------------
|
||||
Now that everything is built and tested, you are ready to use the OpenSSL
|
||||
libraries in your development.
|
||||
|
||||
There is no real installation procedure, just copy the static libs and
|
||||
headers to your build location. The libs (crypto.lib & ssl.lib) are
|
||||
located in the appropriate "out_nw_XXXX" directory
|
||||
(out_nw_clib, out_nw_libc, etc).
|
||||
|
||||
The headers are located in the appropriate "outinc_nw_XXX" directory
|
||||
(outinc_nw_clib, outinc_nw_libc).
|
||||
|
||||
One suggestion is to create the following directory
|
||||
structure for the OpenSSL SDK:
|
||||
|
||||
\openssl
|
||||
|- bin
|
||||
| |- openssl.nlm
|
||||
| |- (other tests you want)
|
||||
|
|
||||
|- lib
|
||||
| | - crypto.lib
|
||||
| | - ssl.lib
|
||||
|
|
||||
|- include
|
||||
| | - openssl
|
||||
| | | - (all the headers in "outinc_nw\openssl")
|
||||
|
||||
|
||||
The program "openssl.nlm" can be very useful. It has dozens of
|
||||
options and you may want to keep it handy for debugging, testing, etc.
|
||||
|
||||
When building your apps using OpenSSL, define "NETWARE". It is needed by
|
||||
some of the OpenSSL headers. One way to do this is with a compile option,
|
||||
for example "-DNETWARE".
|
||||
|
||||
|
||||
|
||||
NOTES:
|
||||
------
|
||||
|
||||
Resource leaks in Tests
|
||||
------------------------
|
||||
Some OpenSSL tests do not clean up resources and NetWare reports
|
||||
the resource leaks when the tests unload. If this really bugs you,
|
||||
you can stop the messages by setting the developer option off at the console
|
||||
prompt (set developer option = off). Or better yet, fix the tests to
|
||||
clean up the resources!
|
||||
|
||||
|
||||
Multi-threaded Development
|
||||
---------------------------
|
||||
The NetWare version of OpenSSL is thread-safe however, multi-threaded
|
||||
applications must provide the necessary locking function callbacks. This
|
||||
is described in doc\threads.doc. The file "openssl\crypto\threads\mttest.c"
|
||||
is a multi-threaded test program and demonstrates the locking functions.
|
||||
|
||||
|
||||
What is openssl2.nlm?
|
||||
---------------------
|
||||
The openssl program has numerous options and can be used for many different
|
||||
things. Many of the options operate in an interactive mode requiring the
|
||||
user to enter data. Because of this, a default screen is created for the
|
||||
program. However, when running the test script it is not desirable to
|
||||
have a seperate screen. Therefore, the build also creates openssl2.nlm.
|
||||
Openssl2.nlm is functionally identical but uses the console screen.
|
||||
Openssl2 can be used when a non-interactive mode is desired.
|
||||
|
||||
NOTE: There are may other possibilities (command line options, etc)
|
||||
which could have been used to address the screen issue. The openssl2.nlm
|
||||
option was chosen because it impacted only the build not the code.
|
||||
|
||||
|
||||
Why only static libraries?
|
||||
--------------------------
|
||||
Globals, globals, and more globals. The OpenSSL code uses many global
|
||||
variables that are allocated and initialized when used for the first time.
|
||||
|
||||
On NetWare, most applications (at least historically) run in the kernel.
|
||||
When running in the kernel, there is one instance of global variables.
|
||||
For regular application type NLM(s) this isn't a problem because they are
|
||||
the only ones using the globals. However, for a library NLM (an NLM which
|
||||
exposes functions and has no threads of execution), the globals cause
|
||||
problems. Applications could inadvertently step on each other if they
|
||||
change some globals. Even worse, the first application that triggers a
|
||||
global to be allocated and initialized has the allocated memory charged to
|
||||
itself. Now when that application unloads, NetWare will clean up all the
|
||||
applicaton's memory. The global pointer variables inside OpenSSL now
|
||||
point to freed memory. An abend waiting to happen!
|
||||
|
||||
To work correctly in the kernel, library NLM(s) that use globals need to
|
||||
provide a set of globals (instance data) for each application. Another
|
||||
option is to require the library only be loaded in a protected address
|
||||
space along with the application using it.
|
||||
|
||||
Modifying the OpenSSL code to provide a set of globals (instance data) for
|
||||
each application isn't technically difficult, but due to the large number
|
||||
globals it would require substantial code changes and it wasn't done. Hence,
|
||||
the build currently only builds static libraries which are then linked
|
||||
into each application.
|
||||
|
||||
NOTE: If you are building a library NLM that uses the OpenSSL static
|
||||
libraries, you will still have to deal with the global variable issue.
|
||||
This is because when you link in the OpenSSL code you bring in all the
|
||||
globals. One possible solution for the global pointer variables is to
|
||||
register memory functions with OpenSSL which allocate memory and charge it
|
||||
to your library NLM (see the function CRYPTO_set_mem_functions). However,
|
||||
be aware that now all memory allocated by OpenSSL is charged to your NLM.
|
||||
|
||||
|
||||
CodeWarrior Tools and W2K
|
||||
---------------------------
|
||||
There have been problems reported with the CodeWarrior Linker
|
||||
(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The
|
||||
problems cause the link step to fail. The only work around is to obtain an
|
||||
updated linker from Metrowerks. It is expected Metrowerks will release
|
||||
PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
|
||||
will fix these problems.
|
||||
|
||||
|
||||
Makefile "vclean"
|
||||
------------------
|
||||
The generated makefile has a "vclean" target which cleans up the build
|
||||
directories. If you have been building successfully and suddenly
|
||||
experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry.
|
||||
|
||||
|
||||
"Undefined Symbol" Linker errors
|
||||
--------------------------------
|
||||
There have been linker errors reported when doing a CLIB build. The problems
|
||||
occur because some versions of the CLIB SDK import files inadvertently
|
||||
left out some symbols. One symbol in particular is "_lrotl". The missing
|
||||
functions are actually delivered in the binaries, but they were left out of
|
||||
the import files. The issues should be fixed in the September 2001 release
|
||||
of the NDK. If you experience the problems you can temporarily
|
||||
work around it by manually adding the missing symbols to your version of
|
||||
"clib.imp".
|
31
INSTALL.OS2
31
INSTALL.OS2
@ -1,31 +0,0 @@
|
||||
|
||||
Installation on OS/2
|
||||
--------------------
|
||||
|
||||
You need to have the following tools installed:
|
||||
|
||||
* EMX GCC
|
||||
* PERL
|
||||
* GNU make
|
||||
|
||||
|
||||
To build the makefile, run
|
||||
|
||||
> os2\os2-emx
|
||||
|
||||
This will configure OpenSSL and create OS2-EMX.mak which you then use to
|
||||
build the OpenSSL libraries & programs by running
|
||||
|
||||
> make -f os2-emx.mak
|
||||
|
||||
If that finishes successfully you will find the libraries and programs in the
|
||||
"out" directory.
|
||||
|
||||
Alternatively, you can make a dynamic build that puts the library code into
|
||||
crypto.dll and ssl.dll by running
|
||||
|
||||
> make -f os2-emx-dll.mak
|
||||
|
||||
This will build the above mentioned dlls and a matching pair of import
|
||||
libraries in the "out_dll" directory along with the set of test programs
|
||||
and the openssl application.
|
12
INSTALL.VMS
12
INSTALL.VMS
@ -33,11 +33,11 @@ Checking the distribution:
|
||||
==========================
|
||||
|
||||
There have been reports of places where the distribution didn't quite get
|
||||
through, for example if you've copied the tree from a NFS-mounted Unix
|
||||
through, for example if you've copied the tree from a NFS-mounted unix
|
||||
mount point.
|
||||
|
||||
The easiest way to check if everything got through as it should is to check
|
||||
for one of the following files:
|
||||
for oen of the following files:
|
||||
|
||||
[.CRYPTO]OPENSSLCONF.H_IN
|
||||
[.CRYPTO]OPENSSLCONF_H.IN
|
||||
@ -69,7 +69,7 @@ for a command procedure name xxx-LIB.COM (in the library directories)
|
||||
or MAKExxx.COM (in the program directories) and read the comments at
|
||||
the top to understand how to use them. However, if you want to
|
||||
compile all you can get, the simplest is to use MAKEVMS.COM in the top
|
||||
directory. The syntax is the following:
|
||||
directory. The syntax is trhe following:
|
||||
|
||||
@MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
|
||||
|
||||
@ -79,7 +79,7 @@ directory. The syntax is the following:
|
||||
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
|
||||
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
|
||||
SOFTLINKS Just copies some files, to simulate Unix soft links.
|
||||
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
|
||||
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
|
||||
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
|
||||
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
|
||||
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
|
||||
@ -92,7 +92,7 @@ directory. The syntax is the following:
|
||||
RSAREF compile using the RSAREF Library
|
||||
NORSAREF compile without using RSAREF
|
||||
|
||||
Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
|
||||
Note 0: The RASREF library IS NO LONGER NEEDED. The RSA patent
|
||||
expires September 20, 2000, and RSA Security chose to make
|
||||
the algorithm public domain two weeks before that.
|
||||
|
||||
@ -264,7 +264,7 @@ following before you start compiling:
|
||||
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
|
||||
that those macros have been changed.
|
||||
|
||||
Note: Currently, this is only useful for library compilation. The
|
||||
Note: Currently, this is only usefull for library compilation. The
|
||||
programs will still be linked with the current version of the
|
||||
C library shareable image, and will thus complain if they are
|
||||
faced with an older version of the same C library shareable image.
|
||||
|
153
INSTALL.W32
153
INSTALL.W32
@ -2,28 +2,19 @@
|
||||
INSTALLATION ON THE WIN32 PLATFORM
|
||||
----------------------------------
|
||||
|
||||
[Instructions for building for Windows CE can be found in INSTALL.WCE]
|
||||
|
||||
Heres a few comments about building OpenSSL in Windows environments. Most
|
||||
of this is tested on Win32 but it may also work in Win 3.1 with some
|
||||
modification.
|
||||
|
||||
You need Perl for Win32. Unless you will build on Cygwin, you will need
|
||||
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
|
||||
For Cygwin users, there's more info in the Cygwin section.
|
||||
|
||||
and one of the following C compilers:
|
||||
|
||||
* Visual C++
|
||||
* Borland C
|
||||
* GNU C (Cygwin or MinGW)
|
||||
|
||||
If you are compiling from a tarball or a CVS snapshot then the Win32 files
|
||||
may well be not up to date. This may mean that some "tweaking" is required to
|
||||
get it all to work. See the trouble shooting section later on for if (when?)
|
||||
it goes wrong.
|
||||
|
||||
Visual C++
|
||||
----------
|
||||
* GNU C (Mingw32 or Cygwin)
|
||||
|
||||
If you want to compile in the assembly language routines with Visual C++ then
|
||||
you will need an assembler. This is worth doing because it will result in
|
||||
@ -33,19 +24,26 @@
|
||||
* Microsoft MASM (aka "ml")
|
||||
* Free Netwide Assembler NASM.
|
||||
|
||||
MASM is distributed with most versions of VC++. For the versions where it is
|
||||
not included in VC++, it is also distributed with some Microsoft DDKs, for
|
||||
example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have
|
||||
either of these DDKs then you can just download the binaries for the Windows
|
||||
98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to
|
||||
ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be
|
||||
downloaded from the Microsoft developers site www.msdn.com.
|
||||
MASM was at one point distributed with VC++. It is now distributed with some
|
||||
Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
|
||||
you do not have either of these DDKs then you can just download the binaries
|
||||
for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
|
||||
XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
|
||||
DDKs can be downloaded from the Microsoft developers site www.msdn.com.
|
||||
|
||||
NASM is freely available. Version 0.98 was used during testing: other versions
|
||||
may also work. It is available from many places, see for example:
|
||||
http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
|
||||
The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
|
||||
|
||||
If you are compiling from a tarball or a CVS snapshot then the Win32 files
|
||||
may well be not up to date. This may mean that some "tweaking" is required to
|
||||
get it all to work. See the trouble shooting section later on for if (when?)
|
||||
it goes wrong.
|
||||
|
||||
Visual C++
|
||||
----------
|
||||
|
||||
Firstly you should run Configure:
|
||||
|
||||
> perl Configure VC-WIN32
|
||||
@ -119,72 +117,18 @@
|
||||
* Run make:
|
||||
> make -f bcb.mak
|
||||
|
||||
GNU C (Cygwin)
|
||||
--------------
|
||||
GNU C (Mingw32)
|
||||
---------------
|
||||
|
||||
Cygwin provides a bash shell and GNU tools environment running
|
||||
on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
|
||||
Consequently, a make of OpenSSL with Cygwin is closer to a GNU
|
||||
bash environment such as Linux than to other the other Win32
|
||||
makes.
|
||||
|
||||
Cygwin implements a Posix/Unix runtime system (cygwin1.dll).
|
||||
It is also possible to create Win32 binaries that only use the
|
||||
Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
|
||||
MinGW. MinGW can be used in the Cygwin development environment
|
||||
or in a standalone setup as described in the following section.
|
||||
|
||||
To build OpenSSL using Cygwin:
|
||||
|
||||
* Install Cygwin (see http://cygwin.com/)
|
||||
|
||||
* Install Perl and ensure it is in the path. Both Cygwin perl
|
||||
(5.6.1-2 or newer) and ActivePerl work.
|
||||
|
||||
* Run the Cygwin bash shell
|
||||
|
||||
* $ tar zxvf openssl-x.x.x.tar.gz
|
||||
$ cd openssl-x.x.x
|
||||
|
||||
To build the Cygwin version of OpenSSL:
|
||||
|
||||
$ ./config
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
This will create a default install in /usr/local/ssl.
|
||||
|
||||
To build the MinGW version (native Windows) in Cygwin:
|
||||
|
||||
$ ./Configure mingw
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
Cygwin Notes:
|
||||
|
||||
"make test" and normal file operations may fail in directories
|
||||
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
|
||||
stripping of carriage returns. To avoid this ensure that a binary
|
||||
mount is used, e.g. mount -b c:\somewhere /home.
|
||||
|
||||
"bc" is not provided in older Cygwin distribution. This causes a
|
||||
non-fatal error in "make test" but is otherwise harmless. If
|
||||
desired and needed, GNU bc can be built with Cygwin without change.
|
||||
|
||||
GNU C (MinGW)
|
||||
-------------
|
||||
To build OpenSSL, you need the Mingw32 package and GNU make.
|
||||
|
||||
* Compiler installation:
|
||||
|
||||
MinGW is available from http://www.mingw.org. Run the installer and
|
||||
set the MinGW bin directory to the PATH in "System Properties" or
|
||||
autoexec.bat.
|
||||
Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
|
||||
gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
|
||||
<ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
|
||||
make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
|
||||
C:\egcs-1.1.2\mingw32.bat to set the PATH.
|
||||
|
||||
* Compile OpenSSL:
|
||||
|
||||
@ -206,6 +150,53 @@
|
||||
> cd out
|
||||
> ..\ms\test
|
||||
|
||||
GNU C (Cygwin)
|
||||
--------------
|
||||
|
||||
Cygwin provides a bash shell and GNU tools environment running on
|
||||
NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
|
||||
with Cygwin is closer to a GNU bash environment such as Linux rather
|
||||
than other W32 makes that are based on a single makefile approach.
|
||||
Cygwin implements Posix/Unix calls through cygwin1.dll, and is
|
||||
contrasted to Mingw32 which links dynamically to msvcrt.dll or
|
||||
crtdll.dll.
|
||||
|
||||
To build OpenSSL using Cygwin:
|
||||
|
||||
* Install Cygwin (see http://sourceware.cygnus.com/cygwin)
|
||||
|
||||
* Install Perl and ensure it is in the path (recent Cygwin perl
|
||||
(version 5.6.1-2 of the latter has been reported to work) or
|
||||
ActivePerl)
|
||||
|
||||
* Run the Cygwin bash shell
|
||||
|
||||
* $ tar zxvf openssl-x.x.x.tar.gz
|
||||
$ cd openssl-x.x.x
|
||||
$ ./config
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
This will create a default install in /usr/local/ssl.
|
||||
|
||||
Cygwin Notes:
|
||||
|
||||
"make test" and normal file operations may fail in directories
|
||||
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
|
||||
stripping of carriage returns. To avoid this ensure that a binary
|
||||
mount is used, e.g. mount -b c:\somewhere /home.
|
||||
|
||||
As of version 1.1.1 Cygwin is relatively unstable in its handling
|
||||
of cr/lf issues. These make procedures succeeded with versions 1.1 and
|
||||
the snapshot 20000524 (Slow!).
|
||||
|
||||
"bc" is not provided in the Cygwin distribution. This causes a
|
||||
non-fatal error in "make test" but is otherwise harmless. If
|
||||
desired, GNU bc can be built with Cygwin without change.
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
@ -284,5 +275,5 @@
|
||||
malloc(), free() and realloc() as the application. However there are many
|
||||
standard library functions used by OpenSSL that call malloc() internally
|
||||
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
|
||||
rely on CRYPTO_malloc_init() solving your problem, and you should
|
||||
rely on CYRPTO_malloc_init() solving your problem, and you should
|
||||
consistently use the multithreaded library.
|
||||
|
71
INSTALL.WCE
71
INSTALL.WCE
@ -1,71 +0,0 @@
|
||||
|
||||
INSTALLATION FOR THE WINDOWS CE PLATFORM
|
||||
----------------------------------------
|
||||
|
||||
Building OpenSSL for Windows CE requires the following external tools:
|
||||
|
||||
* Microsoft eMbedded Visual C++ 3.0
|
||||
* wcecompat compatibility library (www.essemer.com.au)
|
||||
* Optionally ceutils for running automated tests (www.essemer.com.au)
|
||||
|
||||
You also need Perl for Win32. You will need ActiveState Perl, available
|
||||
from http://www.activestate.com/ActivePerl.
|
||||
|
||||
Windows CE support in OpenSSL relies on wcecompat. All Windows CE specific
|
||||
issues should be directed to www.essemer.com.au.
|
||||
|
||||
The C Runtime Library implementation for Windows CE that is included with
|
||||
Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
|
||||
incorrect. wcecompat plugs the holes and tries to bring the Windows CE
|
||||
CRT to a level that is more compatible with ANSI C. wcecompat goes further
|
||||
and provides low-level IO and stream IO support for stdin/stdout/stderr
|
||||
(which Windows CE does not provide). This IO functionality is not needed
|
||||
by the OpenSSL library itself but is used for the tests and openssl.exe.
|
||||
More information is available at www.essemer.com.au.
|
||||
|
||||
Building
|
||||
--------
|
||||
|
||||
Setup the eMbedded Visual C++ environment. There are batch files for doing
|
||||
this installed with eVC++. For an ARM processor, for example, execute:
|
||||
|
||||
> "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
|
||||
|
||||
Next indicate where wcecompat is located:
|
||||
|
||||
> set WCECOMPAT=C:\wcecompat
|
||||
|
||||
Next you should run Configure:
|
||||
|
||||
> perl Configure VC-CE
|
||||
|
||||
Next you need to build the Makefiles:
|
||||
|
||||
> ms\do_ms
|
||||
|
||||
If you get errors about things not having numbers assigned then check the
|
||||
troubleshooting section in INSTALL.W32: you probably won't be able to compile
|
||||
it as it stands.
|
||||
|
||||
Then from the VC++ environment at a prompt do:
|
||||
|
||||
- to build static libraries:
|
||||
|
||||
> nmake -f ms\ce.mak
|
||||
|
||||
- or to build DLLs:
|
||||
|
||||
> nmake -f ms\cedll.mak
|
||||
|
||||
If all is well it should compile and you will have some static libraries and
|
||||
executables in out32, or some DLLs and executables in out32dll. If you want
|
||||
to try the tests then make sure the ceutils are in the path and do:
|
||||
|
||||
> cd out32
|
||||
> ..\ms\testce
|
||||
|
||||
This will copy each of the test programs to the Windows CE device and execute
|
||||
them, displaying the output of the tests on this computer. The output should
|
||||
look similar to the output produced by running the tests for a regular Windows
|
||||
build.
|
||||
|
2
LICENSE
2
LICENSE
@ -12,7 +12,7 @@
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -167,7 +167,7 @@ void main(void)
|
||||
|
||||
tempString[bytesRead] = '\0';
|
||||
|
||||
printf("%s", tempString);
|
||||
printf(tempString);
|
||||
}
|
||||
|
||||
printf("\n\n\n");
|
||||
@ -201,7 +201,7 @@ EXITPOINT:
|
||||
{
|
||||
printf("An error occurred:\n");
|
||||
|
||||
printf("%s",GetErrorMessage());
|
||||
printf(GetErrorMessage());
|
||||
}
|
||||
|
||||
|
||||
|
476
Makefile.org
476
Makefile.org
@ -15,11 +15,6 @@ OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
SHLIB_TARGET=
|
||||
|
||||
# HERE indicates where this Makefile lives. This can be used to indicate
|
||||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
||||
# and should probably not be bothered with at all.
|
||||
HERE=.
|
||||
|
||||
# INSTALL_PREFIX is for package builders so that they can configure
|
||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||
# Normally it is left empty.
|
||||
@ -29,6 +24,7 @@ INSTALLTOP=/usr/local/ssl
|
||||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
|
||||
# RSAref - Define if we are to link with RSAref.
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
# NO_RC2 - Define to build without the RC2 algorithm
|
||||
@ -64,21 +60,11 @@ DEPFLAG=
|
||||
PEX_LIBS=
|
||||
EX_LIBS=
|
||||
EXE_EXT=
|
||||
ARFLAGS=
|
||||
AR=ar $(ARFLAGS) r
|
||||
AR=ar r
|
||||
RANLIB= ranlib
|
||||
PERL= perl
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
MAKEDEPPROG=makedepend
|
||||
|
||||
# We let the C compiler driver to take care of .s files. This is done in
|
||||
# order to be excused from maintaining a separate set of architecture
|
||||
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
|
||||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
||||
# and pass it down to assembler.
|
||||
AS=$(CC) -c
|
||||
ASFLAG=$(CFLAG)
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
@ -165,35 +151,27 @@ RMD160_ASM_OBJ= asm/rm86-out.o
|
||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||
|
||||
# KRB5 stuff
|
||||
KRB5_INCLUDES=
|
||||
LIBKRB5=
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
|
||||
SHLIB_MARK=
|
||||
|
||||
DIRS= crypto ssl engines apps test tools
|
||||
DIRS= crypto ssl rsaref $(SHLIB_MARK) apps test tools
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
# dirs in crypto to build
|
||||
SDIRS= \
|
||||
objects \
|
||||
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn ec rsa dsa ecdsa dh ecdh dso engine aes \
|
||||
buffer bio stack lhash rand err \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
|
||||
store
|
||||
|
||||
# tests to perform. "alltests" is a special word indicating that all tests
|
||||
# should be performed.
|
||||
TESTS = alltests
|
||||
bn rsa dsa dh dso engine \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||
|
||||
MAKEFILE= Makefile.ssl
|
||||
NEWMAKE= make
|
||||
MAKE= $(NEWMAKE) -f Makefile.ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
|
||||
MANDIR=$(OPENSSLDIR)/man
|
||||
MAN1=1
|
||||
MAN3=3
|
||||
MANSUFFIX=
|
||||
SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
@ -212,36 +190,29 @@ BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
EXHEADER= e_os.h e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile.ssl build_all openssl.pc
|
||||
# When we're prepared to use shared libraries in the programs we link here
|
||||
# we might remove 'clean-shared' from the targets to perform at this stage
|
||||
|
||||
BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \
|
||||
all: clean-shared Makefile.ssl sub_all
|
||||
|
||||
sub_all:
|
||||
@for i in $(DIRS); \
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making all in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
|
||||
else \
|
||||
$(MAKE) $$i; \
|
||||
fi; fi
|
||||
|
||||
sub_all: build_all
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_crypto build_ssl build_engines
|
||||
|
||||
build_crypto:
|
||||
@i=crypto; $(BUILD_CMD)
|
||||
build_ssl:
|
||||
@i=ssl; $(BUILD_CMD)
|
||||
build_engines:
|
||||
@i=engines; $(BUILD_CMD)
|
||||
build_apps:
|
||||
@i=apps; $(BUILD_CMD)
|
||||
build_tests:
|
||||
@i=test; $(BUILD_CMD)
|
||||
build_tools:
|
||||
@i=tools; $(BUILD_CMD)
|
||||
fi; \
|
||||
done; \
|
||||
if echo "$(DIRS)" | \
|
||||
egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
|
||||
[ -n "$(SHARED_LIBS)" ]; then \
|
||||
$(MAKE) $(SHARED_LIBS); \
|
||||
fi
|
||||
|
||||
libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
@ -249,7 +220,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
fi
|
||||
|
||||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
|
||||
@ -258,7 +228,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
|
||||
fi
|
||||
|
||||
clean-shared:
|
||||
@set -e; for i in $(SHLIBDIRS); do \
|
||||
@for i in $(SHLIBDIRS); do \
|
||||
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
|
||||
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
|
||||
for j in $${tmp:-x}; do \
|
||||
@ -272,44 +242,243 @@ clean-shared:
|
||||
done
|
||||
|
||||
link-shared:
|
||||
@ set -e; for i in ${SHLIBDIRS}; do \
|
||||
$(NEWMAKE) -f $(HERE)/Makefile.shared \
|
||||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
||||
symlink.$(SHLIB_TARGET); \
|
||||
@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
|
||||
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
|
||||
for i in $(SHLIBDIRS); do \
|
||||
prev=lib$$i$(SHLIB_EXT); \
|
||||
for j in $${tmp:-x}; do \
|
||||
( set -x; \
|
||||
rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
|
||||
prev=lib$$i$$j; \
|
||||
done; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
|
||||
|
||||
do_bsd-gcc-shared: do_gnu-shared
|
||||
do_linux-shared: do_gnu-shared
|
||||
do_gnu-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Wl,-Bsymbolic \
|
||||
-Wl,--whole-archive lib$$i.a \
|
||||
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
|
||||
my_ld=`${CC} -print-prog-name=ld 2>&1` && \
|
||||
[ -n "$$my_ld" ] && \
|
||||
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
|
||||
|
||||
do_$(SHLIB_TARGET):
|
||||
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(NEWMAKE) -f Makefile.shared \
|
||||
CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
|
||||
SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
|
||||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
||||
LIBDEPS="$$libs $(EX_LIBS)" \
|
||||
LIBRPATH="$(INSTALLTOP)/lib" \
|
||||
link_a.$(SHLIB_TARGET); \
|
||||
libs="-l$$i $$libs"; \
|
||||
# For Darwin AKA Mac OS/X (dyld)
|
||||
do_darwin-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
|
||||
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
|
||||
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
|
||||
libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
|
||||
echo "" ; \
|
||||
done
|
||||
|
||||
openssl.pc: Makefile.ssl
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/lib'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
|
||||
do_cygwin-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} -shared -o cyg$$i.dll \
|
||||
-Wl,-Bsymbolic \
|
||||
-Wl,--whole-archive lib$$i.a \
|
||||
-Wl,--out-implib,lib$$i.dll.a \
|
||||
-Wl,--no-whole-archive $$libs ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
do_alpha-osf1-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-shared -o lib$$i.so \
|
||||
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
|
||||
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
|
||||
# option passed to the linker.
|
||||
do_tru64-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-shared -msym -o lib$$i.so \
|
||||
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
|
||||
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
# The difference between tru64-shared and tru64-shared-rpath is the
|
||||
# -rpath ${INSTALLTOP}/lib passed to the linker.
|
||||
do_tru64-shared-rpath:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-shared -msym -o lib$$i.so \
|
||||
-rpath ${INSTALLTOP}/lib \
|
||||
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
|
||||
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
do_solaris-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# OpenServer 5 native compilers used
|
||||
do_svr3-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
|
||||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# UnixWare 7 and OpenUNIX 8 native compilers used
|
||||
do_svr5-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
|
||||
SHARE_FLAG='-G'; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
||||
find . -name "*.o" -print > allobjs ; \
|
||||
OBJS= ; export OBJS ; \
|
||||
for obj in `ar t lib$$i.a` ; do \
|
||||
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
|
||||
done ; \
|
||||
set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
do_irix-shared:
|
||||
if ${DETECT_GNU_LD}; then \
|
||||
$(MAKE) do_gnu-shared; \
|
||||
else \
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; ${CC} ${SHARED_LDFLAGS} \
|
||||
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
do_hpux-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
+vnocompatwarnings \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
# This assumes that GNU utilities are *not* used
|
||||
do_hpux64-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
|
||||
-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
||||
+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
|
||||
chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
|
||||
libs="$$libs -L. -l$$i"; \
|
||||
done
|
||||
|
||||
# The following method is said to work on all platforms. Tests will
|
||||
# determine if that's how it's gong to be used.
|
||||
# This assumes that for all but GNU systems, GNU utilities are *not* used.
|
||||
# ALLSYMSFLAGS would be:
|
||||
# GNU systems: --whole-archive
|
||||
# Tru64 Unix: -all
|
||||
# Solaris: -z allextract
|
||||
# Irix: -all
|
||||
# HP/UX-32bit: -Fl
|
||||
# HP/UX-64bit: +forceload
|
||||
# AIX: -bnogc
|
||||
# SHAREDFLAGS would be:
|
||||
# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
|
||||
# Tru64 Unix: -shared \
|
||||
# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
|
||||
# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
|
||||
# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
|
||||
# HP/UX-32bit: +vnocompatwarnings -b -z +s \
|
||||
# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
|
||||
# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
|
||||
# AIX: -G -bE:lib$$i.exp -bM:SRE
|
||||
# SHAREDCMD would be:
|
||||
# GNU systems: $(CC)
|
||||
# Tru64 Unix: $(CC)
|
||||
# Solaris: $(CC)
|
||||
# Irix: $(CC)
|
||||
# HP/UX-32bit: /usr/ccs/bin/ld
|
||||
# HP/UX-64bit: /usr/ccs/bin/ld
|
||||
# AIX: $(CC)
|
||||
ALLSYMSFLAG=-bnogc
|
||||
SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
|
||||
SHAREDCMD=$(CC)
|
||||
do_aix-shared:
|
||||
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
||||
( set -x; \
|
||||
ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
|
||||
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
|
||||
$(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
|
||||
$$libs ${EX_LIBS} ) ) \
|
||||
|| exit 1; \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
Makefile.ssl: Makefile.org
|
||||
@echo "Makefile.ssl is older than Makefile.org."
|
||||
@ -317,11 +486,11 @@ Makefile.ssl: Makefile.org
|
||||
@false
|
||||
|
||||
libclean:
|
||||
rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
|
||||
rm -f *.a */lib */*/lib
|
||||
|
||||
clean: libclean
|
||||
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
clean:
|
||||
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making clean in $$i..." && \
|
||||
@ -329,10 +498,9 @@ clean: libclean
|
||||
rm -f $(LIBS); \
|
||||
fi; \
|
||||
done;
|
||||
rm -f openssl.pc
|
||||
rm -f speed.* .pure
|
||||
rm -f *.a *.o speed.* *.map *.so .pure core
|
||||
rm -f $(TARFILE)
|
||||
@set -e; for i in $(ONEDIRS) ;\
|
||||
@for i in $(ONEDIRS) ;\
|
||||
do \
|
||||
rm -fr $$i/*; \
|
||||
done
|
||||
@ -343,7 +511,7 @@ makefile.one: files
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making 'files' in $$i..." && \
|
||||
@ -355,10 +523,10 @@ links:
|
||||
@$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
||||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
||||
@set -e; for i in $(DIRS); do \
|
||||
@for i in $(DIRS); do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making links in $$i..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
@ -368,7 +536,7 @@ gentests:
|
||||
|
||||
dclean:
|
||||
rm -f *.bak
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dclean in $$i..." && \
|
||||
@ -378,44 +546,30 @@ dclean:
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs
|
||||
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
|
||||
LIBPATH="`pwd`:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
|
||||
touch rehash.time
|
||||
|
||||
test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
|
||||
LIBPATH="`pwd`:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
apps/openssl version -a
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@apps/openssl version -a
|
||||
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
depend:
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making dependencies $$i..." && \
|
||||
$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
|
||||
$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
|
||||
fi; \
|
||||
done;
|
||||
|
||||
lint:
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making lint $$i..." && \
|
||||
@ -424,7 +578,7 @@ lint:
|
||||
done;
|
||||
|
||||
tags:
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i && echo "making tags $$i..." && \
|
||||
@ -434,7 +588,6 @@ tags:
|
||||
|
||||
errors:
|
||||
$(PERL) util/mkerr.pl -recurse -write
|
||||
(cd engines; $(MAKE) PERL=$(PERL) errors)
|
||||
|
||||
stacks:
|
||||
$(PERL) util/mkstack.pl -write
|
||||
@ -445,9 +598,9 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
|
||||
TABLE: Configure
|
||||
@ -474,14 +627,6 @@ tar:
|
||||
rm -f ../$(TARFILE).list; \
|
||||
ls -l ../$(TARFILE).gz
|
||||
|
||||
tar-snap:
|
||||
@$(TAR) $(TARFLAGS) -cvf - \
|
||||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
||||
tardy --user_number=0 --user_name=openssl \
|
||||
--group_number=0 --group_name=openssl \
|
||||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
||||
ls -l ../$(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@ -494,36 +639,33 @@ dist_pem_h:
|
||||
install: all install_docs
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/engines \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
|
||||
@set -e; for i in $(EXHEADER) ;\
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
|
||||
@for i in $(EXHEADER) ;\
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
@set -e; for i in $(DIRS) ;\
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
if [ -d "$$i" ]; then \
|
||||
(cd $$i; echo "installing $$i..."; \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
|
||||
fi; \
|
||||
done
|
||||
@set -e; for i in $(LIBS) ;\
|
||||
@for i in $(LIBS) ;\
|
||||
do \
|
||||
if [ -f "$$i" ]; then \
|
||||
( echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
|
||||
fi; \
|
||||
done;
|
||||
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
done
|
||||
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
tmp="$(SHARED_LIBS)"; \
|
||||
for i in $${tmp:-x}; \
|
||||
do \
|
||||
@ -532,30 +674,23 @@ install: all install_docs
|
||||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
|
||||
else \
|
||||
c=`echo $$i | sed 's/^lib/cyg/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
|
||||
fi ); \
|
||||
fi; \
|
||||
done; \
|
||||
( here="`pwd`"; \
|
||||
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
|
||||
$(NEWMAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
|
||||
if [ "$(INSTALLTOP)" != "/usr" ]; then \
|
||||
echo 'OpenSSL shared libraries have been installed in:'; \
|
||||
echo ' $(INSTALLTOP)'; \
|
||||
echo ''; \
|
||||
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
|
||||
fi; \
|
||||
set $(MAKE); \
|
||||
$$1 -f $$here/Makefile link-shared ); \
|
||||
fi
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
@ -564,44 +699,25 @@ install_docs:
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
filecase=-i; \
|
||||
fi; \
|
||||
set -e; for i in doc/apps/*.pod; do \
|
||||
for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
grep -v "[ ]" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done; \
|
||||
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
grep -v "[ ]" | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
|
||||
done
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
782
Makefile.shared
782
Makefile.shared
@ -1,782 +0,0 @@
|
||||
#
|
||||
# Helper makefile to link shared libraries in a portable way.
|
||||
# This is much simpler than libtool, and hopefully not too error-prone.
|
||||
#
|
||||
# The following variables need to be set on the command line to build
|
||||
# properly
|
||||
|
||||
# CC contains the current compiler. This one MUST be defined
|
||||
CC=cc
|
||||
# LDFLAGS contains flags to be used when temporary object files (when building
|
||||
# shared libraries) are created, or when an application is linked.
|
||||
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
|
||||
LDFLAGS=
|
||||
SHARED_LDFLAGS=
|
||||
|
||||
# LIBNAME contains just the name of the library, without prefix ("lib"
|
||||
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
|
||||
# .dll, ...). This one MUST have a value when using this makefile to
|
||||
# build shared libraries.
|
||||
# For example, to build libfoo.so, you need to do the following:
|
||||
#LIBNAME=foo
|
||||
LIBNAME=
|
||||
|
||||
# APPNAME contains just the name of the application, without suffix (""
|
||||
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
|
||||
# this makefile to build applications.
|
||||
# For example, to build foo, you need to do the following:
|
||||
#APPNAME=foo
|
||||
APPNAME=
|
||||
|
||||
# OBJECTS contains all the object files to link together into the application.
|
||||
# This must contain at least one object file.
|
||||
#OBJECTS=foo.o
|
||||
OBJECTS=
|
||||
|
||||
# LIBEXTRAS contains extra modules to link together with the library.
|
||||
# For example, if a second library, say libbar.a needs to be linked into
|
||||
# libfoo.so, you need to do the following:
|
||||
#LIBEXTRAS=libbar.a
|
||||
# Note that this MUST be used when using the link_o targets, to hold the
|
||||
# names of all object files that go into the target library.
|
||||
LIBEXTRAS=
|
||||
|
||||
# LIBVERSION contains the current version of the library.
|
||||
# For example, to build libfoo.so.1.2, you need to do the following:
|
||||
#LIBVERSION=1.2
|
||||
LIBVERSION=
|
||||
|
||||
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
|
||||
# the library. They MUST be in decreasing order.
|
||||
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
|
||||
# and libfoo.so.1, you need to do the following:
|
||||
#LIBCOMPATVERSIONS=1.2 1
|
||||
# Note that on systems that use sonames, the last number will appear as
|
||||
# part of it.
|
||||
# It's also possible, for systems that support it (Tru64, for example),
|
||||
# to add extra compatibility info with more precision, by adding a second
|
||||
# list of versions, separated from the first with a semicolon, like this:
|
||||
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
|
||||
LIBCOMPATVERSIONS=
|
||||
|
||||
# LIBDEPS contains all the flags necessary to cover all necessary
|
||||
# dependencies to other libraries.
|
||||
LIBDEPS=
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# The rest is private to this makefile.
|
||||
|
||||
#DEBUG=:
|
||||
DEBUG=set -x
|
||||
|
||||
top:
|
||||
echo "Trying to use this makefile interactively? Don't."
|
||||
|
||||
CALC_VERSIONS= \
|
||||
SHLIB_COMPAT=; SHLIB_SOVER=; \
|
||||
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
|
||||
prev=""; \
|
||||
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
|
||||
SHLIB_SOVER_NODOT=$$v; \
|
||||
SHLIB_SOVER=.$$v; \
|
||||
if [ -n "$$prev" ]; then \
|
||||
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
|
||||
fi; \
|
||||
prev=$$v; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
LINK_APP= \
|
||||
( $(DEBUG); \
|
||||
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS )
|
||||
|
||||
LINK_SO= \
|
||||
( $(DEBUG); \
|
||||
nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
|
||||
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
|
||||
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
|
||||
$(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
|
||||
SYMLINK_SO= \
|
||||
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
|
||||
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
|
||||
if [ -n "$$SHLIB_COMPAT" ]; then \
|
||||
for x in $$SHLIB_COMPAT; do \
|
||||
( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
|
||||
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
|
||||
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
|
||||
done; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER" ]; then \
|
||||
( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
|
||||
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
|
||||
fi; \
|
||||
fi
|
||||
|
||||
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
|
||||
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
|
||||
LINK_SO_A_VIA_O= \
|
||||
SHOBJECTS=lib$(LIBNAME).o; \
|
||||
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
|
||||
( $(DEBUG); \
|
||||
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
|
||||
$(LINK_SO) && rm -f $(LIBNAME).o
|
||||
LINK_SO_A_UNPACKED= \
|
||||
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
|
||||
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
|
||||
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
|
||||
SHOBJECTS=$$UNPACKDIR/*.o; \
|
||||
$(LINK_SO) && rm -rf $$UNPACKDIR
|
||||
|
||||
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
|
||||
|
||||
DO_GNU_SO=$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'
|
||||
DO_GNU_APP=LDCMD=$(CC);\
|
||||
LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME=$(APPNAME)
|
||||
|
||||
#This is rather special. It's a special target with which one can link
|
||||
#applications without bothering with any features that have anything to
|
||||
#do with shared libraries, for example when linking against static
|
||||
#libraries. It's mostly here to avoid a lot of conditionals everywhere
|
||||
#else...
|
||||
link_app.:
|
||||
LDCMD=$(CC); \
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS)"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.gnu:
|
||||
@ $(DO_GNU_SO); $(LINK_SO_O)
|
||||
link_a.gnu:
|
||||
@ $(DO_GNU_SO); $(LINK_SO_A)
|
||||
link_app.gnu:
|
||||
@ $(DO_GNU_APP); $(LINK_APP)
|
||||
|
||||
# For Darwin AKA Mac OS/X (dyld)
|
||||
link_o.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-all_load'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-dynamiclib"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$(LIBVERSION)" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-all_load'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-dynamiclib"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$(LIBVERSION)" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.darwin:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.cygwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
INHIBIT_SYMLINKS=yes; \
|
||||
SHLIB=cyg$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dll; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_SOVER=-$(LIBVERSION); \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
|
||||
SHAREDCMD='${CC}'; \
|
||||
$(LINK_SO_O)
|
||||
link_a.cygwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
INHIBIT_SYMLINKS=yes; \
|
||||
SHLIB=cyg$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dll; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
|
||||
SHAREDCMD='${CC}'; \
|
||||
$(LINK_SO_A)
|
||||
link_app.cygwin:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME).exe"
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.alpha-osf1:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.alpha-osf1:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.alpha-osf1:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
|
||||
# option passed to the linker.
|
||||
link_o.tru64:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.tru64:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.tru64:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-rpath $(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# The difference between tru64-shared and tru64-shared-rpath is the
|
||||
# -rpath ${LIBRPATH} passed to the linker.
|
||||
link_o.tru64-rpath:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.tru64-rpath:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.tru64-rpath:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-rpath $(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.solaris:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
MINUSZ='-z '; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
||||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
||||
SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.solaris:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
MINUSZ='-z '; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=;\
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
||||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
||||
SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.solaris:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-R $(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# OpenServer 5 native compilers used
|
||||
link_o.svr3:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.svr3:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.svr3:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# UnixWare 7 and OpenUNIX 8 native compilers used
|
||||
link_o.svr5:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHARE_FLAG='-G'; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.svr5:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHARE_FLAG='-G'; \
|
||||
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.svr5:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.irix:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.irix:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.irix:
|
||||
@ if ${DETECT_GNU_LD}; then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
# The object modules are loaded from lib$i.a using the undocumented -Fl
|
||||
# option.
|
||||
#
|
||||
# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
|
||||
# by temporarily specifying "+s"!
|
||||
#
|
||||
link_o.hpux32:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-Fl'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
|
||||
SHAREDCMD='/usr/ccs/bin/ld'; \
|
||||
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_a.hpux32:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-Fl'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
|
||||
SHAREDCMD='/usr/ccs/bin/ld'; \
|
||||
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_app.hpux32:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"
|
||||
$(LINK_APP)
|
||||
|
||||
# HP-UX includes the full pathname of libs we depend on, so we would get
|
||||
# ./libcrypto (with ./ as path information) compiled into libssl, hence
|
||||
# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
|
||||
# anyway.
|
||||
#
|
||||
# HP-UX in 64bit mode has "+s" enabled by default; it will search for
|
||||
# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
|
||||
#
|
||||
link_o.hpux64:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='+forceload'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
|
||||
SHAREDCMD='/usr/ccs/bin/ld'; \
|
||||
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_a.hpux64:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='+forceload'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
|
||||
SHAREDCMD='/usr/ccs/bin/ld'; \
|
||||
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_app.hpux64:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.aix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-bnogc'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
$(LINK_SO_O)
|
||||
link_a.aix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS='-bnogc'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
$(LINK_SO_A_VIA_O)
|
||||
link_app.aix:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS="-blibpath:$(LIBRPATH)"; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='-G'; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
$(LINK_SO_O)
|
||||
link_a.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
ALLSYMSFLAGS=; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='-G'; \
|
||||
SHAREDCMD='$(CC)'; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.reliantunix:
|
||||
LDCMD=$(CC);\
|
||||
LDFLAGS=""; \
|
||||
LIBDEPS="$(LIBDEPS) -lc"; \
|
||||
APPNAME="$(APPNAME)"
|
||||
$(LINK_APP)
|
||||
|
||||
# Targets to build symbolic links when needed
|
||||
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
|
||||
symlink.aix symlink.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
$(SYMLINK_SO)
|
||||
symlink.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
$(SYMLINK_SO)
|
||||
symlink.hpux32 symlink.hpux64:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
$(SYMLINK_SO)
|
||||
# The following lines means those specific architectures do no symlinks
|
||||
symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
|
||||
|
||||
# Compatibility targets
|
||||
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
|
||||
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
|
||||
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
|
||||
symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
|
||||
link_o.darwin-shared: link_o.darwin
|
||||
link_a.darwin-shared: link_a.darwin
|
||||
link_app.darwin-shared: link_app.darwin
|
||||
symlink.darwin-shared: symlink.darwin
|
||||
link_o.cygwin-shared: link_o.cygwin
|
||||
link_a.cygwin-shared: link_a.cygwin
|
||||
link_app.cygwin-shared: link_app.cygwin
|
||||
symlink.cygwin-shared: symlink.cygwin
|
||||
link_o.alpha-osf1-shared: link_o.alpha-osf1
|
||||
link_a.alpha-osf1-shared: link_a.alpha-osf1
|
||||
link_app.alpha-osf1-shared: link_app.alpha-osf1
|
||||
symlink.alpha-osf1-shared: symlink.alpha-osf1
|
||||
link_o.tru64-shared: link_o.tru64
|
||||
link_a.tru64-shared: link_a.tru64
|
||||
link_app.tru64-shared: link_app.tru64
|
||||
symlink.tru64-shared: symlink.tru64
|
||||
link_o.tru64-shared-rpath: link_o.tru64-rpath
|
||||
link_a.tru64-shared-rpath: link_a.tru64-rpath
|
||||
link_app.tru64-shared-rpath: link_app.tru64-rpath
|
||||
symlink.tru64-shared-rpath: symlink.tru64-rpath
|
||||
link_o.solaris-shared: link_o.solaris
|
||||
link_a.solaris-shared: link_a.solaris
|
||||
link_app.solaris-shared: link_app.solaris
|
||||
symlink.solaris-shared: symlink.solaris
|
||||
link_o.svr3-shared: link_o.svr3
|
||||
link_a.svr3-shared: link_a.svr3
|
||||
link_app.svr3-shared: link_app.svr3
|
||||
symlink.svr3-shared: symlink.svr3
|
||||
link_o.svr5-shared: link_o.svr5
|
||||
link_a.svr5-shared: link_a.svr5
|
||||
link_app.svr5-shared: link_app.svr5
|
||||
symlink.svr5-shared: symlink.svr5
|
||||
link_o.irix-shared: link_o.irix
|
||||
link_a.irix-shared: link_a.irix
|
||||
link_app.irix-shared: link_app.irix
|
||||
symlink.irix-shared: symlink.irix
|
||||
link_o.hpux-shared: link_o.hpux32
|
||||
link_a.hpux-shared: link_a.hpux32
|
||||
link_app.hpux-shared: link_app.hpux32
|
||||
symlink.hpux-shared: symlink.hpux32
|
||||
link_o.hpux64-shared: link_o.hpux64
|
||||
link_a.hpux64-shared: link_a.hpux64
|
||||
link_app.hpux64-shared: link_app.hpux64
|
||||
symlink.hpux64-shared: symlink.hpux64
|
||||
link_o.aix-shared: link_o.aix
|
||||
link_a.aix-shared: link_a.aix
|
||||
link_app.aix-shared: link_app.aix
|
||||
symlink.aix-shared: symlink.aix
|
||||
link_o.reliantunix-shared: link_o.reliantunix
|
||||
link_a.reliantunix-shared: link_a.reliantunix
|
||||
link_app.reliantunix-shared: link_app.reliantunix
|
||||
symlink.reliantunix-shared: symlink.reliantunix
|
75
NEWS
75
NEWS
@ -5,80 +5,13 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
|
||||
Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o New -ignore_err option to OCSP utility.
|
||||
o Various interop and bug fixes in S/MIME code.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
o Security: fix null-pointer bug leading to crash
|
||||
|
||||
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
|
||||
Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
Bleichbacher's attack
|
||||
o Security: make RSA blinding default.
|
||||
o Configuration: Irix fixes, AIX fixes, better mingw support.
|
||||
o Support for new platforms: linux-ia64-ecc.
|
||||
o Build: shared library support fixes.
|
||||
o ASN.1: treat domainComponent correctly.
|
||||
o Documentation: fixes and additions.
|
||||
|
||||
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
|
||||
|
||||
o Security: Important security related bugfixes.
|
||||
o Enhanced compatibility with MIT Kerberos.
|
||||
o Can be built without the ENGINE framework.
|
||||
o IA32 assembler enhancements.
|
||||
o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
|
||||
o Configuration: the no-err option now works properly.
|
||||
o SSL/TLS: now handles manual certificate chain building.
|
||||
o SSL/TLS: certain session ID malfunctions corrected.
|
||||
|
||||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
|
||||
|
||||
o New library section OCSP.
|
||||
o Complete rewrite of ASN1 code.
|
||||
o CRL checking in verify code and openssl utility.
|
||||
o Extension copying in 'ca' utility.
|
||||
o Flexible display options in 'ca' utility.
|
||||
o Provisional support for international characters with UTF8.
|
||||
o Support for external crypto devices ('engine') is no longer
|
||||
a separate distribution.
|
||||
o New elliptic curve library section.
|
||||
o New AES (Rijndael) library section.
|
||||
o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
|
||||
Linux x86_64, Linux 64-bit on Sparc v9
|
||||
o Extended support for some platforms: VxWorks
|
||||
o Enhanced support for shared libraries.
|
||||
o Now only builds PIC code when shared library support is requested.
|
||||
o Support for pkg-config.
|
||||
o Lots of new manuals.
|
||||
o Makes symbolic links to or copies of manuals to cover all described
|
||||
functions.
|
||||
o Change DES API to clean up the namespace (some applications link also
|
||||
against libdes providing similar functions having the same name).
|
||||
Provide macros for backward compatibility (will be removed in the
|
||||
future).
|
||||
o Unify handling of cryptographic algorithms (software and engine)
|
||||
to be available via EVP routines for asymmetric and symmetric ciphers.
|
||||
o NCONF: new configuration handling routines.
|
||||
o Change API to use more 'const' modifiers to improve error checking
|
||||
and help optimizers.
|
||||
o Finally remove references to RSAref.
|
||||
o Reworked parts of the BIGNUM code.
|
||||
o Support for new engines: Broadcom ubsec, Accelerated Encryption
|
||||
Processing, IBM 4758.
|
||||
o A few new engines added in the demos area.
|
||||
o Extended and corrected OID (object identifier) table.
|
||||
o PRNG: query at more locations for a random device, automatic query for
|
||||
EGD style random sources at several locations.
|
||||
o SSL/TLS: allow optional cipher choice according to server's preference.
|
||||
o SSL/TLS: allow server to explicitly set new session ids.
|
||||
o SSL/TLS: support Kerberos cipher suites (RFC2712).
|
||||
Only supports MIT Kerberos for now.
|
||||
o SSL/TLS: allow more precise control of renegotiations and sessions.
|
||||
o SSL/TLS: add callback to retrieve SSL/TLS messages.
|
||||
o SSL/TLS: support AES cipher suites (RFC3268).
|
||||
o Security: fix ASN1 bug leading to large recursion
|
||||
|
||||
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
|
||||
|
||||
|
@ -1,204 +0,0 @@
|
||||
@echo off
|
||||
|
||||
rem ========================================================================
|
||||
rem Batch file to automate building OpenSSL for NetWare.
|
||||
rem
|
||||
rem usage:
|
||||
rem build [target] [debug opts] [assembly opts] [configure opts]
|
||||
rem
|
||||
rem target - "netware-clib" - CLib NetWare build
|
||||
rem - "netware-libc" - LibC NKS NetWare build
|
||||
rem
|
||||
rem debug opts - "debug" - build debug
|
||||
rem
|
||||
rem assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
rem "nw-nasm" - use NASM assembler
|
||||
rem "no-asm" - don't use assembly
|
||||
rem
|
||||
rem configure opts- all unrecognized arguments are passed to the
|
||||
rem perl configure script
|
||||
rem
|
||||
rem If no arguments are specified the default is to build non-debug with
|
||||
rem no assembly. NOTE: there is no default BLD_TARGET.
|
||||
rem
|
||||
|
||||
|
||||
|
||||
rem No assembly is the default - Uncomment section below to change
|
||||
rem the assembler default
|
||||
set ASM_MODE=
|
||||
set ASSEMBLER=
|
||||
set NO_ASM=no-asm
|
||||
|
||||
rem Uncomment to default to the Metrowerks assembler
|
||||
rem set ASM_MODE=nw-mwasm
|
||||
rem set ASSEMBLER=Metrowerks
|
||||
rem set NO_ASM=
|
||||
|
||||
rem Uncomment to default to the NASM assembler
|
||||
rem set ASM_MODE=nw-nasm
|
||||
rem set ASSEMBLER=NASM
|
||||
rem set NO_ASM=
|
||||
|
||||
rem No default Bld target
|
||||
set BLD_TARGET=no_target
|
||||
rem set BLD_TARGET=netware-clib
|
||||
rem set BLD_TARGET=netware-libc
|
||||
|
||||
|
||||
rem Default to build non-debug
|
||||
set DEBUG=
|
||||
|
||||
rem Uncomment to default to debug build
|
||||
rem set DEBUG=debug
|
||||
|
||||
|
||||
set CONFIG_OPTS=
|
||||
set ARG_PROCESSED=NO
|
||||
|
||||
|
||||
rem Process command line args
|
||||
:opts
|
||||
if "a%1" == "a" goto endopt
|
||||
if "%1" == "no-asm" set NO_ASM=no-asm
|
||||
if "%1" == "no-asm" set ARG_PROCESSED=YES
|
||||
if "%1" == "debug" set DEBUG=debug
|
||||
if "%1" == "debug" set ARG_PROCESSED=YES
|
||||
if "%1" == "nw-nasm" set ASM_MODE=nw-nasm
|
||||
if "%1" == "nw-nasm" set ASSEMBLER=NASM
|
||||
if "%1" == "nw-nasm" set NO_ASM=
|
||||
if "%1" == "nw-nasm" set ARG_PROCESSED=YES
|
||||
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
|
||||
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
|
||||
if "%1" == "nw-mwasm" set NO_ASM=
|
||||
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-clib" set BLD_TARGET=netware-clib
|
||||
if "%1" == "netware-clib" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-libc" set BLD_TARGET=netware-libc
|
||||
if "%1" == "netware-libc" set ARG_PROCESSED=YES
|
||||
|
||||
rem If we didn't recognize the argument, consider it an option for config
|
||||
if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
|
||||
if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
|
||||
|
||||
shift
|
||||
goto opts
|
||||
:endopt
|
||||
|
||||
rem make sure a valid BLD_TARGET was specified
|
||||
if "%BLD_TARGET%" == "no_target" goto no_target
|
||||
|
||||
rem build the nlm make file name which includes target and debug info
|
||||
set NLM_MAKE=
|
||||
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
|
||||
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
|
||||
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
|
||||
if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
|
||||
|
||||
if "%NO_ASM%" == "no-asm" set ASM_MODE=
|
||||
if "%NO_ASM%" == "no-asm" set ASSEMBLER=
|
||||
if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
|
||||
if "%NO_ASM%" == "no-asm" goto do_config
|
||||
|
||||
|
||||
rem ==================================================
|
||||
echo Generating x86 for %ASSEMBLER% assembler
|
||||
|
||||
echo Bignum
|
||||
cd crypto\bn\asm
|
||||
perl x86.pl %ASM_MODE% > bn-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo DES
|
||||
cd crypto\des\asm
|
||||
perl des-586.pl %ASM_MODE% > d-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo "crypt(3)"
|
||||
|
||||
cd crypto\des\asm
|
||||
perl crypt586.pl %ASM_MODE% > y-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo Blowfish
|
||||
|
||||
cd crypto\bf\asm
|
||||
perl bf-586.pl %ASM_MODE% > b-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo CAST5
|
||||
cd crypto\cast\asm
|
||||
perl cast-586.pl %ASM_MODE% > c-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RC4
|
||||
cd crypto\rc4\asm
|
||||
perl rc4-586.pl %ASM_MODE% > r4-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo MD5
|
||||
cd crypto\md5\asm
|
||||
perl md5-586.pl %ASM_MODE% > m5-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo SHA1
|
||||
cd crypto\sha\asm
|
||||
perl sha1-586.pl %ASM_MODE% > s1-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RIPEMD160
|
||||
cd crypto\ripemd\asm
|
||||
perl rmd-586.pl %ASM_MODE% > rm-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RC5\32
|
||||
cd crypto\rc5\asm
|
||||
perl rc5-586.pl %ASM_MODE% > r5-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
rem ===============================================================
|
||||
rem
|
||||
:do_config
|
||||
|
||||
echo .
|
||||
echo configure options: %CONFIG_OPTS% %BLD_TARGET%
|
||||
echo .
|
||||
perl configure %CONFIG_OPTS% %BLD_TARGET%
|
||||
|
||||
perl util\mkfiles.pl >MINFO
|
||||
|
||||
echo .
|
||||
echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
|
||||
echo .
|
||||
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
|
||||
|
||||
echo The makefile "%NLM_MAKE%" has been created use your maketool to
|
||||
echo build (ex: gmake -f %NLM_MAKE%)
|
||||
goto end
|
||||
|
||||
rem ===============================================================
|
||||
rem
|
||||
:no_target
|
||||
echo .
|
||||
echo . No build target specified!!!
|
||||
echo .
|
||||
echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
|
||||
echo .
|
||||
echo . target - "netware-clib" - CLib NetWare build
|
||||
echo . - "netware-libc" - LibC NKS NetWare build
|
||||
echo .
|
||||
echo . debug opts - "debug" - build debug
|
||||
echo .
|
||||
echo . assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
echo . "nw-nasm" - use NASM assembler
|
||||
echo . "no-asm" - don't use assembly
|
||||
echo .
|
||||
echo . configure opts- all unrecognized arguments are passed to the
|
||||
echo . perl configure script
|
||||
echo .
|
||||
echo . If no debug or assembly opts are specified the default is to build
|
||||
echo . non-debug without assembly
|
||||
echo .
|
||||
|
||||
|
||||
:end
|
@ -1,112 +0,0 @@
|
||||
@echo off
|
||||
|
||||
rem Batch file to copy OpenSSL stuff to a NetWare server for testing
|
||||
|
||||
rem This batch file will create an "opensssl" directory at the root of the
|
||||
rem specified NetWare drive and copy the required files to run the tests.
|
||||
rem It should be run from inside the "openssl\netware" subdirectory.
|
||||
|
||||
rem Usage:
|
||||
rem cpy_tests.bat <test subdirectory> <NetWare drive>
|
||||
rem <test subdirectory> - out_nw.dbg | out_nw
|
||||
rem <NetWare drive> - any mapped drive letter
|
||||
rem
|
||||
rem example ( copy from debug build to m: dirve ):
|
||||
rem cpy_tests.bat out_nw.dbg m:
|
||||
rem
|
||||
rem CAUTION: If a directory named OpenSSL exists on the target drive
|
||||
rem it will be deleted first.
|
||||
|
||||
|
||||
if "%1" == "" goto usage
|
||||
if "%2" == "" goto usage
|
||||
|
||||
rem Assume running in \openssl directory unless cpy_tests.bat exists then
|
||||
rem it must be the \openssl\netware directory
|
||||
set loc=.
|
||||
if exist cpy_tests.bat set loc=..
|
||||
|
||||
rem make sure the local build subdirectory specified is valid
|
||||
if not exist %loc%\%1\NUL goto invalid_dir
|
||||
|
||||
rem make sure target drive is valid
|
||||
if not exist %2\NUL goto invalid_drive
|
||||
|
||||
rem If an OpenSSL directory exists on the target drive, remove it
|
||||
if exist %2\openssl\NUL goto remove_openssl
|
||||
goto do_copy
|
||||
|
||||
:remove_openssl
|
||||
echo .
|
||||
echo OpenSSL directory exists on %2 - it will be removed!
|
||||
pause
|
||||
rmdir %2\openssl /s /q
|
||||
|
||||
:do_copy
|
||||
rem make an "openssl" directory and others at the root of the NetWare drive
|
||||
mkdir %2\openssl
|
||||
mkdir %2\openssl\test_out
|
||||
mkdir %2\openssl\apps
|
||||
mkdir %2\openssl\certs
|
||||
mkdir %2\openssl\test
|
||||
|
||||
|
||||
rem copy the test nlms
|
||||
copy %loc%\%1\*.nlm %2\openssl\
|
||||
|
||||
rem copy the test perl script
|
||||
copy %loc%\netware\do_tests.pl %2\openssl\
|
||||
|
||||
rem copy the certs directory stuff
|
||||
xcopy %loc%\certs\*.* %2\openssl\certs\ /s
|
||||
|
||||
rem copy the test directory stuff
|
||||
copy %loc%\test\CAss.cnf %2\openssl\test\
|
||||
copy %loc%\test\Uss.cnf %2\openssl\test\
|
||||
copy %loc%\test\pkcs7.pem %2\openssl\test\
|
||||
copy %loc%\test\pkcs7-1.pem %2\openssl\test\
|
||||
copy %loc%\test\testcrl.pem %2\openssl\test\
|
||||
copy %loc%\test\testp7.pem %2\openssl\test\
|
||||
copy %loc%\test\testreq2.pem %2\openssl\test\
|
||||
copy %loc%\test\testrsa.pem %2\openssl\test\
|
||||
copy %loc%\test\testsid.pem %2\openssl\test\
|
||||
copy %loc%\test\testx509.pem %2\openssl\test\
|
||||
copy %loc%\test\v3-cert1.pem %2\openssl\test\
|
||||
copy %loc%\test\v3-cert2.pem %2\openssl\test\
|
||||
|
||||
rem copy the apps directory stuff
|
||||
copy %loc%\apps\client.pem %2\openssl\apps\
|
||||
copy %loc%\apps\server.pem %2\openssl\apps\
|
||||
copy %loc%\apps\openssl.cnf %2\openssl\apps\
|
||||
|
||||
echo .
|
||||
echo Tests copied
|
||||
echo Run the test script at the console by typing:
|
||||
echo "Perl \openssl\do_tests.pl"
|
||||
echo .
|
||||
echo Make sure the Search path includes the OpenSSL subdirectory
|
||||
|
||||
goto end
|
||||
|
||||
:invalid_dir
|
||||
echo.
|
||||
echo Invalid build directory specified: %1
|
||||
echo.
|
||||
goto usage
|
||||
|
||||
:invalid_drive
|
||||
echo.
|
||||
echo Invalid drive: %2
|
||||
echo.
|
||||
goto usage
|
||||
|
||||
:usage
|
||||
echo.
|
||||
echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
|
||||
echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc.
|
||||
echo [NetWare drive] - any mapped drive letter
|
||||
echo.
|
||||
echo example: cpy_test out_nw_clib.dbg M:
|
||||
echo (copy from clib debug build area to M: drive)
|
||||
|
||||
:end
|
@ -1,585 +0,0 @@
|
||||
# perl script to run OpenSSL tests
|
||||
|
||||
|
||||
my $base_path = "\\openssl";
|
||||
|
||||
my $output_path = "$base_path\\test_out";
|
||||
my $cert_path = "$base_path\\certs";
|
||||
my $test_path = "$base_path\\test";
|
||||
my $app_path = "$base_path\\apps";
|
||||
|
||||
my $tmp_cert = "$output_path\\cert.tmp";
|
||||
my $OpenSSL_config = "$app_path\\openssl.cnf";
|
||||
my $log_file = "$output_path\\tests.log";
|
||||
|
||||
my $pause = 0;
|
||||
|
||||
|
||||
# process the command line args to see if they wanted us to pause
|
||||
# between executing each command
|
||||
foreach $i (@ARGV)
|
||||
{
|
||||
if ($i =~ /^-p$/)
|
||||
{ $pause=1; }
|
||||
}
|
||||
|
||||
|
||||
|
||||
main();
|
||||
|
||||
|
||||
############################################################################
|
||||
sub main()
|
||||
{
|
||||
# delete all the output files in the output directory
|
||||
unlink <$output_path\\*.*>;
|
||||
|
||||
# open the main log file
|
||||
open(OUT, ">$log_file") || die "unable to open $log_file\n";
|
||||
|
||||
|
||||
algorithm_tests();
|
||||
encryption_tests();
|
||||
pem_tests();
|
||||
verify_tests();
|
||||
ssl_tests();
|
||||
ca_tests();
|
||||
|
||||
close(OUT);
|
||||
|
||||
print("\nCompleted running tests.\n\n");
|
||||
print("Check log file for errors: $log_file\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub algorithm_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile;
|
||||
my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
|
||||
md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
|
||||
dhtest, exptest );
|
||||
|
||||
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
|
||||
|
||||
foreach $i (@tests)
|
||||
{
|
||||
$outFile = "$output_path\\$i.out";
|
||||
system("$i > $outFile");
|
||||
log_desc("Test: $i\.nlm:");
|
||||
log_output("", $outFile );
|
||||
}
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub encryption_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile;
|
||||
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
|
||||
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
|
||||
"des-ecb", "des-ede", "des-ede3", "des-cbc",
|
||||
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
|
||||
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
|
||||
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
|
||||
"bf-ofb", "bf-cbc" );
|
||||
|
||||
my $input = "$base_path\\do_tests.pl";
|
||||
my $cipher = "$output_path\\cipher.out";
|
||||
my $clear = "$output_path\\clear.out";
|
||||
|
||||
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
|
||||
|
||||
foreach $i (@enc_tests)
|
||||
{
|
||||
log_desc("Testing: $i");
|
||||
|
||||
# do encryption
|
||||
$outFile = "$output_path\\enc.out";
|
||||
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
|
||||
log_output("Encrypting: $input --> $cipher", $outFile);
|
||||
|
||||
# do decryption
|
||||
$outFile = "$output_path\\dec.out";
|
||||
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
|
||||
log_output("Decrypting: $cipher --> $clear", $outFile);
|
||||
|
||||
# compare files
|
||||
$x = compare_files( $input, $clear, 1);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "SUCCESS - files match: $input, $clear\n");
|
||||
print( OUT "SUCCESS - files match: $input, $clear\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "ERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
|
||||
do_wait();
|
||||
|
||||
# Now do the same encryption but use Base64
|
||||
|
||||
# do encryption B64
|
||||
$outFile = "$output_path\\B64enc.out";
|
||||
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
|
||||
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
|
||||
|
||||
# do decryption B64
|
||||
$outFile = "$output_path\\B64dec.out";
|
||||
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
|
||||
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
|
||||
|
||||
# compare files
|
||||
$x = compare_files( $input, $clear, 1);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "SUCCESS - files match: $input, $clear\n");
|
||||
print( OUT "SUCCESS - files match: $input, $clear\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "ERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
|
||||
do_wait();
|
||||
|
||||
} # end foreach
|
||||
|
||||
# delete the temporary files
|
||||
unlink($cipher);
|
||||
unlink($clear);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub pem_tests
|
||||
{
|
||||
my $i;
|
||||
my $tmp_out;
|
||||
my $outFile = "$output_path\\pem.out";
|
||||
|
||||
my %pem_tests = (
|
||||
"crl" => "testcrl.pem",
|
||||
"pkcs7" => "testp7.pem",
|
||||
"req" => "testreq2.pem",
|
||||
"rsa" => "testrsa.pem",
|
||||
"x509" => "testx509.pem",
|
||||
"x509" => "v3-cert1.pem",
|
||||
"sess_id" => "testsid.pem" );
|
||||
|
||||
|
||||
print( "\nRUNNING PEM TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "PEM TESTS:\n\n");
|
||||
|
||||
foreach $i (keys(%pem_tests))
|
||||
{
|
||||
log_desc( "Testing: $i");
|
||||
|
||||
my $input = "$test_path\\$pem_tests{$i}";
|
||||
|
||||
$tmp_out = "$output_path\\$pem_tests{$i}";
|
||||
|
||||
if ($i ne "req" )
|
||||
{
|
||||
system("openssl2 $i -in $input -out $tmp_out > $outFile");
|
||||
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
|
||||
}
|
||||
else
|
||||
{
|
||||
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
|
||||
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
|
||||
}
|
||||
|
||||
$x = compare_files( $input, $tmp_out);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "SUCCESS - files match: $input, $tmp_out\n");
|
||||
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "ERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
do_wait();
|
||||
|
||||
} # end foreach
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub verify_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile = "$output_path\\verify.out";
|
||||
|
||||
my @cert_files = <$cert_path\\*.pem>;
|
||||
|
||||
print( "\nRUNNING VERIFY TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "VERIFY TESTS:\n\n");
|
||||
|
||||
make_tmp_cert_file();
|
||||
|
||||
foreach $i (@cert_files)
|
||||
{
|
||||
system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
|
||||
log_desc("Verifying cert: $i");
|
||||
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub ssl_tests
|
||||
{
|
||||
my $outFile = "$output_path\\ssl_tst.out";
|
||||
|
||||
print( "\nRUNNING SSL TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "SSL TESTS:\n\n");
|
||||
|
||||
make_tmp_cert_file();
|
||||
|
||||
system("ssltest -ssl2 >$outFile");
|
||||
log_desc("Testing sslv2:");
|
||||
log_output("ssltest -ssl2", $outFile);
|
||||
|
||||
system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with server authentication:");
|
||||
log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with client authentication:");
|
||||
log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with both client and server authentication:");
|
||||
log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -ssl3 >$outFile");
|
||||
log_desc("Testing sslv3:");
|
||||
log_output("ssltest -ssl3", $outFile);
|
||||
|
||||
system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with server authentication:");
|
||||
log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with client authentication:");
|
||||
log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with both client and server authentication:");
|
||||
log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest >$outFile");
|
||||
log_desc("Testing sslv2/sslv3:");
|
||||
log_output("ssltest", $outFile);
|
||||
|
||||
system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with server authentication:");
|
||||
log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with client authentication:");
|
||||
log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
|
||||
log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl2 >$outFile");
|
||||
log_desc("Testing sslv2 via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl2", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
|
||||
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with client authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl3 >$outFile");
|
||||
log_desc("Testing sslv3 via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl3", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with client authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 via BIO pair:");
|
||||
log_output("ssltest -bio_pair", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
|
||||
log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub ca_tests
|
||||
{
|
||||
my $outFile = "$output_path\\ca_tst.out";
|
||||
|
||||
my($CAkey) = "$output_path\\keyCA.ss";
|
||||
my($CAcert) = "$output_path\\certCA.ss";
|
||||
my($CAserial) = "$output_path\\certCA.srl";
|
||||
my($CAreq) = "$output_path\\reqCA.ss";
|
||||
my($CAreq2) = "$output_path\\req2CA.ss";
|
||||
|
||||
my($CAconf) = "$test_path\\CAss.cnf";
|
||||
|
||||
my($Uconf) = "$test_path\\Uss.cnf";
|
||||
|
||||
my($Ukey) = "$output_path\\keyU.ss";
|
||||
my($Ureq) = "$output_path\\reqU.ss";
|
||||
my($Ucert) = "$output_path\\certU.ss";
|
||||
|
||||
print( "\nRUNNING CA TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "CA TESTS:\n");
|
||||
|
||||
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
|
||||
log_desc("Make a certificate request using req:");
|
||||
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
|
||||
|
||||
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
|
||||
log_desc("Convert the certificate request into a self signed certificate using x509:");
|
||||
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
|
||||
|
||||
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
|
||||
log_desc("Convert a certificate into a certificate request using 'x509':");
|
||||
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
|
||||
|
||||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
|
||||
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
|
||||
|
||||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
|
||||
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
|
||||
|
||||
system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
|
||||
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
|
||||
|
||||
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
|
||||
log_desc("Make another certificate request using req:");
|
||||
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
|
||||
|
||||
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
|
||||
log_desc("Sign certificate request with the just created CA via x509:");
|
||||
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
|
||||
|
||||
system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
|
||||
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
|
||||
|
||||
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
|
||||
log_desc("Certificate details");
|
||||
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
|
||||
|
||||
print(OUT "-- \n");
|
||||
print(OUT "The generated CA certificate is $CAcert\n");
|
||||
print(OUT "The generated CA private key is $CAkey\n");
|
||||
print(OUT "The current CA signing serial number is in $CAserial\n");
|
||||
|
||||
print(OUT "The generated user certificate is $Ucert\n");
|
||||
print(OUT "The generated user private key is $Ukey\n");
|
||||
print(OUT "--\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub log_output( $ $ )
|
||||
{
|
||||
my( $desc, $file ) = @_;
|
||||
my($error) = 0;
|
||||
my($key);
|
||||
my($msg);
|
||||
|
||||
if ($desc)
|
||||
{
|
||||
print("$desc\n");
|
||||
print(OUT "$desc\n");
|
||||
}
|
||||
|
||||
# loop waiting for test program to complete
|
||||
while ( stat($file) == 0)
|
||||
{ print(". "); sleep(1); }
|
||||
|
||||
|
||||
# copy test output to log file
|
||||
open(IN, "<$file");
|
||||
while (<IN>)
|
||||
{
|
||||
print(OUT $_);
|
||||
if ( $_ =~ /ERROR/ )
|
||||
{
|
||||
$error = 1;
|
||||
}
|
||||
}
|
||||
# close and delete the temporary test output file
|
||||
close(IN);
|
||||
unlink($file);
|
||||
|
||||
if ( $error == 0 )
|
||||
{
|
||||
$msg = "Test Succeeded";
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg = "Test Failed";
|
||||
}
|
||||
|
||||
print(OUT "$msg\n");
|
||||
|
||||
if ($pause)
|
||||
{
|
||||
print("$msg - press ENTER to continue...");
|
||||
$key = getc;
|
||||
print("\n");
|
||||
}
|
||||
|
||||
# Several of the testing scripts run a loop loading the
|
||||
# same NLM with different options.
|
||||
# On slow NetWare machines there appears to be some delay in the
|
||||
# OS actually unloading the test nlms and the OS complains about.
|
||||
# the NLM already being loaded. This additional pause is to
|
||||
# to help provide a little more time for unloading before trying to
|
||||
# load again.
|
||||
sleep(1);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub log_desc( $ )
|
||||
{
|
||||
my( $desc ) = @_;
|
||||
|
||||
print("\n");
|
||||
print("$desc\n");
|
||||
|
||||
print(OUT "\n");
|
||||
print(OUT "$desc\n");
|
||||
print(OUT "======================================\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub compare_files( $ $ $ )
|
||||
{
|
||||
my( $file1, $file2, $binary ) = @_;
|
||||
my( $n1, $n2, $b1, $b2 );
|
||||
my($ret) = 1;
|
||||
|
||||
open(IN0, $file1) || die "\nunable to open $file1\n";
|
||||
open(IN1, $file2) || die "\nunable to open $file2\n";
|
||||
|
||||
if ($binary)
|
||||
{
|
||||
binmode IN0;
|
||||
binmode IN1;
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
$n1 = read(IN0, $b1, 512);
|
||||
$n2 = read(IN1, $b2, 512);
|
||||
|
||||
if ($n1 != $n2) {last;}
|
||||
if ($b1 != $b2) {last;}
|
||||
|
||||
if ($n1 == 0)
|
||||
{
|
||||
$ret = 0;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close(IN0);
|
||||
close(IN1);
|
||||
return($ret);
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub do_wait()
|
||||
{
|
||||
my($key);
|
||||
|
||||
if ($pause)
|
||||
{
|
||||
print("Press ENTER to continue...");
|
||||
$key = getc;
|
||||
print("\n");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub make_tmp_cert_file()
|
||||
{
|
||||
my @cert_files = <$cert_path\\*.pem>;
|
||||
|
||||
# delete the file if it already exists
|
||||
unlink($tmp_cert);
|
||||
|
||||
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
|
||||
|
||||
print("building temporary cert file\n");
|
||||
|
||||
# create a temporary cert file that contains all the certs
|
||||
foreach $i (@cert_files)
|
||||
{
|
||||
open( IN_CERT, $i ) || die "\nunable to open $i\n";
|
||||
|
||||
for(;;)
|
||||
{
|
||||
$n = sysread(IN_CERT, $data, 1024);
|
||||
|
||||
if ($n == 0)
|
||||
{
|
||||
close(IN_CERT);
|
||||
last;
|
||||
};
|
||||
|
||||
syswrite(TMP_CERT, $data, $n);
|
||||
}
|
||||
}
|
||||
|
||||
close( TMP_CERT );
|
||||
}
|
@ -1,254 +0,0 @@
|
||||
An initial review of the OpenSSL code was done to determine how many
|
||||
global variables where present. The idea was to determine the amount of
|
||||
work required to pull the globals into an instance data structure in
|
||||
order to build a Library NLM for NetWare. This file contains the results
|
||||
of the review. Each file is listed along with the globals in the file.
|
||||
The initial review was done very quickly so this list is probably
|
||||
not a comprehensive list.
|
||||
|
||||
|
||||
cryptlib.c
|
||||
===========================================
|
||||
|
||||
static STACK *app_locks=NULL;
|
||||
|
||||
static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
|
||||
|
||||
static void (MS_FAR *locking_callback)(int mode,int type,
|
||||
const char *file,int line)=NULL;
|
||||
static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
|
||||
int type,const char *file,int line)=NULL;
|
||||
static unsigned long (MS_FAR *id_callback)(void)=NULL;
|
||||
static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
|
||||
(const char *file,int line)=NULL;
|
||||
static void (MS_FAR *dynlock_lock_callback)(int mode,
|
||||
struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
|
||||
static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
|
||||
const char *file,int line)=NULL;
|
||||
|
||||
|
||||
mem.c
|
||||
===========================================
|
||||
static int allow_customize = 1; /* we provide flexible functions for */
|
||||
static int allow_customize_debug = 1;/* exchanging memory-related functions at
|
||||
|
||||
/* may be changed as long as `allow_customize' is set */
|
||||
static void *(*malloc_locked_func)(size_t) = malloc;
|
||||
static void (*free_locked_func)(void *) = free;
|
||||
static void *(*malloc_func)(size_t) = malloc;
|
||||
static void *(*realloc_func)(void *, size_t)= realloc;
|
||||
static void (*free_func)(void *) = free;
|
||||
|
||||
/* use default functions from mem_dbg.c */
|
||||
static void (*malloc_debug_func)(void *,int,const char *,int,int)
|
||||
= CRYPTO_dbg_malloc;
|
||||
static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
|
||||
= CRYPTO_dbg_realloc;
|
||||
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
|
||||
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
|
||||
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
|
||||
|
||||
|
||||
mem_dbg.c
|
||||
===========================================
|
||||
static int mh_mode=CRYPTO_MEM_CHECK_OFF;
|
||||
static unsigned long order = 0; /* number of memory requests */
|
||||
static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
|
||||
|
||||
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
|
||||
static long options = /* extra information to be recorded */
|
||||
static unsigned long disabling_thread = 0;
|
||||
|
||||
|
||||
err.c
|
||||
===========================================
|
||||
static LHASH *error_hash=NULL;
|
||||
static LHASH *thread_hash=NULL;
|
||||
|
||||
several files have routines with static "init" to track if error strings
|
||||
have been loaded ( may not want seperate error strings for each process )
|
||||
The "init" variable can't be left "global" because the error has is a ptr
|
||||
that is malloc'ed. The malloc'ed error has is dependant on the "init"
|
||||
vars.
|
||||
|
||||
files:
|
||||
pem_err.c
|
||||
cpt_err.c
|
||||
pk12err.c
|
||||
asn1_err.c
|
||||
bio_err.c
|
||||
bn_err.c
|
||||
buf_err.c
|
||||
comp_err.c
|
||||
conf_err.c
|
||||
cpt_err.c
|
||||
dh_err.c
|
||||
dsa_err.c
|
||||
dso_err.c
|
||||
evp_err.c
|
||||
obj_err.c
|
||||
pkcs7err.c
|
||||
rand_err.c
|
||||
rsa_err.c
|
||||
rsar_err.c
|
||||
ssl_err.c
|
||||
x509_err.c
|
||||
v3err.c
|
||||
err.c
|
||||
|
||||
These file have similar "init" globals but they are for other stuff not
|
||||
error strings:
|
||||
|
||||
bn_lib.c
|
||||
ecc_enc.c
|
||||
s23_clnt.c
|
||||
s23_meth.c
|
||||
s23_srvr.c
|
||||
s2_clnt.c
|
||||
s2_lib.c
|
||||
s2_meth.c
|
||||
s2_srvr.c
|
||||
s3_clnt.c
|
||||
s3_lib.c
|
||||
s3_srvr.c
|
||||
t1_clnt.c
|
||||
t1_meth.c
|
||||
t1_srvr.c
|
||||
|
||||
rand_lib.c
|
||||
===========================================
|
||||
static RAND_METHOD *rand_meth= &rand_ssleay_meth;
|
||||
|
||||
md_rand.c
|
||||
===========================================
|
||||
static int state_num=0,state_index=0;
|
||||
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
|
||||
static unsigned char md[MD_DIGEST_LENGTH];
|
||||
static long md_count[2]={0,0};
|
||||
static double entropy=0;
|
||||
static int initialized=0;
|
||||
|
||||
/* This should be set to 1 only when ssleay_rand_add() is called inside
|
||||
an already locked state, so it doesn't try to lock and thereby cause
|
||||
a hang. And it should always be reset back to 0 before unlocking. */
|
||||
static int add_do_not_lock=0;
|
||||
|
||||
obj_dat.c
|
||||
============================================
|
||||
static int new_nid=NUM_NID;
|
||||
static LHASH *added=NULL;
|
||||
|
||||
b_sock.c
|
||||
===========================================
|
||||
static unsigned long BIO_ghbn_hits=0L;
|
||||
static unsigned long BIO_ghbn_miss=0L;
|
||||
static struct ghbn_cache_st
|
||||
{
|
||||
char name[129];
|
||||
struct hostent *ent;
|
||||
unsigned long order;
|
||||
} ghbn_cache[GHBN_NUM];
|
||||
|
||||
static int wsa_init_done=0;
|
||||
|
||||
|
||||
bio_lib.c
|
||||
===========================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
|
||||
static int bio_meth_num=0;
|
||||
|
||||
|
||||
bn_lib.c
|
||||
========================================
|
||||
static int bn_limit_bits=0;
|
||||
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
|
||||
static int bn_limit_bits_low=0;
|
||||
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
|
||||
static int bn_limit_bits_high=0;
|
||||
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
|
||||
static int bn_limit_bits_mont=0;
|
||||
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
|
||||
|
||||
conf_lib.c
|
||||
========================================
|
||||
static CONF_METHOD *default_CONF_method=NULL;
|
||||
|
||||
dh_lib.c
|
||||
========================================
|
||||
static DH_METHOD *default_DH_method;
|
||||
static int dh_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
|
||||
|
||||
dsa_lib.c
|
||||
========================================
|
||||
static DSA_METHOD *default_DSA_method;
|
||||
static int dsa_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
|
||||
|
||||
dso_lib.c
|
||||
========================================
|
||||
static DSO_METHOD *default_DSO_meth = NULL;
|
||||
|
||||
rsa_lib.c
|
||||
========================================
|
||||
static RSA_METHOD *default_RSA_meth=NULL;
|
||||
static int rsa_meth_num=0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
|
||||
|
||||
x509_trs.c
|
||||
=======================================
|
||||
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
|
||||
static STACK_OF(X509_TRUST) *trtable = NULL;
|
||||
|
||||
x509_req.c
|
||||
=======================================
|
||||
static int *ext_nids = ext_nid_list;
|
||||
|
||||
o_names.c
|
||||
======================================
|
||||
static LHASH *names_lh=NULL;
|
||||
static STACK_OF(NAME_FUNCS) *name_funcs_stack;
|
||||
static int free_type;
|
||||
static int names_type_num=OBJ_NAME_TYPE_NUM;
|
||||
|
||||
|
||||
th-lock.c - NEED to add support for locking for NetWare
|
||||
==============================================
|
||||
static long *lock_count;
|
||||
(other platform specific globals)
|
||||
|
||||
x_x509.c
|
||||
==============================================
|
||||
static int x509_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
|
||||
|
||||
|
||||
evp_pbe.c
|
||||
============================================
|
||||
static STACK *pbe_algs;
|
||||
|
||||
evp_key.c
|
||||
============================================
|
||||
static char prompt_string[80];
|
||||
|
||||
ssl_ciph.c
|
||||
============================================
|
||||
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
|
||||
|
||||
ssl_lib.c
|
||||
=============================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
|
||||
static int ssl_meth_num=0;
|
||||
static int ssl_ctx_meth_num=0;
|
||||
|
||||
ssl_sess.c
|
||||
=============================================
|
||||
static int ssl_session_num=0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
|
||||
|
||||
x509_vfy.c
|
||||
============================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
|
||||
static int x509_store_ctx_num=0;
|
||||
|
@ -1,19 +0,0 @@
|
||||
|
||||
Contents of the openssl\netware directory
|
||||
==========================================
|
||||
|
||||
Regular files:
|
||||
|
||||
readme.txt - this file
|
||||
do_tests.pl - perl script used to run the OpenSSL tests on NetWare
|
||||
cpy_tests.bat - batch to to copy test stuff to NetWare server
|
||||
build.bat - batch file to help with builds
|
||||
set_env.bat - batch file to help setup build environments
|
||||
globals.txt - results of initial code review to identify OpenSSL global variables
|
||||
|
||||
|
||||
The following files are generated by the various scripts. They are
|
||||
recreated each time and it is okay to delete them.
|
||||
|
||||
*.def - command files used by Metrowerks linker
|
||||
*.mak - make files generated by mk1mf.pl
|
@ -1,90 +0,0 @@
|
||||
@echo off
|
||||
|
||||
rem ========================================================================
|
||||
rem Batch file to assist in setting up the necessary enviroment for
|
||||
rem building OpenSSL for NetWare.
|
||||
rem
|
||||
rem usage:
|
||||
rem set_env [target]
|
||||
rem
|
||||
rem target - "netware-clib" - Clib build
|
||||
rem - "netware-libc" - LibC build
|
||||
rem
|
||||
rem
|
||||
|
||||
if "a%1" == "a" goto usage
|
||||
|
||||
set LIBC_BUILD=
|
||||
set CLIB_BUILD=
|
||||
|
||||
if "%1" == "netware-clib" set CLIB_BUILD=Y
|
||||
if "%1" == "netware-clib" set LIBC_BUILD=
|
||||
|
||||
if "%1" == "netware-libc" set LIBC_BUILD=Y
|
||||
if "%1" == "netware-libc" set CLIB_BUILD=
|
||||
|
||||
rem Location of tools (compiler, linker, etc)
|
||||
set TOOLS=d:\i_drive\tools
|
||||
|
||||
rem If Perl for Win32 is not already in your path, add it here
|
||||
set PERL_PATH=
|
||||
|
||||
rem Define path to the Metrowerks command line tools
|
||||
rem ( compiler, assembler, linker)
|
||||
set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
|
||||
rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools
|
||||
|
||||
rem If using gnu make define path to utility
|
||||
set GNU_MAKE_PATH=%TOOLS%\gnu
|
||||
|
||||
rem If using ms nmake define path to nmake
|
||||
set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin
|
||||
|
||||
rem If using NASM assembler define path
|
||||
set NASM_PATH=%TOOLS%\nasm
|
||||
|
||||
rem Update path to include tool paths
|
||||
set path=%path%;%METROWERKS_PATH%
|
||||
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
|
||||
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
|
||||
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH%
|
||||
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH%
|
||||
|
||||
rem Set MWCIncludes to location of Novell NDK includes
|
||||
if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
|
||||
if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
|
||||
set include=
|
||||
|
||||
rem Set Imports to location of Novell NDK import files
|
||||
if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
|
||||
if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
|
||||
|
||||
rem Set PRELUDE to the absolute path of the prelude object to link with in
|
||||
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "nwpre.obj" is
|
||||
rem recommended, for LibC NKS builds libcpre.o must be used
|
||||
if "%LIBC_BUILD%" == "Y" set PRELUDE=%TOOLS%\ndk\libc\imports\libcpre.o
|
||||
if "%CLIB_BUILD%" == "Y" set PRELUDE=%TOOLS%\codewar\pdk_21\novell support\metrowerks support\libraries\runtime\nwpre.obj
|
||||
|
||||
|
||||
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
|
||||
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
|
||||
|
||||
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
|
||||
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
|
||||
goto end
|
||||
|
||||
:usage
|
||||
rem ===============================================================
|
||||
echo .
|
||||
echo . No target build specified!
|
||||
echo .
|
||||
echo . usage: set_env [target]
|
||||
echo .
|
||||
echo . target - "netware-clib" - Clib build
|
||||
echo . - "netware-libc" - LibC build
|
||||
echo .
|
||||
|
||||
|
||||
|
||||
:end
|
||||
|
75
PROBLEMS
75
PROBLEMS
@ -1,11 +1,5 @@
|
||||
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
|
||||
|
||||
|
||||
NOTE: The problem described here only applies when OpenSSL isn't built
|
||||
with shared library support (i.e. without the "shared" configuration
|
||||
option). If you build with shared library support, you will have no
|
||||
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
|
||||
|
||||
[NOTE: This is currently undergoing tests, and may be removed soon]
|
||||
|
||||
This is really a misfeature in ld, which seems to look for .dylib libraries
|
||||
along the whole library path before it bothers looking for .a libraries. This
|
||||
@ -62,70 +56,3 @@ What happens is that gcc might optimize a little too agressively, and
|
||||
you end up with an extra incrementation when *header != '4'.
|
||||
|
||||
We recommend that you upgrade gcc to as high a 3.x version as you can.
|
||||
|
||||
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
|
||||
|
||||
As subject suggests SHA-1 might perform poorly (4 times slower)
|
||||
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
|
||||
this seems to be the fact that compiler emits multiplication to
|
||||
perform shift operations:-( To work the problem around configure
|
||||
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
|
||||
|
||||
* Problems with hp-parisc2-cc target when used with "no-asm" flag
|
||||
|
||||
When using the hp-parisc2-cc target, wrong bignum code is generated.
|
||||
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
|
||||
aggressive optimization.
|
||||
The problem manifests itself by the BN_kronecker test hanging in an
|
||||
endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
|
||||
which itself hangs. The reason could be tracked down to the bn_mul_comba8()
|
||||
function in bn_asm.c. At some occasions the higher 32bit value of r[7]
|
||||
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
|
||||
as no debugger support possible at +O3 and additional fprintf()'s
|
||||
introduced fixed the bug, therefore it is most likely a bug in the
|
||||
optimizer.
|
||||
The bug was found in the BN_kronecker test but may also lead to
|
||||
failures in other parts of the code.
|
||||
(See Ticket #426.)
|
||||
|
||||
Workaround: modify the target to +O2 when building with no-asm.
|
||||
|
||||
* Poor support for AIX shared builds.
|
||||
|
||||
do_aix-shared rule is not flexible enough to parameterize through a
|
||||
config-line. './Configure aix43-cc shared' is working, but not
|
||||
'./Configure aix64-gcc shared'. In latter case make fails to create shared
|
||||
libraries. It's possible to build 64-bit shared libraries by running
|
||||
'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
|
||||
supporting even gcc shared builds. See RT#463 for background information.
|
||||
|
||||
* Problems building shared libraries on SCO OpenServer Release 5.0.6
|
||||
with gcc 2.95.3
|
||||
|
||||
The symptoms appear when running the test suite, more specifically
|
||||
test/ectest, with the following result:
|
||||
|
||||
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
|
||||
ectest.c:186: ABORT
|
||||
|
||||
The cause of the problem seems to be that isxdigit(), called from
|
||||
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
|
||||
investigation shows that any of the isxxx() macros return 0 on any
|
||||
input. A direct look in the information array that the isxxx() use,
|
||||
called __ctype, shows that it contains all zeroes...
|
||||
|
||||
Taking a look at the newly created libcrypto.so with nm, one can see
|
||||
that the variable __ctype is defined in libcrypto's .bss (which
|
||||
explains why it is filled with zeroes):
|
||||
|
||||
$ nm -Pg libcrypto.so | grep __ctype
|
||||
__ctype B 0011659c
|
||||
__ctype2 U
|
||||
|
||||
Curiously, __ctype2 is undefined, in spite of being declared in
|
||||
/usr/include/ctype.h in exactly the same way as __ctype.
|
||||
|
||||
Any information helping to solve this issue would be deeply
|
||||
appreciated.
|
||||
|
||||
NOTE: building non-shared doesn't come with this problem.
|
||||
|
19
README
19
README
@ -1,7 +1,7 @@
|
||||
|
||||
OpenSSL 0.9.8-dev XX xxx XXXX
|
||||
OpenSSL 0.9.6m [engine] 17 Mar 2004
|
||||
|
||||
Copyright (c) 1998-2002 The OpenSSL Project
|
||||
Copyright (c) 1998-2004 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
@ -173,11 +173,17 @@
|
||||
textual explanation of what your patch does.
|
||||
|
||||
Note: For legal reasons, contributions from the US can be accepted only
|
||||
if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
|
||||
see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
|
||||
and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
|
||||
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
|
||||
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;
|
||||
please take some time to look at
|
||||
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
|
||||
and
|
||||
http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
|
||||
for the details. If "your encryption source code is too large to serve as
|
||||
an email attachment", they are glad to receive it by fax instead; hope you
|
||||
have a cheap long-distance plan.
|
||||
|
||||
The preferred format for changes is "diff -u" output. You might
|
||||
Our preferred format for changes is "diff -u" output. You might
|
||||
generate it like this:
|
||||
|
||||
# cd openssl-work
|
||||
@ -185,4 +191,3 @@
|
||||
# ./Configure dist; make clean
|
||||
# cd ..
|
||||
# diff -ur openssl-orig openssl-work > mydiffs.patch
|
||||
|
||||
|
187
README.ASN1
187
README.ASN1
@ -1,187 +0,0 @@
|
||||
|
||||
OpenSSL ASN1 Revision
|
||||
=====================
|
||||
|
||||
This document describes some of the issues relating to the new ASN1 code.
|
||||
|
||||
Previous OpenSSL ASN1 problems
|
||||
=============================
|
||||
|
||||
OK why did the OpenSSL ASN1 code need revising in the first place? Well
|
||||
there are lots of reasons some of which are included below...
|
||||
|
||||
1. The code is difficult to read and write. For every single ASN1 structure
|
||||
(e.g. SEQUENCE) four functions need to be written for new, free, encode and
|
||||
decode operations. This is a very painful and error prone operation. Very few
|
||||
people have ever written any OpenSSL ASN1 and those that have usually wish
|
||||
they hadn't.
|
||||
|
||||
2. Partly because of 1. the code is bloated and takes up a disproportionate
|
||||
amount of space. The SEQUENCE encoder is particularly bad: it essentially
|
||||
contains two copies of the same operation, one to compute the SEQUENCE length
|
||||
and the other to encode it.
|
||||
|
||||
3. The code is memory based: that is it expects to be able to read the whole
|
||||
structure from memory. This is fine for small structures but if you have a
|
||||
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
|
||||
|
||||
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
|
||||
changing the tag to the expected one, attempting to read it, then changing it
|
||||
back again. This means that decode buffers have to be writable even though they
|
||||
are ultimately unchanged. This gets in the way of constification.
|
||||
|
||||
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
|
||||
the decoder and encoder for every EXPLICIT tag.
|
||||
|
||||
6. APPLICATION and PRIVATE tags aren't even supported at all.
|
||||
|
||||
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
|
||||
types that are not OPTIONAL.
|
||||
|
||||
8. Much of the code assumes that a tag will fit in a single octet. This is
|
||||
only true if the tag is 30 or less (mercifully tags over 30 are rare).
|
||||
|
||||
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
|
||||
macros that properly support it.
|
||||
|
||||
10. Encoders have no concept of OPTIONAL and have no error checking. If the
|
||||
passed structure contains a NULL in a mandatory field it will not be encoded,
|
||||
resulting in an invalid structure.
|
||||
|
||||
11. It is tricky to add ASN1 encoders and decoders to external applications.
|
||||
|
||||
Template model
|
||||
==============
|
||||
|
||||
One of the major problems with revision is the sheer volume of the ASN1 code.
|
||||
Attempts to change (for example) the IMPLICIT behaviour would result in a
|
||||
modification of *every* single decode function.
|
||||
|
||||
I decided to adopt a template based approach. I'm using the term 'template'
|
||||
in a manner similar to SNACC templates: it has nothing to do with C++
|
||||
templates.
|
||||
|
||||
A template is a description of an ASN1 module as several constant C structures.
|
||||
It describes in a machine readable way exactly how the ASN1 structure should
|
||||
behave. If this template contains enough detail then it is possible to write
|
||||
versions of new, free, encode, decode (and possibly others operations) that
|
||||
operate on templates.
|
||||
|
||||
Instead of having to write code to handle each operation only a single
|
||||
template needs to be written. If new operations are needed (such as a 'print'
|
||||
operation) only a single new template based function needs to be written
|
||||
which will then automatically handle all existing templates.
|
||||
|
||||
Plans for revision
|
||||
==================
|
||||
|
||||
The revision will consist of the following steps. Other than the first two
|
||||
these can be handled in any order.
|
||||
|
||||
o Design and write template new, free, encode and decode operations, initially
|
||||
memory based. *DONE*
|
||||
|
||||
o Convert existing ASN1 code to template form. *IN PROGRESS*
|
||||
|
||||
o Convert an existing ASN1 compiler (probably SNACC) to output templates
|
||||
in OpenSSL form.
|
||||
|
||||
o Add support for BIO based ASN1 encoders and decoders to handle large
|
||||
structures, initially blocking I/O.
|
||||
|
||||
o Add support for non blocking I/O: this is quite a bit harder than blocking
|
||||
I/O.
|
||||
|
||||
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
|
||||
certificates etc etc.
|
||||
|
||||
Description of major changes
|
||||
============================
|
||||
|
||||
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
|
||||
absent. The meaning of absent depends on the context. If for example the
|
||||
boolean type is DEFAULT FALSE (as in the case of the critical flag for
|
||||
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
|
||||
Usually the value will only ever be read via an API which will hide this from
|
||||
an application.
|
||||
|
||||
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
|
||||
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
|
||||
old code would omit the structure if the STACK was NULL (which is fine) or if
|
||||
it had zero elements (which is NOT OK). This causes problems because an empty
|
||||
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
|
||||
it is encoded it will be omitted resulting in different encodings. The new code
|
||||
only omits the encoding if the STACK is NULL, if it contains zero elements it
|
||||
is encoded and empty. There is an additional problem though: because an empty
|
||||
STACK was omitted, sometimes the corresponding *_new() function would
|
||||
initialize the STACK to empty so an application could immediately use it, if
|
||||
this is done with the new code (i.e. a NULL) it wont work. Therefore a new
|
||||
STACK should be allocated first. One instance of this is the X509_CRL list of
|
||||
revoked certificates: a helper function X509_CRL_add0_revoked() has been added
|
||||
for this purpose.
|
||||
|
||||
The X509_ATTRIBUTE structure used to have an element called 'set' which took
|
||||
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
|
||||
to the behaviour of CHOICE in the new code this has been changed to a field
|
||||
called 'single' which is 0 for a SET OF and 1 for single. The old field has
|
||||
been deleted to deliberately break source compatibility. Since this structure
|
||||
is normally accessed via higher level functions this shouldn't break too much.
|
||||
|
||||
The X509_REQ_INFO certificate request info structure no longer has a field
|
||||
called 'req_kludge'. This used to be set to 1 if the attributes field was
|
||||
(incorrectly) omitted. You can check to see if the field is omitted now by
|
||||
checking if the attributes field is NULL. Similarly if you need to omit
|
||||
the field then free attributes and set it to NULL.
|
||||
|
||||
The top level 'detached' field in the PKCS7 structure is no longer set when
|
||||
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
|
||||
The behaviour of PKCS7_get_detached() is unaffected.
|
||||
|
||||
The values of 'type' in the GENERAL_NAME structure have changed. This is
|
||||
because the old code use the ASN1 initial octet as the selector. The new
|
||||
code uses the index in the ASN1_CHOICE template.
|
||||
|
||||
The DIST_POINT_NAME structure has changed to be a true CHOICE type.
|
||||
|
||||
typedef struct DIST_POINT_NAME_st {
|
||||
int type;
|
||||
union {
|
||||
STACK_OF(GENERAL_NAME) *fullname;
|
||||
STACK_OF(X509_NAME_ENTRY) *relativename;
|
||||
} name;
|
||||
} DIST_POINT_NAME;
|
||||
|
||||
This means that name.fullname or name.relativename should be set
|
||||
and type reflects the option. That is if name.fullname is set then
|
||||
type is 0 and if name.relativename is set type is 1.
|
||||
|
||||
With the old code using the i2d functions would typically involve:
|
||||
|
||||
unsigned char *buf, *p;
|
||||
int len;
|
||||
/* Find length of encoding */
|
||||
len = i2d_SOMETHING(x, NULL);
|
||||
/* Allocate buffer */
|
||||
buf = OPENSSL_malloc(len);
|
||||
if(buf == NULL) {
|
||||
/* Malloc error */
|
||||
}
|
||||
/* Use temp variable because &p gets updated to point to end of
|
||||
* encoding.
|
||||
*/
|
||||
p = buf;
|
||||
i2d_SOMETHING(x, &p);
|
||||
|
||||
|
||||
Using the new i2d you can also do:
|
||||
|
||||
unsigned char *buf = NULL;
|
||||
int len;
|
||||
len = i2d_SOMETHING(x, &buf);
|
||||
if(len < 0) {
|
||||
/* Malloc error */
|
||||
}
|
||||
|
||||
and it will automatically allocate and populate a buffer with the
|
||||
encoding. After this call 'buf' will point to the start of the
|
||||
encoding which is len bytes long.
|
302
README.ENGINE
302
README.ENGINE
@ -1,289 +1,63 @@
|
||||
|
||||
ENGINE
|
||||
======
|
||||
|
||||
With OpenSSL 0.9.6, a new component was added to support alternative
|
||||
cryptography implementations, most commonly for interfacing with external
|
||||
crypto devices (eg. accelerator cards). This component is called ENGINE,
|
||||
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
|
||||
caused a little confusion as 0.9.6** releases were rolled in two
|
||||
versions, a "standard" and an "engine" version. In development for 0.9.7,
|
||||
the ENGINE code has been merged into the main branch and will be present
|
||||
in the standard releases from 0.9.7 forwards.
|
||||
With OpenSSL 0.9.6, a new component has been added to support external
|
||||
crypto devices, for example accelerator cards. The component is called
|
||||
ENGINE, and has still a pretty experimental status and almost no
|
||||
documentation. It's designed to be fairly easily extensible by the
|
||||
calling programs.
|
||||
|
||||
There are currently built-in ENGINE implementations for the following
|
||||
crypto devices:
|
||||
There's currently built-in support for the following crypto devices:
|
||||
|
||||
o CryptoSwift
|
||||
o Compaq Atalla
|
||||
o nCipher CHIL
|
||||
o Nuron
|
||||
o Broadcom uBSec
|
||||
|
||||
In addition, dynamic binding to external ENGINE implementations is now
|
||||
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
|
||||
section below for details.
|
||||
A number of things are still needed and are being worked on:
|
||||
|
||||
At this stage, a number of things are still needed and are being worked on:
|
||||
|
||||
1 Integration of EVP support.
|
||||
2 Configuration support.
|
||||
3 Documentation!
|
||||
|
||||
1 With respect to EVP, this relates to support for ciphers and digests in
|
||||
the ENGINE model so that alternative implementations of existing
|
||||
algorithms/modes (or previously unimplemented ones) can be provided by
|
||||
ENGINE implementations.
|
||||
|
||||
2 Configuration support currently exists in the ENGINE API itself, in the
|
||||
form of "control commands". These allow an application to expose to the
|
||||
user/admin the set of commands and parameter types a given ENGINE
|
||||
implementation supports, and for an application to directly feed string
|
||||
based input to those ENGINEs, in the form of name-value pairs. This is an
|
||||
extensible way for ENGINEs to define their own "configuration" mechanisms
|
||||
that are specific to a given ENGINE (eg. for a particular hardware
|
||||
device) but that should be consistent across *all* OpenSSL-based
|
||||
applications when they use that ENGINE. Work is in progress (or at least
|
||||
in planning) for supporting these control commands from the CONF (or
|
||||
NCONF) code so that applications using OpenSSL's existing configuration
|
||||
file format can have ENGINE settings specified in much the same way.
|
||||
Presently however, applications must use the ENGINE API itself to provide
|
||||
such functionality. To see first hand the types of commands available
|
||||
with the various compiled-in ENGINEs (see further down for dynamic
|
||||
ENGINEs), use the "engine" openssl utility with full verbosity, ie;
|
||||
openssl engine -vvvv
|
||||
|
||||
3 Documentation? Volunteers welcome! The source code is reasonably well
|
||||
self-documenting, but some summaries and usage instructions are needed -
|
||||
moreover, they are needed in the same POD format the existing OpenSSL
|
||||
documentation is provided in. Any complete or incomplete contributions
|
||||
would help make this happen.
|
||||
|
||||
STABILITY & BUG-REPORTS
|
||||
=======================
|
||||
o An openssl utility command to handle or at least check available
|
||||
engines.
|
||||
o A better way of handling the methods that are handled by the
|
||||
engines.
|
||||
o Documentation!
|
||||
|
||||
What already exists is fairly stable as far as it has been tested, but
|
||||
the test base has been a bit small most of the time. For the most part,
|
||||
the vendors of the devices these ENGINEs support have contributed to the
|
||||
development and/or testing of the implementations, and *usually* (with no
|
||||
guarantees) have experience in using the ENGINE support to drive their
|
||||
devices from common OpenSSL-based applications. Bugs and/or inexplicable
|
||||
behaviour in using a specific ENGINE implementation should be sent to the
|
||||
author of that implementation (if it is mentioned in the corresponding C
|
||||
file), and in the case of implementations for commercial hardware
|
||||
devices, also through whatever vendor support channels are available. If
|
||||
none of this is possible, or the problem seems to be something about the
|
||||
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
|
||||
implementation) then you should mail complete details to the relevant
|
||||
OpenSSL mailing list. For a definition of "complete details", refer to
|
||||
the OpenSSL "README" file. As for which list to send it to;
|
||||
the test base has been a bit small most of the time.
|
||||
|
||||
openssl-users: if you are *using* the ENGINE abstraction, either in an
|
||||
pre-compiled application or in your own application code.
|
||||
Because of this experimental status and what's lacking, the ENGINE
|
||||
component is not yet part of the default OpenSSL distribution. However,
|
||||
we have made a separate kit for those who want to try this out, to be
|
||||
found in the same places as the default OpenSSL distribution, but with
|
||||
"-engine-" being part of the kit file name. For example, version 0.9.6
|
||||
is distributed in the following two files:
|
||||
|
||||
openssl-dev: if you are discussing problems with OpenSSL source code.
|
||||
openssl-0.9.6.tar.gz
|
||||
openssl-engine-0.9.6.tar.gz
|
||||
|
||||
USAGE
|
||||
NOTES
|
||||
=====
|
||||
|
||||
The default "openssl" ENGINE is always chosen when performing crypto
|
||||
operations unless you specify otherwise. You must actively tell the
|
||||
openssl utility commands to use anything else through a new command line
|
||||
switch called "-engine". Also, if you want to use the ENGINE support in
|
||||
your own code to do something similar, you must likewise explicitly
|
||||
select the ENGINE implementation you want.
|
||||
openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
|
||||
not need to download both.
|
||||
|
||||
Depending on the type of hardware, system, and configuration, "settings"
|
||||
may need to be applied to an ENGINE for it to function as expected/hoped.
|
||||
The recommended way of doing this is for the application to support
|
||||
ENGINE "control commands" so that each ENGINE implementation can provide
|
||||
whatever configuration primitives it might require and the application
|
||||
can allow the user/admin (and thus the hardware vendor's support desk
|
||||
also) to provide any such input directly to the ENGINE implementation.
|
||||
This way, applications do not need to know anything specific to any
|
||||
device, they only need to provide the means to carry such user/admin
|
||||
input through to the ENGINE in question. Ie. this connects *you* (and
|
||||
your helpdesk) to the specific ENGINE implementation (and device), and
|
||||
allows application authors to not get buried in hassle supporting
|
||||
arbitrary devices they know (and care) nothing about.
|
||||
openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
|
||||
crypto device. The internal OpenSSL functions are contained in the
|
||||
engine "openssl", and will be used by default.
|
||||
|
||||
A new "openssl" utility, "openssl engine", has been added in that allows
|
||||
for testing and examination of ENGINE implementations. Basic usage
|
||||
instructions are available by specifying the "-?" command line switch.
|
||||
No external crypto device is chosen unless you say so. You have actively
|
||||
tell the openssl utility commands to use it through a new command line
|
||||
switch called "-engine". And if you want to use the ENGINE library to
|
||||
do something similar, you must also explicitly choose an external crypto
|
||||
device, or the built-in crypto routines will be used, just as in the
|
||||
default OpenSSL distribution.
|
||||
|
||||
DYNAMIC ENGINES
|
||||
===============
|
||||
|
||||
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
|
||||
implementations that aren't pre-compiled and linked into OpenSSL-based
|
||||
applications. This could be because existing compiled-in implementations
|
||||
have known problems and you wish to use a newer version with an existing
|
||||
application. It could equally be because the application (or OpenSSL
|
||||
library) you are using simply doesn't have support for the ENGINE you
|
||||
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
|
||||
you with a self-contained implementation in the form of a shared-library.
|
||||
The other use-case for "dynamic" is with applications that wish to
|
||||
maintain the smallest foot-print possible and so do not link in various
|
||||
ENGINE implementations from OpenSSL, but instead leaves you to provide
|
||||
them, if you want them, in the form of "dynamic"-loadable
|
||||
shared-libraries. It should be possible for hardware vendors to provide
|
||||
their own shared-libraries to support arbitrary hardware to work with
|
||||
applications based on OpenSSL 0.9.7 or later. If you're using an
|
||||
application based on 0.9.7 (or later) and the support you desire is only
|
||||
announced for versions later than the one you need, ask the vendor to
|
||||
backport their ENGINE to the version you need.
|
||||
|
||||
How does "dynamic" work?
|
||||
------------------------
|
||||
The dynamic ENGINE has a special flag in its implementation such that
|
||||
every time application code asks for the 'dynamic' ENGINE, it in fact
|
||||
gets its own copy of it. As such, multi-threaded code (or code that
|
||||
multiplexes multiple uses of 'dynamic' in a single application in any
|
||||
way at all) does not get confused by 'dynamic' being used to do many
|
||||
independent things. Other ENGINEs typically don't do this so there is
|
||||
only ever 1 ENGINE structure of its type (and reference counts are used
|
||||
to keep order). The dynamic ENGINE itself provides absolutely no
|
||||
cryptographic functionality, and any attempt to "initialise" the ENGINE
|
||||
automatically fails. All it does provide are a few "control commands"
|
||||
that can be used to control how it will load an external ENGINE
|
||||
implementation from a shared-library. To see these control commands,
|
||||
use the command-line;
|
||||
|
||||
openssl engine -vvvv dynamic
|
||||
|
||||
The "SO_PATH" control command should be used to identify the
|
||||
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
|
||||
might possibly be useful if there is a minor version conflict and you
|
||||
(or a vendor helpdesk) is convinced you can safely ignore it.
|
||||
"ID" is probably only needed if a shared-library implements
|
||||
multiple ENGINEs, but if you know the engine id you expect to be using,
|
||||
it doesn't hurt to specify it (and this provides a sanity check if
|
||||
nothing else). "LIST_ADD" is only required if you actually wish the
|
||||
loaded ENGINE to be discoverable by application code later on using the
|
||||
ENGINE's "id". For most applications, this isn't necessary - but some
|
||||
application authors may have nifty reasons for using it. The "LOAD"
|
||||
command is the only one that takes no parameters and is the command
|
||||
that uses the settings from any previous commands to actually *load*
|
||||
the shared-library ENGINE implementation. If this command succeeds, the
|
||||
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
|
||||
that has been loaded from the shared-library. As such, any control
|
||||
commands supported by the loaded ENGINE could then be executed as per
|
||||
normal. Eg. if ENGINE "foo" is implemented in the shared-library
|
||||
"libfoo.so" and it supports some special control command "CMD_FOO", the
|
||||
following code would load and use it (NB: obviously this code has no
|
||||
error checking);
|
||||
|
||||
ENGINE *e = ENGINE_by_id("dynamic");
|
||||
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
|
||||
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
|
||||
|
||||
For testing, the "openssl engine" utility can be useful for this sort
|
||||
of thing. For example the above code excerpt would achieve much the
|
||||
same result as;
|
||||
|
||||
openssl engine dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD \
|
||||
-pre "CMD_FOO:some input data"
|
||||
|
||||
Or to simply see the list of commands supported by the "foo" ENGINE;
|
||||
|
||||
openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD
|
||||
|
||||
Applications that support the ENGINE API and more specifically, the
|
||||
"control commands" mechanism, will provide some way for you to pass
|
||||
such commands through to ENGINEs. As such, you would select "dynamic"
|
||||
as the ENGINE to use, and the parameters/commands you pass would
|
||||
control the *actual* ENGINE used. Each command is actually a name-value
|
||||
pair and the value can sometimes be omitted (eg. the "LOAD" command).
|
||||
Whilst the syntax demonstrated in "openssl engine" uses a colon to
|
||||
separate the command name from the value, applications may provide
|
||||
their own syntax for making that separation (eg. a win32 registry
|
||||
key-value pair may be used by some applications). The reason for the
|
||||
"-pre" syntax in the "openssl engine" utility is that some commands
|
||||
might be issued to an ENGINE *after* it has been initialised for use.
|
||||
Eg. if an ENGINE implementation requires a smart-card to be inserted
|
||||
during initialisation (or a PIN to be typed, or whatever), there may be
|
||||
a control command you can issue afterwards to "forget" the smart-card
|
||||
so that additional initialisation is no longer possible. In
|
||||
applications such as web-servers, where potentially volatile code may
|
||||
run on the same host system, this may provide some arguable security
|
||||
value. In such a case, the command would be passed to the ENGINE after
|
||||
it has been initialised for use, and so the "-post" switch would be
|
||||
used instead. Applications may provide a different syntax for
|
||||
supporting this distinction, and some may simply not provide it at all
|
||||
("-pre" is almost always what you're after, in reality).
|
||||
|
||||
How do I build a "dynamic" ENGINE?
|
||||
----------------------------------
|
||||
This question is trickier - currently OpenSSL bundles various ENGINE
|
||||
implementations that are statically built in, and any application that
|
||||
calls the "ENGINE_load_builtin_engines()" function will automatically
|
||||
have all such ENGINEs available (and occupying memory). Applications
|
||||
that don't call that function have no ENGINEs available like that and
|
||||
would have to use "dynamic" to load any such ENGINE - but on the other
|
||||
hand such applications would only have the memory footprint of any
|
||||
ENGINEs explicitly loaded using user/admin provided control commands.
|
||||
The main advantage of not statically linking ENGINEs and only using
|
||||
"dynamic" for hardware support is that any installation using no
|
||||
"external" ENGINE suffers no unnecessary memory footprint from unused
|
||||
ENGINEs. Likewise, installations that do require an ENGINE incur the
|
||||
overheads from only *that* ENGINE once it has been loaded.
|
||||
|
||||
Sounds good? Maybe, but currently building an ENGINE implementation as
|
||||
a shared-library that can be loaded by "dynamic" isn't automated in
|
||||
OpenSSL's build process. It can be done manually quite easily however.
|
||||
Such a shared-library can either be built with any OpenSSL code it
|
||||
needs statically linked in, or it can link dynamically against OpenSSL
|
||||
if OpenSSL itself is built as a shared library. The instructions are
|
||||
the same in each case, but in the former (statically linked any
|
||||
dependencies on OpenSSL) you must ensure OpenSSL is built with
|
||||
position-independent code ("PIC"). The default OpenSSL compilation may
|
||||
already specify the relevant flags to do this, but you should consult
|
||||
with your compiler documentation if you are in any doubt.
|
||||
|
||||
This example will show building the "atalla" ENGINE in the
|
||||
crypto/engine/ directory as a shared-library for use via the "dynamic"
|
||||
ENGINE.
|
||||
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
|
||||
source tree.
|
||||
2) Recompile at least one source file so you can see all the compiler
|
||||
flags (and syntax) being used to build normally. Eg;
|
||||
touch hw_atalla.c ; make
|
||||
will rebuild "hw_atalla.o" using all such flags.
|
||||
3) Manually enter the same compilation line to compile the
|
||||
"hw_atalla.c" file but with the following two changes;
|
||||
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
|
||||
(b) change the output file from "hw_atalla.o" to something new,
|
||||
eg. "tmp_atalla.o"
|
||||
4) Link "tmp_atalla.o" into a shared-library using the top-level
|
||||
OpenSSL libraries to resolve any dependencies. The syntax for doing
|
||||
this depends heavily on your system/compiler and is a nightmare
|
||||
known well to anyone who has worked with shared-library portability
|
||||
before. 'gcc' on Linux, for example, would use the following syntax;
|
||||
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
|
||||
5) Test your shared library using "openssl engine" as explained in the
|
||||
previous section. Eg. from the top-level directory, you might try;
|
||||
apps/openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
|
||||
If the shared-library loads successfully, you will see both "-pre"
|
||||
commands marked as "SUCCESS" and the list of control commands
|
||||
displayed (because of "-vvvv") will be the control commands for the
|
||||
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
|
||||
the "-t" switch to the utility if you want it to try and initialise
|
||||
the atalla ENGINE for use to test any possible hardware/driver
|
||||
issues.
|
||||
|
||||
PROBLEMS
|
||||
========
|
||||
|
||||
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
|
||||
A quick test done right before the release showed that trying "openssl speed
|
||||
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
|
||||
to write at memory address 0x00000002.
|
||||
It seems like the ENGINE part doesn't work too well with CryptoSwift on
|
||||
Win32. A quick test done right before the release showed that trying
|
||||
"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
|
||||
an attempt is made to write at memory address 0x00000002.
|
||||
|
||||
|
47
STATUS
47
STATUS
@ -1,12 +1,19 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2003/02/28 15:17:45 $
|
||||
______________ $Date: 2004/03/17 11:45:33 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 0.9.8: Under development...
|
||||
o OpenSSL 0.9.7d: Released on March 17th, 2004
|
||||
o OpenSSL 0.9.7c: Released on September 30th, 2003
|
||||
o OpenSSL 0.9.7b: Released on April 10th, 2003
|
||||
o OpenSSL 0.9.7a: Released on February 19th, 2003
|
||||
o OpenSSL 0.9.7: Released on December 31st, 2002
|
||||
o OpenSSL 0.9.6m: Released on March 17th, 2004
|
||||
o OpenSSL 0.9.6l: Released on November 4th, 2003
|
||||
o OpenSSL 0.9.6k: Released on September 30th, 2003
|
||||
o OpenSSL 0.9.6j: Released on April 10th, 2003
|
||||
o OpenSSL 0.9.6i: Released on February 19th, 2003
|
||||
o OpenSSL 0.9.6h: Released on December 5th, 2002
|
||||
o OpenSSL 0.9.6g: Released on August 9th, 2002
|
||||
@ -25,11 +32,9 @@
|
||||
o OpenSSL 0.9.2b: Released on March 22th, 1999
|
||||
o OpenSSL 0.9.1c: Released on December 23th, 1998
|
||||
|
||||
[See also http://www.openssl.org/support/rt2.html]
|
||||
|
||||
RELEASE SHOWSTOPPERS
|
||||
|
||||
o
|
||||
o none
|
||||
|
||||
AVAILABLE PATCHES
|
||||
|
||||
@ -52,21 +57,17 @@
|
||||
UTIL (a new set of library functions to support some higher level
|
||||
functionality that is currently missing).
|
||||
Shared library support for VMS.
|
||||
Kerberos 5 authentication (Heimdal)
|
||||
Kerberos 5 authentication
|
||||
Constification
|
||||
Compression
|
||||
Attribute Certificate support
|
||||
Certificate Pair support
|
||||
Storage Engines (primarly an LDAP storage engine)
|
||||
Certificate chain validation with full RFC 3280 compatibility
|
||||
OCSP
|
||||
|
||||
NEEDS PATCH
|
||||
|
||||
o 0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
|
||||
handle ECCdraft cipher suites correctly.
|
||||
|
||||
o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
|
||||
|
||||
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
|
||||
or an error is reported
|
||||
|
||||
o "OpenSSL STATUS" is never up-to-date.
|
||||
|
||||
OPEN ISSUES
|
||||
@ -95,11 +96,23 @@
|
||||
which apparently is not flexible enough to generate
|
||||
libcrypto)
|
||||
|
||||
WISHES
|
||||
|
||||
o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
|
||||
where the callback function can request that the function be aborted.
|
||||
[Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
|
||||
o The perl/ stuff needs a major overhaul. Currently it's
|
||||
totally obsolete. Either we clean it up and enhance it to be up-to-date
|
||||
with the C code or we also could replace it with the really nice
|
||||
Net::SSLeay package we can find under
|
||||
http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a
|
||||
longer time and it works fine and is a nice Perl module. Best would be
|
||||
to convince the author to work for the OpenSSL project and create a
|
||||
Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
|
||||
us.
|
||||
|
||||
Status: Ralf thinks we should both contact the author of Net::SSLeay
|
||||
and look how much effort it is to bring Eric's perl/ stuff up
|
||||
to date.
|
||||
Paul +1
|
||||
|
||||
WISHES
|
||||
|
||||
o SRP in TLS.
|
||||
[wished by:
|
||||
|
354
VMS/mkshared.com
354
VMS/mkshared.com
@ -1,354 +0,0 @@
|
||||
$! MKSHARED.COM -- script to created shareable images on VMS
|
||||
$!
|
||||
$! No command line parameters. This should be run at the start of the source
|
||||
$! tree (the same directory where one finds INSTALL.VMS).
|
||||
$!
|
||||
$! Input: [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
|
||||
$! [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
|
||||
$! Output: [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
|
||||
$! [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
|
||||
$!
|
||||
$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
|
||||
$! ===========================================================================
|
||||
$
|
||||
$! ----- Prepare info for processing: version number and file info
|
||||
$ gosub read_version_info
|
||||
$ if libver .eqs. ""
|
||||
$ then
|
||||
$ write sys$error "ERROR: Couldn't find any library version info..."
|
||||
$ exit
|
||||
$ endif
|
||||
$
|
||||
$ if f$getsyi("CPU") .ge. 128
|
||||
$ then
|
||||
$ libid = "Crypto"
|
||||
$ libnum = "[.UTIL]LIBEAY.NUM"
|
||||
$ libdir = "[.AXP.EXE.CRYPTO]"
|
||||
$ libolb = "''libdir'LIBCRYPTO.OLB"
|
||||
$ libopt = "''libdir'LIBCRYPTO.OPT"
|
||||
$ libmap = "''libdir'LIBCRYPTO.MAP"
|
||||
$ libgoal= "''libdir'LIBCRYPTO.EXE"
|
||||
$ libref = ""
|
||||
$ gosub create_axp_shr
|
||||
$ libid = "SSL"
|
||||
$ libnum = "[.UTIL]SSLEAY.NUM"
|
||||
$ libdir = "[.AXP.EXE.SSL]"
|
||||
$ libolb = "''libdir'LIBSSL.OLB"
|
||||
$ libopt = "''libdir'LIBSSL.OPT"
|
||||
$ libmap = "''libdir'LIBSSL.MAP"
|
||||
$ libgoal= "''libdir'LIBSSL.EXE"
|
||||
$ libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE"
|
||||
$ gosub create_axp_shr
|
||||
$ else
|
||||
$ libtit = "CRYPTO_TRANSFER_VECTOR"
|
||||
$ libid = "Crypto"
|
||||
$ libnum = "[.UTIL]LIBEAY.NUM"
|
||||
$ libdir = "[.VAX.EXE.CRYPTO]"
|
||||
$ libmar = "''libdir'LIBCRYPTO.MAR"
|
||||
$ libolb = "''libdir'LIBCRYPTO.OLB"
|
||||
$ libopt = "''libdir'LIBCRYPTO.OPT"
|
||||
$ libobj = "''libdir'LIBCRYPTO.OBJ"
|
||||
$ libmap = "''libdir'LIBCRYPTO.MAP"
|
||||
$ libgoal= "''libdir'LIBCRYPTO.EXE"
|
||||
$ libref = ""
|
||||
$ libvec = "LIBCRYPTO"
|
||||
$ gosub create_vax_shr
|
||||
$ libtit = "SSL_TRANSFER_VECTOR"
|
||||
$ libid = "SSL"
|
||||
$ libnum = "[.UTIL]SSLEAY.NUM"
|
||||
$ libdir = "[.VAX.EXE.SSL]"
|
||||
$ libmar = "''libdir'LIBSSL.MAR"
|
||||
$ libolb = "''libdir'LIBSSL.OLB"
|
||||
$ libopt = "''libdir'LIBSSL.OPT"
|
||||
$ libobj = "''libdir'LIBSSL.OBJ"
|
||||
$ libmap = "''libdir'LIBSSL.MAP"
|
||||
$ libgoal= "''libdir'LIBSSL.EXE"
|
||||
$ libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE"
|
||||
$ libvec = "LIBSSL"
|
||||
$ gosub create_vax_shr
|
||||
$ endif
|
||||
$ exit
|
||||
$
|
||||
$! ----- Soubroutines to actually build the shareable libraries
|
||||
$! The way things work, there's a main shareable library creator for each
|
||||
$! supported architecture, which is called from the main code above.
|
||||
$! The creator will define a number of variables to tell the next levels of
|
||||
$! subroutines what routines to use to write to the option files, call the
|
||||
$! main processor, read_func_num, and when that is done, it will write version
|
||||
$! data at the end of the .opt file, close it, and link the library.
|
||||
$!
|
||||
$! read_func_num reads through a .num file and calls the writer routine for
|
||||
$! each line. It's also responsible for checking that order is properly kept
|
||||
$! in the .num file, check that each line applies to VMS and the architecture,
|
||||
$! and to fill in "holes" with dummy entries.
|
||||
$!
|
||||
$! The creator routines depend on the following variables:
|
||||
$! libnum The name of the .num file to use as input
|
||||
$! libolb The name of the object library to build from
|
||||
$! libid The identification string of the shareable library
|
||||
$! libopt The name of the .opt file to write
|
||||
$! libtit The title of the assembler transfer vector file (VAX only)
|
||||
$! libmar The name of the assembler transfer vector file (VAX only)
|
||||
$! libmap The name of the map file to write
|
||||
$! libgoal The name of the shareable library to write
|
||||
$! libref The name of a shareable library to link in
|
||||
$!
|
||||
$! read_func_num depends on the following variables from the creator:
|
||||
$! libwriter The name of the writer routine to call for each .num file line
|
||||
$! -----
|
||||
$
|
||||
$! ----- Subroutines for AXP
|
||||
$! -----
|
||||
$! The creator routine
|
||||
$ create_axp_shr:
|
||||
$ open/write opt 'libopt'
|
||||
$ write opt "identification=""",libid," ",libverstr,""""
|
||||
$ write opt libolb,"/lib"
|
||||
$ if libref .nes. "" then write opt libref,"/SHARE"
|
||||
$ write opt "SYMBOL_VECTOR=(-"
|
||||
$ libfirstentry := true
|
||||
$ libwrch := opt
|
||||
$ libwriter := write_axp_transfer_entry
|
||||
$ textcount = 0
|
||||
$ gosub read_func_num
|
||||
$ write opt ")"
|
||||
$ write opt "GSMATCH=",libvmatch,",",libver
|
||||
$ close opt
|
||||
$ link/map='libmap'/full/share='libgoal' 'libopt'/option
|
||||
$ return
|
||||
$
|
||||
$! The record writer routine
|
||||
$ write_axp_transfer_entry:
|
||||
$ if libentry .eqs. ".dummy" then return
|
||||
$ if info_kind .eqs. "VARIABLE"
|
||||
$ then
|
||||
$ pr:=DATA
|
||||
$ else
|
||||
$ pr:=PROCEDURE
|
||||
$ endif
|
||||
$ textcount_this = f$length(pr) + f$length(libentry) + 5
|
||||
$ if textcount + textcount_this .gt. 1024
|
||||
$ then
|
||||
$ write opt ")"
|
||||
$ write opt "SYMBOL_VECTOR=(-"
|
||||
$ textcount = 16
|
||||
$ libfirstentry := true
|
||||
$ endif
|
||||
$ if libfirstentry
|
||||
$ then
|
||||
$ write 'libwrch' " ",libentry,"=",pr," -"
|
||||
$ else
|
||||
$ write 'libwrch' " ,",libentry,"=",pr," -"
|
||||
$ endif
|
||||
$ libfirstentry := false
|
||||
$ textcount = textcount + textcount_this
|
||||
$ return
|
||||
$
|
||||
$! ----- Subroutines for AXP
|
||||
$! -----
|
||||
$! The creator routine
|
||||
$ create_vax_shr:
|
||||
$ open/write mar 'libmar'
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Transfer vector for VAX shareable image
|
||||
;
|
||||
$ write mar " .TITLE ",libtit
|
||||
$ write mar " .IDENT /",libid,"/"
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Define macro to assist in building transfer vector entries. Each entry
|
||||
; should take no more than 8 bytes.
|
||||
;
|
||||
.MACRO FTRANSFER_ENTRY routine
|
||||
.ALIGN QUAD
|
||||
.TRANSFER routine
|
||||
.MASK routine
|
||||
JMP routine+2
|
||||
.ENDM FTRANSFER_ENTRY
|
||||
;
|
||||
; Place entries in own program section.
|
||||
;
|
||||
$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
|
||||
$ write mar libvec,"_xfer:"
|
||||
$ libwrch := mar
|
||||
$ libwriter := write_vax_ftransfer_entry
|
||||
$ gosub read_func_num
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Allocate extra storage at end of vector to allow for expansion.
|
||||
;
|
||||
$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
|
||||
$! libwriter := write_vax_vtransfer_entry
|
||||
$! gosub read_func_num
|
||||
$ write mar " .END"
|
||||
$ close mar
|
||||
$ open/write opt 'libopt'
|
||||
$ write opt "identification=""",libid," ",libverstr,""""
|
||||
$ write opt libobj
|
||||
$ write opt libolb,"/lib"
|
||||
$ if libref .nes. "" then write opt libref,"/SHARE"
|
||||
$ type sys$input:/out=opt:
|
||||
!
|
||||
! Ensure transfer vector is at beginning of image
|
||||
!
|
||||
CLUSTER=FIRST
|
||||
$ write opt "COLLECT=FIRST,$$",libvec
|
||||
$ write opt "GSMATCH=",libvmatch,",",libver
|
||||
$ type sys$input:/out=opt:
|
||||
!
|
||||
! make psects nonshareable so image can be installed.
|
||||
!
|
||||
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
|
||||
$ libwrch := opt
|
||||
$ libwriter := write_vax_psect_attr
|
||||
$ gosub read_func_num
|
||||
$ close opt
|
||||
$ macro/obj='libobj' 'libmar'
|
||||
$ link/map='libmap'/full/share='libgoal' 'libopt'/option
|
||||
$ return
|
||||
$
|
||||
$! The record writer routine for VAX functions
|
||||
$ write_vax_ftransfer_entry:
|
||||
$ if info_kind .nes. "FUNCTION" then return
|
||||
$ if libentry .eqs ".dummy"
|
||||
$ then
|
||||
$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
|
||||
$ else
|
||||
$ write 'libwrch' " FTRANSFER_ENTRY ",libentry
|
||||
$ endif
|
||||
$ return
|
||||
$! The record writer routine for VAX variables (should never happen!)
|
||||
$ write_vax_psect_attr:
|
||||
$ if info_kind .nes. "VARIABLE" then return
|
||||
$ if libentry .eqs ".dummy" then return
|
||||
$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
|
||||
$ return
|
||||
$
|
||||
$! ----- Common subroutines
|
||||
$! -----
|
||||
$! The .num file reader. This one has great responsability.
|
||||
$ read_func_num:
|
||||
$ open libnum 'libnum'
|
||||
$ goto read_nums
|
||||
$
|
||||
$ read_nums:
|
||||
$ libentrynum=0
|
||||
$ liblastentry:=false
|
||||
$ entrycount=0
|
||||
$ loop:
|
||||
$ read/end=loop_end/err=loop_end libnum line
|
||||
$ entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
|
||||
$ entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
|
||||
$ curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
|
||||
$ info_exist=f$element(0,":",entryinfo)
|
||||
$ info_platforms=","+f$element(1,":",entryinfo)+","
|
||||
$ info_kind=f$element(2,":",entryinfo)
|
||||
$ info_algorithms=","+f$element(3,":",entryinfo)+","
|
||||
$ if info_exist .eqs. "NOEXIST" then goto loop
|
||||
$ truesum = 0
|
||||
$ falsesum = 0
|
||||
$ negatives = 1
|
||||
$ plat_i = 0
|
||||
$ loop1:
|
||||
$ plat_entry = f$element(plat_i,",",info_platforms)
|
||||
$ plat_i = plat_i + 1
|
||||
$ if plat_entry .eqs. "" then goto loop1
|
||||
$ if plat_entry .nes. ","
|
||||
$ then
|
||||
$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
|
||||
$ if f$getsyi("CPU") .lt. 128
|
||||
$ then
|
||||
$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
|
||||
$ truesum = truesum + 1
|
||||
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
|
||||
$ falsesum = falsesum + 1
|
||||
$ endif
|
||||
$ if plat_entry .eqs. "VMS" then truesum = truesum + 1
|
||||
$ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
|
||||
$ goto loop1
|
||||
$ endif
|
||||
$ endloop1:
|
||||
$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
|
||||
$!DEBUG!$ then
|
||||
$!DEBUG!$ write sys$output line
|
||||
$!DEBUG!$ write sys$output " truesum = ",truesum,-
|
||||
$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum
|
||||
$!DEBUG!$ endif
|
||||
$ if falsesum .ne. 0 then goto loop
|
||||
$ if truesum+negatives .eq. 0 then goto loop
|
||||
$ alg_i = 0
|
||||
$ loop2:
|
||||
$ alg_entry = f$element(alg_i,",",info_algorithms)
|
||||
$ alg_i = alg_i + 1
|
||||
$ if alg_entry .eqs. "" then goto loop2
|
||||
$ if alg_entry .nes. ","
|
||||
$ then
|
||||
$ if alg_entry .eqs. "KRB5" then goto loop ! Special for now
|
||||
$ if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now
|
||||
$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
|
||||
$ goto loop2
|
||||
$ endif
|
||||
$ endloop2:
|
||||
$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
|
||||
$ then
|
||||
$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo
|
||||
$ endif
|
||||
$ redo:
|
||||
$ next:=loop
|
||||
$ tolibentry=curentry
|
||||
$ if libentrynum .ne. entrynum
|
||||
$ then
|
||||
$ entrycount=entrycount+1
|
||||
$ if entrycount .lt. entrynum
|
||||
$ then
|
||||
$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
|
||||
$ tolibentry=".dummy"
|
||||
$ next:=redo
|
||||
$ endif
|
||||
$ if entrycount .gt. entrynum
|
||||
$ then
|
||||
$ write sys$error "Decreasing library entry numbers! Can't continue"
|
||||
$ write sys$error """",line,""""
|
||||
$ close libnum
|
||||
$ return
|
||||
$ endif
|
||||
$ libentry=tolibentry
|
||||
$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo
|
||||
$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
|
||||
$ else
|
||||
$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..."
|
||||
$ endif
|
||||
$ libentrynum=entrycount
|
||||
$ goto 'next'
|
||||
$ loop_end:
|
||||
$ close libnum
|
||||
$ return
|
||||
$
|
||||
$! The version number reader
|
||||
$ read_version_info:
|
||||
$ libver = ""
|
||||
$ open/read vf [.CRYPTO]OPENSSLV.H
|
||||
$ loop_rvi:
|
||||
$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line
|
||||
$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
|
||||
goto loop_rvi
|
||||
$ libverstr = f$element(1,"""",rvi_line)
|
||||
$ libvmajor = f$element(0,".",libverstr)
|
||||
$ libvminor = f$element(1,".",libverstr)
|
||||
$ libvedit = f$element(2,".",libverstr)
|
||||
$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
|
||||
$ libvedit = f$extract(0,1,libvedit)
|
||||
$ libver = f$string(f$int(libvmajor)*100)+","+-
|
||||
f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
|
||||
$ if libvmajor .eqs. "0"
|
||||
$ then
|
||||
$ libvmatch = "EQUAL"
|
||||
$ else
|
||||
$ ! Starting with the 1.0 release, backward compatibility should be
|
||||
$ ! kept, so switch over to the following
|
||||
$ libvmatch = "LEQUAL"
|
||||
$ endif
|
||||
$ endloop_rvi:
|
||||
$ close vf
|
||||
$ return
|
@ -5,7 +5,7 @@
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -newreq ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
@ -37,8 +37,7 @@
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||
$DAYS="-days 365"; # 1 year
|
||||
$CADAYS="-days 1095"; # 3 years
|
||||
$DAYS="-days 365";
|
||||
$REQ="openssl req $SSLEAY_CONFIG";
|
||||
$CA="openssl ca $SSLEAY_CONFIG";
|
||||
$VERIFY="openssl verify";
|
||||
@ -47,7 +46,6 @@ $PKCS12="openssl pkcs12";
|
||||
|
||||
$CATOP="./demoCA";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
|
||||
$DIRMODE = 0777;
|
||||
@ -56,7 +54,7 @@ $RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
@ -68,11 +66,6 @@ foreach (@ARGV) {
|
||||
system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request (and private key) is in newreq.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
@ -103,11 +96,8 @@ foreach (@ARGV) {
|
||||
$RET=$?;
|
||||
} else {
|
||||
print "Making CA certificate ...\n";
|
||||
system ("$REQ -new -keyout " .
|
||||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
|
||||
system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " .
|
||||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
|
||||
"-infiles ${CATOP}/$CAREQ ");
|
||||
system ("$REQ -new -x509 -keyout " .
|
||||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
|
||||
$RET=$?;
|
||||
}
|
||||
}
|
||||
@ -153,7 +143,7 @@ foreach (@ARGV) {
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
13
apps/CA.sh
13
apps/CA.sh
@ -30,8 +30,7 @@
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
DAYS="-days 365" # 1 year
|
||||
CADAYS="-days 1095" # 3 years
|
||||
DAYS="-days 365"
|
||||
REQ="openssl req $SSLEAY_CONFIG"
|
||||
CA="openssl ca $SSLEAY_CONFIG"
|
||||
VERIFY="openssl verify"
|
||||
@ -39,7 +38,6 @@ X509="openssl x509"
|
||||
|
||||
CATOP=./demoCA
|
||||
CAKEY=./cakey.pem
|
||||
CAREQ=./careq.pem
|
||||
CACERT=./cacert.pem
|
||||
|
||||
for i
|
||||
@ -72,7 +70,7 @@ case $i in
|
||||
mkdir ${CATOP}/crl
|
||||
mkdir ${CATOP}/newcerts
|
||||
mkdir ${CATOP}/private
|
||||
echo "00" > ${CATOP}/serial
|
||||
echo "01" > ${CATOP}/serial
|
||||
touch ${CATOP}/index.txt
|
||||
fi
|
||||
if [ ! -f ${CATOP}/private/$CAKEY ]; then
|
||||
@ -85,11 +83,8 @@ case $i in
|
||||
RET=$?
|
||||
else
|
||||
echo "Making CA certificate ..."
|
||||
$REQ -new -keyout ${CATOP}/private/$CAKEY \
|
||||
-out ${CATOP}/$CAREQ
|
||||
$CA -out ${CATOP}/$CACERT $CADAYS -batch \
|
||||
-keyfile ${CATOP}/private/$CAKEY -selfsign \
|
||||
-infiles ${CATOP}/$CAREQ
|
||||
$REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
|
||||
-out ${CATOP}/$CACERT $DAYS
|
||||
RET=$?
|
||||
fi
|
||||
fi
|
||||
|
1282
apps/Makefile.ssl
1282
apps/Makefile.ssl
File diff suppressed because it is too large
Load Diff
@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
int consider_randfile = (file == NULL);
|
||||
char buffer[200];
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#ifdef WINDOWS
|
||||
BIO_printf(bio_e,"Loading 'screen' into random state -");
|
||||
BIO_flush(bio_e);
|
||||
RAND_screen();
|
||||
@ -142,9 +142,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
}
|
||||
if (file == NULL || !RAND_load_file(file, -1))
|
||||
{
|
||||
if (RAND_status() == 0)
|
||||
{
|
||||
if (!dont_warn)
|
||||
if (RAND_status() == 0 && !dont_warn)
|
||||
{
|
||||
BIO_printf(bio_e,"unable to load 'random state'\n");
|
||||
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
|
||||
@ -157,7 +155,6 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
seeded = 1;
|
||||
return 1;
|
||||
}
|
||||
|
1446
apps/apps.c
1446
apps/apps.c
File diff suppressed because it is too large
Load Diff
215
apps/apps.h
215
apps/apps.h
@ -55,64 +55,15 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_APPS_H
|
||||
#define HEADER_APPS_H
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/bio.h>
|
||||
@ -120,11 +71,6 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/txt_db.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
#include <openssl/ossl_typ.h>
|
||||
|
||||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
|
||||
int app_RAND_write_file(const char *file, BIO *bio_e);
|
||||
@ -136,7 +82,11 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
|
||||
* (see e_os.h). The string is
|
||||
* destroyed! */
|
||||
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
#ifdef NO_STDIO
|
||||
BIO_METHOD *BIO_s_file();
|
||||
#endif
|
||||
|
||||
#ifdef WIN32
|
||||
#define rename(from,to) WIN32_rename((from),(to))
|
||||
int WIN32_rename(char *oldname,char *newname);
|
||||
#endif
|
||||
@ -146,25 +96,23 @@ int WIN32_rename(char *oldname,char *newname);
|
||||
#define MAIN(a,v) main(a,v)
|
||||
|
||||
#ifndef NON_MAIN
|
||||
CONF *config=NULL;
|
||||
LHASH *config=NULL;
|
||||
BIO *bio_err=NULL;
|
||||
#else
|
||||
extern CONF *config;
|
||||
extern LHASH *config;
|
||||
extern BIO *bio_err;
|
||||
#endif
|
||||
|
||||
#else
|
||||
|
||||
#define MAIN(a,v) PROG(a,v)
|
||||
extern CONF *config;
|
||||
extern LHASH *config;
|
||||
extern char *default_config_file;
|
||||
extern BIO *bio_err;
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_SYS_NETWARE
|
||||
#include <signal.h>
|
||||
#endif
|
||||
|
||||
#ifdef SIGPIPE
|
||||
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
|
||||
@ -173,60 +121,20 @@ extern BIO *bio_err;
|
||||
#endif
|
||||
|
||||
#if defined(MONOLITH) && !defined(OPENSSL_C)
|
||||
# define apps_startup() \
|
||||
do_pipe_sig()
|
||||
# define apps_shutdown()
|
||||
# define apps_startup() do_pipe_sig()
|
||||
#else
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
|
||||
defined(OPENSSL_SYS_WIN32)
|
||||
# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
|
||||
# ifdef _O_BINARY
|
||||
# define apps_startup() \
|
||||
do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
|
||||
_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
SSLeay_add_all_algorithms()
|
||||
# else
|
||||
# define apps_startup() \
|
||||
do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
|
||||
_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
SSLeay_add_all_algorithms()
|
||||
# endif
|
||||
# else
|
||||
# define apps_startup() \
|
||||
do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
|
||||
ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# endif
|
||||
# define apps_shutdown() \
|
||||
do { CONF_modules_unload(1); destroy_ui_method(); \
|
||||
EVP_cleanup(); ENGINE_cleanup(); \
|
||||
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
|
||||
ERR_free_strings(); } while(0)
|
||||
# else
|
||||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
|
||||
defined(OPENSSL_SYS_WIN32)
|
||||
# ifdef _O_BINARY
|
||||
# define apps_startup() \
|
||||
do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# else
|
||||
# define apps_startup() \
|
||||
do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# endif
|
||||
# else
|
||||
# define apps_startup() \
|
||||
do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
|
||||
ERR_load_crypto_strings(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# endif
|
||||
# define apps_shutdown() \
|
||||
do { CONF_modules_unload(1); destroy_ui_method(); \
|
||||
EVP_cleanup(); \
|
||||
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
|
||||
ERR_free_strings(); } while(0)
|
||||
# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms();
|
||||
# endif
|
||||
#endif
|
||||
|
||||
@ -236,19 +144,6 @@ typedef struct args_st
|
||||
int count;
|
||||
} ARGS;
|
||||
|
||||
#define PW_MIN_LENGTH 4
|
||||
typedef struct pw_cb_data
|
||||
{
|
||||
const void *password;
|
||||
const char *prompt_info;
|
||||
} PW_CB_DATA;
|
||||
|
||||
int password_callback(char *buf, int bufsiz, int verify,
|
||||
PW_CB_DATA *cb_data);
|
||||
|
||||
int setup_ui_method(void);
|
||||
void destroy_ui_method(void);
|
||||
|
||||
int should_retry(int i);
|
||||
int args_from_file(char *file, int *argc, char **argv[]);
|
||||
int str2fmt(char *s);
|
||||
@ -258,66 +153,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
|
||||
int dump_cert_text(BIO *out, X509 *x);
|
||||
void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
|
||||
#endif
|
||||
int set_cert_ex(unsigned long *flags, const char *arg);
|
||||
int set_name_ex(unsigned long *flags, const char *arg);
|
||||
int set_ext_copy(int *copy_type, const char *arg);
|
||||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(BIO *err, CONF *conf);
|
||||
X509 *load_cert(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
|
||||
#endif
|
||||
|
||||
int load_config(BIO *err, CONF *cnf);
|
||||
char *make_config_name(void);
|
||||
|
||||
/* Functions defined in ca.c and also used in ocsp.c */
|
||||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME **pinvtm, char *str);
|
||||
|
||||
#define DB_type 0
|
||||
#define DB_exp_date 1
|
||||
#define DB_rev_date 2
|
||||
#define DB_serial 3 /* index - unique */
|
||||
#define DB_file 4
|
||||
#define DB_name 5 /* index - unique when active and not disabled */
|
||||
#define DB_NUMBER 6
|
||||
|
||||
#define DB_TYPE_REV 'R'
|
||||
#define DB_TYPE_EXP 'E'
|
||||
#define DB_TYPE_VAL 'V'
|
||||
|
||||
typedef struct db_attr_st
|
||||
{
|
||||
int unique_subject;
|
||||
} DB_ATTR;
|
||||
typedef struct ca_db_st
|
||||
{
|
||||
DB_ATTR attributes;
|
||||
TXT_DB *db;
|
||||
} CA_DB;
|
||||
|
||||
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
|
||||
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
|
||||
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
|
||||
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
|
||||
int index_index(CA_DB *db);
|
||||
int save_index(char *dbfile, char *suffix, CA_DB *db);
|
||||
int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
|
||||
void free_index(CA_DB *db);
|
||||
int index_name_cmp(const char **a, const char **b);
|
||||
int parse_yesno(char *str, int def);
|
||||
|
||||
X509_NAME *parse_name(char *str, long chtype, int multirdn);
|
||||
int add_oid_section(BIO *err, LHASH *conf);
|
||||
X509 *load_cert(BIO *err, char *file, int format);
|
||||
EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
|
||||
EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
|
||||
STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
|
||||
|
||||
#define FORMAT_UNDEF 0
|
||||
#define FORMAT_ASN1 1
|
||||
@ -326,13 +168,8 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
|
||||
#define FORMAT_NETSCAPE 4
|
||||
#define FORMAT_PKCS12 5
|
||||
#define FORMAT_SMIME 6
|
||||
#define FORMAT_ENGINE 7
|
||||
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
|
||||
* adding yet another param to load_*key() */
|
||||
|
||||
#define EXT_COPY_NONE 0
|
||||
#define EXT_COPY_ADD 1
|
||||
#define EXT_COPY_ALL 2
|
||||
/* Since this is currently inofficial, let's give it a high number */
|
||||
#define FORMAT_ENGINE 127
|
||||
|
||||
#define NETSCAPE_CERT_HDR "certificate"
|
||||
|
||||
|
103
apps/asn1pars.c
103
apps/asn1pars.c
@ -82,8 +82,6 @@
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i,badops=0,offset=0,ret=1,j;
|
||||
@ -92,7 +90,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
|
||||
int informat,indent=0, noout = 0, dump = 0;
|
||||
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
|
||||
char *genstr=NULL, *genconf=NULL;
|
||||
unsigned char *tmpbuf;
|
||||
BUF_MEM *buf=NULL;
|
||||
STACK *osk=NULL;
|
||||
@ -106,9 +103,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
prog=argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
@ -170,16 +164,6 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
sk_push(osk,*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-genstr") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
genstr= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-genconf") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
genconf= *(++argv);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -208,8 +192,6 @@ bad:
|
||||
BIO_printf(bio_err," -strparse offset\n");
|
||||
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
|
||||
BIO_printf(bio_err," ASN1 blob wrappings\n");
|
||||
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
|
||||
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -223,7 +205,7 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -263,19 +245,6 @@ bad:
|
||||
if ((buf=BUF_MEM_new()) == NULL) goto end;
|
||||
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
|
||||
|
||||
if (genstr || genconf)
|
||||
{
|
||||
num = do_generate(bio_err, genstr, genconf, buf);
|
||||
if (num < 0)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
|
||||
if (informat == FORMAT_PEM)
|
||||
{
|
||||
BIO *tmp;
|
||||
@ -296,7 +265,6 @@ bad:
|
||||
if (i <= 0) break;
|
||||
num+=i;
|
||||
}
|
||||
}
|
||||
str=buf->data;
|
||||
|
||||
/* If any structs to parse go through in sequence */
|
||||
@ -333,7 +301,15 @@ bad:
|
||||
num=tmplen;
|
||||
}
|
||||
|
||||
if (length == 0) length=(unsigned int)num;
|
||||
if (offset >= num)
|
||||
{
|
||||
BIO_printf(bio_err, "Error: offset too large\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
num -= offset;
|
||||
|
||||
if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
|
||||
if(derout) {
|
||||
if(BIO_write(derout, str + offset, length) != (int)length) {
|
||||
BIO_printf(bio_err, "Error writing output\n");
|
||||
@ -360,65 +336,6 @@ end:
|
||||
if (at != NULL) ASN1_TYPE_free(at);
|
||||
if (osk != NULL) sk_free(osk);
|
||||
OBJ_cleanup();
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
long errline;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
if (genconf)
|
||||
{
|
||||
cnf = NCONF_new(NULL);
|
||||
if (!NCONF_load(cnf, genconf, &errline))
|
||||
goto conferr;
|
||||
if (!genstr)
|
||||
genstr = NCONF_get_string(cnf, "default", "asn1");
|
||||
if (!genstr)
|
||||
{
|
||||
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
atyp = ASN1_generate_nconf(genstr, cnf);
|
||||
NCONF_free(cnf);
|
||||
|
||||
if (!atyp)
|
||||
return -1;
|
||||
|
||||
len = i2d_ASN1_TYPE(atyp, NULL);
|
||||
|
||||
if (len <= 0)
|
||||
goto err;
|
||||
|
||||
if (!BUF_MEM_grow(buf,len))
|
||||
goto err;
|
||||
|
||||
p=(unsigned char *)buf->data;
|
||||
|
||||
i2d_ASN1_TYPE(atyp, &p);
|
||||
|
||||
ASN1_TYPE_free(atyp);
|
||||
return len;
|
||||
|
||||
conferr:
|
||||
|
||||
if (errline > 0)
|
||||
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
|
||||
errline, genconf);
|
||||
else
|
||||
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
|
||||
|
||||
err:
|
||||
NCONF_free(cnf);
|
||||
ASN1_TYPE_free(atyp);
|
||||
|
||||
return -1;
|
||||
|
||||
}
|
||||
|
@ -59,7 +59,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#ifdef NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
|
||||
char buf[512];
|
||||
BIO *STDout=NULL;
|
||||
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
meth=SSLv23_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
#elif !defined(NO_SSL3)
|
||||
meth=SSLv3_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
#elif !defined(NO_SSL2)
|
||||
meth=SSLv2_server_method();
|
||||
#endif
|
||||
|
||||
@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
STDout = BIO_push(tmpbio, STDout);
|
||||
@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
if (strcmp(*argv,"-v") == 0)
|
||||
verbose=1;
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
#ifndef NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
#ifndef NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
meth=SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
#ifndef NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
meth=TLSv1_client_method();
|
||||
#endif
|
||||
@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
|
||||
if (badops)
|
||||
{
|
||||
for (pp=ciphers_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
BIO_printf(bio_err,*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
BIO_puts(STDout,SSL_CIPHER_description(
|
||||
sk_SSL_CIPHER_value(sk,i),
|
||||
buf,sizeof buf));
|
||||
buf,512));
|
||||
}
|
||||
}
|
||||
|
||||
@ -202,7 +202,6 @@ end:
|
||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||
if (ssl != NULL) SSL_free(ssl);
|
||||
if (STDout != NULL) BIO_free_all(STDout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
30
apps/crl.c
30
apps/crl.c
@ -81,14 +81,12 @@ static char *crl_usage[]={
|
||||
" -in arg - input file - default stdin\n",
|
||||
" -out arg - output file - default stdout\n",
|
||||
" -hash - print hash value\n",
|
||||
" -fingerprint - print the crl fingerprint\n",
|
||||
" -issuer - print issuer DN\n",
|
||||
" -lastupdate - lastUpdate field\n",
|
||||
" -nextupdate - nextUpdate field\n",
|
||||
" -noout - no CRL output\n",
|
||||
" -CAfile name - verify CRL using certificates in file \"name\"\n",
|
||||
" -CApath dir - verify CRL using certificates in \"dir\"\n",
|
||||
" -nameopt arg - various certificate name options\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -99,7 +97,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
unsigned long nmflag = 0;
|
||||
X509_CRL *x=NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
int ret=1,i,num,badops=0;
|
||||
@ -108,7 +105,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile=NULL,*outfile=NULL;
|
||||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
|
||||
int fingerprint = 0;
|
||||
char **pp;
|
||||
char **pp,buf[256];
|
||||
X509_STORE *store = NULL;
|
||||
X509_STORE_CTX ctx;
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
@ -123,14 +120,11 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
if (bio_out == NULL)
|
||||
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
|
||||
{
|
||||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_out = BIO_push(tmpbio, bio_out);
|
||||
@ -191,11 +185,6 @@ int MAIN(int argc, char **argv)
|
||||
text = 1;
|
||||
else if (strcmp(*argv,"-hash") == 0)
|
||||
hash= ++num;
|
||||
else if (strcmp(*argv,"-nameopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-issuer") == 0)
|
||||
issuer= ++num;
|
||||
else if (strcmp(*argv,"-lastupdate") == 0)
|
||||
@ -225,7 +214,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=crl_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
BIO_printf(bio_err,*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -246,11 +235,7 @@ bad:
|
||||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
ERR_clear_error();
|
||||
|
||||
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
|
||||
BIO_printf(bio_err,
|
||||
"Error initialising X509 store\n");
|
||||
goto end;
|
||||
}
|
||||
X509_STORE_CTX_init(&ctx, store, NULL, NULL);
|
||||
|
||||
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
|
||||
X509_CRL_get_issuer(x), &xobj);
|
||||
@ -279,7 +264,9 @@ bad:
|
||||
{
|
||||
if (issuer == i)
|
||||
{
|
||||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
|
||||
X509_NAME_oneline(X509_CRL_get_issuer(x),
|
||||
buf,256);
|
||||
BIO_printf(bio_out,"issuer= %s\n",buf);
|
||||
}
|
||||
|
||||
if (hash == i)
|
||||
@ -337,7 +324,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -377,7 +364,6 @@ end:
|
||||
X509_STORE_CTX_cleanup(&ctx);
|
||||
X509_STORE_free(store);
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
@ -166,8 +166,7 @@ bad:
|
||||
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
|
||||
BIO_printf(bio_err," (can be used more than once)\n");
|
||||
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
|
||||
ret = 1;
|
||||
goto end;
|
||||
OPENSSL_EXIT(1);
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
@ -242,7 +241,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -279,7 +278,6 @@ end:
|
||||
if (p7 != NULL) PKCS7_free(p7);
|
||||
if (crl != NULL) X509_CRL_free(crl);
|
||||
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
129
apps/dgst.c
129
apps/dgst.c
@ -66,6 +66,7 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef BUFSIZE
|
||||
#define BUFSIZE 1024*8
|
||||
@ -73,9 +74,8 @@
|
||||
#undef PROG
|
||||
#define PROG dgst_main
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
|
||||
const char *file);
|
||||
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
@ -93,16 +93,13 @@ int MAIN(int argc, char **argv)
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
int separator=0;
|
||||
int debug=0;
|
||||
int keyform=FORMAT_PEM;
|
||||
const char *outfile = NULL, *keyfile = NULL;
|
||||
const char *sigfile = NULL, *randfile = NULL;
|
||||
int out_bin = -1, want_pub = 0, do_verify = 0;
|
||||
EVP_PKEY *sigkey = NULL;
|
||||
unsigned char *sigbuf = NULL;
|
||||
int siglen = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -115,11 +112,8 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
/* first check the program name */
|
||||
program_name(argv[0],pname,sizeof pname);
|
||||
program_name(argv[0],pname,PROG_NAME_SIZE);
|
||||
|
||||
md=EVP_get_digestbyname(pname);
|
||||
|
||||
@ -163,18 +157,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) break;
|
||||
sigfile=*(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-keyform") == 0)
|
||||
{
|
||||
if (--argc < 1) break;
|
||||
keyform=str2fmt(*(++argv));
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) break;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-hex") == 0)
|
||||
out_bin = 0;
|
||||
else if (strcmp(*argv,"-binary") == 0)
|
||||
@ -209,12 +196,9 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
|
||||
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
|
||||
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
|
||||
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
|
||||
BIO_printf(bio_err,"-signature file signature to verify\n");
|
||||
BIO_printf(bio_err,"-binary output in binary form\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
|
||||
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
|
||||
LN_md5,LN_md5);
|
||||
@ -234,9 +218,23 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
bmd=BIO_new(BIO_f_md());
|
||||
@ -267,7 +265,7 @@ int MAIN(int argc, char **argv)
|
||||
else out = BIO_new_file(outfile, "w");
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -282,18 +280,24 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(keyfile)
|
||||
{
|
||||
if (want_pub)
|
||||
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
|
||||
e, "key file");
|
||||
else
|
||||
sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
|
||||
e, "key file");
|
||||
if (!sigkey)
|
||||
{
|
||||
/* load_[pub]key() has already printed an appropriate
|
||||
message */
|
||||
if(keyfile) {
|
||||
BIO *keybio;
|
||||
keybio = BIO_new_file(keyfile, "r");
|
||||
if(!keybio) {
|
||||
BIO_printf(bio_err, "Error opening key file %s\n",
|
||||
keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if(want_pub)
|
||||
sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
|
||||
else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
|
||||
BIO_free(keybio);
|
||||
if(!sigkey) {
|
||||
BIO_printf(bio_err, "Error reading key file %s\n",
|
||||
keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
@ -328,37 +332,22 @@ int MAIN(int argc, char **argv)
|
||||
if (argc == 0)
|
||||
{
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
|
||||
siglen,"","(stdin)");
|
||||
do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
|
||||
}
|
||||
else
|
||||
{
|
||||
name=OBJ_nid2sn(md->type);
|
||||
for (i=0; i<argc; i++)
|
||||
{
|
||||
char *tmp,*tofree=NULL;
|
||||
int r;
|
||||
|
||||
if (BIO_read_filename(in,argv[i]) <= 0)
|
||||
{
|
||||
perror(argv[i]);
|
||||
err++;
|
||||
continue;
|
||||
}
|
||||
if(!out_bin)
|
||||
{
|
||||
size_t len = strlen(name)+strlen(argv[i])+5;
|
||||
tmp=tofree=OPENSSL_malloc(len);
|
||||
BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
|
||||
}
|
||||
else
|
||||
tmp="";
|
||||
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
|
||||
siglen,tmp,argv[i]);
|
||||
if(r)
|
||||
err=r;
|
||||
if(tofree)
|
||||
OPENSSL_free(tofree);
|
||||
if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
|
||||
do_fp(out, buf,inp,separator, out_bin, sigkey,
|
||||
sigbuf, siglen);
|
||||
(void)BIO_reset(bmd);
|
||||
}
|
||||
}
|
||||
@ -373,13 +362,11 @@ end:
|
||||
EVP_PKEY_free(sigkey);
|
||||
if(sigbuf) OPENSSL_free(sigbuf);
|
||||
if (bmd != NULL) BIO_free(bmd);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(err);
|
||||
}
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
|
||||
const char *file)
|
||||
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen)
|
||||
{
|
||||
int len;
|
||||
int i;
|
||||
@ -387,33 +374,21 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
for (;;)
|
||||
{
|
||||
i=BIO_read(bp,(char *)buf,BUFSIZE);
|
||||
if(i < 0)
|
||||
{
|
||||
BIO_printf(bio_err, "Read Error in %s\n",file);
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
if (i == 0) break;
|
||||
if (i <= 0) break;
|
||||
}
|
||||
if(sigin)
|
||||
{
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
|
||||
if(i > 0)
|
||||
BIO_printf(out, "Verified OK\n");
|
||||
else if(i == 0)
|
||||
{
|
||||
BIO_printf(out, "Verification Failure\n");
|
||||
return 1;
|
||||
}
|
||||
if(i > 0) BIO_printf(out, "Verified OK\n");
|
||||
else if(i == 0) BIO_printf(out, "Verification Failure\n");
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "Error Verifying Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
return;
|
||||
}
|
||||
if(key)
|
||||
{
|
||||
@ -423,7 +398,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
{
|
||||
BIO_printf(bio_err, "Error Signing Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
return;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -432,7 +407,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
if(binout) BIO_write(out, buf, len);
|
||||
else
|
||||
{
|
||||
BIO_write(out,title,strlen(title));
|
||||
for (i=0; i<len; i++)
|
||||
{
|
||||
if (sep && (i != 0))
|
||||
@ -441,6 +415,5 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
42
apps/dh.c
42
apps/dh.c
@ -57,7 +57,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
@ -69,6 +69,7 @@
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG dh_main
|
||||
@ -87,17 +88,12 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,check=0,noout=0,C=0,ret=1;
|
||||
char *infile,*outfile,*prog;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine;
|
||||
#endif
|
||||
char *infile,*outfile,*prog,*engine;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -105,12 +101,7 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
engine=NULL;
|
||||
#endif
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -141,13 +132,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
@ -179,17 +168,29 @@ bad:
|
||||
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
|
||||
BIO_printf(bio_err," -C Output C code\n");
|
||||
BIO_printf(bio_err," -noout no output\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
@ -212,7 +213,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -345,7 +346,6 @@ end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -109,7 +109,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
@ -121,8 +121,9 @@
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
#include <openssl/dsa.h>
|
||||
#endif
|
||||
|
||||
@ -142,27 +143,22 @@
|
||||
* -C
|
||||
*/
|
||||
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
|
||||
static void MS_CALLBACK dh_cb(int p, int n, void *arg);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
int dsaparam=0;
|
||||
#endif
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,check=0,noout=0,C=0,ret=1;
|
||||
char *infile,*outfile,*prog;
|
||||
char *inrand=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
char *inrand=NULL,*engine=NULL;
|
||||
int num = 0, g = 0;
|
||||
|
||||
apps_startup();
|
||||
@ -171,9 +167,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -204,18 +197,16 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text=1;
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
else if (strcmp(*argv,"-dsaparam") == 0)
|
||||
dsaparam=1;
|
||||
#endif
|
||||
@ -247,7 +238,7 @@ bad:
|
||||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
|
||||
BIO_printf(bio_err," -in arg input file\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -check check the DH parameters\n");
|
||||
@ -256,9 +247,7 @@ bad:
|
||||
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
|
||||
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -268,14 +257,28 @@ bad:
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
if (g)
|
||||
@ -294,8 +297,6 @@ bad:
|
||||
|
||||
if(num) {
|
||||
|
||||
BN_GENCB cb;
|
||||
BN_GENCB_set(&cb, dh_cb, bio_err);
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
|
||||
@ -304,16 +305,15 @@ bad:
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
DSA *dsa = DSA_new();
|
||||
DSA *dsa;
|
||||
|
||||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
|
||||
if(!dsa || !DSA_generate_parameters_ex(dsa, num,
|
||||
NULL, 0, NULL, NULL, &cb))
|
||||
dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
|
||||
if (dsa == NULL)
|
||||
{
|
||||
if(dsa) DSA_free(dsa);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -329,12 +329,12 @@ bad:
|
||||
else
|
||||
#endif
|
||||
{
|
||||
dh = DH_new();
|
||||
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
|
||||
BIO_printf(bio_err,"This is going to take a long time\n");
|
||||
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
|
||||
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
|
||||
|
||||
if (dh == NULL)
|
||||
{
|
||||
if(dh) DH_free(dh);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -366,7 +366,7 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (dsaparam)
|
||||
{
|
||||
DSA *dsa;
|
||||
@ -419,7 +419,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -504,7 +504,7 @@ bad:
|
||||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
||||
printf("\t\t{ DH_free(dh); return(NULL); }\n");
|
||||
if (dh->length)
|
||||
printf("\tdh->length = %ld;\n", dh->length);
|
||||
printf("\tdh->length = %d;\n", dh->length);
|
||||
printf("\treturn(dh);\n\t}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
@ -532,12 +532,11 @@ end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
|
||||
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
|
||||
{
|
||||
char c='*';
|
||||
|
||||
@ -545,12 +544,11 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
|
||||
if (p == 1) c='+';
|
||||
if (p == 2) c='*';
|
||||
if (p == 3) c='\n';
|
||||
BIO_write(cb->arg,&c,1);
|
||||
(void)BIO_flush(cb->arg);
|
||||
BIO_write((BIO *)arg,&c,1);
|
||||
(void)BIO_flush((BIO *)arg);
|
||||
#ifdef LINT
|
||||
p=n;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
51
apps/dsa.c
51
apps/dsa.c
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -68,6 +68,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG dsa_main
|
||||
@ -79,9 +80,6 @@
|
||||
* -des - encrypt output if PEM format with DES in cbc mode
|
||||
* -des3 - encrypt output if PEM format
|
||||
* -idea - encrypt output if PEM format
|
||||
* -aes128 - encrypt output if PEM format
|
||||
* -aes192 - encrypt output if PEM format
|
||||
* -aes256 - encrypt output if PEM format
|
||||
* -text - print a text version
|
||||
* -modulus - print the DSA public key
|
||||
*/
|
||||
@ -90,9 +88,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int ret=1;
|
||||
DSA *dsa=NULL;
|
||||
int i,badops=0;
|
||||
@ -100,10 +96,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,text=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine;
|
||||
#endif
|
||||
char *infile,*outfile,*prog,*engine;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
int modulus=0;
|
||||
@ -114,12 +107,7 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
engine=NULL;
|
||||
#endif
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -160,13 +148,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout=1;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
@ -198,17 +184,11 @@ bad:
|
||||
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err," -out arg output file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -text print the key in text\n");
|
||||
BIO_printf(bio_err," -noout don't print key out\n");
|
||||
@ -218,9 +198,23 @@ bad:
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -268,7 +262,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -326,7 +320,6 @@ end:
|
||||
if(dsa != NULL) DSA_free(dsa);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
114
apps/dsaparam.c
114
apps/dsaparam.c
@ -56,13 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
||||
* deprecated functions for openssl-internal code */
|
||||
#ifdef OPENSSL_NO_DEPRECATED
|
||||
#undef OPENSSL_NO_DEPRECATED
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -88,31 +82,14 @@
|
||||
* -C
|
||||
* -noout
|
||||
* -genkey
|
||||
* #ifdef GENCB_TEST
|
||||
* -timebomb n - interrupt keygen after <n> seconds
|
||||
* #endif
|
||||
*/
|
||||
|
||||
#ifdef GENCB_TEST
|
||||
|
||||
static int stop_keygen_flag = 0;
|
||||
|
||||
static void timebomb_sigalarm(int foo)
|
||||
{
|
||||
stop_keygen_flag = 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
|
||||
static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DSA *dsa=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -120,12 +97,6 @@ int MAIN(int argc, char **argv)
|
||||
char *infile,*outfile,*prog,*inrand=NULL;
|
||||
int numbits= -1,num,genkey=0;
|
||||
int need_rand=0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
#ifdef GENCB_TEST
|
||||
int timebomb=0;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -133,9 +104,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -166,20 +134,6 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if(strcmp(*argv, "-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
#endif
|
||||
#ifdef GENCB_TEST
|
||||
else if(strcmp(*argv, "-timebomb") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
timebomb = atoi(*(++argv));
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text=1;
|
||||
else if (strcmp(*argv,"-C") == 0)
|
||||
@ -225,14 +179,7 @@ bad:
|
||||
BIO_printf(bio_err," -text print as text\n");
|
||||
BIO_printf(bio_err," -C Output C code\n");
|
||||
BIO_printf(bio_err," -noout no output\n");
|
||||
BIO_printf(bio_err," -genkey generate a DSA key\n");
|
||||
BIO_printf(bio_err," -rand files to use for random number input\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
#ifdef GENCB_TEST
|
||||
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," number number of bits to use for generating private key\n");
|
||||
goto end;
|
||||
}
|
||||
@ -260,7 +207,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -276,10 +223,6 @@ bad:
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (need_rand)
|
||||
{
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
@ -290,47 +233,10 @@ bad:
|
||||
|
||||
if (numbits > 0)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
BN_GENCB_set(&cb, dsa_cb, bio_err);
|
||||
assert(need_rand);
|
||||
dsa = DSA_new();
|
||||
if(!dsa)
|
||||
{
|
||||
BIO_printf(bio_err,"Error allocating DSA object\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
|
||||
BIO_printf(bio_err,"This could take some time\n");
|
||||
#ifdef GENCB_TEST
|
||||
if(timebomb > 0)
|
||||
{
|
||||
struct sigaction act;
|
||||
act.sa_handler = timebomb_sigalarm;
|
||||
act.sa_flags = 0;
|
||||
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
|
||||
timebomb);
|
||||
if(sigaction(SIGALRM, &act, NULL) != 0)
|
||||
{
|
||||
BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
|
||||
goto end;
|
||||
}
|
||||
alarm(timebomb);
|
||||
}
|
||||
#endif
|
||||
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
|
||||
{
|
||||
#ifdef GENCB_TEST
|
||||
if(stop_keygen_flag)
|
||||
{
|
||||
BIO_printf(bio_err,"DSA key generation time-stopped\n");
|
||||
/* This is an asked-for behaviour! */
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
BIO_printf(bio_err,"Error, DSA key generation failed\n");
|
||||
goto end;
|
||||
}
|
||||
dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
|
||||
}
|
||||
else if (informat == FORMAT_ASN1)
|
||||
dsa=d2i_DSAparams_bio(in,NULL);
|
||||
@ -451,11 +357,10 @@ end:
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
|
||||
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
|
||||
{
|
||||
char c='*';
|
||||
|
||||
@ -463,15 +368,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
|
||||
if (p == 1) c='+';
|
||||
if (p == 2) c='*';
|
||||
if (p == 3) c='\n';
|
||||
BIO_write(cb->arg,&c,1);
|
||||
(void)BIO_flush(cb->arg);
|
||||
BIO_write(arg,&c,1);
|
||||
(void)BIO_flush(arg);
|
||||
#ifdef LINT
|
||||
p=n;
|
||||
#endif
|
||||
#ifdef GENCB_TEST
|
||||
if(stop_keygen_flag)
|
||||
return 0;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
395
apps/ec.c
395
apps/ec.c
@ -1,395 +0,0 @@
|
||||
/* apps/ec.c */
|
||||
/*
|
||||
* Written by Nils Larsch for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG ec_main
|
||||
|
||||
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
|
||||
* -outform arg - output format - default PEM
|
||||
* -in arg - input file - default stdin
|
||||
* -out arg - output file - default stdout
|
||||
* -des - encrypt output if PEM format with DES in cbc mode
|
||||
* -text - print a text version
|
||||
* -param_out - print the elliptic curve parameters
|
||||
* -conv_form arg - specifies the point encoding form
|
||||
* -param_enc arg - specifies the parameter encoding
|
||||
*/
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int ret = 1;
|
||||
EC_KEY *eckey = NULL;
|
||||
int i, badops = 0;
|
||||
const EVP_CIPHER *enc = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, text=0, noout=0;
|
||||
int pubin = 0, pubout = 0, param_out = 0;
|
||||
char *infile, *outfile, *prog, *engine;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
int new_form = 0;
|
||||
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
|
||||
int new_asn1_flag = 0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
engine = NULL;
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
outformat = FORMAT_PEM;
|
||||
|
||||
prog = argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1)
|
||||
{
|
||||
if (strcmp(*argv,"-inform") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
informat=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-outform") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
outformat=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-in") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
infile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-out") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-passin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passargin= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv, "-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv, "-noout") == 0)
|
||||
noout = 1;
|
||||
else if (strcmp(*argv, "-text") == 0)
|
||||
text = 1;
|
||||
else if (strcmp(*argv, "-conv_form") == 0)
|
||||
{
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
++argv;
|
||||
new_form = 1;
|
||||
if (strcmp(*argv, "compressed") == 0)
|
||||
form = POINT_CONVERSION_COMPRESSED;
|
||||
else if (strcmp(*argv, "uncompressed") == 0)
|
||||
form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
else if (strcmp(*argv, "hybrid") == 0)
|
||||
form = POINT_CONVERSION_HYBRID;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv, "-param_enc") == 0)
|
||||
{
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
++argv;
|
||||
new_asn1_flag = 1;
|
||||
if (strcmp(*argv, "named_curve") == 0)
|
||||
asn1_flag = OPENSSL_EC_NAMED_CURVE;
|
||||
else if (strcmp(*argv, "explicit") == 0)
|
||||
asn1_flag = 0;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv, "-param_out") == 0)
|
||||
param_out = 1;
|
||||
else if (strcmp(*argv, "-pubin") == 0)
|
||||
pubin=1;
|
||||
else if (strcmp(*argv, "-pubout") == 0)
|
||||
pubout=1;
|
||||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||
badops=1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops)
|
||||
{
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - "
|
||||
"DER or PEM\n");
|
||||
BIO_printf(bio_err, " -outform arg output format - "
|
||||
"DER or PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file\n");
|
||||
BIO_printf(bio_err, " -passin arg input file pass "
|
||||
"phrase source\n");
|
||||
BIO_printf(bio_err, " -out arg output file\n");
|
||||
BIO_printf(bio_err, " -passout arg output file pass "
|
||||
"phrase source\n");
|
||||
BIO_printf(bio_err, " -engine e use engine e, "
|
||||
"possibly a hardware device.\n");
|
||||
BIO_printf(bio_err, " -des encrypt PEM output, "
|
||||
"instead of 'des' every other \n"
|
||||
" cipher "
|
||||
"supported by OpenSSL can be used\n");
|
||||
BIO_printf(bio_err, " -text print the key\n");
|
||||
BIO_printf(bio_err, " -noout don't print key out\n");
|
||||
BIO_printf(bio_err, " -param_out print the elliptic "
|
||||
"curve parameters\n");
|
||||
BIO_printf(bio_err, " -conv_form arg specifies the "
|
||||
"point conversion form \n");
|
||||
BIO_printf(bio_err, " possible values:"
|
||||
" compressed\n");
|
||||
BIO_printf(bio_err, " "
|
||||
" uncompressed (default)\n");
|
||||
BIO_printf(bio_err, " "
|
||||
" hybrid\n");
|
||||
BIO_printf(bio_err, " -param_enc arg specifies the way"
|
||||
" the ec parameters are encoded\n");
|
||||
BIO_printf(bio_err, " in the asn1 der "
|
||||
"encoding\n");
|
||||
BIO_printf(bio_err, " possilbe values:"
|
||||
" named_curve (default)\n");
|
||||
BIO_printf(bio_err," "
|
||||
"explicit\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
|
||||
{
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in, infile) <= 0)
|
||||
{
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
BIO_printf(bio_err, "read EC key\n");
|
||||
if (informat == FORMAT_ASN1)
|
||||
{
|
||||
if (pubin)
|
||||
eckey = d2i_EC_PUBKEY_bio(in, NULL);
|
||||
else
|
||||
eckey = d2i_ECPrivateKey_bio(in, NULL);
|
||||
}
|
||||
else if (informat == FORMAT_PEM)
|
||||
{
|
||||
if (pubin)
|
||||
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
|
||||
NULL);
|
||||
else
|
||||
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
|
||||
passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "bad input format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
if (eckey == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load Key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
if (BIO_write_filename(out, outfile) <= 0)
|
||||
{
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (new_form)
|
||||
{
|
||||
EC_GROUP_set_point_conversion_form(eckey->group, form);
|
||||
eckey->conv_form = form;
|
||||
}
|
||||
|
||||
if (new_asn1_flag)
|
||||
EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
|
||||
|
||||
if (text)
|
||||
if (!EC_KEY_print(out, eckey, 0))
|
||||
{
|
||||
perror(outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (noout)
|
||||
goto end;
|
||||
|
||||
BIO_printf(bio_err, "writing EC key\n");
|
||||
if (outformat == FORMAT_ASN1)
|
||||
{
|
||||
if (param_out)
|
||||
i = i2d_ECPKParameters_bio(out, eckey->group);
|
||||
else if (pubin || pubout)
|
||||
i = i2d_EC_PUBKEY_bio(out, eckey);
|
||||
else
|
||||
i = i2d_ECPrivateKey_bio(out, eckey);
|
||||
}
|
||||
else if (outformat == FORMAT_PEM)
|
||||
{
|
||||
if (param_out)
|
||||
i = PEM_write_bio_ECPKParameters(out, eckey->group);
|
||||
else if (pubin || pubout)
|
||||
i = PEM_write_bio_EC_PUBKEY(out, eckey);
|
||||
else
|
||||
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
|
||||
NULL, 0, NULL, passout);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "bad output format specified for "
|
||||
"outfile\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!i)
|
||||
{
|
||||
BIO_printf(bio_err, "unable to write private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
else
|
||||
ret=0;
|
||||
end:
|
||||
if (in)
|
||||
BIO_free(in);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
if (eckey)
|
||||
EC_KEY_free(eckey);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
if (passout)
|
||||
OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
728
apps/ecparam.c
728
apps/ecparam.c
@ -1,728 +0,0 @@
|
||||
/* apps/ecparam.c */
|
||||
/*
|
||||
* Written by Nils Larsch for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* The elliptic curve binary polynomial software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
|
||||
*
|
||||
*/
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG ecparam_main
|
||||
|
||||
/* -inform arg - input format - default PEM (DER or PEM)
|
||||
* -outform arg - output format - default PEM
|
||||
* -in arg - input file - default stdin
|
||||
* -out arg - output file - default stdout
|
||||
* -noout - do not print the ec parameter
|
||||
* -text - print the ec parameters in text form
|
||||
* -check - validate the ec parameters
|
||||
* -C - print a 'C' function creating the parameters
|
||||
* -name arg - use the ec parameters with 'short name' name
|
||||
* -list_curves - prints a list of all currently available curve 'short names'
|
||||
* -conv_form arg - specifies the point conversion form
|
||||
* - possible values: compressed
|
||||
* uncompressed (default)
|
||||
* hybrid
|
||||
* -param_enc arg - specifies the way the ec parameters are encoded
|
||||
* in the asn1 der encoding
|
||||
* possible values: named_curve (default)
|
||||
* explicit
|
||||
* -no_seed - if 'explicit' parameters are choosen do not use the seed
|
||||
* -genkey - generate ec key
|
||||
* -rand file - files to use for random number input
|
||||
* -engine e - use engine e, possibly a hardware device
|
||||
*/
|
||||
|
||||
|
||||
static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
EC_GROUP *group = NULL;
|
||||
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
int new_form = 0;
|
||||
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
|
||||
int new_asn1_flag = 0;
|
||||
char *curve_name = NULL, *inrand = NULL;
|
||||
int list_curves = 0, no_seed = 0, check = 0,
|
||||
badops = 0, text = 0, i, need_rand = 0, genkey = 0;
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, noout = 0, C = 0, ret = 1;
|
||||
ENGINE *e = NULL;
|
||||
char *engine = NULL;
|
||||
|
||||
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
|
||||
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
|
||||
unsigned char *buffer = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
informat=FORMAT_PEM;
|
||||
outformat=FORMAT_PEM;
|
||||
|
||||
prog=argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1)
|
||||
{
|
||||
if (strcmp(*argv,"-inform") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
informat=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-outform") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
outformat=str2fmt(*(++argv));
|
||||
}
|
||||
else if (strcmp(*argv,"-in") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
infile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-out") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
outfile= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text = 1;
|
||||
else if (strcmp(*argv,"-C") == 0)
|
||||
C = 1;
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check = 1;
|
||||
else if (strcmp (*argv, "-name") == 0)
|
||||
{
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
curve_name = *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv, "-list_curves") == 0)
|
||||
list_curves = 1;
|
||||
else if (strcmp(*argv, "-conv_form") == 0)
|
||||
{
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
++argv;
|
||||
new_form = 1;
|
||||
if (strcmp(*argv, "compressed") == 0)
|
||||
form = POINT_CONVERSION_COMPRESSED;
|
||||
else if (strcmp(*argv, "uncompressed") == 0)
|
||||
form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
else if (strcmp(*argv, "hybrid") == 0)
|
||||
form = POINT_CONVERSION_HYBRID;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv, "-param_enc") == 0)
|
||||
{
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
++argv;
|
||||
new_asn1_flag = 1;
|
||||
if (strcmp(*argv, "named_curve") == 0)
|
||||
asn1_flag = OPENSSL_EC_NAMED_CURVE;
|
||||
else if (strcmp(*argv, "explicit") == 0)
|
||||
asn1_flag = 0;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv, "-no_seed") == 0)
|
||||
no_seed = 1;
|
||||
else if (strcmp(*argv, "-noout") == 0)
|
||||
noout=1;
|
||||
else if (strcmp(*argv,"-genkey") == 0)
|
||||
{
|
||||
genkey=1;
|
||||
need_rand=1;
|
||||
}
|
||||
else if (strcmp(*argv, "-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
inrand= *(++argv);
|
||||
need_rand=1;
|
||||
}
|
||||
else if(strcmp(*argv, "-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
badops=1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops)
|
||||
{
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - "
|
||||
"default PEM (DER or PEM)\n");
|
||||
BIO_printf(bio_err, " -outform arg output format - "
|
||||
"default PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file - "
|
||||
"default stdin\n");
|
||||
BIO_printf(bio_err, " -out arg output file - "
|
||||
"default stdout\n");
|
||||
BIO_printf(bio_err, " -noout do not print the "
|
||||
"ec parameter\n");
|
||||
BIO_printf(bio_err, " -text print the ec "
|
||||
"parameters in text form\n");
|
||||
BIO_printf(bio_err, " -check validate the ec "
|
||||
"parameters\n");
|
||||
BIO_printf(bio_err, " -C print a 'C' "
|
||||
"function creating the parameters\n");
|
||||
BIO_printf(bio_err, " -name arg use the "
|
||||
"ec parameters with 'short name' name\n");
|
||||
BIO_printf(bio_err, " -list_curves prints a list of "
|
||||
"all currently available curve 'short names'\n");
|
||||
BIO_printf(bio_err, " -conv_form arg specifies the "
|
||||
"point conversion form \n");
|
||||
BIO_printf(bio_err, " possible values:"
|
||||
" compressed\n");
|
||||
BIO_printf(bio_err, " "
|
||||
" uncompressed (default)\n");
|
||||
BIO_printf(bio_err, " "
|
||||
" hybrid\n");
|
||||
BIO_printf(bio_err, " -param_enc arg specifies the way"
|
||||
" the ec parameters are encoded\n");
|
||||
BIO_printf(bio_err, " in the asn1 der "
|
||||
"encoding\n");
|
||||
BIO_printf(bio_err, " possible values:"
|
||||
" named_curve (default)\n");
|
||||
BIO_printf(bio_err, " "
|
||||
" explicit\n");
|
||||
BIO_printf(bio_err, " -no_seed if 'explicit'"
|
||||
" parameters are choosen do not"
|
||||
" use the seed\n");
|
||||
BIO_printf(bio_err, " -genkey generate ec"
|
||||
" key\n");
|
||||
BIO_printf(bio_err, " -rand file files to use for"
|
||||
" random number input\n");
|
||||
BIO_printf(bio_err, " -engine e use engine e, "
|
||||
"possibly a hardware device\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,infile) <= 0)
|
||||
{
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
if (BIO_write_filename(out,outfile) <= 0)
|
||||
{
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (list_curves)
|
||||
{
|
||||
EC_builtin_curve *curves = NULL;
|
||||
size_t crv_len = 0;
|
||||
size_t n = 0;
|
||||
size_t len;
|
||||
|
||||
crv_len = EC_get_builtin_curves(NULL, 0);
|
||||
|
||||
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
|
||||
|
||||
if (curves == NULL)
|
||||
goto end;
|
||||
|
||||
if (!EC_get_builtin_curves(curves, crv_len))
|
||||
{
|
||||
OPENSSL_free(curves);
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
for (n = 0; n < crv_len; n++)
|
||||
{
|
||||
const char *comment;
|
||||
const char *sname;
|
||||
comment = curves[n].comment;
|
||||
sname = OBJ_nid2sn(curves[n].nid);
|
||||
if (comment == NULL)
|
||||
comment = "CURVE DESCRIPTION NOT AVAILABLE";
|
||||
if (sname == NULL)
|
||||
sname = "";
|
||||
|
||||
len = BIO_printf(out, " %-10s: ", sname);
|
||||
if (len + strlen(comment) > 80)
|
||||
BIO_printf(out, "\n%80s\n", comment);
|
||||
else
|
||||
BIO_printf(out, "%s\n", comment);
|
||||
}
|
||||
|
||||
OPENSSL_free(curves);
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (curve_name != NULL)
|
||||
{
|
||||
int nid;
|
||||
|
||||
/* workaround for the SECG curve names secp192r1
|
||||
* and secp256r1 (which are the same as the curves
|
||||
* prime192v1 and prime256v1 defined in X9.62)
|
||||
*/
|
||||
if (!strcmp(curve_name, "secp192r1"))
|
||||
{
|
||||
BIO_printf(bio_err, "using curve name prime192v1 "
|
||||
"instead of secp192r1\n");
|
||||
nid = NID_X9_62_prime192v1;
|
||||
}
|
||||
else if (!strcmp(curve_name, "secp256r1"))
|
||||
{
|
||||
BIO_printf(bio_err, "using curve name prime256v1 "
|
||||
"instead of secp256r1\n");
|
||||
nid = NID_X9_62_prime256v1;
|
||||
}
|
||||
else
|
||||
nid = OBJ_sn2nid(curve_name);
|
||||
|
||||
if (nid == 0)
|
||||
{
|
||||
BIO_printf(bio_err, "unknown curve name (%s)\n",
|
||||
curve_name);
|
||||
goto end;
|
||||
}
|
||||
|
||||
group = EC_GROUP_new_by_nid(nid);
|
||||
if (group == NULL)
|
||||
{
|
||||
BIO_printf(bio_err, "unable to create curve (%s)\n",
|
||||
curve_name);
|
||||
goto end;
|
||||
}
|
||||
EC_GROUP_set_asn1_flag(group, asn1_flag);
|
||||
EC_GROUP_set_point_conversion_form(group, form);
|
||||
}
|
||||
else if (informat == FORMAT_ASN1)
|
||||
{
|
||||
group = d2i_ECPKParameters_bio(in, NULL);
|
||||
}
|
||||
else if (informat == FORMAT_PEM)
|
||||
{
|
||||
group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "bad input format specified\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (group == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"unable to load elliptic curve parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (new_form)
|
||||
EC_GROUP_set_point_conversion_form(group, form);
|
||||
|
||||
if (new_asn1_flag)
|
||||
EC_GROUP_set_asn1_flag(group, asn1_flag);
|
||||
|
||||
if (no_seed)
|
||||
{
|
||||
EC_GROUP_set_seed(group, NULL, 0);
|
||||
}
|
||||
|
||||
if (text)
|
||||
{
|
||||
if (!ECPKParameters_print(out, group, 0))
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (check)
|
||||
{
|
||||
if (group == NULL)
|
||||
BIO_printf(bio_err, "no elliptic curve parameters\n");
|
||||
BIO_printf(bio_err, "checking elliptic curve parameters: ");
|
||||
if (!EC_GROUP_check(group, NULL))
|
||||
{
|
||||
BIO_printf(bio_err, "failed\n");
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
else
|
||||
BIO_printf(bio_err, "ok\n");
|
||||
|
||||
}
|
||||
|
||||
if (C)
|
||||
{
|
||||
size_t buf_len = 0, tmp_len = 0;
|
||||
const EC_POINT *point;
|
||||
int is_prime, len = 0;
|
||||
const EC_METHOD *meth = EC_GROUP_method_of(group);
|
||||
|
||||
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
|
||||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
|
||||
(ec_order = BN_new()) == NULL ||
|
||||
(ec_cofactor = BN_new()) == NULL )
|
||||
{
|
||||
perror("OPENSSL_malloc");
|
||||
goto end;
|
||||
}
|
||||
|
||||
is_prime = (EC_METHOD_get_field_type(meth) ==
|
||||
NID_X9_62_prime_field);
|
||||
|
||||
if (is_prime)
|
||||
{
|
||||
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
|
||||
ec_b, NULL))
|
||||
goto end;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* TODO */
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((point = EC_GROUP_get0_generator(group)) == NULL)
|
||||
goto end;
|
||||
if (!EC_POINT_point2bn(group, point,
|
||||
EC_GROUP_get_point_conversion_form(group), ec_gen,
|
||||
NULL))
|
||||
goto end;
|
||||
if (!EC_GROUP_get_order(group, ec_order, NULL))
|
||||
goto end;
|
||||
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
|
||||
goto end;
|
||||
|
||||
if (!ec_p || !ec_a || !ec_b || !ec_gen ||
|
||||
!ec_order || !ec_cofactor)
|
||||
goto end;
|
||||
|
||||
len = BN_num_bits(ec_order);
|
||||
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
|
||||
buf_len = tmp_len;
|
||||
|
||||
buffer = (unsigned char *)OPENSSL_malloc(buf_len);
|
||||
|
||||
if (buffer == NULL)
|
||||
{
|
||||
perror("OPENSSL_malloc");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
|
||||
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
|
||||
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
|
||||
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
|
||||
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
|
||||
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
|
||||
buffer);
|
||||
|
||||
BIO_printf(out, "\n\n");
|
||||
|
||||
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
|
||||
BIO_printf(out, "\tint ok=0;\n");
|
||||
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
|
||||
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
|
||||
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
|
||||
"*tmp_3 = NULL;\n\n");
|
||||
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
|
||||
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
|
||||
"goto err;\n", len, len);
|
||||
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
|
||||
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
|
||||
"goto err;\n", len, len);
|
||||
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
|
||||
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
|
||||
"goto err;\n", len, len);
|
||||
if (is_prime)
|
||||
{
|
||||
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
|
||||
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
|
||||
"\n\t\tgoto err;\n\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
/* TODO */
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(out, "\t/* build generator */\n");
|
||||
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
|
||||
"sizeof(ec_gen_%d), tmp_1)) == NULL)"
|
||||
"\n\t\tgoto err;\n", len, len);
|
||||
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
|
||||
"NULL, NULL);\n");
|
||||
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
|
||||
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
|
||||
"sizeof(ec_order_%d), tmp_2)) == NULL)"
|
||||
"\n\t\tgoto err;\n", len, len);
|
||||
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
|
||||
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
|
||||
"\n\t\tgoto err;\n", len, len);
|
||||
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
|
||||
" tmp_2, tmp_3))\n\t\tgoto err;\n");
|
||||
BIO_printf(out, "\n\tok=1;\n");
|
||||
BIO_printf(out, "err:\n");
|
||||
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
|
||||
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
|
||||
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
|
||||
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
|
||||
BIO_printf(out, "\tif (!ok)\n");
|
||||
BIO_printf(out, "\t\t{\n");
|
||||
BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
|
||||
BIO_printf(out, "\t\tgroup = NULL;\n");
|
||||
BIO_printf(out, "\t\t}\n");
|
||||
BIO_printf(out, "\treturn(group);\n\t}\n");
|
||||
}
|
||||
|
||||
if (!noout)
|
||||
{
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_ECPKParameters_bio(out, group);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_ECPKParameters(out, group);
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"bad output format specified for"
|
||||
" outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i)
|
||||
{
|
||||
BIO_printf(bio_err, "unable to write elliptic "
|
||||
"curve parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (need_rand)
|
||||
{
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
}
|
||||
|
||||
if (genkey)
|
||||
{
|
||||
EC_KEY *eckey = EC_KEY_new();
|
||||
|
||||
if (eckey == NULL)
|
||||
goto end;
|
||||
|
||||
assert(need_rand);
|
||||
|
||||
eckey->group = group;
|
||||
|
||||
if (!EC_KEY_generate_key(eckey))
|
||||
{
|
||||
eckey->group = NULL;
|
||||
EC_KEY_free(eckey);
|
||||
goto end;
|
||||
}
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_ECPrivateKey_bio(out, eckey);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
|
||||
NULL, 0, NULL, NULL);
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err, "bad output format specified "
|
||||
"for outfile\n");
|
||||
eckey->group = NULL;
|
||||
EC_KEY_free(eckey);
|
||||
goto end;
|
||||
}
|
||||
eckey->group = NULL;
|
||||
EC_KEY_free(eckey);
|
||||
}
|
||||
|
||||
if (need_rand)
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
|
||||
ret=0;
|
||||
end:
|
||||
if (ec_p)
|
||||
BN_free(ec_p);
|
||||
if (ec_a)
|
||||
BN_free(ec_a);
|
||||
if (ec_b)
|
||||
BN_free(ec_b);
|
||||
if (ec_gen)
|
||||
BN_free(ec_gen);
|
||||
if (ec_order)
|
||||
BN_free(ec_order);
|
||||
if (ec_cofactor)
|
||||
BN_free(ec_cofactor);
|
||||
if (buffer)
|
||||
OPENSSL_free(buffer);
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (group != NULL)
|
||||
EC_GROUP_free(group);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
|
||||
int len, unsigned char *buffer)
|
||||
{
|
||||
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
|
||||
if (BN_is_zero(in))
|
||||
BIO_printf(out, "\n\t0x00");
|
||||
else
|
||||
{
|
||||
int i, l;
|
||||
|
||||
l = BN_bn2bin(in, buffer);
|
||||
for (i=0; i<l-1; i++)
|
||||
{
|
||||
if ((i%12) == 0)
|
||||
BIO_printf(out, "\n\t");
|
||||
BIO_printf(out, "0x%02X,", buffer[i]);
|
||||
}
|
||||
if ((i%12) == 0)
|
||||
BIO_printf(out, "\n\t");
|
||||
BIO_printf(out, "0x%02X", buffer[i]);
|
||||
}
|
||||
BIO_printf(out, "\n\t};\n\n");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
161
apps/enc.c
161
apps/enc.c
@ -66,8 +66,11 @@
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rand.h>
|
||||
#ifndef NO_MD5
|
||||
#include <openssl/md5.h>
|
||||
#endif
|
||||
#include <openssl/pem.h>
|
||||
#include <ctype.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
int set_hex(char *in,unsigned char *out,int size);
|
||||
#undef SIZE
|
||||
@ -78,39 +81,18 @@ int set_hex(char *in,unsigned char *out,int size);
|
||||
#define BSIZE (8*1024)
|
||||
#define PROG enc_main
|
||||
|
||||
static void show_ciphers(const OBJ_NAME *name,void *bio_)
|
||||
{
|
||||
BIO *bio=bio_;
|
||||
static int n;
|
||||
|
||||
if(!islower((unsigned char)*name->name))
|
||||
return;
|
||||
|
||||
BIO_printf(bio,"-%-25s",name->name);
|
||||
if(++n == 3)
|
||||
{
|
||||
BIO_printf(bio,"\n");
|
||||
n=0;
|
||||
}
|
||||
else
|
||||
BIO_printf(bio," ");
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
static const char magic[]="Salted__";
|
||||
char mbuf[sizeof magic-1];
|
||||
char mbuf[8]; /* should be 1 smaller than magic */
|
||||
char *strbuf=NULL;
|
||||
unsigned char *buff=NULL,*bufsize=NULL;
|
||||
int bsize=BSIZE,verbose=0;
|
||||
int ret=1,inl;
|
||||
int nopad = 0;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
|
||||
unsigned char key[24],iv[MD5_DIGEST_LENGTH];
|
||||
unsigned char salt[PKCS5_SALT_LEN];
|
||||
char *str=NULL, *passarg = NULL, *pass = NULL;
|
||||
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
|
||||
@ -121,9 +103,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -131,11 +111,8 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
/* first check the program name */
|
||||
program_name(argv[0],pname,sizeof pname);
|
||||
program_name(argv[0],pname,PROG_NAME_SIZE);
|
||||
if (strcmp(pname,"base64") == 0)
|
||||
base64=1;
|
||||
|
||||
@ -167,21 +144,17 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passarg= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-d") == 0)
|
||||
enc=0;
|
||||
else if (strcmp(*argv,"-p") == 0)
|
||||
printkey=1;
|
||||
else if (strcmp(*argv,"-v") == 0)
|
||||
verbose=1;
|
||||
else if (strcmp(*argv,"-nopad") == 0)
|
||||
nopad=1;
|
||||
else if (strcmp(*argv,"-salt") == 0)
|
||||
nosalt=0;
|
||||
else if (strcmp(*argv,"-nosalt") == 0)
|
||||
@ -222,7 +195,7 @@ int MAIN(int argc, char **argv)
|
||||
goto bad;
|
||||
}
|
||||
buf[0]='\0';
|
||||
fgets(buf,sizeof buf,infile);
|
||||
fgets(buf,128,infile);
|
||||
fclose(infile);
|
||||
i=strlen(buf);
|
||||
if ((i > 0) &&
|
||||
@ -276,25 +249,97 @@ bad:
|
||||
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
|
||||
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
|
||||
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
|
||||
#endif
|
||||
|
||||
BIO_printf(bio_err,"Cipher Types\n");
|
||||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
||||
show_ciphers,
|
||||
bio_err);
|
||||
BIO_printf(bio_err,"\n");
|
||||
BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
|
||||
BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
|
||||
BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n");
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n");
|
||||
#endif
|
||||
#ifndef NO_RC4
|
||||
BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
|
||||
LN_rc4);
|
||||
#endif
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ecb,LN_des_cbc,
|
||||
LN_des_cfb64,LN_des_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n",
|
||||
"des", LN_des_cbc);
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ede,LN_des_ede_cbc,
|
||||
LN_des_ede_cfb64,LN_des_ede_ofb64);
|
||||
BIO_printf(bio_err," -desx -none\n");
|
||||
|
||||
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_des_ede3,LN_des_ede3_cbc,
|
||||
LN_des_ede3_cfb64,LN_des_ede3_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n",
|
||||
"des3", LN_des_ede3_cbc);
|
||||
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_idea_ecb, LN_idea_cbc,
|
||||
LN_idea_cfb64, LN_idea_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
|
||||
#endif
|
||||
#ifndef NO_RC2
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_rc2_ecb, LN_rc2_cbc,
|
||||
LN_rc2_cfb64, LN_rc2_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
|
||||
#endif
|
||||
#ifndef NO_BF
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_bf_ecb, LN_bf_cbc,
|
||||
LN_bf_cfb64, LN_bf_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
|
||||
#endif
|
||||
#ifndef NO_CAST
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_cast5_ecb, LN_cast5_cbc,
|
||||
LN_cast5_cfb64, LN_cast5_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
|
||||
#endif
|
||||
#ifndef NO_RC5
|
||||
BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
|
||||
LN_rc5_ecb, LN_rc5_cbc,
|
||||
LN_rc5_cfb64, LN_rc5_ofb64);
|
||||
BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if (bufsize != NULL)
|
||||
{
|
||||
@ -373,7 +418,7 @@ bad:
|
||||
{
|
||||
char buf[200];
|
||||
|
||||
BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
|
||||
sprintf(buf,"enter %s %s password:",
|
||||
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
|
||||
(enc)?"encryption":"decryption");
|
||||
strbuf[0]='\0';
|
||||
@ -400,7 +445,7 @@ bad:
|
||||
if (outf == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -438,9 +483,6 @@ bad:
|
||||
|
||||
if (cipher != NULL)
|
||||
{
|
||||
/* Note that str is NULL if a key was passed on the command
|
||||
* line, so we get no salt in that case. Is this a bug?
|
||||
*/
|
||||
if (str != NULL)
|
||||
{
|
||||
/* Salt handling: if encrypting generate a salt and
|
||||
@ -452,12 +494,12 @@ bad:
|
||||
else {
|
||||
if(enc) {
|
||||
if(hsalt) {
|
||||
if(!set_hex(hsalt,salt,sizeof salt)) {
|
||||
if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
|
||||
BIO_printf(bio_err,
|
||||
"invalid hex salt value\n");
|
||||
goto end;
|
||||
}
|
||||
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
|
||||
} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
|
||||
goto end;
|
||||
/* If -P option then don't bother writing */
|
||||
if((printkey != 2)
|
||||
@ -465,14 +507,14 @@ bad:
|
||||
sizeof magic-1) != sizeof magic-1
|
||||
|| BIO_write(wbio,
|
||||
(char *)salt,
|
||||
sizeof salt) != sizeof salt)) {
|
||||
PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
|
||||
BIO_printf(bio_err,"error writing output file\n");
|
||||
goto end;
|
||||
}
|
||||
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|
||||
|| BIO_read(rbio,
|
||||
(unsigned char *)salt,
|
||||
sizeof salt) != sizeof salt) {
|
||||
PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
|
||||
BIO_printf(bio_err,"error reading input file\n");
|
||||
goto end;
|
||||
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
|
||||
@ -495,7 +537,7 @@ bad:
|
||||
else
|
||||
OPENSSL_cleanse(str,strlen(str));
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
|
||||
if ((hiv != NULL) && !set_hex(hiv,iv,8))
|
||||
{
|
||||
BIO_printf(bio_err,"invalid hex iv value\n");
|
||||
goto end;
|
||||
@ -508,7 +550,7 @@ bad:
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
|
||||
if ((hkey != NULL) && !set_hex(hkey,key,24))
|
||||
{
|
||||
BIO_printf(bio_err,"invalid hex key value\n");
|
||||
goto end;
|
||||
@ -517,12 +559,6 @@ bad:
|
||||
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
|
||||
goto end;
|
||||
BIO_set_cipher(benc,cipher,key,iv,enc);
|
||||
if (nopad)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
BIO_get_cipher_ctx(benc, &ctx);
|
||||
EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||
}
|
||||
if (debug)
|
||||
{
|
||||
BIO_set_callback(benc,BIO_debug_callback);
|
||||
@ -534,7 +570,7 @@ bad:
|
||||
if (!nosalt)
|
||||
{
|
||||
printf("salt=");
|
||||
for (i=0; i<(int)sizeof(salt); i++)
|
||||
for (i=0; i<PKCS5_SALT_LEN; i++)
|
||||
printf("%02X",salt[i]);
|
||||
printf("\n");
|
||||
}
|
||||
@ -595,7 +631,6 @@ end:
|
||||
if (benc != NULL) BIO_free(benc);
|
||||
if (b64 != NULL) BIO_free(b64);
|
||||
if(pass) OPENSSL_free(pass);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
538
apps/engine.c
538
apps/engine.c
@ -1,538 +0,0 @@
|
||||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG engine_main
|
||||
|
||||
static char *engine_usage[]={
|
||||
"usage: engine opts [engine ...]\n",
|
||||
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
|
||||
" -vv will additionally display each command's description\n",
|
||||
" -vvv will also add the input flags for each command\n",
|
||||
" -vvvv will also show internal input flags\n",
|
||||
" -c - for each engine, also list the capabilities\n",
|
||||
" -t[t] - for each engine, check that they are really available\n",
|
||||
" -tt will display error trace for unavailable engines\n",
|
||||
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
|
||||
" to load it (if -t is used)\n",
|
||||
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
|
||||
" (only used if -t is also provided)\n",
|
||||
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
|
||||
" line, or all supported ENGINEs if none are specified.\n",
|
||||
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
|
||||
" argument \"/lib/libdriver.so\".\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
static void identity(void *ptr)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
static int append_buf(char **buf, const char *s, int *size, int step)
|
||||
{
|
||||
int l = strlen(s);
|
||||
|
||||
if (*buf == NULL)
|
||||
{
|
||||
*size = step;
|
||||
*buf = OPENSSL_malloc(*size);
|
||||
if (*buf == NULL)
|
||||
return 0;
|
||||
**buf = '\0';
|
||||
}
|
||||
|
||||
if (**buf != '\0')
|
||||
l += 2; /* ", " */
|
||||
|
||||
if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
|
||||
{
|
||||
*size += step;
|
||||
*buf = OPENSSL_realloc(*buf, *size);
|
||||
}
|
||||
|
||||
if (*buf == NULL)
|
||||
return 0;
|
||||
|
||||
if (**buf != '\0')
|
||||
BUF_strlcat(*buf, ", ", *size);
|
||||
BUF_strlcat(*buf, s, *size);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
|
||||
{
|
||||
int started = 0, err = 0;
|
||||
/* Indent before displaying input flags */
|
||||
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
|
||||
if(flags == 0)
|
||||
{
|
||||
BIO_printf(bio_out, "<no flags>\n");
|
||||
return 1;
|
||||
}
|
||||
/* If the object is internal, mark it in a way that shows instead of
|
||||
* having it part of all the other flags, even if it really is. */
|
||||
if(flags & ENGINE_CMD_FLAG_INTERNAL)
|
||||
{
|
||||
BIO_printf(bio_out, "[Internal] ");
|
||||
}
|
||||
|
||||
if(flags & ENGINE_CMD_FLAG_NUMERIC)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "NUMERIC");
|
||||
started = 1;
|
||||
}
|
||||
/* Now we check that no combinations of the mutually exclusive NUMERIC,
|
||||
* STRING, and NO_INPUT flags have been used. Future flags that can be
|
||||
* OR'd together with these would need to added after these to preserve
|
||||
* the testing logic. */
|
||||
if(flags & ENGINE_CMD_FLAG_STRING)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "STRING");
|
||||
started = 1;
|
||||
}
|
||||
if(flags & ENGINE_CMD_FLAG_NO_INPUT)
|
||||
{
|
||||
if(started)
|
||||
{
|
||||
BIO_printf(bio_out, "|");
|
||||
err = 1;
|
||||
}
|
||||
BIO_printf(bio_out, "NO_INPUT");
|
||||
started = 1;
|
||||
}
|
||||
/* Check for unknown flags */
|
||||
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
|
||||
~ENGINE_CMD_FLAG_STRING &
|
||||
~ENGINE_CMD_FLAG_NO_INPUT &
|
||||
~ENGINE_CMD_FLAG_INTERNAL;
|
||||
if(flags)
|
||||
{
|
||||
if(started) BIO_printf(bio_out, "|");
|
||||
BIO_printf(bio_out, "<0x%04X>", flags);
|
||||
}
|
||||
if(err)
|
||||
BIO_printf(bio_out, " <illegal flags!>");
|
||||
BIO_printf(bio_out, "\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
|
||||
{
|
||||
static const int line_wrap = 78;
|
||||
int num;
|
||||
int ret = 0;
|
||||
char *name = NULL;
|
||||
char *desc = NULL;
|
||||
int flags;
|
||||
int xpos = 0;
|
||||
STACK *cmds = NULL;
|
||||
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
|
||||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
|
||||
0, NULL, NULL)) <= 0))
|
||||
{
|
||||
#if 0
|
||||
BIO_printf(bio_out, "%s<no control commands>\n", indent);
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
cmds = sk_new_null();
|
||||
|
||||
if(!cmds)
|
||||
goto err;
|
||||
do {
|
||||
int len;
|
||||
/* Get the command input flags */
|
||||
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
|
||||
{
|
||||
/* Get the command name */
|
||||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) <= 0)
|
||||
goto err;
|
||||
if((name = OPENSSL_malloc(len + 1)) == NULL)
|
||||
goto err;
|
||||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
/* Get the command description */
|
||||
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
|
||||
NULL, NULL)) < 0)
|
||||
goto err;
|
||||
if(len > 0)
|
||||
{
|
||||
if((desc = OPENSSL_malloc(len + 1)) == NULL)
|
||||
goto err;
|
||||
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
|
||||
NULL) <= 0)
|
||||
goto err;
|
||||
}
|
||||
/* Now decide on the output */
|
||||
if(xpos == 0)
|
||||
/* Do an indent */
|
||||
xpos = BIO_printf(bio_out, indent);
|
||||
else
|
||||
/* Otherwise prepend a ", " */
|
||||
xpos += BIO_printf(bio_out, ", ");
|
||||
if(verbose == 1)
|
||||
{
|
||||
/* We're just listing names, comma-delimited */
|
||||
if((xpos > (int)strlen(indent)) &&
|
||||
(xpos + (int)strlen(name) > line_wrap))
|
||||
{
|
||||
BIO_printf(bio_out, "\n");
|
||||
xpos = BIO_printf(bio_out, indent);
|
||||
}
|
||||
xpos += BIO_printf(bio_out, "%s", name);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* We're listing names plus descriptions */
|
||||
BIO_printf(bio_out, "%s: %s\n", name,
|
||||
(desc == NULL) ? "<no description>" : desc);
|
||||
/* ... and sometimes input flags */
|
||||
if((verbose >= 3) && !util_flags(bio_out, flags,
|
||||
indent))
|
||||
goto err;
|
||||
xpos = 0;
|
||||
}
|
||||
}
|
||||
OPENSSL_free(name); name = NULL;
|
||||
if(desc) { OPENSSL_free(desc); desc = NULL; }
|
||||
/* Move to the next command */
|
||||
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
|
||||
num, NULL, NULL);
|
||||
} while(num > 0);
|
||||
if(xpos > 0)
|
||||
BIO_printf(bio_out, "\n");
|
||||
ret = 1;
|
||||
err:
|
||||
if(cmds) sk_pop_free(cmds, identity);
|
||||
if(name) OPENSSL_free(name);
|
||||
if(desc) OPENSSL_free(desc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
|
||||
{
|
||||
int loop, res, num = sk_num(cmds);
|
||||
if(num < 0)
|
||||
{
|
||||
BIO_printf(bio_out, "[Error]: internal stack error\n");
|
||||
return;
|
||||
}
|
||||
for(loop = 0; loop < num; loop++)
|
||||
{
|
||||
char buf[256];
|
||||
const char *cmd, *arg;
|
||||
cmd = sk_value(cmds, loop);
|
||||
res = 1; /* assume success */
|
||||
/* Check if this command has no ":arg" */
|
||||
if((arg = strstr(cmd, ":")) == NULL)
|
||||
{
|
||||
if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
|
||||
res = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if((int)(arg - cmd) > 254)
|
||||
{
|
||||
BIO_printf(bio_out,"[Error]: command name too long\n");
|
||||
return;
|
||||
}
|
||||
memcpy(buf, cmd, (int)(arg - cmd));
|
||||
buf[arg-cmd] = '\0';
|
||||
arg++; /* Move past the ":" */
|
||||
/* Call the command with the argument */
|
||||
if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
|
||||
res = 0;
|
||||
}
|
||||
if(res)
|
||||
BIO_printf(bio_out, "[Success]: %s\n", cmd);
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
|
||||
ERR_print_errors(bio_out);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int ret=1,i;
|
||||
char **pp;
|
||||
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
|
||||
ENGINE *e;
|
||||
STACK *engines = sk_new_null();
|
||||
STACK *pre_cmds = sk_new_null();
|
||||
STACK *post_cmds = sk_new_null();
|
||||
int badops=1;
|
||||
BIO *bio_out=NULL;
|
||||
const char *indent = " ";
|
||||
|
||||
apps_startup();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_out = BIO_push(tmpbio, bio_out);
|
||||
}
|
||||
#endif
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1)
|
||||
{
|
||||
if (strncmp(*argv,"-v",2) == 0)
|
||||
{
|
||||
if(strspn(*argv + 1, "v") < strlen(*argv + 1))
|
||||
goto skip_arg_loop;
|
||||
if((verbose=strlen(*argv + 1)) > 4)
|
||||
goto skip_arg_loop;
|
||||
}
|
||||
else if (strcmp(*argv,"-c") == 0)
|
||||
list_cap=1;
|
||||
else if (strncmp(*argv,"-t",2) == 0)
|
||||
{
|
||||
test_avail=1;
|
||||
if(strspn(*argv + 1, "t") < strlen(*argv + 1))
|
||||
goto skip_arg_loop;
|
||||
if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
|
||||
goto skip_arg_loop;
|
||||
}
|
||||
else if (strcmp(*argv,"-pre") == 0)
|
||||
{
|
||||
argc--; argv++;
|
||||
sk_push(pre_cmds,*argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-post") == 0)
|
||||
{
|
||||
argc--; argv++;
|
||||
sk_push(post_cmds,*argv);
|
||||
}
|
||||
else if ((strncmp(*argv,"-h",2) == 0) ||
|
||||
(strcmp(*argv,"-?") == 0))
|
||||
goto skip_arg_loop;
|
||||
else
|
||||
sk_push(engines,*argv);
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
/* Looks like everything went OK */
|
||||
badops = 0;
|
||||
skip_arg_loop:
|
||||
|
||||
if (badops)
|
||||
{
|
||||
for (pp=engine_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sk_num(engines) == 0)
|
||||
{
|
||||
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
|
||||
{
|
||||
sk_push(engines,(char *)ENGINE_get_id(e));
|
||||
}
|
||||
}
|
||||
|
||||
for (i=0; i<sk_num(engines); i++)
|
||||
{
|
||||
const char *id = sk_value(engines,i);
|
||||
if ((e = ENGINE_by_id(id)) != NULL)
|
||||
{
|
||||
const char *name = ENGINE_get_name(e);
|
||||
/* Do "id" first, then "name". Easier to auto-parse. */
|
||||
BIO_printf(bio_out, "(%s) %s\n", id, name);
|
||||
util_do_cmds(e, pre_cmds, bio_out, indent);
|
||||
if (strcmp(ENGINE_get_id(e), id) != 0)
|
||||
{
|
||||
BIO_printf(bio_out, "Loaded: (%s) %s\n",
|
||||
ENGINE_get_id(e), ENGINE_get_name(e));
|
||||
}
|
||||
if (list_cap)
|
||||
{
|
||||
int cap_size = 256;
|
||||
char *cap_buf = NULL;
|
||||
int k,n;
|
||||
const int *nids;
|
||||
ENGINE_CIPHERS_PTR fn_c;
|
||||
ENGINE_DIGESTS_PTR fn_d;
|
||||
|
||||
if (ENGINE_get_RSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, "RSA",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_DSA(e) != NULL
|
||||
&& !append_buf(&cap_buf, "DSA",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_DH(e) != NULL
|
||||
&& !append_buf(&cap_buf, "DH",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
if (ENGINE_get_RAND(e) != NULL
|
||||
&& !append_buf(&cap_buf, "RAND",
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
fn_c = ENGINE_get_ciphers(e);
|
||||
if(!fn_c) goto skip_ciphers;
|
||||
n = fn_c(e, NULL, &nids, 0);
|
||||
for(k=0 ; k < n ; ++k)
|
||||
if(!append_buf(&cap_buf,
|
||||
OBJ_nid2sn(nids[k]),
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
skip_ciphers:
|
||||
fn_d = ENGINE_get_digests(e);
|
||||
if(!fn_d) goto skip_digests;
|
||||
n = fn_d(e, NULL, &nids, 0);
|
||||
for(k=0 ; k < n ; ++k)
|
||||
if(!append_buf(&cap_buf,
|
||||
OBJ_nid2sn(nids[k]),
|
||||
&cap_size, 256))
|
||||
goto end;
|
||||
|
||||
skip_digests:
|
||||
if (cap_buf && (*cap_buf != '\0'))
|
||||
BIO_printf(bio_out, " [%s]\n", cap_buf);
|
||||
|
||||
OPENSSL_free(cap_buf);
|
||||
}
|
||||
if(test_avail)
|
||||
{
|
||||
BIO_printf(bio_out, "%s", indent);
|
||||
if (ENGINE_init(e))
|
||||
{
|
||||
BIO_printf(bio_out, "[ available ]\n");
|
||||
util_do_cmds(e, post_cmds, bio_out, indent);
|
||||
ENGINE_finish(e);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_out, "[ unavailable ]\n");
|
||||
if(test_avail_noise)
|
||||
ERR_print_errors_fp(stdout);
|
||||
ERR_clear_error();
|
||||
}
|
||||
}
|
||||
if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
|
||||
goto end;
|
||||
ENGINE_free(e);
|
||||
}
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
|
||||
ret=0;
|
||||
end:
|
||||
|
||||
ERR_print_errors(bio_err);
|
||||
sk_pop_free(engines, identity);
|
||||
sk_pop_free(pre_cmds, identity);
|
||||
sk_pop_free(post_cmds, identity);
|
||||
if (bio_out != NULL) BIO_free_all(bio_out);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#else
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy=&dummy;
|
||||
# endif
|
||||
|
||||
#endif
|
@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
|
||||
out=BIO_new(BIO_s_file());
|
||||
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
|
||||
{
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -121,6 +121,5 @@ int MAIN(int argc, char **argv)
|
||||
ret++;
|
||||
}
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
58
apps/gendh.c
58
apps/gendh.c
@ -57,13 +57,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
||||
* deprecated functions for openssl-internal code */
|
||||
#ifdef OPENSSL_NO_DEPRECATED
|
||||
#undef OPENSSL_NO_DEPRECATED
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -76,41 +70,33 @@
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#define DEFBITS 512
|
||||
#undef PROG
|
||||
#define PROG gendh_main
|
||||
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
|
||||
static void MS_CALLBACK dh_cb(int p, int n, void *arg);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int ret=1,num=DEFBITS;
|
||||
int g=2;
|
||||
char *outfile=NULL;
|
||||
char *inrand=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
BIO *out=NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
BN_GENCB_set(&cb, dh_cb, bio_err);
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argv++;
|
||||
argc--;
|
||||
for (;;)
|
||||
@ -127,13 +113,11 @@ int MAIN(int argc, char **argv)
|
||||
g=3; */
|
||||
else if (strcmp(*argv,"-5") == 0)
|
||||
g=5;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -152,18 +136,30 @@ bad:
|
||||
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
|
||||
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
|
||||
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
out=BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
@ -175,7 +171,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -201,9 +197,9 @@ bad:
|
||||
|
||||
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
|
||||
BIO_printf(bio_err,"This is going to take a long time\n");
|
||||
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
|
||||
|
||||
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
|
||||
goto end;
|
||||
if (dh == NULL) goto end;
|
||||
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
|
||||
@ -215,11 +211,10 @@ end:
|
||||
ERR_print_errors(bio_err);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dh != NULL) DH_free(dh);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
|
||||
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
|
||||
{
|
||||
char c='*';
|
||||
|
||||
@ -227,11 +222,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
|
||||
if (p == 1) c='+';
|
||||
if (p == 2) c='*';
|
||||
if (p == 3) c='\n';
|
||||
BIO_write(cb->arg,&c,1);
|
||||
(void)BIO_flush(cb->arg);
|
||||
BIO_write((BIO *)arg,&c,1);
|
||||
(void)BIO_flush((BIO *)arg);
|
||||
#ifdef LINT
|
||||
p=n;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -68,6 +68,7 @@
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#define DEFBITS 512
|
||||
#undef PROG
|
||||
@ -77,19 +78,15 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DSA *dsa=NULL;
|
||||
int ret=1;
|
||||
char *outfile=NULL;
|
||||
char *inrand=NULL,*dsaparams=NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
BIO *out=NULL,*in=NULL;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
EVP_CIPHER *enc=NULL;
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -97,9 +94,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argv++;
|
||||
argc--;
|
||||
for (;;)
|
||||
@ -115,13 +109,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -129,23 +121,15 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
else if (strcmp(*argv,"-") == 0)
|
||||
goto bad;
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
else if (strcmp(*argv,"-des") == 0)
|
||||
enc=EVP_des_cbc();
|
||||
else if (strcmp(*argv,"-des3") == 0)
|
||||
enc=EVP_des_ede3_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
else if (strcmp(*argv,"-idea") == 0)
|
||||
enc=EVP_idea_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (strcmp(*argv,"-aes128") == 0)
|
||||
enc=EVP_aes_128_cbc();
|
||||
else if (strcmp(*argv,"-aes192") == 0)
|
||||
enc=EVP_aes_192_cbc();
|
||||
else if (strcmp(*argv,"-aes256") == 0)
|
||||
enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (**argv != '-' && dsaparams == NULL)
|
||||
{
|
||||
@ -162,20 +146,14 @@ int MAIN(int argc, char **argv)
|
||||
bad:
|
||||
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
|
||||
BIO_printf(bio_err," -out file - output the key to 'file'\n");
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
|
||||
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -184,9 +162,23 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -215,7 +207,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -255,7 +247,6 @@ end:
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (dsa != NULL) DSA_free(dsa);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#endif
|
||||
|
@ -56,13 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
||||
* deprecated functions for openssl-internal code */
|
||||
#ifdef OPENSSL_NO_DEPRECATED
|
||||
#undef OPENSSL_NO_DEPRECATED
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
@ -75,45 +69,36 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#define DEFBITS 512
|
||||
#undef PROG
|
||||
#define PROG genrsa_main
|
||||
|
||||
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
|
||||
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int ret=1;
|
||||
RSA *rsa=NULL;
|
||||
int i,num=DEFBITS;
|
||||
long l;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
EVP_CIPHER *enc=NULL;
|
||||
unsigned long f4=RSA_F4;
|
||||
char *outfile=NULL;
|
||||
char *passargout = NULL, *passout = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
char *inrand=NULL;
|
||||
BIO *out=NULL;
|
||||
|
||||
apps_startup();
|
||||
BN_GENCB_set(&cb, genrsa_cb, bio_err);
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
if ((out=BIO_new(BIO_s_file())) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to create BIO for output\n");
|
||||
@ -134,35 +119,25 @@ int MAIN(int argc, char **argv)
|
||||
f4=3;
|
||||
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
|
||||
f4=RSA_F4;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
inrand= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
else if (strcmp(*argv,"-des") == 0)
|
||||
enc=EVP_des_cbc();
|
||||
else if (strcmp(*argv,"-des3") == 0)
|
||||
enc=EVP_des_ede3_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
else if (strcmp(*argv,"-idea") == 0)
|
||||
enc=EVP_idea_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (strcmp(*argv,"-aes128") == 0)
|
||||
enc=EVP_aes_128_cbc();
|
||||
else if (strcmp(*argv,"-aes192") == 0)
|
||||
enc=EVP_aes_192_cbc();
|
||||
else if (strcmp(*argv,"-aes256") == 0)
|
||||
enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
@ -180,20 +155,14 @@ bad:
|
||||
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
|
||||
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
|
||||
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -out file output the key to 'file\n");
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
|
||||
BIO_printf(bio_err," -3 use 3 for the E value\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err," the random number generator\n");
|
||||
@ -207,14 +176,28 @@ bad:
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto err;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto err;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -241,9 +224,7 @@ bad:
|
||||
|
||||
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
|
||||
num);
|
||||
|
||||
if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb))
|
||||
goto err;
|
||||
rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
|
||||
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
|
||||
@ -261,14 +242,8 @@ bad:
|
||||
l+=rsa->e->d[i];
|
||||
}
|
||||
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
|
||||
{
|
||||
PW_CB_DATA cb_data;
|
||||
cb_data.password = passout;
|
||||
cb_data.prompt_info = outfile;
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
|
||||
(pem_password_cb *)password_callback,&cb_data))
|
||||
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret=0;
|
||||
err:
|
||||
@ -277,11 +252,10 @@ err:
|
||||
if(passout) OPENSSL_free(passout);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
|
||||
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
|
||||
{
|
||||
char c='*';
|
||||
|
||||
@ -289,14 +263,13 @@ static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
|
||||
if (p == 1) c='+';
|
||||
if (p == 2) c='*';
|
||||
if (p == 3) c='\n';
|
||||
BIO_write(cb->arg,&c,1);
|
||||
(void)BIO_flush(cb->arg);
|
||||
BIO_write((BIO *)arg,&c,1);
|
||||
(void)BIO_flush((BIO *)arg);
|
||||
#ifdef LINT
|
||||
p=n;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#else /* !OPENSSL_NO_RSA */
|
||||
#else /* !NO_RSA */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy=&dummy;
|
||||
|
@ -15,10 +15,22 @@ $!
|
||||
$! It was written so it would try to determine what "C" compiler to
|
||||
$! use or you can specify which "C" compiler to use.
|
||||
$!
|
||||
$! Specify DEBUG or NODEBUG as P1 to compile with or without debugger
|
||||
$! Specify RSAREF as P1 to compile with the RSAREF library instead of
|
||||
$! the regular one. If you specify NORSAREF it will compile with the
|
||||
$! regular RSAREF routines. (Note: If you are in the United States
|
||||
$! you MUST compile with RSAREF unless you have a license from RSA).
|
||||
$!
|
||||
$! Note: The RSAREF libraries are NOT INCLUDED and you have to
|
||||
$! download it from "ftp://ftp.rsa.com/rsaref". You have to
|
||||
$! get the ".tar-Z" file as the ".zip" file dosen't have the
|
||||
$! directory structure stored. You have to extract the file
|
||||
$! into the [.RSAREF] directory under the root directory as that
|
||||
$! is where the scripts will look for the files.
|
||||
$!
|
||||
$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
|
||||
$! information.
|
||||
$!
|
||||
$! Specify which compiler at P2 to try to compile under.
|
||||
$! Specify which compiler at P3 to try to compile under.
|
||||
$!
|
||||
$! VAXC For VAX C.
|
||||
$! DECC For DEC C.
|
||||
@ -27,16 +39,15 @@ $!
|
||||
$! If you don't speficy a compiler, it will try to determine which
|
||||
$! "C" compiler to use.
|
||||
$!
|
||||
$! P3, if defined, sets a TCP/IP library to use, through one of the following
|
||||
$! P4, if defined, sets a TCP/IP library to use, through one of the following
|
||||
$! keywords:
|
||||
$!
|
||||
$! UCX for UCX
|
||||
$! SOCKETSHR for SOCKETSHR+NETLIB
|
||||
$! TCPIP for TCPIP (post UCX)
|
||||
$!
|
||||
$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
|
||||
$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
|
||||
$!
|
||||
$! P5, if defined, sets a choice of programs to compile.
|
||||
$! P6, if defined, sets a choice of programs to compile.
|
||||
$!
|
||||
$!
|
||||
$! Define A TCP/IP Library That We Will Need To Link To.
|
||||
@ -89,6 +100,10 @@ $! Define The CRYPTO Library.
|
||||
$!
|
||||
$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
|
||||
$!
|
||||
$! Define The RSAREF Library.
|
||||
$!
|
||||
$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB
|
||||
$!
|
||||
$! Define The SSL Library.
|
||||
$!
|
||||
$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
|
||||
@ -139,16 +154,16 @@ $! Define The Application Files.
|
||||
$!
|
||||
$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
|
||||
"CA;PKCS7;CRL2P7;CRL;"+-
|
||||
"RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
|
||||
"RSA;RSAUTL;DSA;DSAPARAM;"+-
|
||||
"X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
|
||||
"S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
|
||||
"CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
|
||||
"CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
|
||||
$ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
|
||||
CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
|
||||
RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
|
||||
RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
|
||||
X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
|
||||
S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
|
||||
CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
|
||||
CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
|
||||
$ TCPIP_PROGRAMS = ",,"
|
||||
$ IF COMPILER .EQS. "VAXC" THEN -
|
||||
TCPIP_PROGRAMS = ",OPENSSL,"
|
||||
@ -166,7 +181,7 @@ $! TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
|
||||
$!
|
||||
$! Setup exceptional compilations
|
||||
$!
|
||||
$ COMPILEWITH_CC2 = ",S_SERVER,S_CLIENT,"
|
||||
$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
|
||||
$!
|
||||
$ PHASE := LIB
|
||||
$!
|
||||
@ -277,7 +292,45 @@ $ WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library. Can't link. Skipping.
|
||||
$ GOTO NEXT_FILE
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Link The Program.
|
||||
$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
|
||||
$!
|
||||
$ IF (RSAREF.EQS."TRUE")
|
||||
$ THEN
|
||||
$!
|
||||
$! Check To See If We Are To Link With A Specific TCP/IP Library.
|
||||
$!
|
||||
$ IF (TCPIP_LIB.NES."")
|
||||
$ THEN
|
||||
$!
|
||||
$! Link With The RSAREF Library And A Specific TCP/IP Library.
|
||||
$!
|
||||
$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
|
||||
'OBJECT_FILE''EXTRA_OBJ', -
|
||||
'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
|
||||
'TCPIP_LIB','OPT_FILE'/OPTION
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! Link With The RSAREF Library And NO TCP/IP Library.
|
||||
$!
|
||||
$ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
|
||||
'OBJECT_FILE''EXTRA_OBJ', -
|
||||
'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
|
||||
'OPT_FILE'/OPTION
|
||||
$!
|
||||
$! End The TCP/IP Library Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! Don't Link With The RSAREF Routines.
|
||||
$!
|
||||
$!
|
||||
$! Check To See If We Are To Link With A Specific TCP/IP Library.
|
||||
$!
|
||||
$ IF (TCPIP_LIB.NES."")
|
||||
@ -305,6 +358,10 @@ $! End The TCP/IP Library Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! End The RSAREF Link Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Go Back And Do It Again.
|
||||
$!
|
||||
$ GOTO NEXT_FILE
|
||||
@ -468,6 +525,32 @@ $! End The Crypto Library Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! See If We Need The RSAREF Library.
|
||||
$!
|
||||
$ IF (RSAREF.EQS."TRUE")
|
||||
$ THEN
|
||||
$!
|
||||
$! Look For The Library LIBRSAGLUE.OLB.
|
||||
$!
|
||||
$ IF (F$SEARCH(RSAREF_LIB).EQS."")
|
||||
$ THEN
|
||||
$!
|
||||
$! Tell The User We Can't Find The LIBRSAGLUE.OLB Library.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"."
|
||||
$ WRITE SYS$OUTPUT "We Can't Link Without It."
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$!
|
||||
$! Since We Can't Link Without It, Exit.
|
||||
$!
|
||||
$ EXIT
|
||||
$ ENDIF
|
||||
$!
|
||||
$! End The RSAREF Library Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Look For The Library LIBSSL.OLB.
|
||||
$!
|
||||
$ IF (F$SEARCH(SSL_LIB).EQS."")
|
||||
@ -498,10 +581,86 @@ $ CHECK_OPTIONS:
|
||||
$!
|
||||
$! Check To See If P1 Is Blank.
|
||||
$!
|
||||
$ IF (P1.EQS."NODEBUG")
|
||||
$ IF (P1.EQS."NORSAREF")
|
||||
$ THEN
|
||||
$!
|
||||
$! P1 Is NODEBUG, So Compile Without Debugger Information.
|
||||
$! P1 Is NORSAREF, So Compile With The Regular RSA Libraries.
|
||||
$!
|
||||
$ RSAREF = "FALSE"
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! Check To See If We Are To Use The RSAREF Library.
|
||||
$!
|
||||
$ IF (P1.EQS."RSAREF")
|
||||
$ THEN
|
||||
$!
|
||||
$! Check To Make Sure We Have The RSAREF Source Code Directory.
|
||||
$!
|
||||
$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."")
|
||||
$ THEN
|
||||
$!
|
||||
$! We Don't Have The RSAREF Souce Code Directory, So Tell The
|
||||
$! User This.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
|
||||
$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to"
|
||||
$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
|
||||
$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file"
|
||||
$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
|
||||
$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$!
|
||||
$! Time To Exit.
|
||||
$!
|
||||
$ EXIT
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! Compile Using The RSAREF Library.
|
||||
$!
|
||||
$ RSAREF = "TRUE"
|
||||
$!
|
||||
$! End The RSAREF Soure Directory Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! They Entered An Invalid Option..
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library."
|
||||
$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library."
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$!
|
||||
$! Time To EXIT.
|
||||
$!
|
||||
$ EXIT
|
||||
$!
|
||||
$! End The Valid Arguement Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! End P1 Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check To See If P2 Is Blank.
|
||||
$!
|
||||
$ IF (P2.EQS."NODEBUG")
|
||||
$ THEN
|
||||
$!
|
||||
$! P2 Is NODEBUG, So Compile Without Debugger Information.
|
||||
$!
|
||||
$ DEBUGGER = "NODEBUG"
|
||||
$ TRACEBACK = "NOTRACEBACK"
|
||||
@ -516,7 +675,7 @@ $ ELSE
|
||||
$!
|
||||
$! Check To See If We Are To Compile With Debugger Information.
|
||||
$!
|
||||
$ IF (P1.EQS."DEBUG")
|
||||
$ IF (P2.EQS."DEBUG")
|
||||
$ THEN
|
||||
$!
|
||||
$! Compile With Debugger Information.
|
||||
@ -532,7 +691,7 @@ $!
|
||||
$! Tell The User Entered An Invalid Option..
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
|
||||
$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
|
||||
@ -546,13 +705,13 @@ $! End The Valid Arguement Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! End The P1 Check.
|
||||
$! End The P2 Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check To See If P2 Is Blank.
|
||||
$! Check To See If P3 Is Blank.
|
||||
$!
|
||||
$ IF (P2.EQS."")
|
||||
$ IF (P3.EQS."")
|
||||
$ THEN
|
||||
$!
|
||||
$! O.K., The User Didn't Specify A Compiler, Let's Try To
|
||||
@ -565,7 +724,7 @@ $ THEN
|
||||
$!
|
||||
$! Looks Like GNUC, Set To Use GNUC.
|
||||
$!
|
||||
$ P2 = "GNUC"
|
||||
$ P3 = "GNUC"
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
@ -578,7 +737,7 @@ $ THEN
|
||||
$!
|
||||
$! Looks Like DECC, Set To Use DECC.
|
||||
$!
|
||||
$ P2 = "DECC"
|
||||
$ P3 = "DECC"
|
||||
$!
|
||||
$! Else...
|
||||
$!
|
||||
@ -586,7 +745,7 @@ $ ELSE
|
||||
$!
|
||||
$! Looks Like VAXC, Set To Use VAXC.
|
||||
$!
|
||||
$ P2 = "VAXC"
|
||||
$ P3 = "VAXC"
|
||||
$!
|
||||
$! End The VAXC Compiler Check.
|
||||
$!
|
||||
@ -600,9 +759,9 @@ $! End The Compiler Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check To See If We Have A Option For P3.
|
||||
$! Check To See If We Have A Option For P4.
|
||||
$!
|
||||
$ IF (P3.EQS."")
|
||||
$ IF (P4.EQS."")
|
||||
$ THEN
|
||||
$!
|
||||
$! Find out what socket library we have available
|
||||
@ -612,7 +771,7 @@ $ THEN
|
||||
$!
|
||||
$! We have SOCKETSHR, and it is my opinion that it's the best to use.
|
||||
$!
|
||||
$ P3 = "SOCKETSHR"
|
||||
$ P4 = "SOCKETSHR"
|
||||
$!
|
||||
$! Tell the user
|
||||
$!
|
||||
@ -632,7 +791,7 @@ $ THEN
|
||||
$!
|
||||
$! Last resort: a UCX or UCX-compatible library
|
||||
$!
|
||||
$ P3 = "UCX"
|
||||
$ P4 = "UCX"
|
||||
$!
|
||||
$! Tell the user
|
||||
$!
|
||||
@ -646,7 +805,31 @@ $ ENDIF
|
||||
$!
|
||||
$! Set Up Initial CC Definitions, Possibly With User Ones
|
||||
$!
|
||||
$ CCDEFS = "MONOLITH"
|
||||
$ CCDEFS = "VMS=1,MONOLITH,THREADS"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_DH") THEN CCDEFS = CCDEFS + ",NO_DH"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_MD2") THEN CCDEFS = CCDEFS + ",NO_MD2"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_MD5") THEN CCDEFS = CCDEFS + ",NO_MD5"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_RIPEMD") THEN CCDEFS = CCDEFS + ",NO_RIPEMD"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_SHA") THEN CCDEFS = CCDEFS + ",NO_SHA"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_SHA0") THEN CCDEFS = CCDEFS + ",NO_SHA0"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_SHA1") THEN CCDEFS = CCDEFS + ",NO_SHA1"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_DES")
|
||||
$ THEN
|
||||
$ CCDEFS = CCDEFS + ",NO_DES,NO_MDC2"
|
||||
$ ELSE
|
||||
$ IF F$TRNLNM("OPENSSL_NO_MDC2") THEN CCDEFS = CCDEFS + ",NO_MDC2"
|
||||
$ ENDIF
|
||||
$ IF F$TRNLNM("OPENSSL_NO_RC2") THEN CCDEFS = CCDEFS + ",NO_RC2"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_RC4") THEN CCDEFS = CCDEFS + ",NO_RC4"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_RC5") THEN CCDEFS = CCDEFS + ",NO_RC5"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_IDEA") THEN CCDEFS = CCDEFS + ",NO_IDEA"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_BF") THEN CCDEFS = CCDEFS + ",NO_BF"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_CAST") THEN CCDEFS = CCDEFS + ",NO_CAST"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_HMAC") THEN CCDEFS = CCDEFS + ",NO_HMAC"
|
||||
$ IF F$TRNLNM("OPENSSL_NO_SSL2") THEN CCDEFS = CCDEFS + ",NO_SSL2"
|
||||
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
|
||||
$ CCEXTRAFLAGS = ""
|
||||
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
|
||||
@ -656,12 +839,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
|
||||
$!
|
||||
$! Check To See If The User Entered A Valid Paramter.
|
||||
$!
|
||||
$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
|
||||
$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
|
||||
$ THEN
|
||||
$!
|
||||
$! Check To See If The User Wanted DECC.
|
||||
$!
|
||||
$ IF (P2.EQS."DECC")
|
||||
$ IF (P3.EQS."DECC")
|
||||
$ THEN
|
||||
$!
|
||||
$! Looks Like DECC, Set To Use DECC.
|
||||
@ -678,8 +861,7 @@ $ CC = "CC"
|
||||
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
|
||||
THEN CC = "CC/DECC"
|
||||
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
|
||||
"/NOLIST/PREFIX=ALL" + -
|
||||
"/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
|
||||
"/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
|
||||
$!
|
||||
$! Define The Linker Options File Name.
|
||||
$!
|
||||
@ -691,7 +873,7 @@ $ ENDIF
|
||||
$!
|
||||
$! Check To See If We Are To Use VAXC.
|
||||
$!
|
||||
$ IF (P2.EQS."VAXC")
|
||||
$ IF (P3.EQS."VAXC")
|
||||
$ THEN
|
||||
$!
|
||||
$! Looks Like VAXC, Set To Use VAXC.
|
||||
@ -710,8 +892,7 @@ $ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
|
||||
$ EXIT
|
||||
$ ENDIF
|
||||
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
|
||||
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
|
||||
"/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
|
||||
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
|
||||
$ CCDEFS = CCDEFS + ",""VAXC"""
|
||||
$!
|
||||
$! Define <sys> As SYS$COMMON:[SYSLIB]
|
||||
@ -728,7 +909,7 @@ $ ENDIF
|
||||
$!
|
||||
$! Check To See If We Are To Use GNU C.
|
||||
$!
|
||||
$ IF (P2.EQS."GNUC")
|
||||
$ IF (P3.EQS."GNUC")
|
||||
$ THEN
|
||||
$!
|
||||
$! Looks Like GNUC, Set To Use GNUC.
|
||||
@ -742,8 +923,7 @@ $!
|
||||
$! Use GNU C...
|
||||
$!
|
||||
$ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
|
||||
$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
|
||||
"/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
|
||||
$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
|
||||
$!
|
||||
$! Define The Linker Options File Name.
|
||||
$!
|
||||
@ -757,6 +937,31 @@ $! Set up default defines
|
||||
$!
|
||||
$ CCDEFS = """FLAT_INC=1""," + CCDEFS
|
||||
$!
|
||||
$! Check To See If We Are To Compile With RSAREF Routines.
|
||||
$!
|
||||
$ IF (RSAREF.EQS."TRUE")
|
||||
$ THEN
|
||||
$!
|
||||
$! Compile With RSAREF.
|
||||
$!
|
||||
$ CCDEFS = CCDEFS + ",""RSAref=1"""
|
||||
$!
|
||||
$! Tell The User This.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines."
|
||||
$!
|
||||
$! Else, We Don't Care. Compile Without The RSAREF Library.
|
||||
$!
|
||||
$ ELSE
|
||||
$!
|
||||
$! Tell The User We Are Compile Without The RSAREF Routines.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines.
|
||||
$!
|
||||
$! End The RSAREF Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Else The User Entered An Invalid Arguement.
|
||||
$!
|
||||
$ ELSE
|
||||
@ -764,7 +969,7 @@ $!
|
||||
$! Tell The User We Don't Know What They Want.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
|
||||
$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
|
||||
@ -778,18 +983,17 @@ $ ENDIF
|
||||
$!
|
||||
$! Time to check the contents, and to make sure we get the correct library.
|
||||
$!
|
||||
$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
|
||||
.OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
|
||||
$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
|
||||
$ THEN
|
||||
$!
|
||||
$! Check to see if SOCKETSHR was chosen
|
||||
$!
|
||||
$ IF P3.EQS."SOCKETSHR"
|
||||
$ IF P4.EQS."SOCKETSHR"
|
||||
$ THEN
|
||||
$!
|
||||
$! Set the library to use SOCKETSHR
|
||||
$!
|
||||
$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
|
||||
$ TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
|
||||
$!
|
||||
$! Done with SOCKETSHR
|
||||
$!
|
||||
@ -797,12 +1001,12 @@ $ ENDIF
|
||||
$!
|
||||
$! Check to see if MULTINET was chosen
|
||||
$!
|
||||
$ IF P3.EQS."MULTINET"
|
||||
$ IF P4.EQS."MULTINET"
|
||||
$ THEN
|
||||
$!
|
||||
$! Set the library to use UCX emulation.
|
||||
$!
|
||||
$ P3 = "UCX"
|
||||
$ P4 = "UCX"
|
||||
$!
|
||||
$! Done with MULTINET
|
||||
$!
|
||||
@ -810,53 +1014,27 @@ $ ENDIF
|
||||
$!
|
||||
$! Check to see if UCX was chosen
|
||||
$!
|
||||
$ IF P3.EQS."UCX"
|
||||
$ IF P4.EQS."UCX"
|
||||
$ THEN
|
||||
$!
|
||||
$! Set the library to use UCX.
|
||||
$!
|
||||
$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
|
||||
$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
|
||||
$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
|
||||
$ THEN
|
||||
$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
|
||||
$ TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
|
||||
$ ELSE
|
||||
$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
|
||||
TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
|
||||
TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Done with UCX
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check to see if TCPIP (post UCX) was chosen
|
||||
$!
|
||||
$ IF P3.EQS."TCPIP"
|
||||
$ THEN
|
||||
$!
|
||||
$! Set the library to use TCPIP.
|
||||
$!
|
||||
$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
|
||||
$!
|
||||
$! Done with TCPIP
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check to see if NONE was chosen
|
||||
$!
|
||||
$ IF P3.EQS."NONE"
|
||||
$ THEN
|
||||
$!
|
||||
$! Do not use TCPIP.
|
||||
$!
|
||||
$ TCPIP_LIB = ""
|
||||
$!
|
||||
$! Done with TCPIP
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Add TCP/IP type to CC definitions.
|
||||
$!
|
||||
$ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
|
||||
$ CCDEFS = CCDEFS + ",TCPIP_TYPE_''P4'"
|
||||
$!
|
||||
$! Print info
|
||||
$!
|
||||
@ -869,11 +1047,10 @@ $!
|
||||
$! Tell The User We Don't Know What They Want.
|
||||
$!
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:"
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
|
||||
$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
|
||||
$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
|
||||
$ WRITE SYS$OUTPUT ""
|
||||
$!
|
||||
$! Time To EXIT.
|
||||
@ -908,9 +1085,9 @@ $! Written By: Richard Levitte
|
||||
$! richard@levitte.org
|
||||
$!
|
||||
$!
|
||||
$! Check To See If We Have A Option For P4.
|
||||
$! Check To See If We Have A Option For P5.
|
||||
$!
|
||||
$ IF (P4.EQS."")
|
||||
$ IF (P5.EQS."")
|
||||
$ THEN
|
||||
$!
|
||||
$! Get The Version Of VMS We Are Using.
|
||||
@ -932,15 +1109,15 @@ $! End The VMS Version Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! End The P4 Check.
|
||||
$! End The P5 Check.
|
||||
$!
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Check if the user wanted to compile just a subset of all the programs.
|
||||
$!
|
||||
$ IF P5 .NES. ""
|
||||
$ IF P6 .NES. ""
|
||||
$ THEN
|
||||
$ PROGRAMS = P5
|
||||
$ PROGRAMS = P6
|
||||
$ ENDIF
|
||||
$!
|
||||
$! Time To RETURN...
|
||||
|
@ -58,9 +58,9 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include "apps.h"
|
||||
|
||||
#undef PROG
|
||||
#define PROG nseq_main
|
||||
@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
|
1227
apps/ocsp.c
1227
apps/ocsp.c
File diff suppressed because it is too large
Load Diff
219
apps/openssl.c
219
apps/openssl.c
@ -55,66 +55,11 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/lhash.h>
|
||||
@ -122,106 +67,31 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include "s_apps.h"
|
||||
#include <openssl/err.h>
|
||||
|
||||
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
||||
* base prototypes (we cast each variable inside the function to the required
|
||||
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
|
||||
* functions. */
|
||||
|
||||
/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
|
||||
static unsigned long MS_CALLBACK hash(const void *a_void);
|
||||
/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
|
||||
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
|
||||
static unsigned long MS_CALLBACK hash(FUNCTION *a);
|
||||
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
|
||||
static LHASH *prog_init(void );
|
||||
static int do_cmd(LHASH *prog,int argc,char *argv[]);
|
||||
char *default_config_file=NULL;
|
||||
|
||||
/* Make sure there is only one when MONOLITH is defined */
|
||||
#ifdef MONOLITH
|
||||
CONF *config=NULL;
|
||||
LHASH *config=NULL;
|
||||
BIO *bio_err=NULL;
|
||||
#endif
|
||||
|
||||
|
||||
static void lock_dbg_cb(int mode, int type, const char *file, int line)
|
||||
{
|
||||
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
|
||||
const char *errstr = NULL;
|
||||
int rw;
|
||||
|
||||
rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
|
||||
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
|
||||
{
|
||||
errstr = "invalid mode";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (type < 0 || type >= CRYPTO_NUM_LOCKS)
|
||||
{
|
||||
errstr = "type out of bounds";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (mode & CRYPTO_LOCK)
|
||||
{
|
||||
if (modes[type])
|
||||
{
|
||||
errstr = "already locked";
|
||||
/* must not happen in a single-threaded program
|
||||
* (would deadlock) */
|
||||
goto err;
|
||||
}
|
||||
|
||||
modes[type] = rw;
|
||||
}
|
||||
else if (mode & CRYPTO_UNLOCK)
|
||||
{
|
||||
if (!modes[type])
|
||||
{
|
||||
errstr = "not locked";
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (modes[type] != rw)
|
||||
{
|
||||
errstr = (rw == CRYPTO_READ) ?
|
||||
"CRYPTO_r_unlock on write lock" :
|
||||
"CRYPTO_w_unlock on read lock";
|
||||
}
|
||||
|
||||
modes[type] = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
errstr = "invalid mode";
|
||||
goto err;
|
||||
}
|
||||
|
||||
err:
|
||||
if (errstr)
|
||||
{
|
||||
/* we cannot use bio_err here */
|
||||
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
|
||||
errstr, mode, type, file, line);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int main(int Argc, char *Argv[])
|
||||
{
|
||||
ARGS arg;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE+1];
|
||||
FUNCTION f,*fp;
|
||||
MS_STATIC char *prompt,buf[1024];
|
||||
char *to_free=NULL;
|
||||
MS_STATIC char *prompt,buf[1024],config_name[256];
|
||||
int n,i,ret=0;
|
||||
int argc;
|
||||
char **argv,*p;
|
||||
@ -231,56 +101,41 @@ int main(int Argc, char *Argv[])
|
||||
arg.data=NULL;
|
||||
arg.count=0;
|
||||
|
||||
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
|
||||
CRYPTO_malloc_debug_init();
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
|
||||
{
|
||||
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
|
||||
{
|
||||
CRYPTO_malloc_debug_init();
|
||||
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* OPENSSL_DEBUG_MEMORY=off */
|
||||
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
|
||||
}
|
||||
}
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
#if 0
|
||||
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
|
||||
#endif
|
||||
{
|
||||
CRYPTO_set_locking_callback(lock_dbg_cb);
|
||||
}
|
||||
|
||||
apps_startup();
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
/* Lets load up our environment a little */
|
||||
p=getenv("OPENSSL_CONF");
|
||||
if (p == NULL)
|
||||
p=getenv("SSLEAY_CONF");
|
||||
if (p == NULL)
|
||||
p=to_free=make_config_name();
|
||||
{
|
||||
strcpy(config_name,X509_get_default_cert_area());
|
||||
#ifndef VMS
|
||||
strcat(config_name,"/");
|
||||
#endif
|
||||
strcat(config_name,OPENSSL_CONF);
|
||||
p=config_name;
|
||||
}
|
||||
|
||||
default_config_file=p;
|
||||
|
||||
config=NCONF_new(NULL);
|
||||
i=NCONF_load(config,p,&errline);
|
||||
if (i == 0)
|
||||
{
|
||||
NCONF_free(config);
|
||||
config = NULL;
|
||||
ERR_clear_error();
|
||||
}
|
||||
config=CONF_load(config,p,&errline);
|
||||
if (config == NULL) ERR_clear_error();
|
||||
|
||||
prog=prog_init();
|
||||
|
||||
/* first check the program name */
|
||||
program_name(Argv[0],pname,sizeof pname);
|
||||
program_name(Argv[0],pname,PROG_NAME_SIZE);
|
||||
|
||||
f.name=pname;
|
||||
fp=(FUNCTION *)lh_retrieve(prog,&f);
|
||||
@ -308,7 +163,7 @@ int main(int Argc, char *Argv[])
|
||||
{
|
||||
ret=0;
|
||||
p=buf;
|
||||
n=sizeof buf;
|
||||
n=1024;
|
||||
i=0;
|
||||
for (;;)
|
||||
{
|
||||
@ -342,17 +197,17 @@ int main(int Argc, char *Argv[])
|
||||
BIO_printf(bio_err,"bad exit\n");
|
||||
ret=1;
|
||||
end:
|
||||
if (to_free)
|
||||
OPENSSL_free(to_free);
|
||||
if (config != NULL)
|
||||
{
|
||||
NCONF_free(config);
|
||||
CONF_free(config);
|
||||
config=NULL;
|
||||
}
|
||||
if (prog != NULL) lh_free(prog);
|
||||
if (arg.data != NULL) OPENSSL_free(arg.data);
|
||||
ERR_remove_state(0);
|
||||
|
||||
apps_shutdown();
|
||||
EVP_cleanup();
|
||||
ERR_free_strings();
|
||||
|
||||
CRYPTO_mem_leaks(bio_err);
|
||||
if (bio_err != NULL)
|
||||
@ -383,7 +238,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
else if ((strncmp(argv[0],"no-",3)) == 0)
|
||||
{
|
||||
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||
@ -420,7 +275,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
|
||||
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
|
||||
list_type = FUNC_TYPE_CIPHER;
|
||||
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_stdout = BIO_push(tmpbio, bio_stdout);
|
||||
@ -495,23 +350,19 @@ static LHASH *prog_init(void)
|
||||
;
|
||||
qsort(functions,i,sizeof *functions,SortFnByName);
|
||||
|
||||
if ((ret=lh_new(hash, cmp)) == NULL)
|
||||
return(NULL);
|
||||
if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
|
||||
|
||||
for (f=functions; f->name != NULL; f++)
|
||||
lh_insert(ret,f);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
|
||||
static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
|
||||
static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
|
||||
{
|
||||
return(strncmp(((FUNCTION *)a_void)->name,
|
||||
((FUNCTION *)b_void)->name,8));
|
||||
return(strncmp(a->name,b->name,8));
|
||||
}
|
||||
|
||||
/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
|
||||
static unsigned long MS_CALLBACK hash(const void *a_void)
|
||||
static unsigned long MS_CALLBACK hash(FUNCTION *a)
|
||||
{
|
||||
return(lh_strhash(((FUNCTION *)a_void)->name));
|
||||
return(lh_strhash(a->name));
|
||||
}
|
||||
|
@ -38,31 +38,18 @@ dir = ./demoCA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
@ -145,7 +132,7 @@ commonName = Common Name (eg, YOUR name)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
emailAddress_max = 40
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
@ -193,9 +180,6 @@ authorityKeyIdentifier=keyid,issuer:always
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
@ -1,10 +1,10 @@
|
||||
/* apps/passwd.c */
|
||||
|
||||
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
|
||||
#if defined NO_MD5 || defined CHARSET_EBCDIC
|
||||
# define NO_MD5CRYPT_1
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
|
||||
#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
|
||||
|
||||
#include <assert.h>
|
||||
#include <string.h>
|
||||
@ -15,7 +15,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/rand.h>
|
||||
#ifndef OPENSSL_NO_DES
|
||||
|
||||
#ifndef NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
@ -49,7 +50,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
* -salt string - salt
|
||||
* -in file - read passwords from file
|
||||
* -stdin - read passwords from stdin
|
||||
* -noverify - never verify when reading password from terminal
|
||||
* -quiet - no warnings
|
||||
* -table - format output as table
|
||||
* -reverse - switch table columns
|
||||
@ -62,7 +62,6 @@ int MAIN(int argc, char **argv)
|
||||
int ret = 1;
|
||||
char *infile = NULL;
|
||||
int in_stdin = 0;
|
||||
int in_noverify = 0;
|
||||
char *salt = NULL, *passwd = NULL, **passwds = NULL;
|
||||
char *salt_malloc = NULL, *passwd_malloc = NULL;
|
||||
size_t passwd_malloc_size = 0;
|
||||
@ -78,14 +77,11 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL)
|
||||
goto err;
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -132,8 +128,6 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
else if (strcmp(argv[i], "-noverify") == 0)
|
||||
in_noverify = 1;
|
||||
else if (strcmp(argv[i], "-quiet") == 0)
|
||||
quiet = 1;
|
||||
else if (strcmp(argv[i], "-table") == 0)
|
||||
@ -159,7 +153,7 @@ int MAIN(int argc, char **argv)
|
||||
badopt = 1;
|
||||
|
||||
/* reject unsupported algorithms */
|
||||
#ifdef OPENSSL_NO_DES
|
||||
#ifdef NO_DES
|
||||
if (usecrypt) badopt = 1;
|
||||
#endif
|
||||
#ifdef NO_MD5CRYPT_1
|
||||
@ -170,7 +164,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
@ -180,7 +174,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "-salt string use provided salt\n");
|
||||
BIO_printf(bio_err, "-in file read passwords from file\n");
|
||||
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
|
||||
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
|
||||
BIO_printf(bio_err, "-quiet no warnings\n");
|
||||
BIO_printf(bio_err, "-table format output as table\n");
|
||||
BIO_printf(bio_err, "-reverse switch table columns\n");
|
||||
@ -229,7 +222,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
passwds = passwds_static;
|
||||
if (in == NULL)
|
||||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
|
||||
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
|
||||
goto err;
|
||||
passwds[0] = passwd_malloc;
|
||||
}
|
||||
@ -291,7 +284,6 @@ err:
|
||||
BIO_free(in);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
@ -312,9 +304,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
|
||||
unsigned char buf[MD5_DIGEST_LENGTH];
|
||||
char *salt_out;
|
||||
int n;
|
||||
unsigned int i;
|
||||
EVP_MD_CTX md,md2;
|
||||
int n, i;
|
||||
MD5_CTX md;
|
||||
size_t passwd_len, salt_len;
|
||||
|
||||
passwd_len = strlen(passwd);
|
||||
@ -329,47 +320,49 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
salt_len = strlen(salt_out);
|
||||
assert(salt_len <= 8);
|
||||
|
||||
EVP_MD_CTX_init(&md);
|
||||
EVP_DigestInit_ex(&md,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md, "$", 1);
|
||||
EVP_DigestUpdate(&md, magic, strlen(magic));
|
||||
EVP_DigestUpdate(&md, "$", 1);
|
||||
EVP_DigestUpdate(&md, salt_out, salt_len);
|
||||
MD5_Init(&md);
|
||||
MD5_Update(&md, passwd, passwd_len);
|
||||
MD5_Update(&md, "$", 1);
|
||||
MD5_Update(&md, magic, strlen(magic));
|
||||
MD5_Update(&md, "$", 1);
|
||||
MD5_Update(&md, salt_out, salt_len);
|
||||
|
||||
EVP_MD_CTX_init(&md2);
|
||||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md2, salt_out, salt_len);
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestFinal_ex(&md2, buf, NULL);
|
||||
{
|
||||
MD5_CTX md2;
|
||||
|
||||
MD5_Init(&md2);
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Update(&md2, salt_out, salt_len);
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Final(buf, &md2);
|
||||
}
|
||||
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
|
||||
EVP_DigestUpdate(&md, buf, sizeof buf);
|
||||
EVP_DigestUpdate(&md, buf, i);
|
||||
MD5_Update(&md, buf, sizeof buf);
|
||||
MD5_Update(&md, buf, i);
|
||||
|
||||
n = passwd_len;
|
||||
while (n)
|
||||
{
|
||||
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
|
||||
MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
|
||||
n >>= 1;
|
||||
}
|
||||
EVP_DigestFinal_ex(&md, buf, NULL);
|
||||
MD5_Final(buf, &md);
|
||||
|
||||
for (i = 0; i < 1000; i++)
|
||||
{
|
||||
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
|
||||
MD5_CTX md2;
|
||||
|
||||
MD5_Init(&md2);
|
||||
MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
|
||||
(i & 1) ? passwd_len : sizeof buf);
|
||||
if (i % 3)
|
||||
EVP_DigestUpdate(&md2, salt_out, salt_len);
|
||||
MD5_Update(&md2, salt_out, salt_len);
|
||||
if (i % 7)
|
||||
EVP_DigestUpdate(&md2, passwd, passwd_len);
|
||||
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
|
||||
MD5_Update(&md2, passwd, passwd_len);
|
||||
MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
|
||||
(i & 1) ? sizeof buf : passwd_len);
|
||||
EVP_DigestFinal_ex(&md2, buf, NULL);
|
||||
MD5_Final(buf, &md2);
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&md2);
|
||||
|
||||
{
|
||||
/* transform buf into output string */
|
||||
@ -407,7 +400,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
||||
*output = 0;
|
||||
assert(strlen(out_buf) < sizeof(out_buf));
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&md);
|
||||
|
||||
return out_buf;
|
||||
}
|
||||
@ -426,7 +418,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
/* first make sure we have a salt */
|
||||
if (!passed_salt)
|
||||
{
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
if (usecrypt)
|
||||
{
|
||||
if (*salt_malloc_p == NULL)
|
||||
@ -445,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
* back to ASCII */
|
||||
#endif
|
||||
}
|
||||
#endif /* !OPENSSL_NO_DES */
|
||||
#endif /* !NO_DES */
|
||||
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
if (use1 || useapr1)
|
||||
@ -480,9 +472,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
assert(strlen(passwd) <= pw_maxlen);
|
||||
|
||||
/* now compute password hash */
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
if (usecrypt)
|
||||
hash = DES_crypt(passwd, *salt_p);
|
||||
hash = des_crypt(passwd, *salt_p);
|
||||
#endif
|
||||
#ifndef NO_MD5CRYPT_1
|
||||
if (use1 || useapr1)
|
||||
|
304
apps/pkcs12.c
304
apps/pkcs12.c
@ -1,11 +1,11 @@
|
||||
/* pkcs12.c */
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
|
||||
#if !defined(NO_DES) && !defined(NO_SHA1)
|
||||
|
||||
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
|
||||
* project.
|
||||
* project 1999.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -66,10 +66,11 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#define PROG pkcs12_main
|
||||
|
||||
const EVP_CIPHER *enc;
|
||||
EVP_CIPHER *enc;
|
||||
|
||||
|
||||
#define NOKEYS 0x1
|
||||
@ -95,10 +96,9 @@ int MAIN(int argc, char **argv)
|
||||
ENGINE *e = NULL;
|
||||
char *infile=NULL, *outfile=NULL, *keyname = NULL;
|
||||
char *certfile=NULL;
|
||||
BIO *in=NULL, *out = NULL;
|
||||
BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
|
||||
char **args;
|
||||
char *name = NULL;
|
||||
char *csp_name = NULL;
|
||||
PKCS12 *p12 = NULL;
|
||||
char pass[50], macpass[50];
|
||||
int export_cert = 0;
|
||||
@ -120,18 +120,13 @@ int MAIN(int argc, char **argv)
|
||||
char *passin = NULL, *passout = NULL;
|
||||
char *inrand = NULL;
|
||||
char *CApath = NULL, *CAfile = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
enc = EVP_des_ede3_cbc();
|
||||
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
args = argv + 1;
|
||||
|
||||
|
||||
@ -152,28 +147,19 @@ int MAIN(int argc, char **argv)
|
||||
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
else if (!strcmp (*args, "-export")) export_cert = 1;
|
||||
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
|
||||
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
|
||||
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-noiter")) iter = 1;
|
||||
else if (!strcmp (*args, "-maciter"))
|
||||
maciter = PKCS12_DEFAULT_ITER;
|
||||
else if (!strcmp (*args, "-nomaciter"))
|
||||
maciter = 1;
|
||||
else if (!strcmp (*args, "-nomac"))
|
||||
maciter = -1;
|
||||
else if (!strcmp (*args, "-nodes")) enc=NULL;
|
||||
else if (!strcmp (*args, "-certpbe")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if (!strcmp(*args, "NONE"))
|
||||
cert_pbe = -1;
|
||||
cert_pbe=OBJ_txt2nid(*args);
|
||||
if(cert_pbe == NID_undef) {
|
||||
BIO_printf(bio_err,
|
||||
@ -184,9 +170,6 @@ int MAIN(int argc, char **argv)
|
||||
} else if (!strcmp (*args, "-keypbe")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
if (!strcmp(*args, "NONE"))
|
||||
key_pbe = -1;
|
||||
else
|
||||
key_pbe=OBJ_txt2nid(*args);
|
||||
if(key_pbe == NID_undef) {
|
||||
BIO_printf(bio_err,
|
||||
@ -214,11 +197,6 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
name = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-CSP")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
csp_name = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-caname")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -261,13 +239,11 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
CAfile = *args;
|
||||
} else badarg = 1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
} else if (!strcmp(*args,"-engine")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
engine = *args;
|
||||
} else badarg = 1;
|
||||
#endif
|
||||
} else badarg = 1;
|
||||
|
||||
} else badarg = 1;
|
||||
@ -296,12 +272,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
|
||||
BIO_printf (bio_err, "-des encrypt private keys with DES\n");
|
||||
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
|
||||
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
|
||||
@ -315,18 +287,26 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-password p set import/export password source\n");
|
||||
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
|
||||
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL) {
|
||||
if((e = ENGINE_by_id(engine)) == NULL) {
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(passarg) {
|
||||
if(export_cert) passargout = passarg;
|
||||
@ -372,6 +352,22 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (certfile) {
|
||||
if(!(certsin = BIO_new_file(certfile, "r"))) {
|
||||
BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
|
||||
perror (certfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (keyname) {
|
||||
if(!(inkey = BIO_new_file(keyname, "r"))) {
|
||||
BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
|
||||
perror (keyname);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("write files");
|
||||
@ -379,7 +375,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (!outfile) {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -396,7 +392,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("read MAC password");
|
||||
#endif
|
||||
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
|
||||
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
|
||||
{
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
@ -408,29 +404,28 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (export_cert) {
|
||||
EVP_PKEY *key = NULL;
|
||||
X509 *ucert = NULL, *x = NULL;
|
||||
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
|
||||
STACK_OF(PKCS7) *safes = NULL;
|
||||
PKCS12_SAFEBAG *bag = NULL;
|
||||
PKCS8_PRIV_KEY_INFO *p8 = NULL;
|
||||
PKCS7 *authsafe = NULL;
|
||||
X509 *ucert = NULL;
|
||||
STACK_OF(X509) *certs=NULL;
|
||||
unsigned char *catmp = NULL;
|
||||
char *catmp = NULL;
|
||||
int i;
|
||||
|
||||
if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
|
||||
{
|
||||
BIO_printf(bio_err, "Nothing to do!\n");
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
if (options & NOCERTS)
|
||||
chain = 0;
|
||||
unsigned char keyid[EVP_MAX_MD_SIZE];
|
||||
unsigned int keyidlen = 0;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("process -export_cert");
|
||||
CRYPTO_push_info("reading private key");
|
||||
#endif
|
||||
if (!(options & NOKEYS))
|
||||
{
|
||||
key = load_key(bio_err, keyname ? keyname : infile,
|
||||
FORMAT_PEM, 1, passin, e, "private key");
|
||||
if (!key)
|
||||
key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
|
||||
if (!inkey) (void) BIO_reset(in);
|
||||
else BIO_free(inkey);
|
||||
if (!key) {
|
||||
BIO_printf (bio_err, "Error loading private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
@ -439,38 +434,13 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("reading certs from input");
|
||||
#endif
|
||||
|
||||
certs = sk_X509_new_null();
|
||||
|
||||
/* Load in all certs in input file */
|
||||
if(!(options & NOCERTS))
|
||||
{
|
||||
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
|
||||
"certificates");
|
||||
if (!certs)
|
||||
if(!cert_load(in, certs)) {
|
||||
BIO_printf(bio_err, "Error loading certificates from input\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
|
||||
if (key)
|
||||
{
|
||||
/* Look for matching private key */
|
||||
for(i = 0; i < sk_X509_num(certs); i++)
|
||||
{
|
||||
x = sk_X509_value(certs, i);
|
||||
if(X509_check_private_key(x, key))
|
||||
{
|
||||
ucert = x;
|
||||
/* Zero keyid and alias */
|
||||
X509_keyid_set1(ucert, NULL, 0);
|
||||
X509_alias_set1(ucert, NULL, 0);
|
||||
/* Remove from list */
|
||||
sk_X509_delete(certs, i);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!ucert)
|
||||
{
|
||||
BIO_printf(bio_err, "No certificate matches private key\n");
|
||||
goto export_end;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
@ -478,17 +448,17 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("reading certs from input 2");
|
||||
#endif
|
||||
|
||||
/* Add any more certificates asked for */
|
||||
if(certfile)
|
||||
{
|
||||
STACK_OF(X509) *morecerts=NULL;
|
||||
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
|
||||
NULL, e,
|
||||
"certificates from certfile")))
|
||||
for(i = 0; i < sk_X509_num(certs); i++) {
|
||||
ucert = sk_X509_value(certs, i);
|
||||
if(X509_check_private_key(ucert, key)) {
|
||||
X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(!keyidlen) {
|
||||
ucert = NULL;
|
||||
BIO_printf(bio_err, "No certificate matches private key\n");
|
||||
goto export_end;
|
||||
while(sk_X509_num(morecerts) > 0)
|
||||
sk_X509_push(certs, sk_X509_shift(morecerts));
|
||||
sk_X509_free(morecerts);
|
||||
}
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
@ -496,6 +466,18 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_push_info("reading certs from certfile");
|
||||
#endif
|
||||
|
||||
bags = sk_PKCS12_SAFEBAG_new_null ();
|
||||
|
||||
/* Add any more certificates asked for */
|
||||
if (certsin) {
|
||||
if(!cert_load(certsin, certs)) {
|
||||
BIO_printf(bio_err, "Error loading certificates from certfile\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
BIO_free(certsin);
|
||||
}
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("building chain");
|
||||
@ -531,51 +513,99 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
/* Add any CA names */
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("building bags");
|
||||
#endif
|
||||
|
||||
for (i = 0; i < sk_num(canames); i++)
|
||||
{
|
||||
catmp = (unsigned char *)sk_value(canames, i);
|
||||
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
|
||||
/* We now have loads of certificates: include them all */
|
||||
for(i = 0; i < sk_X509_num(certs); i++) {
|
||||
X509 *cert = NULL;
|
||||
cert = sk_X509_value(certs, i);
|
||||
bag = M_PKCS12_x5092certbag(cert);
|
||||
/* If it matches private key set id */
|
||||
if(cert == ucert) {
|
||||
if(name) PKCS12_add_friendlyname(bag, name, -1);
|
||||
PKCS12_add_localkeyid(bag, keyid, keyidlen);
|
||||
} else if((catmp = sk_shift(canames)))
|
||||
PKCS12_add_friendlyname(bag, catmp, -1);
|
||||
sk_PKCS12_SAFEBAG_push(bags, bag);
|
||||
}
|
||||
|
||||
sk_X509_pop_free(certs, X509_free);
|
||||
certs = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("reading password");
|
||||
CRYPTO_push_info("encrypting bags");
|
||||
#endif
|
||||
|
||||
if(!noprompt &&
|
||||
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
|
||||
{
|
||||
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto export_end;
|
||||
}
|
||||
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
|
||||
if (!twopass) strcpy(macpass, pass);
|
||||
/* Turn certbags into encrypted authsafe */
|
||||
authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
|
||||
iter, bags);
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
bags = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("creating PKCS#12 structure");
|
||||
#endif
|
||||
|
||||
p12 = PKCS12_create(cpass, name, key, ucert, certs,
|
||||
key_pbe, cert_pbe, iter, -1, keytype);
|
||||
|
||||
if (!p12)
|
||||
{
|
||||
if (!authsafe) {
|
||||
ERR_print_errors (bio_err);
|
||||
goto export_end;
|
||||
}
|
||||
|
||||
if (maciter != -1)
|
||||
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
|
||||
safes = sk_PKCS7_new_null ();
|
||||
sk_PKCS7_push (safes, authsafe);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("building shrouded key bag");
|
||||
#endif
|
||||
|
||||
/* Make a shrouded key bag */
|
||||
p8 = EVP_PKEY2PKCS8 (key);
|
||||
if(keytype) PKCS8_add_keyusage(p8, keytype);
|
||||
bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
p8 = NULL;
|
||||
if (name) PKCS12_add_friendlyname (bag, name, -1);
|
||||
PKCS12_add_localkeyid (bag, keyid, keyidlen);
|
||||
bags = sk_PKCS12_SAFEBAG_new_null();
|
||||
sk_PKCS12_SAFEBAG_push (bags, bag);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("encrypting shrouded key bag");
|
||||
#endif
|
||||
|
||||
/* Turn it into unencrypted safe bag */
|
||||
authsafe = PKCS12_pack_p7data (bags);
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
bags = NULL;
|
||||
sk_PKCS7_push (safes, authsafe);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("building pkcs12");
|
||||
#endif
|
||||
|
||||
p12 = PKCS12_init (NID_pkcs7_data);
|
||||
|
||||
M_PKCS12_pack_authsafes (p12, safes);
|
||||
|
||||
sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||
safes = NULL;
|
||||
|
||||
PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
CRYPTO_push_info("writing pkcs12");
|
||||
#endif
|
||||
|
||||
i2d_PKCS12_bio(out, p12);
|
||||
i2d_PKCS12_bio (out, p12);
|
||||
|
||||
ret = 0;
|
||||
|
||||
@ -588,7 +618,8 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (key) EVP_PKEY_free(key);
|
||||
if (certs) sk_X509_pop_free(certs, X509_free);
|
||||
if (ucert) X509_free(ucert);
|
||||
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
|
||||
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_pop_info();
|
||||
@ -605,7 +636,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_push_info("read import password");
|
||||
#endif
|
||||
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
|
||||
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
|
||||
BIO_printf (bio_err, "Can't read Password\n");
|
||||
goto end;
|
||||
}
|
||||
@ -613,7 +644,7 @@ int MAIN(int argc, char **argv)
|
||||
CRYPTO_pop_info();
|
||||
#endif
|
||||
|
||||
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
|
||||
if (!twopass) strcpy(macpass, pass);
|
||||
|
||||
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
|
||||
if(macver) {
|
||||
@ -658,7 +689,6 @@ int MAIN(int argc, char **argv)
|
||||
if (canames) sk_free(canames);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
@ -670,20 +700,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
|
||||
int i, bagnid;
|
||||
PKCS7 *p7;
|
||||
|
||||
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
|
||||
if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
|
||||
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
|
||||
p7 = sk_PKCS7_value (asafes, i);
|
||||
bagnid = OBJ_obj2nid (p7->type);
|
||||
if (bagnid == NID_pkcs7_data) {
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
bags = M_PKCS12_unpack_p7data (p7);
|
||||
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
if (options & INFO) {
|
||||
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print(bio_err,
|
||||
BIO_printf (bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print (bio_err,
|
||||
p7->d.encrypted->enc_data->algorithm);
|
||||
}
|
||||
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
|
||||
bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
|
||||
} else continue;
|
||||
if (!bags) return 0;
|
||||
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
|
||||
@ -738,7 +768,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
}
|
||||
if (options & NOKEYS) return 1;
|
||||
print_attribs (out, bag->attrib, "Bag Attributes");
|
||||
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
|
||||
if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
|
||||
return 0;
|
||||
if (!(pkey = EVP_PKCS82PKEY (p8))) {
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
@ -759,7 +789,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
print_attribs (out, bag->attrib, "Bag Attributes");
|
||||
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
|
||||
return 1;
|
||||
if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
|
||||
if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
|
||||
dump_cert_text (out, x509);
|
||||
PEM_write_bio_X509 (out, x509);
|
||||
X509_free(x509);
|
||||
@ -791,9 +821,6 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||
STACK_OF(X509) *chn;
|
||||
int i;
|
||||
|
||||
/* FIXME: Should really check the return status of X509_STORE_CTX_init
|
||||
* for an error, but how that fits into the return value of this
|
||||
* function is less obvious. */
|
||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||
i = X509_STORE_CTX_get_error (&store_ctx);
|
||||
@ -814,9 +841,8 @@ int alg_print (BIO *x, X509_ALGOR *alg)
|
||||
unsigned char *p;
|
||||
p = alg->parameter->value.sequence->data;
|
||||
pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
|
||||
BIO_printf (bio_err, "%s, Iteration %ld\n",
|
||||
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
|
||||
ASN1_INTEGER_get(pbe->iter));
|
||||
BIO_printf (bio_err, "%s, Iteration %d\n",
|
||||
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
|
||||
PBEPARAM_free (pbe);
|
||||
return 0;
|
||||
}
|
||||
|
35
apps/pkcs7.c
35
apps/pkcs7.c
@ -67,6 +67,7 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG pkcs7_main
|
||||
@ -82,9 +83,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
PKCS7 *p7=NULL;
|
||||
int i,badops=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -92,9 +91,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile,*outfile,*prog;
|
||||
int print_certs=0,text=0,noout=0;
|
||||
int ret=1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -138,13 +135,11 @@ int MAIN(int argc, char **argv)
|
||||
text=1;
|
||||
else if (strcmp(*argv,"-print_certs") == 0)
|
||||
print_certs=1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -167,18 +162,29 @@ bad:
|
||||
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
|
||||
BIO_printf(bio_err," -text print full details of certificates\n");
|
||||
BIO_printf(bio_err," -noout don't output encoded data\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
ret = 1;
|
||||
goto end;
|
||||
OPENSSL_EXIT(1);
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
@ -219,7 +225,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -310,6 +316,5 @@ end:
|
||||
if (p7 != NULL) PKCS7_free(p7);
|
||||
if (in != NULL) BIO_free(in);
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
78
apps/pkcs8.c
78
apps/pkcs8.c
@ -62,7 +62,9 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#include "apps.h"
|
||||
#define PROG pkcs8_main
|
||||
|
||||
int MAIN(int, char **);
|
||||
@ -82,18 +84,13 @@ int MAIN(int argc, char **argv)
|
||||
int nocrypt = 0;
|
||||
X509_SIG *p8;
|
||||
PKCS8_PRIV_KEY_INFO *p8inf;
|
||||
EVP_PKEY *pkey=NULL;
|
||||
EVP_PKEY *pkey;
|
||||
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
|
||||
int badarg = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
informat=FORMAT_PEM;
|
||||
outformat=FORMAT_PEM;
|
||||
|
||||
@ -147,13 +144,11 @@ int MAIN(int argc, char **argv)
|
||||
if (!args[1]) goto bad;
|
||||
passargout= *(++args);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*args,"-engine") == 0)
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
engine= *(++args);
|
||||
}
|
||||
#endif
|
||||
else if (!strcmp (*args, "-in")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -186,15 +181,27 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
|
||||
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
|
||||
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
return (1);
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
return (1);
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -219,27 +226,31 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp (stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (topk8)
|
||||
{
|
||||
BIO_free(in); /* Not needed in this section */
|
||||
pkey = load_key(bio_err, infile, informat, 1,
|
||||
passin, e, "key");
|
||||
if (!pkey) {
|
||||
BIO_free_all(out);
|
||||
if (topk8) {
|
||||
if(informat == FORMAT_PEM)
|
||||
pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
|
||||
else if(informat == FORMAT_ASN1)
|
||||
pkey = d2i_PrivateKey_bio(in, NULL);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
return (1);
|
||||
}
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error reading key\n", outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
BIO_free(in);
|
||||
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
|
||||
BIO_printf(bio_err, "Error converting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
return (1);
|
||||
}
|
||||
if(nocrypt) {
|
||||
@ -249,32 +260,21 @@ int MAIN(int argc, char **argv)
|
||||
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
return (1);
|
||||
}
|
||||
} else {
|
||||
if(passout) p8pass = passout;
|
||||
else {
|
||||
p8pass = pass;
|
||||
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
|
||||
{
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
|
||||
return (1);
|
||||
}
|
||||
}
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
|
||||
p8pass, strlen(p8pass),
|
||||
NULL, 0, iter, p8inf))) {
|
||||
BIO_printf(bio_err, "Error encrypting key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
return (1);
|
||||
}
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
@ -284,9 +284,6 @@ int MAIN(int argc, char **argv)
|
||||
i2d_PKCS8_bio(out, p8);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
return (1);
|
||||
}
|
||||
X509_SIG_free(p8);
|
||||
@ -326,9 +323,9 @@ int MAIN(int argc, char **argv)
|
||||
if(passin) p8pass = passin;
|
||||
else {
|
||||
p8pass = pass;
|
||||
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
|
||||
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
|
||||
}
|
||||
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
|
||||
p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
|
||||
X509_SIG_free(p8);
|
||||
}
|
||||
|
||||
@ -375,7 +372,6 @@ int MAIN(int argc, char **argv)
|
||||
return (1);
|
||||
}
|
||||
|
||||
end:
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free_all(out);
|
||||
BIO_free(in);
|
||||
|
168
apps/progs.h
168
apps/progs.h
@ -17,8 +17,6 @@ extern int rsa_main(int argc,char *argv[]);
|
||||
extern int rsautl_main(int argc,char *argv[]);
|
||||
extern int dsa_main(int argc,char *argv[]);
|
||||
extern int dsaparam_main(int argc,char *argv[]);
|
||||
extern int ec_main(int argc,char *argv[]);
|
||||
extern int ecparam_main(int argc,char *argv[]);
|
||||
extern int x509_main(int argc,char *argv[]);
|
||||
extern int genrsa_main(int argc,char *argv[]);
|
||||
extern int gendsa_main(int argc,char *argv[]);
|
||||
@ -37,10 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
|
||||
extern int spkac_main(int argc,char *argv[]);
|
||||
extern int smime_main(int argc,char *argv[]);
|
||||
extern int rand_main(int argc,char *argv[]);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
extern int engine_main(int argc,char *argv[]);
|
||||
#endif
|
||||
extern int ocsp_main(int argc,char *argv[]);
|
||||
|
||||
#define FUNC_TYPE_GENERAL 1
|
||||
#define FUNC_TYPE_MD 2
|
||||
@ -57,249 +51,205 @@ FUNCTION functions[] = {
|
||||
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
|
||||
{FUNC_TYPE_GENERAL,"req",req_main},
|
||||
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
{FUNC_TYPE_GENERAL,"dh",dh_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"enc",enc_main},
|
||||
{FUNC_TYPE_GENERAL,"passwd",passwd_main},
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
|
||||
{FUNC_TYPE_GENERAL,"ca",ca_main},
|
||||
{FUNC_TYPE_GENERAL,"crl",crl_main},
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{FUNC_TYPE_GENERAL,"ec",ec_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"x509",x509_main},
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SPEED
|
||||
{FUNC_TYPE_GENERAL,"speed",speed_main},
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"version",version_main},
|
||||
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
|
||||
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
|
||||
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
|
||||
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
|
||||
#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
|
||||
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
|
||||
#if !defined(NO_DES) && !defined(NO_SHA1)
|
||||
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
|
||||
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
|
||||
{FUNC_TYPE_GENERAL,"smime",smime_main},
|
||||
{FUNC_TYPE_GENERAL,"rand",rand_main},
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{FUNC_TYPE_GENERAL,"engine",engine_main},
|
||||
#endif
|
||||
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
{FUNC_TYPE_MD,"md2",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD4
|
||||
{FUNC_TYPE_MD,"md4",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
{FUNC_TYPE_MD,"md5",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
{FUNC_TYPE_MD,"sha",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA1
|
||||
{FUNC_TYPE_MD,"sha1",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MDC2
|
||||
{FUNC_TYPE_MD,"mdc2",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RMD160
|
||||
{FUNC_TYPE_MD,"rmd160",dgst_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
|
||||
#endif
|
||||
{FUNC_TYPE_CIPHER,"base64",enc_main},
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des3",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"desx",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
#ifndef NO_RC4
|
||||
{FUNC_TYPE_CIPHER,"rc4",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
#ifndef NO_RC4
|
||||
{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
#ifndef NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_CAST
|
||||
#ifndef NO_CAST
|
||||
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
#ifndef NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
#ifndef NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
#ifndef NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC5
|
||||
#ifndef NO_RC5
|
||||
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
|
||||
#endif
|
||||
{0,NULL,NULL}
|
||||
|
@ -28,17 +28,15 @@ foreach (@ARGV)
|
||||
push(@files,$_);
|
||||
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
|
||||
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
|
||||
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
|
||||
{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
|
||||
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
|
||||
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
|
||||
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
|
||||
{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
|
||||
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
|
||||
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
|
||||
{ print "#ifndef NO_DH\n${str}#endif\n"; }
|
||||
elsif ( ($_ =~ /^pkcs12$/))
|
||||
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
|
||||
{ print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; }
|
||||
else
|
||||
{ print $str; }
|
||||
}
|
||||
@ -46,13 +44,10 @@ foreach (@ARGV)
|
||||
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
|
||||
{
|
||||
push(@files,$_);
|
||||
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
|
||||
printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
|
||||
}
|
||||
|
||||
foreach (
|
||||
"aes-128-cbc", "aes-128-ecb",
|
||||
"aes-192-cbc", "aes-192-ecb",
|
||||
"aes-256-cbc", "aes-256-ecb",
|
||||
"base64",
|
||||
"des", "des3", "desx", "idea", "rc4", "rc4-40",
|
||||
"rc2", "bf", "cast", "rc5",
|
||||
@ -69,14 +64,13 @@ foreach (
|
||||
push(@files,$_);
|
||||
|
||||
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
|
||||
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
|
||||
if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /bf/) { $t="#ifndef NO_BF\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
|
||||
elsif ($_ =~ /rc5/) { $t="#ifndef NO_RC5\n${t}#endif\n"; }
|
||||
print $t;
|
||||
}
|
||||
|
||||
|
92
apps/rand.c
92
apps/rand.c
@ -1,57 +1,4 @@
|
||||
/* apps/rand.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include "apps.h"
|
||||
|
||||
@ -62,6 +9,7 @@
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG rand_main
|
||||
@ -76,9 +24,7 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int i, r, ret = 1;
|
||||
int badopt;
|
||||
char *outfile = NULL;
|
||||
@ -86,9 +32,7 @@ int MAIN(int argc, char **argv)
|
||||
int base64 = 0;
|
||||
BIO *out = NULL;
|
||||
int num = -1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -96,9 +40,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto err;
|
||||
|
||||
badopt = 0;
|
||||
i = 0;
|
||||
while (!badopt && argv[++i] != NULL)
|
||||
@ -110,7 +51,6 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(argv[i], "-engine") == 0)
|
||||
{
|
||||
if ((argv[i+1] != NULL) && (engine == NULL))
|
||||
@ -118,7 +58,6 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
badopt = 1;
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(argv[i], "-rand") == 0)
|
||||
{
|
||||
if ((argv[i+1] != NULL) && (inrand == NULL))
|
||||
@ -156,17 +95,29 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "Usage: rand [options] num\n");
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, "-out file - write to file\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, "-base64 - encode output\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto err;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto err;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
if (inrand != NULL)
|
||||
@ -181,7 +132,7 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
{
|
||||
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -205,7 +156,7 @@ int MAIN(int argc, char **argv)
|
||||
int chunk;
|
||||
|
||||
chunk = num;
|
||||
if (chunk > (int)sizeof(buf))
|
||||
if (chunk > sizeof buf)
|
||||
chunk = sizeof buf;
|
||||
r = RAND_bytes(buf, chunk);
|
||||
if (r <= 0)
|
||||
@ -222,6 +173,5 @@ err:
|
||||
ERR_print_errors(bio_err);
|
||||
if (out)
|
||||
BIO_free_all(out);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
743
apps/req.c
743
apps/req.c
File diff suppressed because it is too large
Load Diff
139
apps/rsa.c
139
apps/rsa.c
@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -68,6 +68,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG rsa_main
|
||||
@ -79,9 +80,6 @@
|
||||
* -des - encrypt output if PEM format with DES in cbc mode
|
||||
* -des3 - encrypt output if PEM format
|
||||
* -idea - encrypt output if PEM format
|
||||
* -aes128 - encrypt output if PEM format
|
||||
* -aes192 - encrypt output if PEM format
|
||||
* -aes256 - encrypt output if PEM format
|
||||
* -text - print a text version
|
||||
* -modulus - print the RSA key modulus
|
||||
* -check - verify key consistency
|
||||
@ -93,20 +91,18 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
ENGINE *eng = NULL;
|
||||
int ret=1;
|
||||
RSA *rsa=NULL;
|
||||
int i,badops=0, sgckey=0;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
BIO *out=NULL;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,text=0,check=0,noout=0;
|
||||
int pubin = 0, pubout = 0;
|
||||
char *infile,*outfile,*prog;
|
||||
char *passargin = NULL, *passargout = NULL;
|
||||
char *passin = NULL, *passout = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
int modulus=0;
|
||||
|
||||
apps_startup();
|
||||
@ -115,9 +111,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile=NULL;
|
||||
outfile=NULL;
|
||||
informat=FORMAT_PEM;
|
||||
@ -158,13 +151,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
passargout= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-sgckey") == 0)
|
||||
sgckey=1;
|
||||
else if (strcmp(*argv,"-pubin") == 0)
|
||||
@ -203,12 +194,8 @@ bad:
|
||||
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
|
||||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
|
||||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
|
||||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -text print the key in text\n");
|
||||
BIO_printf(bio_err," -noout don't print key out\n");
|
||||
@ -216,17 +203,29 @@ bad:
|
||||
BIO_printf(bio_err," -check verify key consistency\n");
|
||||
BIO_printf(bio_err," -pubin expect a public key in input file\n");
|
||||
BIO_printf(bio_err," -pubout output a public key\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((eng = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(eng, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(eng);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@ -238,29 +237,69 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
out=BIO_new(BIO_s_file());
|
||||
|
||||
if ((in == NULL) || (out == NULL))
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
if (pubin)
|
||||
pkey = load_pubkey(bio_err, infile,
|
||||
(informat == FORMAT_NETSCAPE && sgckey ?
|
||||
FORMAT_IISSGC : informat), 1,
|
||||
passin, e, "Public Key");
|
||||
else
|
||||
pkey = load_key(bio_err, infile,
|
||||
(informat == FORMAT_NETSCAPE && sgckey ?
|
||||
FORMAT_IISSGC : informat), 1,
|
||||
passin, e, "Private Key");
|
||||
|
||||
if (pkey != NULL)
|
||||
rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,infile) <= 0)
|
||||
{
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
BIO_printf(bio_err,"read RSA key\n");
|
||||
if (informat == FORMAT_ASN1) {
|
||||
if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
|
||||
else rsa=d2i_RSAPrivateKey_bio(in,NULL);
|
||||
}
|
||||
#ifndef NO_RC4
|
||||
else if (informat == FORMAT_NETSCAPE)
|
||||
{
|
||||
BUF_MEM *buf=NULL;
|
||||
unsigned char *p;
|
||||
int size=0;
|
||||
|
||||
buf=BUF_MEM_new();
|
||||
for (;;)
|
||||
{
|
||||
if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
|
||||
goto end;
|
||||
i=BIO_read(in,&(buf->data[size]),1024*10);
|
||||
size+=i;
|
||||
if (i == 0) break;
|
||||
if (i < 0)
|
||||
{
|
||||
perror("reading private key");
|
||||
BUF_MEM_free(buf);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
p=(unsigned char *)buf->data;
|
||||
rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
|
||||
BUF_MEM_free(buf);
|
||||
}
|
||||
#endif
|
||||
else if (informat == FORMAT_PEM) {
|
||||
if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
|
||||
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"bad input format specified for key\n");
|
||||
goto end;
|
||||
}
|
||||
if (rsa == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -268,7 +307,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -307,14 +346,14 @@ bad:
|
||||
BIO_printf(out,"RSA key ok\n");
|
||||
else if (r == 0)
|
||||
{
|
||||
long err;
|
||||
long e;
|
||||
|
||||
while ((err = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(err) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
|
||||
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
|
||||
while ((e = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(e) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
|
||||
ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
|
||||
{
|
||||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
|
||||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
|
||||
ERR_get_error(); /* remove e from error stack */
|
||||
}
|
||||
}
|
||||
@ -336,7 +375,7 @@ bad:
|
||||
if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
|
||||
else i=i2d_RSAPrivateKey_bio(out,rsa);
|
||||
}
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
#ifndef NO_RC4
|
||||
else if (outformat == FORMAT_NETSCAPE)
|
||||
{
|
||||
unsigned char *p,*pp;
|
||||
@ -372,14 +411,14 @@ bad:
|
||||
else
|
||||
ret=0;
|
||||
end:
|
||||
if(in != NULL) BIO_free(in);
|
||||
if(out != NULL) BIO_free_all(out);
|
||||
if(rsa != NULL) RSA_free(rsa);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
if(passout) OPENSSL_free(passout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#else /* !OPENSSL_NO_RSA */
|
||||
#else /* !NO_RSA */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy=&dummy;
|
||||
|
@ -56,12 +56,13 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
|
||||
#include "apps.h"
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#define RSA_SIGN 1
|
||||
#define RSA_VERIFY 2
|
||||
@ -85,9 +86,6 @@ int MAIN(int argc, char **argv)
|
||||
ENGINE *e = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
#endif
|
||||
char *keyfile = NULL;
|
||||
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
|
||||
int keyform = FORMAT_PEM;
|
||||
@ -97,9 +95,9 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY *pkey = NULL;
|
||||
RSA *rsa = NULL;
|
||||
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
int rsa_inlen, rsa_outlen = 0;
|
||||
int keysize;
|
||||
char *engine=NULL;
|
||||
|
||||
int ret = 1;
|
||||
|
||||
@ -107,9 +105,6 @@ int MAIN(int argc, char **argv)
|
||||
argv++;
|
||||
|
||||
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
pad = RSA_PKCS1_PADDING;
|
||||
@ -125,17 +120,9 @@ int MAIN(int argc, char **argv)
|
||||
} else if(!strcmp(*argv, "-inkey")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
keyfile = *(++argv);
|
||||
} else if (!strcmp(*argv,"-passin")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
passargin= *(++argv);
|
||||
} else if (strcmp(*argv,"-keyform") == 0) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
keyform=str2fmt(*(++argv));
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
} else if(!strcmp(*argv, "-engine")) {
|
||||
if (--argc < 1) badarg = 1;
|
||||
engine = *(++argv);
|
||||
#endif
|
||||
} else if(!strcmp(*argv, "-pubin")) {
|
||||
key_type = KEY_PUBKEY;
|
||||
} else if(!strcmp(*argv, "-certin")) {
|
||||
@ -170,31 +157,38 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
/* FIXME: seed PRNG only if needed */
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
|
||||
switch(key_type) {
|
||||
case KEY_PRIVKEY:
|
||||
pkey = load_key(bio_err, keyfile, keyform, 0,
|
||||
passin, e, "Private Key");
|
||||
pkey = load_key(bio_err, keyfile, keyform, NULL);
|
||||
break;
|
||||
|
||||
case KEY_PUBKEY:
|
||||
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
|
||||
NULL, e, "Public Key");
|
||||
pkey = load_pubkey(bio_err, keyfile, keyform);
|
||||
break;
|
||||
|
||||
case KEY_CERT:
|
||||
x = load_cert(bio_err, keyfile, keyform,
|
||||
NULL, e, "Certificate");
|
||||
x = load_cert(bio_err, keyfile, keyform);
|
||||
if(x) {
|
||||
pkey = X509_get_pubkey(x);
|
||||
X509_free(x);
|
||||
@ -203,6 +197,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(!pkey) {
|
||||
BIO_printf(bio_err, "Error loading key\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -232,7 +227,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -298,7 +293,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
if(rsa_in) OPENSSL_free(rsa_in);
|
||||
if(rsa_out) OPENSSL_free(rsa_out);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -308,9 +302,9 @@ static void usage()
|
||||
BIO_printf(bio_err, "-in file input file\n");
|
||||
BIO_printf(bio_err, "-out file output file\n");
|
||||
BIO_printf(bio_err, "-inkey file input key\n");
|
||||
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
|
||||
BIO_printf(bio_err, "-pubin input is an RSA public\n");
|
||||
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
|
||||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
|
||||
BIO_printf(bio_err, "-raw use no padding\n");
|
||||
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
|
||||
@ -320,11 +314,6 @@ static void usage()
|
||||
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
|
||||
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
|
||||
BIO_printf(bio_err, "-hexdump hex dump output\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
BIO_printf (bio_err, "-passin arg pass phrase source\n");
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -55,73 +55,9 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
|
||||
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_MSDOS
|
||||
#define _kbhit kbhit
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
|
||||
#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
|
||||
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
|
||||
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
|
||||
#define MAX_NOFILE 32
|
||||
@ -151,9 +87,13 @@ typedef fd_mask fd_set;
|
||||
int do_server(int port, int *ret, int (*cb) (), char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#else
|
||||
int MS_CALLBACK verify_callback(int ok, char *ctx);
|
||||
#endif
|
||||
#ifdef HEADER_SSL_H
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
#else
|
||||
int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
|
||||
#endif
|
||||
int init_client(int *sock, char *server, int port);
|
||||
int should_retry(int i);
|
||||
@ -164,6 +104,8 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
|
||||
#ifdef HEADER_SSL_H
|
||||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
|
||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
|
||||
void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
|
||||
#else
|
||||
void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
|
||||
#endif
|
||||
|
||||
|
325
apps/s_cb.c
325
apps/s_cb.c
@ -55,59 +55,6 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -134,7 +81,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
err= X509_STORE_CTX_get_error(ctx);
|
||||
depth= X509_STORE_CTX_get_error_depth(ctx);
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
|
||||
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
|
||||
if (!ok)
|
||||
{
|
||||
@ -154,7 +101,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
switch (ctx->error)
|
||||
{
|
||||
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
||||
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
|
||||
BIO_printf(bio_err,"issuer= %s\n",buf);
|
||||
break;
|
||||
case X509_V_ERR_CERT_NOT_YET_VALID:
|
||||
@ -239,21 +186,21 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
|
||||
|
||||
if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
|
||||
{
|
||||
BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
|
||||
(void *)bio,argp,argi,ret,ret);
|
||||
BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
|
||||
bio,argp,argi,ret,ret);
|
||||
BIO_dump(out,argp,(int)ret);
|
||||
return(ret);
|
||||
}
|
||||
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
|
||||
{
|
||||
BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
|
||||
(void *)bio,argp,argi,ret,ret);
|
||||
BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
|
||||
bio,argp,argi,ret,ret);
|
||||
BIO_dump(out,argp,(int)ret);
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
||||
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
|
||||
void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
|
||||
{
|
||||
char *str;
|
||||
int w;
|
||||
@ -289,261 +236,3 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
|
||||
{
|
||||
BIO *bio = arg;
|
||||
const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
|
||||
|
||||
str_write_p = write_p ? ">>>" : "<<<";
|
||||
|
||||
switch (version)
|
||||
{
|
||||
case SSL2_VERSION:
|
||||
str_version = "SSL 2.0";
|
||||
break;
|
||||
case SSL3_VERSION:
|
||||
str_version = "SSL 3.0 ";
|
||||
break;
|
||||
case TLS1_VERSION:
|
||||
str_version = "TLS 1.0 ";
|
||||
break;
|
||||
default:
|
||||
str_version = "???";
|
||||
}
|
||||
|
||||
if (version == SSL2_VERSION)
|
||||
{
|
||||
str_details1 = "???";
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 0:
|
||||
str_details1 = ", ERROR:";
|
||||
str_details2 = " ???";
|
||||
if (len >= 3)
|
||||
{
|
||||
unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
|
||||
|
||||
switch (err)
|
||||
{
|
||||
case 0x0001:
|
||||
str_details2 = " NO-CIPHER-ERROR";
|
||||
break;
|
||||
case 0x0002:
|
||||
str_details2 = " NO-CERTIFICATE-ERROR";
|
||||
break;
|
||||
case 0x0004:
|
||||
str_details2 = " BAD-CERTIFICATE-ERROR";
|
||||
break;
|
||||
case 0x0006:
|
||||
str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
case 1:
|
||||
str_details1 = ", CLIENT-HELLO";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", CLIENT-MASTER-KEY";
|
||||
break;
|
||||
case 3:
|
||||
str_details1 = ", CLIENT-FINISHED";
|
||||
break;
|
||||
case 4:
|
||||
str_details1 = ", SERVER-HELLO";
|
||||
break;
|
||||
case 5:
|
||||
str_details1 = ", SERVER-VERIFY";
|
||||
break;
|
||||
case 6:
|
||||
str_details1 = ", SERVER-FINISHED";
|
||||
break;
|
||||
case 7:
|
||||
str_details1 = ", REQUEST-CERTIFICATE";
|
||||
break;
|
||||
case 8:
|
||||
str_details1 = ", CLIENT-CERTIFICATE";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (version == SSL3_VERSION || version == TLS1_VERSION)
|
||||
{
|
||||
switch (content_type)
|
||||
{
|
||||
case 20:
|
||||
str_content_type = "ChangeCipherSpec";
|
||||
break;
|
||||
case 21:
|
||||
str_content_type = "Alert";
|
||||
break;
|
||||
case 22:
|
||||
str_content_type = "Handshake";
|
||||
break;
|
||||
}
|
||||
|
||||
if (content_type == 21) /* Alert */
|
||||
{
|
||||
str_details1 = ", ???";
|
||||
|
||||
if (len == 2)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 1:
|
||||
str_details1 = ", warning";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", fatal";
|
||||
break;
|
||||
}
|
||||
|
||||
str_details2 = " ???";
|
||||
switch (((unsigned char*)buf)[1])
|
||||
{
|
||||
case 0:
|
||||
str_details2 = " close_notify";
|
||||
break;
|
||||
case 10:
|
||||
str_details2 = " unexpected_message";
|
||||
break;
|
||||
case 20:
|
||||
str_details2 = " bad_record_mac";
|
||||
break;
|
||||
case 21:
|
||||
str_details2 = " decryption_failed";
|
||||
break;
|
||||
case 22:
|
||||
str_details2 = " record_overflow";
|
||||
break;
|
||||
case 30:
|
||||
str_details2 = " decompression_failure";
|
||||
break;
|
||||
case 40:
|
||||
str_details2 = " handshake_failure";
|
||||
break;
|
||||
case 42:
|
||||
str_details2 = " bad_certificate";
|
||||
break;
|
||||
case 43:
|
||||
str_details2 = " unsupported_certificate";
|
||||
break;
|
||||
case 44:
|
||||
str_details2 = " certificate_revoked";
|
||||
break;
|
||||
case 45:
|
||||
str_details2 = " certificate_expired";
|
||||
break;
|
||||
case 46:
|
||||
str_details2 = " certificate_unknown";
|
||||
break;
|
||||
case 47:
|
||||
str_details2 = " illegal_parameter";
|
||||
break;
|
||||
case 48:
|
||||
str_details2 = " unknown_ca";
|
||||
break;
|
||||
case 49:
|
||||
str_details2 = " access_denied";
|
||||
break;
|
||||
case 50:
|
||||
str_details2 = " decode_error";
|
||||
break;
|
||||
case 51:
|
||||
str_details2 = " decrypt_error";
|
||||
break;
|
||||
case 60:
|
||||
str_details2 = " export_restriction";
|
||||
break;
|
||||
case 70:
|
||||
str_details2 = " protocol_version";
|
||||
break;
|
||||
case 71:
|
||||
str_details2 = " insufficient_security";
|
||||
break;
|
||||
case 80:
|
||||
str_details2 = " internal_error";
|
||||
break;
|
||||
case 90:
|
||||
str_details2 = " user_canceled";
|
||||
break;
|
||||
case 100:
|
||||
str_details2 = " no_renegotiation";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (content_type == 22) /* Handshake */
|
||||
{
|
||||
str_details1 = "???";
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
switch (((unsigned char*)buf)[0])
|
||||
{
|
||||
case 0:
|
||||
str_details1 = ", HelloRequest";
|
||||
break;
|
||||
case 1:
|
||||
str_details1 = ", ClientHello";
|
||||
break;
|
||||
case 2:
|
||||
str_details1 = ", ServerHello";
|
||||
break;
|
||||
case 11:
|
||||
str_details1 = ", Certificate";
|
||||
break;
|
||||
case 12:
|
||||
str_details1 = ", ServerKeyExchange";
|
||||
break;
|
||||
case 13:
|
||||
str_details1 = ", CertificateRequest";
|
||||
break;
|
||||
case 14:
|
||||
str_details1 = ", ServerHelloDone";
|
||||
break;
|
||||
case 15:
|
||||
str_details1 = ", CertificateVerify";
|
||||
break;
|
||||
case 16:
|
||||
str_details1 = ", ClientKeyExchange";
|
||||
break;
|
||||
case 20:
|
||||
str_details1 = ", Finished";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
|
||||
|
||||
if (len > 0)
|
||||
{
|
||||
size_t num, i;
|
||||
|
||||
BIO_printf(bio, " ");
|
||||
num = len;
|
||||
#if 0
|
||||
if (num > 16)
|
||||
num = 16;
|
||||
#endif
|
||||
for (i = 0; i < num; i++)
|
||||
{
|
||||
if (i % 16 == 0 && i > 0)
|
||||
BIO_printf(bio, "\n ");
|
||||
BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
|
||||
}
|
||||
if (i < len)
|
||||
BIO_printf(bio, " ...");
|
||||
BIO_printf(bio, "\n");
|
||||
}
|
||||
BIO_flush(bio);
|
||||
}
|
||||
|
251
apps/s_client.c
251
apps/s_client.c
@ -55,66 +55,12 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/e_os2.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#ifdef NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
|
||||
@ -122,7 +68,7 @@
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -134,18 +80,15 @@ typedef unsigned int u_int;
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
#undef fileno
|
||||
#endif
|
||||
#define fileno(a) (int)_fileno(a)
|
||||
#ifdef WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
|
||||
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
||||
#if (defined(VMS) && __VMS_VER < 70000000)
|
||||
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
||||
#undef FIONBIO
|
||||
#endif
|
||||
@ -170,7 +113,6 @@ static int c_nbio=0;
|
||||
#endif
|
||||
static int c_Pause=0;
|
||||
static int c_debug=0;
|
||||
static int c_msg=0;
|
||||
static int c_showcerts=0;
|
||||
|
||||
static void sc_usage(void);
|
||||
@ -197,7 +139,6 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
|
||||
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
|
||||
BIO_printf(bio_err," -debug - extra output\n");
|
||||
BIO_printf(bio_err," -msg - Show protocol messages\n");
|
||||
BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
|
||||
BIO_printf(bio_err," -state - print the 'ssl' states\n");
|
||||
#ifdef FIONBIO
|
||||
@ -211,18 +152,10 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
|
||||
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
|
||||
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
|
||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
|
||||
BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
|
||||
BIO_printf(bio_err," command to see what is available\n");
|
||||
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
|
||||
BIO_printf(bio_err," for those protocols that support it, where\n");
|
||||
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
|
||||
BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
@ -231,9 +164,8 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
int off=0;
|
||||
SSL *con=NULL,*con2=NULL;
|
||||
X509_STORE *store = NULL;
|
||||
int s,k,width,state=0;
|
||||
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
|
||||
char *cbuf=NULL,*sbuf=NULL;
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
@ -247,24 +179,21 @@ int MAIN(int argc, char **argv)
|
||||
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
|
||||
SSL_CTX *ctx=NULL;
|
||||
int ret=1,in_init=1,i,nbio_test=0;
|
||||
int starttls_proto = 0;
|
||||
int prexit = 0, vflags = 0;
|
||||
int prexit = 0;
|
||||
SSL_METHOD *meth=NULL;
|
||||
BIO *sbio;
|
||||
char *inrand=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine_id=NULL;
|
||||
ENGINE *e=NULL;
|
||||
#endif
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
||||
#ifdef WINDOWS
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
meth=SSLv23_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
#elif !defined(NO_SSL3)
|
||||
meth=SSLv3_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
#elif !defined(NO_SSL2)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
|
||||
@ -273,18 +202,13 @@ int MAIN(int argc, char **argv)
|
||||
c_quiet=0;
|
||||
c_ign_eof=0;
|
||||
c_debug=0;
|
||||
c_msg=0;
|
||||
c_showcerts=0;
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
|
||||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
|
||||
((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
|
||||
((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
|
||||
{
|
||||
BIO_printf(bio_err,"out of memory\n");
|
||||
goto end;
|
||||
@ -329,10 +253,6 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
cert_file= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check_all") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
else if (strcmp(*argv,"-prexit") == 0)
|
||||
prexit=1;
|
||||
else if (strcmp(*argv,"-crlf") == 0)
|
||||
@ -348,23 +268,21 @@ int MAIN(int argc, char **argv)
|
||||
c_Pause=1;
|
||||
else if (strcmp(*argv,"-debug") == 0)
|
||||
c_debug=1;
|
||||
else if (strcmp(*argv,"-msg") == 0)
|
||||
c_msg=1;
|
||||
else if (strcmp(*argv,"-showcerts") == 0)
|
||||
c_showcerts=1;
|
||||
else if (strcmp(*argv,"-nbio_test") == 0)
|
||||
nbio_test=1;
|
||||
else if (strcmp(*argv,"-state") == 0)
|
||||
state=1;
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
#ifndef NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
#ifndef NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
meth=SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
#ifndef NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
meth=TLSv1_client_method();
|
||||
#endif
|
||||
@ -395,8 +313,6 @@ int MAIN(int argc, char **argv)
|
||||
off|=SSL_OP_NO_SSLv3;
|
||||
else if (strcmp(*argv,"-no_ssl2") == 0)
|
||||
off|=SSL_OP_NO_SSLv2;
|
||||
else if (strcmp(*argv,"-serverpref") == 0)
|
||||
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
|
||||
else if (strcmp(*argv,"-cipher") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -405,30 +321,17 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef FIONBIO
|
||||
else if (strcmp(*argv,"-nbio") == 0)
|
||||
{ c_nbio=1; }
|
||||
#endif
|
||||
else if (strcmp(*argv,"-starttls") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
++argv;
|
||||
if (strcmp(*argv,"smtp") == 0)
|
||||
starttls_proto = 1;
|
||||
else if (strcmp(*argv,"pop3") == 0)
|
||||
starttls_proto = 2;
|
||||
else
|
||||
goto bad;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine_id = *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
inrand= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine_id = *(++argv);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -445,13 +348,6 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
SSL_load_error_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
#endif
|
||||
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
|
||||
&& !RAND_status())
|
||||
{
|
||||
@ -463,7 +359,7 @@ bad:
|
||||
|
||||
if (bio_c_out == NULL)
|
||||
{
|
||||
if (c_quiet && !c_debug && !c_msg)
|
||||
if (c_quiet)
|
||||
{
|
||||
bio_c_out=BIO_new(BIO_s_null());
|
||||
}
|
||||
@ -474,6 +370,32 @@ bad:
|
||||
}
|
||||
}
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (engine_id != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine_id)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (c_debug)
|
||||
{
|
||||
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
|
||||
0, bio_err, 0);
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
ctx=SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
{
|
||||
@ -510,16 +432,8 @@ bad:
|
||||
/* goto end; */
|
||||
}
|
||||
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
X509_STORE_set_flags(store, vflags);
|
||||
|
||||
con=SSL_new(ctx);
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
/* SSL_set_cipher_list(con,"RC4-MD5"); */
|
||||
|
||||
re_start:
|
||||
@ -561,11 +475,6 @@ re_start:
|
||||
BIO_set_callback(sbio,bio_dump_cb);
|
||||
BIO_set_callback_arg(sbio,bio_c_out);
|
||||
}
|
||||
if (c_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_c_out);
|
||||
}
|
||||
|
||||
SSL_set_bio(con,sbio,sbio);
|
||||
SSL_set_connect_state(con);
|
||||
@ -584,20 +493,6 @@ re_start:
|
||||
sbuf_len=0;
|
||||
sbuf_off=0;
|
||||
|
||||
/* This is an ugly hack that does a lot of assumptions */
|
||||
if (starttls_proto == 1)
|
||||
{
|
||||
BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
BIO_printf(sbio,"STARTTLS\r\n");
|
||||
BIO_read(sbio,sbuf,BUFSIZZ);
|
||||
}
|
||||
if (starttls_proto == 2)
|
||||
{
|
||||
BIO_read(sbio,mbuf,BUFSIZZ);
|
||||
BIO_printf(sbio,"STLS\r\n");
|
||||
BIO_read(sbio,sbuf,BUFSIZZ);
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
FD_ZERO(&readfds);
|
||||
@ -617,13 +512,6 @@ re_start:
|
||||
print_stuff(bio_c_out,con,full_log);
|
||||
if (full_log > 0) full_log--;
|
||||
|
||||
if (starttls_proto)
|
||||
{
|
||||
BIO_printf(bio_err,"%s",mbuf);
|
||||
/* We don't need to know any more */
|
||||
starttls_proto = 0;
|
||||
}
|
||||
|
||||
if (reconnect)
|
||||
{
|
||||
reconnect--;
|
||||
@ -640,7 +528,7 @@ re_start:
|
||||
|
||||
if (!ssl_pending)
|
||||
{
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
|
||||
#ifndef WINDOWS
|
||||
if (tty_on)
|
||||
{
|
||||
if (read_tty) FD_SET(fileno(stdin),&readfds);
|
||||
@ -667,8 +555,8 @@ re_start:
|
||||
* will choke the compiler: if you do have a cast then
|
||||
* you can either go for (int *) or (void *).
|
||||
*/
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
/* Under Windows/DOS we make the assumption that we can
|
||||
#ifdef WINDOWS
|
||||
/* Under Windows we make the assumption that we can
|
||||
* always write to the tty: therefore if we need to
|
||||
* write to the tty we just fall through. Otherwise
|
||||
* we timeout the select every second and see if there
|
||||
@ -682,11 +570,7 @@ re_start:
|
||||
tv.tv_usec = 0;
|
||||
i=select(width,(void *)&readfds,(void *)&writefds,
|
||||
NULL,&tv);
|
||||
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
|
||||
if(!i && (!_kbhit() || !read_tty) ) continue;
|
||||
#else
|
||||
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
|
||||
#endif
|
||||
} else i=select(width,(void *)&readfds,(void *)&writefds,
|
||||
NULL,NULL);
|
||||
}
|
||||
@ -770,8 +654,8 @@ re_start:
|
||||
goto shut;
|
||||
}
|
||||
}
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
||||
/* Assume Windows/DOS can always write */
|
||||
#ifdef WINDOWS
|
||||
/* Assume Windows can always write */
|
||||
else if (!ssl_pending && write_tty)
|
||||
#else
|
||||
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
|
||||
@ -851,14 +735,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
|
||||
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
|
||||
else if (_kbhit())
|
||||
#else
|
||||
#ifdef WINDOWS
|
||||
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
|
||||
#endif
|
||||
#elif defined (OPENSSL_SYS_NETWARE)
|
||||
else if (_kbhit())
|
||||
#else
|
||||
else if (FD_ISSET(fileno(stdin),&readfds))
|
||||
#endif
|
||||
@ -924,13 +802,11 @@ end:
|
||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
|
||||
if (bio_c_out != NULL)
|
||||
{
|
||||
BIO_free(bio_c_out);
|
||||
bio_c_out=NULL;
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
@ -946,7 +822,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
SSL_CIPHER *c;
|
||||
X509_NAME *xn;
|
||||
int j,i;
|
||||
const COMP_METHOD *comp, *expansion;
|
||||
|
||||
if (full)
|
||||
{
|
||||
@ -961,10 +836,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
for (i=0; i<sk_X509_num(sk); i++)
|
||||
{
|
||||
X509_NAME_oneline(X509_get_subject_name(
|
||||
sk_X509_value(sk,i)),buf,sizeof buf);
|
||||
sk_X509_value(sk,i)),buf,BUFSIZ);
|
||||
BIO_printf(bio,"%2d s:%s\n",i,buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(
|
||||
sk_X509_value(sk,i)),buf,sizeof buf);
|
||||
sk_X509_value(sk,i)),buf,BUFSIZ);
|
||||
BIO_printf(bio," i:%s\n",buf);
|
||||
if (c_showcerts)
|
||||
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
|
||||
@ -979,10 +854,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
|
||||
PEM_write_bio_X509(bio,peer);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),
|
||||
buf,sizeof buf);
|
||||
buf,BUFSIZ);
|
||||
BIO_printf(bio,"subject=%s\n",buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),
|
||||
buf,sizeof buf);
|
||||
buf,BUFSIZ);
|
||||
BIO_printf(bio,"issuer=%s\n",buf);
|
||||
}
|
||||
else
|
||||
@ -1004,7 +879,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
{
|
||||
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
|
||||
}
|
||||
p=SSL_get_shared_ciphers(s,buf,sizeof buf);
|
||||
p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
|
||||
if (p != NULL)
|
||||
{
|
||||
/* This works only for SSL 2. In later protocol
|
||||
@ -1049,12 +924,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
|
||||
EVP_PKEY_bits(pktmp));
|
||||
EVP_PKEY_free(pktmp);
|
||||
}
|
||||
comp=SSL_get_current_compression(s);
|
||||
expansion=SSL_get_current_expansion(s);
|
||||
BIO_printf(bio,"Compression: %s\n",
|
||||
comp ? SSL_COMP_get_name(comp) : "NONE");
|
||||
BIO_printf(bio,"Expansion: %s\n",
|
||||
expansion ? SSL_COMP_get_name(expansion) : "NONE");
|
||||
SSL_SESSION_print(bio,SSL_get_session(s));
|
||||
BIO_printf(bio,"---\n");
|
||||
if (peer != NULL)
|
||||
|
429
apps/s_server.c
429
apps/s_server.c
@ -55,91 +55,22 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
* ECC cipher suite support in OpenSSL originally developed by
|
||||
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
*/
|
||||
|
||||
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
|
||||
* deprecated functions for openssl-internal code */
|
||||
#ifdef OPENSSL_NO_DEPRECATED
|
||||
#undef OPENSSL_NO_DEPRECATED
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <openssl/e_os2.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#ifdef NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
|
||||
/* With IPv6, it looks like Digital has mixed up the proper order of
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -153,22 +84,19 @@ typedef unsigned int u_int;
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
#include "s_apps.h"
|
||||
|
||||
#ifdef OPENSSL_SYS_WINCE
|
||||
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
|
||||
#ifdef fileno
|
||||
#undef fileno
|
||||
#endif
|
||||
#define fileno(a) (int)_fileno(a)
|
||||
#ifdef WINDOWS
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
||||
#if (defined(VMS) && __VMS_VER < 70000000)
|
||||
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
||||
#undef FIONBIO
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
#endif
|
||||
static int sv_body(char *hostname, int s, unsigned char *context);
|
||||
@ -177,13 +105,10 @@ static void close_accept_socket(void );
|
||||
static void sv_usage(void);
|
||||
static int init_ssl_connection(SSL *s);
|
||||
static void print_stats(BIO *bp,SSL_CTX *ctx);
|
||||
static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len);
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
static DH *load_dh_param(char *dhfile);
|
||||
static DH *get_dh512(void);
|
||||
#endif
|
||||
|
||||
#ifdef MONOLITH
|
||||
static void s_server_init(void);
|
||||
#endif
|
||||
@ -196,7 +121,7 @@ static void s_server_init(void);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
static unsigned char dh512_p[]={
|
||||
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
||||
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
||||
@ -222,7 +147,6 @@ static DH *get_dh512(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* static int load_CA(SSL_CTX *ctx, char *file);*/
|
||||
|
||||
#undef BUFSIZZ
|
||||
@ -251,14 +175,10 @@ static int www=0;
|
||||
|
||||
static BIO *bio_s_out=NULL;
|
||||
static int s_debug=0;
|
||||
static int s_msg=0;
|
||||
static int s_quiet=0;
|
||||
|
||||
static int hack=0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
static char *engine_id=NULL;
|
||||
#endif
|
||||
static const char *session_id_prefix=NULL;
|
||||
|
||||
#ifdef MONOLITH
|
||||
static void s_server_init(void)
|
||||
@ -279,12 +199,9 @@ static void s_server_init(void)
|
||||
|
||||
bio_s_out=NULL;
|
||||
s_debug=0;
|
||||
s_msg=0;
|
||||
s_quiet=0;
|
||||
hack=0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
engine_id=NULL;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -304,24 +221,17 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
|
||||
BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
|
||||
BIO_printf(bio_err," or a default set of parameters is used\n");
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
|
||||
" Use \"openssl ecparam -list_curves\" for all names\n" \
|
||||
" (default is sect163r2).\n");
|
||||
#endif
|
||||
#ifdef FIONBIO
|
||||
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
|
||||
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
|
||||
BIO_printf(bio_err," -debug - Print more output\n");
|
||||
BIO_printf(bio_err," -msg - Show protocol messages\n");
|
||||
BIO_printf(bio_err," -state - Print the SSL states\n");
|
||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
|
||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
|
||||
BIO_printf(bio_err," -quiet - No server output\n");
|
||||
BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
|
||||
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
|
||||
@ -330,22 +240,14 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
|
||||
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
|
||||
BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
|
||||
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
|
||||
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
|
||||
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
|
||||
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
#endif
|
||||
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
|
||||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
|
||||
}
|
||||
|
||||
static int local_argc=0;
|
||||
@ -505,29 +407,28 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char *argv[])
|
||||
{
|
||||
X509_STORE *store = NULL;
|
||||
int vflags = 0;
|
||||
short port=PORT;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
char *context = NULL;
|
||||
char *dhfile = NULL;
|
||||
char *named_curve = NULL;
|
||||
int badop=0,bugs=0;
|
||||
int ret=1;
|
||||
int off=0;
|
||||
int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
|
||||
int no_tmp_rsa=0,no_dhe=0,nocert=0;
|
||||
int state=0;
|
||||
SSL_METHOD *meth=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e=NULL;
|
||||
#endif
|
||||
char *inrand=NULL;
|
||||
char *engine=NULL;
|
||||
ENGINE *e=NULL;
|
||||
#ifndef NO_DH
|
||||
DH *dh=NULL;
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
meth=SSLv23_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
#elif !defined(NO_SSL3)
|
||||
meth=SSLv3_server_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
#elif !defined(NO_SSL2)
|
||||
meth=SSLv2_server_method();
|
||||
#endif
|
||||
|
||||
@ -542,9 +443,6 @@ int MAIN(int argc, char *argv[])
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
verify_depth=0;
|
||||
#ifdef FIONBIO
|
||||
s_nbio=0;
|
||||
@ -598,13 +496,6 @@ int MAIN(int argc, char *argv[])
|
||||
if (--argc < 1) goto bad;
|
||||
dhfile = *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
else if (strcmp(*argv,"-named_curve") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
named_curve = *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-dcert") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -624,16 +515,6 @@ int MAIN(int argc, char *argv[])
|
||||
if (--argc < 1) goto bad;
|
||||
CApath= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
{
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
}
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
{
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
}
|
||||
else if (strcmp(*argv,"-serverpref") == 0)
|
||||
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
|
||||
else if (strcmp(*argv,"-cipher") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -657,8 +538,6 @@ int MAIN(int argc, char *argv[])
|
||||
}
|
||||
else if (strcmp(*argv,"-debug") == 0)
|
||||
{ s_debug=1; }
|
||||
else if (strcmp(*argv,"-msg") == 0)
|
||||
{ s_msg=1; }
|
||||
else if (strcmp(*argv,"-hack") == 0)
|
||||
{ hack=1; }
|
||||
else if (strcmp(*argv,"-state") == 0)
|
||||
@ -673,49 +552,38 @@ int MAIN(int argc, char *argv[])
|
||||
{ no_tmp_rsa=1; }
|
||||
else if (strcmp(*argv,"-no_dhe") == 0)
|
||||
{ no_dhe=1; }
|
||||
else if (strcmp(*argv,"-no_ecdhe") == 0)
|
||||
{ no_ecdhe=1; }
|
||||
else if (strcmp(*argv,"-www") == 0)
|
||||
{ www=1; }
|
||||
else if (strcmp(*argv,"-WWW") == 0)
|
||||
{ www=2; }
|
||||
else if (strcmp(*argv,"-HTTP") == 0)
|
||||
{ www=3; }
|
||||
else if (strcmp(*argv,"-no_ssl2") == 0)
|
||||
{ off|=SSL_OP_NO_SSLv2; }
|
||||
else if (strcmp(*argv,"-no_ssl3") == 0)
|
||||
{ off|=SSL_OP_NO_SSLv3; }
|
||||
else if (strcmp(*argv,"-no_tls1") == 0)
|
||||
{ off|=SSL_OP_NO_TLSv1; }
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
#ifndef NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
{ meth=SSLv2_server_method(); }
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
#ifndef NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
{ meth=SSLv3_server_method(); }
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
#ifndef NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
{ meth=TLSv1_server_method(); }
|
||||
#endif
|
||||
else if (strcmp(*argv, "-id_prefix") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
session_id_prefix = *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine_id= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-rand") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
inrand= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -732,13 +600,6 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine_id, 1);
|
||||
#endif
|
||||
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
|
||||
&& !RAND_status())
|
||||
{
|
||||
@ -750,7 +611,7 @@ bad:
|
||||
|
||||
if (bio_s_out == NULL)
|
||||
{
|
||||
if (s_quiet && !s_debug && !s_msg)
|
||||
if (s_quiet && !s_debug)
|
||||
{
|
||||
bio_s_out=BIO_new(BIO_s_null());
|
||||
}
|
||||
@ -761,7 +622,7 @@ bad:
|
||||
}
|
||||
}
|
||||
|
||||
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
|
||||
#if !defined(NO_RSA) || !defined(NO_DSA)
|
||||
if (nocert)
|
||||
#endif
|
||||
{
|
||||
@ -771,32 +632,44 @@ bad:
|
||||
s_dkey_file=NULL;
|
||||
}
|
||||
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (s_debug)
|
||||
{
|
||||
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
|
||||
0, bio_err, 0);
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
ctx=SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (session_id_prefix)
|
||||
{
|
||||
if(strlen(session_id_prefix) >= 32)
|
||||
BIO_printf(bio_err,
|
||||
"warning: id_prefix is too long, only one new session will be possible\n");
|
||||
else if(strlen(session_id_prefix) >= 16)
|
||||
BIO_printf(bio_err,
|
||||
"warning: id_prefix is too long if you use SSLv2\n");
|
||||
if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
|
||||
{
|
||||
BIO_printf(bio_err,"error setting 'id_prefix'\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
|
||||
}
|
||||
|
||||
SSL_CTX_set_quiet_shutdown(ctx,1);
|
||||
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
|
||||
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
|
||||
SSL_CTX_set_options(ctx,off);
|
||||
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
|
||||
|
||||
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
|
||||
|
||||
@ -821,19 +694,11 @@ bad:
|
||||
ERR_print_errors(bio_err);
|
||||
/* goto end; */
|
||||
}
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
X509_STORE_set_flags(store, vflags);
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
if (!no_dhe)
|
||||
{
|
||||
DH *dh=NULL;
|
||||
|
||||
if (dhfile)
|
||||
dh = load_dh_param(dhfile);
|
||||
else if (s_cert_file)
|
||||
dh = load_dh_param(s_cert_file);
|
||||
|
||||
dh=load_dh_param(dhfile ? dhfile : s_cert_file);
|
||||
if (dh != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
|
||||
@ -850,59 +715,6 @@ bad:
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
if (!no_ecdhe)
|
||||
{
|
||||
EC_KEY *ecdh=NULL;
|
||||
|
||||
ecdh = EC_KEY_new();
|
||||
if (ecdh == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"Could not create ECDH struct.\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (named_curve)
|
||||
{
|
||||
int nid = OBJ_sn2nid(named_curve);
|
||||
|
||||
if (nid == 0)
|
||||
{
|
||||
BIO_printf(bio_err, "unknown curve name (%s)\n",
|
||||
named_curve);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ecdh->group = EC_GROUP_new_by_nid(nid);
|
||||
if (ecdh->group == NULL)
|
||||
{
|
||||
BIO_printf(bio_err, "unable to create curve (%s)\n",
|
||||
named_curve);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (ecdh->group != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
|
||||
ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
|
||||
if (ecdh->group == NULL)
|
||||
{
|
||||
BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
(void)BIO_flush(bio_s_out);
|
||||
|
||||
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
|
||||
EC_KEY_free(ecdh);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
|
||||
goto end;
|
||||
if (s_dcert_file != NULL)
|
||||
@ -911,7 +723,7 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
#if 1
|
||||
if (!no_tmp_rsa)
|
||||
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
|
||||
@ -963,7 +775,6 @@ end:
|
||||
BIO_free(bio_s_out);
|
||||
bio_s_out=NULL;
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
@ -971,23 +782,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
|
||||
{
|
||||
BIO_printf(bio,"%4ld items in the session cache\n",
|
||||
SSL_CTX_sess_number(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
|
||||
BIO_printf(bio,"%4d client connects (SSL_connect())\n",
|
||||
SSL_CTX_sess_connect(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
|
||||
BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
|
||||
SSL_CTX_sess_connect_renegotiate(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld client connects that finished\n",
|
||||
BIO_printf(bio,"%4d client connects that finished\n",
|
||||
SSL_CTX_sess_connect_good(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
|
||||
BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
|
||||
SSL_CTX_sess_accept(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
|
||||
BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
|
||||
SSL_CTX_sess_accept_renegotiate(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld server accepts that finished\n",
|
||||
BIO_printf(bio,"%4d server accepts that finished\n",
|
||||
SSL_CTX_sess_accept_good(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
|
||||
BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
|
||||
BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
|
||||
BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
|
||||
BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
|
||||
BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
|
||||
BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
|
||||
SSL_CTX_sess_cache_full(ssl_ctx),
|
||||
SSL_CTX_sess_get_cache_size(ssl_ctx));
|
||||
}
|
||||
@ -1001,7 +812,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
unsigned long l;
|
||||
SSL *con=NULL;
|
||||
BIO *sbio;
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
||||
#ifdef WINDOWS
|
||||
struct timeval tv;
|
||||
#endif
|
||||
|
||||
@ -1024,15 +835,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
|
||||
if (con == NULL) {
|
||||
con=SSL_new(ctx);
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
|
||||
KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
|
||||
KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context)
|
||||
SSL_set_session_id_context(con, context,
|
||||
strlen((char *)context));
|
||||
@ -1057,11 +859,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
|
||||
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
|
||||
}
|
||||
if (s_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_s_out);
|
||||
}
|
||||
|
||||
width=s+1;
|
||||
for (;;)
|
||||
@ -1075,7 +872,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
if (!read_from_sslcon)
|
||||
{
|
||||
FD_ZERO(&readfds);
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
|
||||
#ifndef WINDOWS
|
||||
FD_SET(fileno(stdin),&readfds);
|
||||
#endif
|
||||
FD_SET(s,&readfds);
|
||||
@ -1085,8 +882,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
* the compiler: if you do have a cast then you can either
|
||||
* go for (int *) or (void *).
|
||||
*/
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
|
||||
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
|
||||
#ifdef WINDOWS
|
||||
/* Under Windows we can't select on stdin: only
|
||||
* on sockets. As a workaround we timeout the select every
|
||||
* second and check for any keypress. In a proper Windows
|
||||
* application we wouldn't do this because it is inefficient.
|
||||
@ -1332,14 +1129,14 @@ static int init_ssl_connection(SSL *con)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Client certificate\n");
|
||||
PEM_write_bio_X509(bio_s_out,peer);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
|
||||
X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
|
||||
BIO_printf(bio_s_out,"subject=%s\n",buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
|
||||
X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
|
||||
BIO_printf(bio_s_out,"issuer=%s\n",buf);
|
||||
X509_free(peer);
|
||||
}
|
||||
|
||||
if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
|
||||
if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
|
||||
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
|
||||
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
|
||||
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
|
||||
@ -1347,17 +1144,11 @@ static int init_ssl_connection(SSL *con)
|
||||
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
|
||||
TLS1_FLAGS_TLS_PADDING_BUG)
|
||||
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con->kssl_ctx->client_princ != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
|
||||
con->kssl_ctx->client_princ);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
|
||||
return(1);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#ifndef NO_DH
|
||||
static DH *load_dh_param(char *dhfile)
|
||||
{
|
||||
DH *ret=NULL;
|
||||
@ -1426,13 +1217,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
|
||||
|
||||
if ((con=SSL_new(ctx)) == NULL) goto err;
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context) SSL_set_session_id_context(con, context,
|
||||
strlen((char *)context));
|
||||
|
||||
@ -1460,11 +1244,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
|
||||
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
|
||||
}
|
||||
if (s_msg)
|
||||
{
|
||||
SSL_set_msg_callback(con, msg_cb);
|
||||
SSL_set_msg_callback_arg(con, bio_s_out);
|
||||
}
|
||||
|
||||
blank=0;
|
||||
for (;;)
|
||||
@ -1505,9 +1284,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_s_out,"read R BLOCK\n");
|
||||
#if defined(OPENSSL_SYS_NETWARE)
|
||||
delay(1000);
|
||||
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
|
||||
#if !defined(MSDOS) && !defined(VXWORKS)
|
||||
sleep(1);
|
||||
#endif
|
||||
continue;
|
||||
@ -1601,8 +1378,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_puts(io,"</BODY></HTML>\r\n\r\n");
|
||||
break;
|
||||
}
|
||||
else if ((www == 2 || www == 3)
|
||||
&& (strncmp("GET /",buf,5) == 0))
|
||||
else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
|
||||
{
|
||||
BIO *file;
|
||||
char *p,*e;
|
||||
@ -1692,8 +1468,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
if (!s_quiet)
|
||||
BIO_printf(bio_err,"FILE:%s\n",p);
|
||||
|
||||
if (www == 2)
|
||||
{
|
||||
i=strlen(p);
|
||||
if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
|
||||
((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
|
||||
@ -1701,7 +1475,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
|
||||
else
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
|
||||
}
|
||||
/* send the file */
|
||||
total_bytes=0;
|
||||
for (;;)
|
||||
@ -1779,7 +1552,7 @@ err:
|
||||
return(ret);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
static RSA *rsa_tmp=NULL;
|
||||
@ -1791,12 +1564,7 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
|
||||
(void)BIO_flush(bio_err);
|
||||
}
|
||||
if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex(
|
||||
rsa_tmp, keylength,RSA_F4,NULL))
|
||||
{
|
||||
if(rsa_tmp) RSA_free(rsa_tmp);
|
||||
rsa_tmp = NULL;
|
||||
}
|
||||
rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
|
||||
if (!s_quiet)
|
||||
{
|
||||
BIO_printf(bio_err,"\n");
|
||||
@ -1806,26 +1574,3 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
return(rsa_tmp);
|
||||
}
|
||||
#endif
|
||||
|
||||
#define MAX_SESSION_ID_ATTEMPTS 10
|
||||
static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len)
|
||||
{
|
||||
unsigned int count = 0;
|
||||
do {
|
||||
RAND_pseudo_bytes(id, *id_len);
|
||||
/* Prefix the session_id with the required prefix. NB: If our
|
||||
* prefix is too long, clip it - but there will be worse effects
|
||||
* anyway, eg. the server could only possibly create 1 session
|
||||
* ID (ie. the prefix!) so all future session negotiations will
|
||||
* fail due to conflicts. */
|
||||
memcpy(id, session_id_prefix,
|
||||
(strlen(session_id_prefix) < *id_len) ?
|
||||
strlen(session_id_prefix) : *id_len);
|
||||
}
|
||||
while(SSL_has_matching_session_id(ssl, id, *id_len) &&
|
||||
(++count < MAX_SESSION_ID_ATTEMPTS));
|
||||
if(count >= MAX_SESSION_ID_ATTEMPTS)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
111
apps/s_socket.c
111
apps/s_socket.c
@ -66,7 +66,7 @@
|
||||
recursive header file inclusion, resulting in the compiler complaining
|
||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||
is needed to have fileno() declared correctly... So let's define u_int */
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
|
||||
#define __U_INT
|
||||
typedef unsigned int u_int;
|
||||
#endif
|
||||
@ -79,40 +79,28 @@ typedef unsigned int u_int;
|
||||
#include "s_apps.h"
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#ifdef FLAT_INC
|
||||
#include "e_os.h"
|
||||
#else
|
||||
#include "../e_os.h"
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
|
||||
static struct hostent *GetHostByName(char *name);
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
|
||||
static void ssl_sock_cleanup(void);
|
||||
#ifdef WINDOWS
|
||||
static void sock_cleanup(void);
|
||||
#endif
|
||||
static int ssl_sock_init(void);
|
||||
static int sock_init(void);
|
||||
static int init_client_ip(int *sock,unsigned char ip[4], int port);
|
||||
static int init_server(int *sock, int port);
|
||||
static int init_server_long(int *sock, int port,char *ip);
|
||||
static int do_accept(int acc_sock, int *sock, char **host);
|
||||
static int host_ip(char *str, unsigned char ip[4]);
|
||||
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
#ifdef WIN16
|
||||
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
|
||||
#else
|
||||
#define SOCKET_PROTOCOL IPPROTO_TCP
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_NETWARE
|
||||
static int wsa_init_done=0;
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
#ifdef WINDOWS
|
||||
static struct WSAData wsa_state;
|
||||
static int wsa_init_done=0;
|
||||
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
#ifdef WIN16
|
||||
static HWND topWnd=0;
|
||||
static FARPROC lpTopWndProc=NULL;
|
||||
static FARPROC lpTopHookProc=NULL;
|
||||
@ -128,7 +116,7 @@ static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
|
||||
case WM_DESTROY:
|
||||
case WM_CLOSE:
|
||||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
|
||||
ssl_sock_cleanup();
|
||||
sock_cleanup();
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -141,47 +129,30 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
|
||||
return(FALSE);
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_SYS_WIN32 */
|
||||
#endif /* OPENSSL_SYS_WINDOWS */
|
||||
#endif /* WIN32 */
|
||||
#endif /* WINDOWS */
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
static void ssl_sock_cleanup(void)
|
||||
{
|
||||
if (wsa_init_done)
|
||||
{
|
||||
wsa_init_done=0;
|
||||
#ifndef OPENSSL_SYS_WINCE
|
||||
WSACancelBlockingCall();
|
||||
#endif
|
||||
WSACleanup();
|
||||
}
|
||||
}
|
||||
#elif defined(OPENSSL_SYS_NETWARE)
|
||||
#ifdef WINDOWS
|
||||
static void sock_cleanup(void)
|
||||
{
|
||||
if (wsa_init_done)
|
||||
{
|
||||
wsa_init_done=0;
|
||||
WSACancelBlockingCall();
|
||||
WSACleanup();
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static int ssl_sock_init(void)
|
||||
static int sock_init(void)
|
||||
{
|
||||
#ifdef WATT32
|
||||
extern int _watt_do_exit;
|
||||
_watt_do_exit = 0;
|
||||
dbug_init();
|
||||
if (sock_init())
|
||||
return (0);
|
||||
#elif defined(OPENSSL_SYS_WINDOWS)
|
||||
#ifdef WINDOWS
|
||||
if (!wsa_init_done)
|
||||
{
|
||||
int err;
|
||||
|
||||
#ifdef SIGINT
|
||||
signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
|
||||
signal(SIGINT,(void (*)(int))sock_cleanup);
|
||||
#endif
|
||||
wsa_init_done=1;
|
||||
memset(&wsa_state,0,sizeof(wsa_state));
|
||||
@ -192,36 +163,15 @@ static int ssl_sock_init(void)
|
||||
return(0);
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_SYS_WIN16
|
||||
#ifdef WIN16
|
||||
EnumTaskWindows(GetCurrentTask(),enumproc,0L);
|
||||
lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
|
||||
lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
|
||||
|
||||
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
|
||||
#endif /* OPENSSL_SYS_WIN16 */
|
||||
#endif /* WIN16 */
|
||||
}
|
||||
#elif defined(OPENSSL_SYS_NETWARE)
|
||||
WORD wVerReq;
|
||||
WSADATA wsaData;
|
||||
int err;
|
||||
|
||||
if (!wsa_init_done)
|
||||
{
|
||||
|
||||
# ifdef SIGINT
|
||||
signal(SIGINT,(void (*)(int))sock_cleanup);
|
||||
# endif
|
||||
|
||||
wsa_init_done=1;
|
||||
wVerReq = MAKEWORD( 2, 0 );
|
||||
err = WSAStartup(wVerReq,&wsaData);
|
||||
if (err != 0)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_SYS_WINDOWS */
|
||||
#endif /* WINDOWS */
|
||||
return(1);
|
||||
}
|
||||
|
||||
@ -244,7 +194,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
|
||||
struct sockaddr_in them;
|
||||
int s,i;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
if (!sock_init()) return(0);
|
||||
|
||||
memset((char *)&them,0,sizeof(them));
|
||||
them.sin_family=AF_INET;
|
||||
@ -259,7 +209,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
|
||||
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
|
||||
#ifndef OPENSSL_SYS_MPE
|
||||
#ifndef MPE
|
||||
i=0;
|
||||
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||
if (i < 0) { perror("keepalive"); return(0); }
|
||||
@ -309,7 +259,7 @@ static int init_server_long(int *sock, int port, char *ip)
|
||||
struct sockaddr_in server;
|
||||
int s= -1,i;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
if (!sock_init()) return(0);
|
||||
|
||||
memset((char *)&server,0,sizeof(server));
|
||||
server.sin_family=AF_INET;
|
||||
@ -335,7 +285,7 @@ static int init_server_long(int *sock, int port, char *ip)
|
||||
#endif
|
||||
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
|
||||
{
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
#ifndef WINDOWS
|
||||
perror("bind");
|
||||
#endif
|
||||
goto err;
|
||||
@ -366,9 +316,9 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
if (!sock_init()) return(0);
|
||||
|
||||
#ifndef OPENSSL_SYS_WINDOWS
|
||||
#ifndef WINDOWS
|
||||
redoit:
|
||||
#endif
|
||||
|
||||
@ -382,7 +332,7 @@ redoit:
|
||||
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
|
||||
if (ret == INVALID_SOCKET)
|
||||
{
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
|
||||
#ifdef WINDOWS
|
||||
i=WSAGetLastError();
|
||||
BIO_printf(bio_err,"accept error %d\n",i);
|
||||
#else
|
||||
@ -429,7 +379,7 @@ redoit:
|
||||
perror("OPENSSL_malloc");
|
||||
return(0);
|
||||
}
|
||||
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
|
||||
strcpy(*host,h1->h_name);
|
||||
|
||||
h2=GetHostByName(*host);
|
||||
if (h2 == NULL)
|
||||
@ -496,7 +446,7 @@ static int host_ip(char *str, unsigned char ip[4])
|
||||
{ /* do a gethostbyname */
|
||||
struct hostent *he;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
if (!sock_init()) return(0);
|
||||
|
||||
he=GetHostByName(str);
|
||||
if (he == NULL)
|
||||
@ -577,12 +527,9 @@ static struct hostent *GetHostByName(char *name)
|
||||
ret=gethostbyname(name);
|
||||
if (ret == NULL) return(NULL);
|
||||
/* else add to cache */
|
||||
if(strlen(name) < sizeof ghbn_cache[0].name)
|
||||
{
|
||||
strcpy(ghbn_cache[lowi].name,name);
|
||||
strncpy(ghbn_cache[lowi].name,name,128);
|
||||
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
|
||||
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
else
|
||||
@ -593,5 +540,3 @@ static struct hostent *GetHostByName(char *name)
|
||||
return(ret);
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -67,25 +67,22 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#define USE_SOCKETS
|
||||
#include "apps.h"
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#ifdef NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#define USE_SOCKETS
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/pem.h>
|
||||
#include "apps.h"
|
||||
#include "s_apps.h"
|
||||
#include <openssl/err.h>
|
||||
#ifdef WIN32_STUFF
|
||||
#include "winmain.h"
|
||||
#include "wintext.h"
|
||||
#endif
|
||||
#if !defined(OPENSSL_SYS_MSDOS)
|
||||
#include OPENSSL_UNISTD
|
||||
#endif
|
||||
|
||||
#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
|
||||
#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
|
||||
#define TIMES
|
||||
#endif
|
||||
|
||||
@ -101,36 +98,37 @@
|
||||
The __TMS macro will show if it was. If it wasn't defined, we should
|
||||
undefine TIMES, since that tells the rest of the program how things
|
||||
should be handled. -- Richard Levitte */
|
||||
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
|
||||
#if defined(VMS) && defined(__DECC) && !defined(__TMS)
|
||||
#undef TIMES
|
||||
#endif
|
||||
|
||||
#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
|
||||
#if !defined(TIMES) && !defined(VXWORKS)
|
||||
#include <sys/timeb.h>
|
||||
#endif
|
||||
|
||||
#ifdef _AIX
|
||||
#include <sys/select.h>
|
||||
#endif
|
||||
|
||||
#if defined(sun) || defined(__ultrix)
|
||||
#define _POSIX_SOURCE
|
||||
#include <limits.h>
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#ifdef VXWORKS
|
||||
#include <tickLib.h>
|
||||
#undef SIGALRM
|
||||
#endif
|
||||
|
||||
/* The following if from times(3) man page. It may need to be changed
|
||||
*/
|
||||
#ifndef HZ
|
||||
# ifdef _SC_CLK_TCK
|
||||
# define HZ ((double)sysconf(_SC_CLK_TCK))
|
||||
# else
|
||||
# ifndef CLK_TCK
|
||||
# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
|
||||
# define HZ 100.0
|
||||
# else /* _BSD_CLK_TCK_ */
|
||||
# define HZ ((double)_BSD_CLK_TCK_)
|
||||
# endif
|
||||
# else /* CLK_TCK */
|
||||
# define HZ ((double)CLK_TCK)
|
||||
# endif
|
||||
# endif
|
||||
#ifndef CLK_TCK
|
||||
#define HZ 100.0
|
||||
#else /* CLK_TCK */
|
||||
#define HZ ((double)CLK_TCK)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#undef PROG
|
||||
@ -146,8 +144,6 @@
|
||||
#undef BUFSIZZ
|
||||
#define BUFSIZZ 1024*10
|
||||
|
||||
#define MYBUFSIZ 1024*8
|
||||
|
||||
#undef min
|
||||
#undef max
|
||||
#define min(a,b) (((a) < (b)) ? (a) : (b))
|
||||
@ -185,7 +181,7 @@ static int perform=0;
|
||||
#ifdef FIONBIO
|
||||
static int t_nbio=0;
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
#ifdef WIN32
|
||||
static int exitNow = 0; /* Set when it's time to exit main */
|
||||
#endif
|
||||
|
||||
@ -209,7 +205,7 @@ static void s_time_init(void)
|
||||
#ifdef FIONBIO
|
||||
t_nbio=0;
|
||||
#endif
|
||||
#ifdef OPENSSL_SYS_WIN32
|
||||
#ifdef WIN32
|
||||
exitNow = 0; /* Set when it's time to exit main */
|
||||
#endif
|
||||
}
|
||||
@ -322,19 +318,14 @@ static int parseArgs(int argc, char **argv)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
s_www_path= *(++argv);
|
||||
if(strlen(s_www_path) > MYBUFSIZ-100)
|
||||
{
|
||||
BIO_printf(bio_err,"-www option too long\n");
|
||||
badop=1;
|
||||
}
|
||||
}
|
||||
else if(strcmp(*argv,"-bugs") == 0)
|
||||
st_bugs=1;
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
#ifndef NO_SSL2
|
||||
else if(strcmp(*argv,"-ssl2") == 0)
|
||||
s_time_meth=SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
#ifndef NO_SSL3
|
||||
else if(strcmp(*argv,"-ssl3") == 0)
|
||||
s_time_meth=SSLv3_client_method();
|
||||
#endif
|
||||
@ -384,21 +375,7 @@ static double tm_Time_F(int s)
|
||||
ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
|
||||
return((ret == 0.0)?1e-6:ret);
|
||||
}
|
||||
#elif defined(OPENSSL_SYS_NETWARE)
|
||||
static clock_t tstart,tend;
|
||||
|
||||
if (s == START)
|
||||
{
|
||||
tstart=clock();
|
||||
return(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
tend=clock();
|
||||
ret=(double)((double)(tend)-(double)(tstart));
|
||||
return((ret < 0.001)?0.001:ret);
|
||||
}
|
||||
#elif defined(OPENSSL_SYS_VXWORKS)
|
||||
#elif defined(VXWORKS)
|
||||
{
|
||||
static unsigned long tick_start, tick_end;
|
||||
|
||||
@ -452,11 +429,11 @@ int MAIN(int argc, char **argv)
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
||||
#if !defined(NO_SSL2) && !defined(NO_SSL3)
|
||||
s_time_meth=SSLv23_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL3)
|
||||
#elif !defined(NO_SSL3)
|
||||
s_time_meth=SSLv3_client_method();
|
||||
#elif !defined(OPENSSL_NO_SSL2)
|
||||
#elif !defined(NO_SSL2)
|
||||
s_time_meth=SSLv2_client_method();
|
||||
#endif
|
||||
|
||||
@ -489,6 +466,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (tm_cipher == NULL ) {
|
||||
fprintf( stderr, "No CIPHER specified\n" );
|
||||
/* OPENSSL_EXIT(1); */
|
||||
}
|
||||
|
||||
if (!(perform & 1)) goto next;
|
||||
@ -501,7 +479,7 @@ int MAIN(int argc, char **argv)
|
||||
tm_Time_F(START);
|
||||
for (;;)
|
||||
{
|
||||
if (finishtime < (long)time(NULL)) break;
|
||||
if (finishtime < time(NULL)) break;
|
||||
#ifdef WIN32_STUFF
|
||||
|
||||
if( flushWinMsgs(0) == -1 )
|
||||
@ -516,7 +494,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (s_www_path != NULL)
|
||||
{
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
|
||||
bytes_read+=i;
|
||||
@ -552,9 +530,9 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
|
||||
|
||||
i=(int)((long)time(NULL)-finishtime+maxTime);
|
||||
i=(int)(time(NULL)-finishtime+maxTime);
|
||||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
|
||||
/* Now loop and time connections using the same session id over and over */
|
||||
|
||||
@ -571,7 +549,7 @@ next:
|
||||
|
||||
if (s_www_path != NULL)
|
||||
{
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while (SSL_read(scon,buf,sizeof(buf)) > 0)
|
||||
;
|
||||
@ -586,7 +564,7 @@ next:
|
||||
nConn = 0;
|
||||
totalTime = 0.0;
|
||||
|
||||
finishtime=(long)time(NULL)+maxTime;
|
||||
finishtime=time(NULL)+maxTime;
|
||||
|
||||
printf( "starting\n" );
|
||||
bytes_read=0;
|
||||
@ -594,7 +572,7 @@ next:
|
||||
|
||||
for (;;)
|
||||
{
|
||||
if (finishtime < (long)time(NULL)) break;
|
||||
if (finishtime < time(NULL)) break;
|
||||
|
||||
#ifdef WIN32_STUFF
|
||||
if( flushWinMsgs(0) == -1 )
|
||||
@ -609,7 +587,7 @@ next:
|
||||
|
||||
if (s_www_path)
|
||||
{
|
||||
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
|
||||
SSL_write(scon,buf,strlen(buf));
|
||||
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
|
||||
bytes_read+=i;
|
||||
@ -644,7 +622,7 @@ next:
|
||||
|
||||
|
||||
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
|
||||
|
||||
ret=0;
|
||||
end:
|
||||
@ -655,7 +633,6 @@ end:
|
||||
SSL_CTX_free(tm_ctx);
|
||||
tm_ctx=NULL;
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=sess_id_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
BIO_printf(bio_err,*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -208,7 +208,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -272,7 +272,6 @@ bad:
|
||||
end:
|
||||
if (out != NULL) BIO_free_all(out);
|
||||
if (x != NULL) SSL_SESSION_free(x);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
|
154
apps/smime.c
154
apps/smime.c
@ -1,9 +1,9 @@
|
||||
/* smime.c */
|
||||
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
|
||||
* project.
|
||||
* project 1999.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -64,9 +64,11 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG smime_main
|
||||
static X509_STORE *setup_verify(char *CAfile, char *CApath);
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
|
||||
|
||||
#define SMIME_OP 0x10
|
||||
@ -88,7 +90,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile = NULL, *outfile = NULL;
|
||||
char *signerfile = NULL, *recipfile = NULL;
|
||||
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
EVP_CIPHER *cipher = NULL;
|
||||
PKCS7 *p7 = NULL;
|
||||
X509_STORE *store = NULL;
|
||||
X509 *cert = NULL, *recip = NULL, *signer = NULL;
|
||||
@ -96,57 +98,37 @@ int MAIN(int argc, char **argv)
|
||||
STACK_OF(X509) *encerts = NULL, *other = NULL;
|
||||
BIO *in = NULL, *out = NULL, *indata = NULL;
|
||||
int badarg = 0;
|
||||
int flags = PKCS7_DETACHED, store_flags = 0;
|
||||
int flags = PKCS7_DETACHED;
|
||||
char *to = NULL, *from = NULL, *subject = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *inrand = NULL;
|
||||
int need_rand = 0;
|
||||
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
|
||||
int keyform = FORMAT_PEM;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
args = argv + 1;
|
||||
ret = 1;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
while (!badarg && *args && *args[0] == '-') {
|
||||
if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
|
||||
else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
|
||||
else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
|
||||
else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
|
||||
else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
else if (!strcmp (*args, "-des3"))
|
||||
cipher = EVP_des_ede3_cbc();
|
||||
else if (!strcmp (*args, "-des"))
|
||||
cipher = EVP_des_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
else if (!strcmp (*args, "-rc2-40"))
|
||||
cipher = EVP_rc2_40_cbc();
|
||||
else if (!strcmp (*args, "-rc2-128"))
|
||||
cipher = EVP_rc2_cbc();
|
||||
else if (!strcmp (*args, "-rc2-64"))
|
||||
cipher = EVP_rc2_64_cbc();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
else if (!strcmp(*args,"-aes128"))
|
||||
cipher = EVP_aes_128_cbc();
|
||||
else if (!strcmp(*args,"-aes192"))
|
||||
cipher = EVP_aes_192_cbc();
|
||||
else if (!strcmp(*args,"-aes256"))
|
||||
cipher = EVP_aes_256_cbc();
|
||||
#endif
|
||||
else if (!strcmp (*args, "-text"))
|
||||
flags |= PKCS7_TEXT;
|
||||
@ -168,27 +150,17 @@ int MAIN(int argc, char **argv)
|
||||
flags |= PKCS7_BINARY;
|
||||
else if (!strcmp (*args, "-nosigs"))
|
||||
flags |= PKCS7_NOSIGS;
|
||||
else if (!strcmp (*args, "-nooldmime"))
|
||||
flags |= PKCS7_NOOLDMIMETYPE;
|
||||
else if (!strcmp (*args, "-crlfeol"))
|
||||
flags |= PKCS7_CRLFEOL;
|
||||
else if (!strcmp (*args, "-crl_check"))
|
||||
store_flags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (!strcmp (*args, "-crl_check_all"))
|
||||
store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
else if (!strcmp(*args,"-rand")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
inrand = *args;
|
||||
} else badarg = 1;
|
||||
need_rand = 1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
} else if (!strcmp(*args,"-engine")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
engine = *args;
|
||||
} else badarg = 1;
|
||||
#endif
|
||||
} else if (!strcmp(*args,"-passin")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -224,11 +196,6 @@ int MAIN(int argc, char **argv)
|
||||
args++;
|
||||
keyfile = *args;
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-keyform")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
keyform = str2fmt(*args);
|
||||
} else badarg = 1;
|
||||
} else if (!strcmp (*args, "-certfile")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -300,18 +267,14 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-sign sign message\n");
|
||||
BIO_printf (bio_err, "-verify verify signed message\n");
|
||||
BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
|
||||
#ifndef OPENSSL_NO_DES
|
||||
#ifndef NO_DES
|
||||
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
|
||||
BIO_printf (bio_err, "-des encrypt with DES\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
|
||||
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
|
||||
BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_AES
|
||||
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
|
||||
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
|
||||
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
|
||||
@ -326,7 +289,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-in file input file\n");
|
||||
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
|
||||
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
|
||||
BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
|
||||
BIO_printf (bio_err, "-out file output file\n");
|
||||
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
|
||||
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
|
||||
@ -336,11 +298,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
|
||||
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
|
||||
@ -349,9 +307,23 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
@ -379,7 +351,7 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if(operation == SMIME_ENCRYPT) {
|
||||
if (!cipher) {
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
#ifndef NO_RC2
|
||||
cipher = EVP_rc2_40_cbc();
|
||||
#else
|
||||
BIO_printf(bio_err, "No cipher selected\n");
|
||||
@ -388,11 +360,8 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
encerts = sk_X509_new_null();
|
||||
while (*args) {
|
||||
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
|
||||
NULL, e, "recipient certificate file"))) {
|
||||
#if 0 /* An appropriate message is already printed */
|
||||
if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
sk_X509_push(encerts, cert);
|
||||
@ -402,32 +371,23 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(signerfile && (operation == SMIME_SIGN)) {
|
||||
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
|
||||
e, "signer certificate"))) {
|
||||
#if 0 /* An appropri message has already been printed */
|
||||
if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
|
||||
BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(certfile) {
|
||||
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
|
||||
e, "certificate file"))) {
|
||||
#if 0 /* An appropriate message has already been printed */
|
||||
if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
|
||||
BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
|
||||
#endif
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if(recipfile && (operation == SMIME_DECRYPT)) {
|
||||
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
|
||||
e, "recipient certificate file"))) {
|
||||
#if 0 /* An appropriate message has alrady been printed */
|
||||
if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
|
||||
#endif
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
@ -440,9 +400,9 @@ int MAIN(int argc, char **argv)
|
||||
} else keyfile = NULL;
|
||||
|
||||
if(keyfile) {
|
||||
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
|
||||
"signing key file");
|
||||
if (!key) {
|
||||
if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
|
||||
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
@ -463,7 +423,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -472,24 +432,16 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if(operation == SMIME_VERIFY) {
|
||||
if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
|
||||
X509_STORE_set_flags(store, store_flags);
|
||||
if(!(store = setup_verify(CAfile, CApath))) goto end;
|
||||
}
|
||||
|
||||
|
||||
ret = 3;
|
||||
|
||||
if(operation == SMIME_ENCRYPT) {
|
||||
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
|
||||
} else if(operation == SMIME_SIGN) {
|
||||
/* If detached data and SMIME output enable partial
|
||||
* signing.
|
||||
*/
|
||||
if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
|
||||
flags |= PKCS7_STREAM;
|
||||
p7 = PKCS7_sign(signer, key, other, in, flags);
|
||||
/* Don't need to rewind for partial signing */
|
||||
if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) {
|
||||
if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
|
||||
BIO_printf(bio_err, "Can't rewind input file\n");
|
||||
goto end;
|
||||
}
|
||||
@ -582,6 +534,36 @@ end:
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static X509_STORE *setup_verify(char *CAfile, char *CApath)
|
||||
{
|
||||
X509_STORE *store;
|
||||
X509_LOOKUP *lookup;
|
||||
if(!(store = X509_STORE_new())) goto end;
|
||||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
|
||||
if (lookup == NULL) goto end;
|
||||
if (CAfile) {
|
||||
if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
|
||||
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
|
||||
goto end;
|
||||
}
|
||||
} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
|
||||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL) goto end;
|
||||
if (CApath) {
|
||||
if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
|
||||
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
|
||||
goto end;
|
||||
}
|
||||
} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
|
||||
|
||||
ERR_clear_error();
|
||||
return store;
|
||||
end:
|
||||
X509_STORE_free(store);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
|
||||
{
|
||||
int i;
|
||||
|
1801
apps/speed.c
1801
apps/speed.c
File diff suppressed because it is too large
Load Diff
62
apps/spkac.c
62
apps/spkac.c
@ -69,6 +69,7 @@
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG spkac_main
|
||||
@ -83,26 +84,21 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL;
|
||||
int i,badops=0, ret = 1;
|
||||
BIO *in = NULL,*out = NULL;
|
||||
BIO *in = NULL,*out = NULL, *key = NULL;
|
||||
int verify=0,noout=0,pubkey=0;
|
||||
char *infile = NULL,*outfile = NULL,*prog;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
|
||||
char *challenge = NULL, *keyfile = NULL;
|
||||
CONF *conf = NULL;
|
||||
LHASH *conf = NULL;
|
||||
NETSCAPE_SPKI *spki = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
prog=argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
@ -143,13 +139,11 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
spksect= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout=1;
|
||||
else if (strcmp(*argv,"-pubkey") == 0)
|
||||
@ -175,9 +169,7 @@ bad:
|
||||
BIO_printf(bio_err," -noout don't print SPKAC\n");
|
||||
BIO_printf(bio_err," -pubkey output public key\n");
|
||||
BIO_printf(bio_err," -verify verify SPKAC signature\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -187,15 +179,36 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if(keyfile) {
|
||||
pkey = load_key(bio_err,
|
||||
strcmp(keyfile, "-") ? keyfile : NULL,
|
||||
FORMAT_PEM, 1, passin, e, "private key");
|
||||
if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
|
||||
else key = BIO_new_fp(stdin, BIO_NOCLOSE);
|
||||
if(!key) {
|
||||
BIO_printf(bio_err, "Error opening key file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin);
|
||||
if(!pkey) {
|
||||
BIO_printf(bio_err, "Error reading private key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
spki = NETSCAPE_SPKI_new();
|
||||
@ -208,7 +221,7 @@ bad:
|
||||
if (outfile) out = BIO_new_file(outfile, "w");
|
||||
else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -238,16 +251,15 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
conf = NCONF_new(NULL);
|
||||
i = NCONF_load_bio(conf, in, NULL);
|
||||
conf = CONF_load_bio(NULL, in, NULL);
|
||||
|
||||
if(!i) {
|
||||
if(!conf) {
|
||||
BIO_printf(bio_err, "Error parsing config file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
spkstr = NCONF_get_string(conf, spksect, spkac);
|
||||
spkstr = CONF_get_string(conf, spksect, spkac);
|
||||
|
||||
if(!spkstr) {
|
||||
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
|
||||
@ -266,7 +278,7 @@ bad:
|
||||
if (outfile) out = BIO_new_file(outfile, "w");
|
||||
else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -296,12 +308,12 @@ bad:
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
NCONF_free(conf);
|
||||
CONF_free(conf);
|
||||
NETSCAPE_SPKI_free(spki);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
BIO_free(key);
|
||||
EVP_PKEY_free(pkey);
|
||||
if(passin) OPENSSL_free(passin);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -3,18 +3,6 @@
|
||||
DSA *get_dsa512(void );
|
||||
DSA *get_dsa1024(void );
|
||||
DSA *get_dsa2048(void );
|
||||
static unsigned char dsa512_priv[] = {
|
||||
0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
|
||||
0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
|
||||
};
|
||||
static unsigned char dsa512_pub[] = {
|
||||
0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
|
||||
0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
|
||||
0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
|
||||
0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
|
||||
0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
|
||||
0xbe,0xba,0x0a,0x6b,0xc8,
|
||||
};
|
||||
static unsigned char dsa512_p[]={
|
||||
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
|
||||
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
|
||||
@ -41,34 +29,14 @@ DSA *get_dsa512()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
||||
static unsigned char dsa1024_priv[]={
|
||||
0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
|
||||
0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
|
||||
};
|
||||
static unsigned char dsa1024_pub[]={
|
||||
0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
|
||||
0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
|
||||
0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
|
||||
0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
|
||||
0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
|
||||
0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
|
||||
0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
|
||||
0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
|
||||
0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
|
||||
0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
|
||||
0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
|
||||
};
|
||||
static unsigned char dsa1024_p[]={
|
||||
0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
|
||||
0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
|
||||
@ -105,45 +73,14 @@ DSA *get_dsa1024()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
||||
static unsigned char dsa2048_priv[]={
|
||||
0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
|
||||
0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
|
||||
};
|
||||
static unsigned char dsa2048_pub[]={
|
||||
0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
|
||||
0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
|
||||
0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
|
||||
0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
|
||||
0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
|
||||
0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
|
||||
0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
|
||||
0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
|
||||
0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
|
||||
0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
|
||||
0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
|
||||
0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
|
||||
0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
|
||||
0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
|
||||
0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
|
||||
0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
|
||||
0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
|
||||
0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
|
||||
0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
|
||||
0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
|
||||
0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
|
||||
0x8b,0x33,0xb7,0xce,
|
||||
};
|
||||
static unsigned char dsa2048_p[]={
|
||||
0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
|
||||
0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
|
||||
@ -202,13 +139,10 @@ DSA *get_dsa2048()
|
||||
DSA *dsa;
|
||||
|
||||
if ((dsa=DSA_new()) == NULL) return(NULL);
|
||||
dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
|
||||
dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
|
||||
dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
|
||||
dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
|
||||
dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
|
||||
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
|
||||
(dsa->q == NULL) || (dsa->g == NULL))
|
||||
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
|
||||
return(NULL);
|
||||
return(dsa);
|
||||
}
|
||||
|
@ -65,14 +65,15 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG verify_main
|
||||
|
||||
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
|
||||
static STACK_OF(X509) *load_untrusted(char *file);
|
||||
static int v_verbose=0, vflags = 0;
|
||||
static int v_verbose=0, issuer_checks = 0;
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
@ -86,9 +87,7 @@ int MAIN(int argc, char **argv)
|
||||
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
|
||||
X509_STORE *cert_ctx=NULL;
|
||||
X509_LOOKUP *lookup=NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
cert_ctx=X509_STORE_new();
|
||||
if (cert_ctx == NULL) goto end;
|
||||
@ -102,9 +101,6 @@ int MAIN(int argc, char **argv)
|
||||
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
for (;;)
|
||||
@ -144,23 +140,15 @@ int MAIN(int argc, char **argv)
|
||||
if (argc-- < 1) goto end;
|
||||
trustfile= *(++argv);
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto end;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-help") == 0)
|
||||
goto end;
|
||||
else if (strcmp(*argv,"-ignore_critical") == 0)
|
||||
vflags |= X509_V_FLAG_IGNORE_CRITICAL;
|
||||
else if (strcmp(*argv,"-issuer_checks") == 0)
|
||||
vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK;
|
||||
else if (strcmp(*argv,"-crl_check_all") == 0)
|
||||
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
|
||||
issuer_checks=1;
|
||||
else if (strcmp(*argv,"-verbose") == 0)
|
||||
v_verbose=1;
|
||||
else if (argv[0][0] == '-')
|
||||
@ -174,9 +162,23 @@ int MAIN(int argc, char **argv)
|
||||
break;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
|
||||
if (lookup == NULL) abort();
|
||||
@ -218,18 +220,14 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
|
||||
if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
|
||||
else
|
||||
for (i=0; i<argc; i++)
|
||||
check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
|
||||
check(cert_ctx,argv[i], untrusted, trusted, purpose);
|
||||
ret=0;
|
||||
end:
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err," [-engine e]");
|
||||
#endif
|
||||
BIO_printf(bio_err," cert1 cert2 ...\n");
|
||||
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
|
||||
BIO_printf(bio_err,"recognized usages:\n");
|
||||
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
|
||||
X509_PURPOSE *ptmp;
|
||||
@ -241,19 +239,42 @@ end:
|
||||
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
|
||||
sk_X509_pop_free(untrusted, X509_free);
|
||||
sk_X509_pop_free(trusted, X509_free);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
|
||||
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
|
||||
{
|
||||
X509 *x=NULL;
|
||||
BIO *in=NULL;
|
||||
int i=0,ret=0;
|
||||
X509_STORE_CTX *csc;
|
||||
|
||||
x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
|
||||
if (x == NULL)
|
||||
in=BIO_new(BIO_s_file());
|
||||
if (in == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (file == NULL)
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,file) <= 0)
|
||||
{
|
||||
perror(file);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
x=PEM_read_bio_X509(in,NULL,NULL,NULL);
|
||||
if (x == NULL)
|
||||
{
|
||||
fprintf(stdout,"%s: unable to load certificate file\n",
|
||||
(file == NULL)?"stdin":file);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
|
||||
|
||||
csc = X509_STORE_CTX_new();
|
||||
@ -262,14 +283,11 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
X509_STORE_set_flags(ctx, vflags);
|
||||
if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
X509_STORE_CTX_init(csc,ctx,x,uchain);
|
||||
if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
|
||||
if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
|
||||
if(issuer_checks)
|
||||
X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
|
||||
i=X509_verify_cert(csc);
|
||||
X509_STORE_CTX_free(csc);
|
||||
|
||||
@ -283,6 +301,7 @@ end:
|
||||
else
|
||||
ERR_print_errors(bio_err);
|
||||
if (x != NULL) X509_free(x);
|
||||
if (in != NULL) BIO_free(in);
|
||||
|
||||
return(ret);
|
||||
}
|
||||
@ -340,8 +359,7 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
|
||||
if (!ok)
|
||||
{
|
||||
X509_NAME_oneline(
|
||||
X509_get_subject_name(ctx->current_cert),buf,
|
||||
sizeof buf);
|
||||
X509_get_subject_name(ctx->current_cert),buf,256);
|
||||
printf("%s\n",buf);
|
||||
printf("error %d at %d depth lookup:%s\n",ctx->error,
|
||||
ctx->error_depth,
|
||||
@ -357,9 +375,6 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
|
||||
if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
|
||||
if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
|
||||
if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
|
||||
if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
|
||||
if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
|
||||
if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
|
||||
}
|
||||
if (!v_verbose)
|
||||
ERR_clear_error();
|
||||
|
102
apps/version.c
102
apps/version.c
@ -55,59 +55,6 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -115,21 +62,6 @@
|
||||
#include "apps.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/crypto.h>
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
# include <openssl/md2.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
# include <openssl/rc4.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
# include <openssl/des.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
# include <openssl/idea.h>
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
# include <openssl/blowfish.h>
|
||||
#endif
|
||||
|
||||
#undef PROG
|
||||
#define PROG version_main
|
||||
@ -139,7 +71,7 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i,ret=0;
|
||||
int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
|
||||
int cflags=0,version=0,date=0,options=0,platform=0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@ -160,10 +92,8 @@ int MAIN(int argc, char **argv)
|
||||
options=1;
|
||||
else if (strcmp(argv[i],"-p") == 0)
|
||||
platform=1;
|
||||
else if (strcmp(argv[i],"-d") == 0)
|
||||
dir=1;
|
||||
else if (strcmp(argv[i],"-a") == 0)
|
||||
date=version=cflags=options=platform=dir=1;
|
||||
date=version=cflags=options=platform=1;
|
||||
else
|
||||
{
|
||||
BIO_printf(bio_err,"usage:version -[avbofp]\n");
|
||||
@ -172,45 +102,31 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if (version)
|
||||
{
|
||||
if (SSLeay() == SSLEAY_VERSION_NUMBER)
|
||||
{
|
||||
printf("%s\n",SSLeay_version(SSLEAY_VERSION));
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("%s (Library: %s)\n",
|
||||
OPENSSL_VERSION_TEXT,
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
}
|
||||
}
|
||||
if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
|
||||
if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
|
||||
if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
|
||||
if (options)
|
||||
{
|
||||
printf("options: ");
|
||||
printf("%s ",BN_options());
|
||||
#ifndef OPENSSL_NO_MD2
|
||||
#ifndef NO_MD2
|
||||
printf("%s ",MD2_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
#ifndef NO_RC4
|
||||
printf("%s ",RC4_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
printf("%s ",DES_options());
|
||||
#ifndef NO_DES
|
||||
printf("%s ",des_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_IDEA
|
||||
#ifndef NO_IDEA
|
||||
printf("%s ",idea_options());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_BF
|
||||
#ifndef NO_BF
|
||||
printf("%s ",BF_options());
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
|
||||
if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
|
||||
end:
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
@ -118,6 +118,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
|
||||
HDC hdc;
|
||||
PAINTSTRUCT ps;
|
||||
RECT rect;
|
||||
char buffer[200];
|
||||
static int seeded = 0;
|
||||
|
||||
switch (iMsg)
|
||||
|
319
apps/x509.c
319
apps/x509.c
@ -60,7 +60,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
#ifdef NO_STDIO
|
||||
#define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
@ -73,6 +73,7 @@
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG x509_main
|
||||
@ -92,9 +93,7 @@ static char *x509_usage[]={
|
||||
" -out arg - output file - default stdout\n",
|
||||
" -passin arg - private key password source\n",
|
||||
" -serial - print serial number value\n",
|
||||
" -subject_hash - print subject hash value\n",
|
||||
" -issuer_hash - print issuer hash value\n",
|
||||
" -hash - synonym for -subject_hash\n",
|
||||
" -hash - print hash value\n",
|
||||
" -subject - print subject DN\n",
|
||||
" -issuer - print issuer DN\n",
|
||||
" -email - print email address(es)\n",
|
||||
@ -107,7 +106,6 @@ static char *x509_usage[]={
|
||||
" -fingerprint - print the certificate fingerprint\n",
|
||||
" -alias - output certificate alias\n",
|
||||
" -noout - no certificate output\n",
|
||||
" -ocspid - print OCSP hash values for the subject name and public key\n",
|
||||
" -trustout - output a \"trusted\" certificate\n",
|
||||
" -clrtrust - clear all trusted purposes\n",
|
||||
" -clrreject - clear all rejected purposes\n",
|
||||
@ -125,7 +123,6 @@ static char *x509_usage[]={
|
||||
" missing, it is assumed to be in the CA file.\n",
|
||||
" -CAcreateserial - create serial number file if it does not exist\n",
|
||||
" -CAserial arg - serial file\n",
|
||||
" -set_serial - serial number to use\n",
|
||||
" -text - print the certificate in text form\n",
|
||||
" -C - print out C code forms\n",
|
||||
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
||||
@ -133,20 +130,16 @@ static char *x509_usage[]={
|
||||
" -extensions - section from config file with X509V3 extensions to add\n",
|
||||
" -clrext - delete extensions before signing and input certificate\n",
|
||||
" -nameopt arg - various certificate name options\n",
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
" -engine e - use engine e, possibly a hardware device.\n",
|
||||
#endif
|
||||
" -certopt arg - various certificate text options\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
|
||||
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
|
||||
CONF *conf, char *section);
|
||||
LHASH *conf, char *section);
|
||||
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
|
||||
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
|
||||
int create,int days, int clrext, CONF *conf, char *section,
|
||||
ASN1_INTEGER *sno);
|
||||
int create,int days, int clrext, LHASH *conf, char *section);
|
||||
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
|
||||
static int reqfile=0;
|
||||
|
||||
@ -160,7 +153,6 @@ int MAIN(int argc, char **argv)
|
||||
X509 *x=NULL,*xca=NULL;
|
||||
ASN1_OBJECT *objtmp;
|
||||
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
|
||||
ASN1_INTEGER *sno = NULL;
|
||||
int i,num,badops=0;
|
||||
BIO *out=NULL;
|
||||
BIO *STDout=NULL;
|
||||
@ -169,8 +161,7 @@ int MAIN(int argc, char **argv)
|
||||
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
|
||||
char *CAkeyfile=NULL,*CAserial=NULL;
|
||||
char *alias=NULL;
|
||||
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
|
||||
int subject_hash=0,issuer_hash=0,ocspid=0;
|
||||
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
|
||||
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
|
||||
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
|
||||
int C=0;
|
||||
@ -182,14 +173,12 @@ int MAIN(int argc, char **argv)
|
||||
int fingerprint=0;
|
||||
char buf[256];
|
||||
const EVP_MD *md_alg,*digest=EVP_md5();
|
||||
CONF *extconf = NULL;
|
||||
LHASH *extconf = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||
int need_rand = 0;
|
||||
int checkend=0,checkoffset=0;
|
||||
unsigned long nmflag = 0, certflag = 0;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
unsigned long nmflag = 0;
|
||||
char *engine=NULL;
|
||||
#endif
|
||||
|
||||
reqfile=0;
|
||||
|
||||
@ -197,11 +186,8 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
STDout = BIO_push(tmpbio, STDout);
|
||||
@ -312,12 +298,6 @@ int MAIN(int argc, char **argv)
|
||||
if (--argc < 1) goto bad;
|
||||
CAserial= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-set_serial") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-addtrust") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -350,23 +330,22 @@ int MAIN(int argc, char **argv)
|
||||
alias= *(++argv);
|
||||
trustout = 1;
|
||||
}
|
||||
else if (strcmp(*argv,"-certopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!set_cert_ex(&certflag, *(++argv))) goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-nameopt") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv,"-setalias") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
alias= *(++argv);
|
||||
trustout = 1;
|
||||
}
|
||||
else if (strcmp(*argv,"-engine") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
engine= *(++argv);
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-C") == 0)
|
||||
C= ++num;
|
||||
else if (strcmp(*argv,"-email") == 0)
|
||||
@ -381,11 +360,8 @@ int MAIN(int argc, char **argv)
|
||||
x509req= ++num;
|
||||
else if (strcmp(*argv,"-text") == 0)
|
||||
text= ++num;
|
||||
else if (strcmp(*argv,"-hash") == 0
|
||||
|| strcmp(*argv,"-subject_hash") == 0)
|
||||
subject_hash= ++num;
|
||||
else if (strcmp(*argv,"-issuer_hash") == 0)
|
||||
issuer_hash= ++num;
|
||||
else if (strcmp(*argv,"-hash") == 0)
|
||||
hash= ++num;
|
||||
else if (strcmp(*argv,"-subject") == 0)
|
||||
subject= ++num;
|
||||
else if (strcmp(*argv,"-issuer") == 0)
|
||||
@ -430,8 +406,6 @@ int MAIN(int argc, char **argv)
|
||||
clrext = 1;
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(*argv,"-ocspid") == 0)
|
||||
ocspid= ++num;
|
||||
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
|
||||
{
|
||||
/* ok */
|
||||
@ -451,13 +425,27 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
bad:
|
||||
for (pp=x509_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err,"%s",*pp);
|
||||
BIO_printf(bio_err,*pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
if (engine != NULL)
|
||||
{
|
||||
if((e = ENGINE_by_id(engine)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"invalid engine \"%s\"\n",
|
||||
engine);
|
||||
goto end;
|
||||
}
|
||||
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
|
||||
{
|
||||
BIO_printf(bio_err,"can't use that engine\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
|
||||
/* Free our "structural" reference. */
|
||||
ENGINE_free(e);
|
||||
}
|
||||
|
||||
if (need_rand)
|
||||
app_RAND_load_file(NULL, bio_err, 0);
|
||||
@ -488,8 +476,7 @@ bad:
|
||||
{
|
||||
long errorline = -1;
|
||||
X509V3_CTX ctx2;
|
||||
extconf = NCONF_new(NULL);
|
||||
if (!NCONF_load(extconf, extfile,&errorline))
|
||||
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
|
||||
{
|
||||
if (errorline <= 0)
|
||||
BIO_printf(bio_err,
|
||||
@ -501,18 +488,11 @@ bad:
|
||||
,errorline,extfile);
|
||||
goto end;
|
||||
}
|
||||
if (!extsect)
|
||||
{
|
||||
extsect = NCONF_get_string(extconf, "default", "extensions");
|
||||
if (!extsect)
|
||||
{
|
||||
ERR_clear_error();
|
||||
extsect = "default";
|
||||
}
|
||||
}
|
||||
if (!extsect && !(extsect = CONF_get_string(extconf, "default",
|
||||
"extensions"))) extsect = "default";
|
||||
X509V3_set_ctx_test(&ctx2);
|
||||
X509V3_set_nconf(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
|
||||
X509V3_set_conf_lhash(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading extension section %s\n",
|
||||
@ -596,12 +576,7 @@ bad:
|
||||
if ((x=X509_new()) == NULL) goto end;
|
||||
ci=x->cert_info;
|
||||
|
||||
if (sno)
|
||||
{
|
||||
if (!X509_set_serialNumber(x, sno))
|
||||
goto end;
|
||||
}
|
||||
else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
|
||||
if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
|
||||
if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
|
||||
if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
|
||||
|
||||
@ -613,12 +588,12 @@ bad:
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
else
|
||||
x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
|
||||
x=load_cert(bio_err,infile,informat);
|
||||
|
||||
if (x == NULL) goto end;
|
||||
if (CA_flag)
|
||||
{
|
||||
xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
|
||||
xca=load_cert(bio_err,CAfile,CAformat);
|
||||
if (xca == NULL) goto end;
|
||||
}
|
||||
|
||||
@ -636,7 +611,7 @@ bad:
|
||||
if (outfile == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
#ifdef VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
@ -712,14 +687,10 @@ bad:
|
||||
if (alstr) BIO_printf(STDout,"%s\n", alstr);
|
||||
else BIO_puts(STDout,"<No Alias>\n");
|
||||
}
|
||||
else if (subject_hash == i)
|
||||
else if (hash == i)
|
||||
{
|
||||
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
|
||||
}
|
||||
else if (issuer_hash == i)
|
||||
{
|
||||
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
|
||||
}
|
||||
else if (pprint == i)
|
||||
{
|
||||
X509_PURPOSE *ptmp;
|
||||
@ -744,12 +715,12 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(STDout,"Modulus=");
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
#ifndef NO_RSA
|
||||
if (pkey->type == EVP_PKEY_RSA)
|
||||
BN_print(STDout,pkey->pkey.rsa->n);
|
||||
else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (pkey->type == EVP_PKEY_DSA)
|
||||
BN_print(STDout,pkey->pkey.dsa->pub_key);
|
||||
else
|
||||
@ -781,11 +752,10 @@ bad:
|
||||
int y,z;
|
||||
|
||||
X509_NAME_oneline(X509_get_subject_name(x),
|
||||
buf,sizeof buf);
|
||||
buf,256);
|
||||
BIO_printf(STDout,"/* subject:%s */\n",buf);
|
||||
m=X509_NAME_oneline(
|
||||
X509_get_issuer_name(x),buf,
|
||||
sizeof buf);
|
||||
X509_get_issuer_name(x),buf,256);
|
||||
BIO_printf(STDout,"/* issuer :%s */\n",buf);
|
||||
|
||||
z=i2d_X509(x,NULL);
|
||||
@ -831,7 +801,7 @@ bad:
|
||||
}
|
||||
else if (text == i)
|
||||
{
|
||||
X509_print_ex(out,x,nmflag, certflag);
|
||||
X509_print(out,x);
|
||||
}
|
||||
else if (startdate == i)
|
||||
{
|
||||
@ -873,18 +843,13 @@ bad:
|
||||
if (Upkey == NULL)
|
||||
{
|
||||
Upkey=load_key(bio_err,
|
||||
keyfile, keyformat, 0,
|
||||
passin, e, "Private key");
|
||||
keyfile,keyformat, passin);
|
||||
if (Upkey == NULL) goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (Upkey->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
if (Upkey->type == EVP_PKEY_EC)
|
||||
digest=EVP_ecdsa();
|
||||
#endif
|
||||
|
||||
assert(need_rand);
|
||||
if (!sign(x,Upkey,days,clrext,digest,
|
||||
@ -896,24 +861,18 @@ bad:
|
||||
if (CAkeyfile != NULL)
|
||||
{
|
||||
CApkey=load_key(bio_err,
|
||||
CAkeyfile, CAkeyformat,
|
||||
0, passin, e,
|
||||
"CA Private Key");
|
||||
CAkeyfile,CAkeyformat, passin);
|
||||
if (CApkey == NULL) goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (CApkey->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
if (CApkey->type == EVP_PKEY_EC)
|
||||
digest = EVP_ecdsa();
|
||||
#endif
|
||||
|
||||
assert(need_rand);
|
||||
if (!x509_certify(ctx,CAfile,digest,x,xca,
|
||||
CApkey, CAserial,CA_createserial,days, clrext,
|
||||
extconf, extsect, sno))
|
||||
extconf, extsect))
|
||||
goto end;
|
||||
}
|
||||
else if (x509req == i)
|
||||
@ -929,21 +888,16 @@ bad:
|
||||
else
|
||||
{
|
||||
pk=load_key(bio_err,
|
||||
keyfile, FORMAT_PEM, 0,
|
||||
passin, e, "request key");
|
||||
keyfile,FORMAT_PEM, passin);
|
||||
if (pk == NULL) goto end;
|
||||
}
|
||||
|
||||
BIO_printf(bio_err,"Generating certificate request\n");
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
#ifndef NO_DSA
|
||||
if (pk->type == EVP_PKEY_DSA)
|
||||
digest=EVP_dss1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
if (pk->type == EVP_PKEY_EC)
|
||||
digest=EVP_ecdsa();
|
||||
#endif
|
||||
|
||||
rq=X509_to_X509_REQ(x,pk,digest);
|
||||
EVP_PKEY_free(pk);
|
||||
@ -959,10 +913,6 @@ bad:
|
||||
}
|
||||
noout=1;
|
||||
}
|
||||
else if (ocspid == i)
|
||||
{
|
||||
X509_ocspid_print(out, x);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1025,7 +975,7 @@ end:
|
||||
if (need_rand)
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
OBJ_cleanup();
|
||||
NCONF_free(extconf);
|
||||
CONF_free(extconf);
|
||||
BIO_free_all(out);
|
||||
BIO_free_all(STDout);
|
||||
X509_STORE_free(ctx);
|
||||
@ -1035,60 +985,22 @@ end:
|
||||
EVP_PKEY_free(Upkey);
|
||||
EVP_PKEY_free(CApkey);
|
||||
X509_REQ_free(rq);
|
||||
ASN1_INTEGER_free(sno);
|
||||
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
|
||||
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
|
||||
if (passin) OPENSSL_free(passin);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
|
||||
{
|
||||
char *buf = NULL, *p;
|
||||
ASN1_INTEGER *bs = NULL;
|
||||
BIGNUM *serial = NULL;
|
||||
size_t len;
|
||||
|
||||
len = ((serialfile == NULL)
|
||||
?(strlen(CAfile)+strlen(POSTFIX)+1)
|
||||
:(strlen(serialfile)))+1;
|
||||
buf=OPENSSL_malloc(len);
|
||||
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
|
||||
if (serialfile == NULL)
|
||||
{
|
||||
BUF_strlcpy(buf,CAfile,len);
|
||||
for (p=buf; *p; p++)
|
||||
if (*p == '.')
|
||||
{
|
||||
*p='\0';
|
||||
break;
|
||||
}
|
||||
BUF_strlcat(buf,POSTFIX,len);
|
||||
}
|
||||
else
|
||||
BUF_strlcpy(buf,serialfile,len);
|
||||
|
||||
serial = load_serial(buf, create, NULL);
|
||||
if (serial == NULL) goto end;
|
||||
|
||||
if (!BN_add_word(serial,1))
|
||||
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
|
||||
|
||||
if (!save_serial(buf, NULL, serial, &bs)) goto end;
|
||||
|
||||
end:
|
||||
if (buf) OPENSSL_free(buf);
|
||||
BN_free(serial);
|
||||
return bs;
|
||||
}
|
||||
|
||||
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
|
||||
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
|
||||
int days, int clrext, LHASH *conf, char *section)
|
||||
{
|
||||
int ret=0;
|
||||
ASN1_INTEGER *bs=NULL;
|
||||
BIO *io=NULL;
|
||||
MS_STATIC char buf2[1024];
|
||||
char *buf=NULL,*p;
|
||||
BIGNUM *serial=NULL;
|
||||
ASN1_INTEGER *bs=NULL,bs2;
|
||||
X509_STORE_CTX xsc;
|
||||
EVP_PKEY *upkey;
|
||||
|
||||
@ -1096,16 +1008,89 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
EVP_PKEY_copy_parameters(upkey,pkey);
|
||||
EVP_PKEY_free(upkey);
|
||||
|
||||
if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
|
||||
X509_STORE_CTX_init(&xsc,ctx,x,NULL);
|
||||
buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
|
||||
((serialfile == NULL)
|
||||
?(strlen(CAfile)+strlen(POSTFIX)+1)
|
||||
:(strlen(serialfile)))+1);
|
||||
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
|
||||
if (serialfile == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"Error initialising X509 store\n");
|
||||
strcpy(buf,CAfile);
|
||||
for (p=buf; *p; p++)
|
||||
if (*p == '.')
|
||||
{
|
||||
*p='\0';
|
||||
break;
|
||||
}
|
||||
strcat(buf,POSTFIX);
|
||||
}
|
||||
else
|
||||
strcpy(buf,serialfile);
|
||||
serial=BN_new();
|
||||
bs=ASN1_INTEGER_new();
|
||||
if ((serial == NULL) || (bs == NULL))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (sno) bs = sno;
|
||||
else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
|
||||
goto end;
|
||||
|
||||
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
|
||||
io=BIO_new(BIO_s_file());
|
||||
if (io == NULL)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (BIO_read_filename(io,buf) <= 0)
|
||||
{
|
||||
if (!create)
|
||||
{
|
||||
perror(buf);
|
||||
goto end;
|
||||
}
|
||||
else
|
||||
{
|
||||
ASN1_INTEGER_set(bs,1);
|
||||
BN_one(serial);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
else
|
||||
{
|
||||
serial=BN_bin2bn(bs->data,bs->length,serial);
|
||||
if (serial == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"error converting bin 2 bn");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!BN_add_word(serial,1))
|
||||
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
|
||||
bs2.data=(unsigned char *)buf2;
|
||||
bs2.length=BN_bn2bin(serial,bs2.data);
|
||||
|
||||
if (BIO_write_filename(io,buf) <= 0)
|
||||
{
|
||||
BIO_printf(bio_err,"error attempting to write serial number file\n");
|
||||
perror(buf);
|
||||
goto end;
|
||||
}
|
||||
i2a_ASN1_INTEGER(io,&bs2);
|
||||
BIO_puts(io,"\n");
|
||||
BIO_free(io);
|
||||
io=NULL;
|
||||
|
||||
/*if (!X509_STORE_add_cert(ctx,x)) goto end;*/
|
||||
|
||||
/* NOTE: this certificate can/should be self signed, unless it was
|
||||
* a certificate request in which case it is not. */
|
||||
@ -1139,8 +1124,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509V3_CTX ctx2;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
||||
X509V3_set_nconf(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
|
||||
X509V3_set_conf_lhash(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
|
||||
}
|
||||
|
||||
if (!X509_sign(x,pkey,digest)) goto end;
|
||||
@ -1149,7 +1134,10 @@ end:
|
||||
X509_STORE_CTX_cleanup(&xsc);
|
||||
if (!ret)
|
||||
ERR_print_errors(bio_err);
|
||||
if (!sno) ASN1_INTEGER_free(bs);
|
||||
if (buf != NULL) OPENSSL_free(buf);
|
||||
if (bs != NULL) ASN1_INTEGER_free(bs);
|
||||
if (io != NULL) BIO_free(io);
|
||||
if (serial != NULL) BN_free(serial);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1186,7 +1174,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
||||
|
||||
/* self sign */
|
||||
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
|
||||
CONF *conf, char *section)
|
||||
LHASH *conf, char *section)
|
||||
{
|
||||
|
||||
EVP_PKEY *pktmp;
|
||||
@ -1216,8 +1204,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
|
||||
X509V3_CTX ctx;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
|
||||
X509V3_set_conf_lhash(&ctx, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
|
||||
}
|
||||
if (!X509_sign(x,pkey,digest)) goto err;
|
||||
return 1;
|
||||
@ -1242,3 +1230,6 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
@ -58,7 +58,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/rc4.h>
|
||||
#ifdef OPENSSL_NO_DES
|
||||
#ifdef NO_DES
|
||||
#include <des.h>
|
||||
#else
|
||||
#include <openssl/des.h>
|
||||
|
@ -1,19 +0,0 @@
|
||||
issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Jan 21 16:04:53 1999 GMT
|
||||
notAfter=Jan 21 16:04:53 2004 GMT
|
||||
subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
|
||||
MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
|
||||
dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
|
||||
MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
|
||||
AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
|
||||
dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
|
||||
IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
|
||||
aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
|
||||
jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
|
||||
5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
|
||||
JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
|
||||
Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
|
||||
JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
|
||||
-----END CERTIFICATE-----
|
@ -1,19 +0,0 @@
|
||||
issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Mar 22 08:55:51 2000 GMT
|
||||
notAfter=Mar 22 08:55:51 2005 GMT
|
||||
subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
|
||||
OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
|
||||
aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
|
||||
IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
|
||||
REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
|
||||
bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
|
||||
MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
|
||||
vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
|
||||
HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
|
||||
CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
|
||||
KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
|
||||
b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
|
||||
P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
|
||||
-----END CERTIFICATE-----
|
@ -1,19 +0,0 @@
|
||||
issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
notBefore=Feb 1 09:52:17 2001 GMT
|
||||
notAfter=Jun 1 09:52:17 2005 GMT
|
||||
subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
|
||||
OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
|
||||
aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
|
||||
IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
|
||||
REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
|
||||
bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
|
||||
MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
|
||||
wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
|
||||
mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
|
||||
ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
|
||||
KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
|
||||
IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
|
||||
XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
|
||||
-----END CERTIFICATE-----
|
294
config
294
config
@ -20,31 +20,6 @@
|
||||
# Be as similar to the output of config.guess/config.sub
|
||||
# as possible.
|
||||
|
||||
PREFIX=""
|
||||
SUFFIX=""
|
||||
TEST="false"
|
||||
|
||||
# pick up any command line args to config
|
||||
for i
|
||||
do
|
||||
case "$i" in
|
||||
-d*) PREFIX="debug-";;
|
||||
-t*) TEST="true";;
|
||||
-h*) TEST="true"; cat <<EOF
|
||||
Usage: config [options]
|
||||
-d Add a debug- prefix to machine choice.
|
||||
-t Test mode, do not run the Configure perl script.
|
||||
-h This help.
|
||||
|
||||
Any other text will be passed to the Configure perl script.
|
||||
See INSTALL for instructions.
|
||||
|
||||
EOF
|
||||
;;
|
||||
*) options=$options" $i" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# First get uname entries that we use below
|
||||
|
||||
MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
|
||||
@ -74,27 +49,34 @@ if [ "x$XREL" != "x" ]; then
|
||||
echo "whatever-whatever-sco5"; exit 0
|
||||
;;
|
||||
4.2MP)
|
||||
case "x${VERSION}" in
|
||||
x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
|
||||
x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
|
||||
x2*) echo "whatever-whatever-unixware2"; exit 0 ;;
|
||||
esac
|
||||
if [ "x$VERSION" = "x2.01" ]; then
|
||||
echo "${MACHINE}-whatever-unixware201"; exit 0
|
||||
elif [ "x$VERSION" = "x2.02" ]; then
|
||||
echo "${MACHINE}-whatever-unixware202"; exit 0
|
||||
elif [ "x$VERSION" = "x2.03" ]; then
|
||||
echo "${MACHINE}-whatever-unixware203"; exit 0
|
||||
elif [ "x$VERSION" = "x2.1.1" ]; then
|
||||
echo "${MACHINE}-whatever-unixware211"; exit 0
|
||||
elif [ "x$VERSION" = "x2.1.2" ]; then
|
||||
echo "${MACHINE}-whatever-unixware212"; exit 0
|
||||
elif [ "x$VERSION" = "x2.1.3" ]; then
|
||||
echo "${MACHINE}-whatever-unixware213"; exit 0
|
||||
else
|
||||
echo "${MACHINE}-whatever-unixware2"; exit 0
|
||||
fi
|
||||
;;
|
||||
4.2)
|
||||
echo "whatever-whatever-unixware1"; exit 0
|
||||
;;
|
||||
OpenUNIX)
|
||||
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
|
||||
echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
|
||||
fi
|
||||
;;
|
||||
5)
|
||||
case "x${VERSION}" in
|
||||
# We hardcode i586 in place of ${MACHINE} for the
|
||||
# following reason. The catch is that even though Pentium
|
||||
# is minimum requirement for platforms in question,
|
||||
# ${MACHINE} gets always assigned to i386. Now, problem
|
||||
# with i386 is that it makes ./config pass 386 to
|
||||
# ./Configure, which in turn makes make generate
|
||||
# inefficient SHA-1 (for this moment) code.
|
||||
x7*) echo "i586-sco-unixware7"; exit 0 ;;
|
||||
x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
|
||||
esac
|
||||
if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
|
||||
echo "${MACHINE}-sco-unixware7"; exit 0
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
@ -133,8 +115,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
HP-UX:*)
|
||||
HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
|
||||
case "$HPUXVER" in
|
||||
1[0-9].*) # HPUX 10 and 11 targets are unified
|
||||
echo "${MACHINE}-hp-hpux1x"; exit 0
|
||||
11.*)
|
||||
echo "${MACHINE}-hp-hpux11"; exit 0
|
||||
;;
|
||||
10.*)
|
||||
echo "${MACHINE}-hp-hpux10"; exit 0
|
||||
;;
|
||||
*)
|
||||
echo "${MACHINE}-hp-hpux"; exit 0
|
||||
@ -162,10 +147,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
echo "${MACHINE}-whatever-linux1"; exit 0
|
||||
;;
|
||||
|
||||
GNU*)
|
||||
echo "hurd-x86"; exit 0;
|
||||
;;
|
||||
|
||||
LynxOS:*)
|
||||
echo "${MACHINE}-lynx-lynxos"; exit 0
|
||||
;;
|
||||
@ -189,7 +170,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
echo "${MACHINE}-whatever-bsdi"; exit 0
|
||||
;;
|
||||
|
||||
FreeBSD:*:*:*386*)
|
||||
FreeBSD:*)
|
||||
VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
|
||||
MACH=`sysctl -n hw.model`
|
||||
ARCH='whatever'
|
||||
@ -198,6 +179,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
*486* ) MACH="i486" ;;
|
||||
Pentium\ II*) MACH="i686" ;;
|
||||
Pentium* ) MACH="i586" ;;
|
||||
Alpha* ) MACH="alpha" ;;
|
||||
* ) MACH="$MACHINE" ;;
|
||||
esac
|
||||
case ${MACH} in
|
||||
@ -206,10 +188,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
|
||||
;;
|
||||
|
||||
FreeBSD:*)
|
||||
echo "${MACHINE}-whatever-freebsd"; exit 0
|
||||
;;
|
||||
|
||||
NetBSD:*:*:*386*)
|
||||
echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
|
||||
;;
|
||||
@ -265,15 +243,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
|
||||
;;
|
||||
|
||||
Darwin:*)
|
||||
case "$MACHINE" in
|
||||
Power*)
|
||||
echo "ppc-apple-darwin${VERSION}"
|
||||
;;
|
||||
*)
|
||||
echo "i386-apple-darwin${VERSION}"
|
||||
;;
|
||||
esac
|
||||
exit 0
|
||||
echo "ppc-apple-darwin"; exit 0
|
||||
;;
|
||||
|
||||
SunOS:5.*)
|
||||
@ -388,6 +358,31 @@ exit 0
|
||||
# this is where the translation occurs into SSLeay terms
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
PREFIX=""
|
||||
SUFFIX=""
|
||||
TEST="false"
|
||||
|
||||
# pick up any command line args to config
|
||||
for i
|
||||
do
|
||||
case "$i" in
|
||||
-d*) PREFIX="debug-";;
|
||||
-t*) TEST="true";;
|
||||
-h*) TEST="true"; cat <<EOF
|
||||
Usage: config [options]
|
||||
-d Add a debug- prefix to machine choice.
|
||||
-t Test mode, do not run the Configure perl script.
|
||||
-h This help.
|
||||
|
||||
Any other text will be passed to the Configure perl script.
|
||||
See INSTALL for instructions.
|
||||
|
||||
EOF
|
||||
;;
|
||||
*) options=$options" $i" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# figure out if gcc is available and if so we use it otherwise
|
||||
# we fallback to whatever cc does on the system
|
||||
GCCVER=`(gcc -dumpversion) 2>/dev/null`
|
||||
@ -410,24 +405,14 @@ if [ "$SYSTEM" = "HP-UX" ];then
|
||||
GCC_BITS="32"
|
||||
if [ $GCCVER -ge 30 ]; then
|
||||
# PA64 support only came in with gcc 3.0.x.
|
||||
# We check if the preprocessor symbol __LP64__ is defined...
|
||||
if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
|
||||
: # __LP64__ has slipped through, it therefore is not defined
|
||||
else
|
||||
# We look for the preprocessor symbol __LP64__ indicating
|
||||
# 64bit bit long and pointer. sizeof(int) == 32 on HPUX64.
|
||||
if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
|
||||
GCC_BITS="64"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ "$SYSTEM" = "SunOS" ]; then
|
||||
if [ $GCCVER -ge 30 ]; then
|
||||
# 64-bit ABI isn't officially supported in gcc 3.0, but it appears
|
||||
# to be working, at the very least 'make test' passes...
|
||||
if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
|
||||
GCC_ARCH="-m64"
|
||||
else
|
||||
GCC_ARCH="-m32"
|
||||
fi
|
||||
fi
|
||||
# check for WorkShop C, expected output is "cc: blah-blah C x.x"
|
||||
CCVER=`(cc -V 2>&1) 2>/dev/null | \
|
||||
egrep -e '^cc: .* C [0-9]\.[0-9]' | \
|
||||
@ -458,10 +443,7 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
|
||||
(cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
|
||||
fi
|
||||
|
||||
GCCVER=${GCCVER:-0}
|
||||
CCVER=${CCVER:-0}
|
||||
|
||||
# read the output of the embedded GuessOS
|
||||
@ -474,7 +456,7 @@ echo Operating system: $GUESSOS
|
||||
# more time that I want to waste at the moment
|
||||
case "$GUESSOS" in
|
||||
mips2-sgi-irix)
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=${CPU:-0}
|
||||
if [ $CPU -ge 4000 ]; then
|
||||
options="$options -mips2"
|
||||
@ -482,7 +464,7 @@ case "$GUESSOS" in
|
||||
OUT="irix-$CC"
|
||||
;;
|
||||
mips3-sgi-irix)
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=${CPU:-0}
|
||||
if [ $CPU -ge 5000 ]; then
|
||||
options="$options -mips4"
|
||||
@ -494,11 +476,10 @@ case "$GUESSOS" in
|
||||
mips4-sgi-irix64)
|
||||
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure irix64-mips4-$CC' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
# Do not stop if /dev/tty is unavailable
|
||||
(read waste < /dev/tty) || true
|
||||
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
|
||||
CPU=${CPU:-0}
|
||||
if [ $CPU -ge 5000 ]; then
|
||||
options="$options -mips4"
|
||||
@ -545,16 +526,15 @@ EOF
|
||||
m68k-*-linux*) OUT="linux-m68k" ;;
|
||||
ia64-*-linux?) OUT="linux-ia64" ;;
|
||||
ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
|
||||
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
|
||||
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
|
||||
ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
|
||||
sparc64-*-linux2)
|
||||
echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
|
||||
echo " and wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure linux64-sparcv9' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
#Before we can uncomment following lines we have to wait at least
|
||||
#till 64-bit glibc for SPARC is operational:-(
|
||||
#echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
#echo " invoke './Configure linux64-sparcv9' *manually*."
|
||||
#echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
# Do not stop if /dev/tty is unavailable
|
||||
#(read waste < /dev/tty) || true
|
||||
OUT="linux-sparcv9" ;;
|
||||
sparc-*-linux2)
|
||||
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
|
||||
@ -587,78 +567,32 @@ EOF
|
||||
arm*-*-linux2) OUT="linux-elf-arm" ;;
|
||||
s390-*-linux2) OUT="linux-s390" ;;
|
||||
s390x-*-linux?) OUT="linux-s390x" ;;
|
||||
x86_64-*-linux?) OUT="linux-x86_64" ;;
|
||||
*-*-linux2) OUT="linux-elf"
|
||||
if [ "$GCCVER" -gt 28 ]; then
|
||||
if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-pentium"
|
||||
fi
|
||||
if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-ppro"
|
||||
fi
|
||||
if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
|
||||
OUT="linux-k6"
|
||||
fi
|
||||
fi ;;
|
||||
*-*-linux2) OUT="linux-elf" ;;
|
||||
*-*-linux1) OUT="linux-aout" ;;
|
||||
sun4u*-*-solaris2)
|
||||
OUT="solaris-sparcv9-$CC"
|
||||
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
|
||||
if [ "$ISA64" != "" ]; then
|
||||
if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
||||
if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
|
||||
echo "WARNING! If you wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
echo " Type return if you want to continue, Ctrl-C to abort."
|
||||
# Do not stop if /dev/tty is unavailable
|
||||
(read waste < /dev/tty) || true
|
||||
fi
|
||||
elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
|
||||
# $GCC_ARCH denotes default ABI chosen by compiler driver
|
||||
# (first one found on the $PATH). I assume that user
|
||||
# expects certain consistency with the rest of his builds
|
||||
# and therefore switch over to 64-bit. <appro>
|
||||
OUT="solaris64-sparcv9-gcc"
|
||||
echo "WARNING! If you wish to build 32-bit library, then you have to"
|
||||
echo " invoke './Configure solaris-sparcv9-gcc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
elif [ "$GCC_ARCH" = "-m32" ]; then
|
||||
echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
|
||||
echo " and wish to build 64-bit library, then you have to"
|
||||
echo " invoke './Configure solaris64-sparcv9-gcc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
OUT="solaris-sparcv9-$CC" ;;
|
||||
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||
sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
|
||||
sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
|
||||
*86*-*-solaris2) OUT="solaris-x86-$CC" ;;
|
||||
*-*-sunos4) OUT="sunos-$CC" ;;
|
||||
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
|
||||
sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
|
||||
ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
|
||||
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
|
||||
*-freebsd[1-2]*) OUT="FreeBSD" ;;
|
||||
*86*-*-netbsd) OUT="NetBSD-x86" ;;
|
||||
sun3*-*-netbsd) OUT="NetBSD-m68" ;;
|
||||
*-*-netbsd) OUT="NetBSD-sparc" ;;
|
||||
*86*-*-openbsd) OUT="OpenBSD-x86" ;;
|
||||
alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
|
||||
*86*-*-openbsd) OUT="OpenBSD-i386" ;;
|
||||
m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
|
||||
m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
|
||||
mips*-*-openbsd) OUT="OpenBSD-mips" ;;
|
||||
pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
|
||||
powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
|
||||
sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
|
||||
sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
|
||||
vax*-*-openbsd) OUT="OpenBSD-vax" ;;
|
||||
hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
|
||||
*-*-openbsd) OUT="OpenBSD" ;;
|
||||
*86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
|
||||
*-*-osf) OUT="alphaold-cc" ;;
|
||||
@ -693,39 +627,6 @@ EOF
|
||||
else
|
||||
OUT="hpux-parisc-$CC"
|
||||
fi
|
||||
KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
|
||||
KERNEL_BITS=${KERNEL_BITS:-32}
|
||||
CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
|
||||
CPU_VERSION=${CPU_VERSION:-0}
|
||||
# See <sys/unistd.h> for further info on CPU_VERSION.
|
||||
if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
|
||||
echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
|
||||
echo " If you wish to build 32-bit library, the you have to"
|
||||
echo " invoke './Configure hpux-ia64-cc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
OUT="hpux64-ia64-cc"
|
||||
elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU
|
||||
if [ "$CC" = "cc" ]; then
|
||||
OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
|
||||
fi
|
||||
if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
|
||||
echo "WARNING! If you wish to build 64-bit library then you have to"
|
||||
echo " invoke './Configure hpux64-parisc2-cc' *manually*."
|
||||
if [ "$TEST" = "false" ]; then
|
||||
echo " You have about 5 seconds to press Ctrl-C to abort."
|
||||
(stty -icanon min 0 time 50; read waste) < /dev/tty
|
||||
fi
|
||||
fi
|
||||
elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
|
||||
:
|
||||
elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
|
||||
:
|
||||
else # Motorola(?) CPU
|
||||
OUT="hpux-$CC"
|
||||
fi
|
||||
options="$options -D_REENTRANT" ;;
|
||||
*-hpux) OUT="hpux-parisc-$CC" ;;
|
||||
# these are all covered by the catchall below
|
||||
@ -752,6 +653,16 @@ esac
|
||||
# options="$options -DATALLA"
|
||||
#fi
|
||||
|
||||
#get some basic shared lib support (behnke@trustcenter.de)
|
||||
case "$OUT" in
|
||||
solaris-*-gcc)
|
||||
if [ "$SHARED" = "true" ]
|
||||
then
|
||||
options="$options -DPIC -fPIC"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# gcc < 2.8 does not support -mcpu=ultrasparc
|
||||
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
|
||||
then
|
||||
@ -771,7 +682,7 @@ case "$GUESSOS" in
|
||||
i386-*) options="$options 386" ;;
|
||||
esac
|
||||
|
||||
for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
|
||||
for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
|
||||
do
|
||||
if [ ! -d crypto/$i ]
|
||||
then
|
||||
@ -779,27 +690,6 @@ do
|
||||
fi
|
||||
done
|
||||
|
||||
# Discover Kerberos 5 (since it's still a prototype, we don't
|
||||
# do any guesses yet, that's why this section is commented away.
|
||||
#if [ -d /usr/kerberos ]; then
|
||||
# krb5_dir=/usr/kerberos
|
||||
# if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
|
||||
# -a \( -f $krb5_dir/include/krb5.h \) ]; then
|
||||
# options="$options --with-krb5-flavor=MIT"
|
||||
# fi
|
||||
#elif [ -d /usr/heimdal ]; then
|
||||
# krb5_dir=/usr/heimdal
|
||||
# if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
|
||||
# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
|
||||
# -a \( -f $krb5_dir/include/krb5.h \) ]; then
|
||||
# options="$options --with-krb5-flavor=Heimdal"
|
||||
# fi
|
||||
#fi
|
||||
|
||||
if [ -z "$OUT" ]; then
|
||||
OUT="$CC"
|
||||
fi
|
||||
|
@ -5,15 +5,14 @@
|
||||
DIR= crypto
|
||||
TOP= ..
|
||||
CC= cc
|
||||
INCLUDE= -I. -I$(TOP) -I../include
|
||||
INCLUDE= -I. -I../include
|
||||
INCLUDES= -I.. -I../.. -I../../include
|
||||
CFLAG= -g
|
||||
INSTALL_PREFIX=
|
||||
OPENSSLDIR= /usr/local/ssl
|
||||
INSTALLTOP= /usr/local/ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
MAKEDEPPROG= makedepend
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP)
|
||||
MAKEFILE= Makefile.ssl
|
||||
RM= rm -f
|
||||
AR= ar r
|
||||
@ -26,33 +25,29 @@ CFLAGS= $(INCLUDE) $(CFLAG)
|
||||
|
||||
LIBS=
|
||||
|
||||
SDIRS= objects \
|
||||
md2 md4 md5 sha mdc2 hmac ripemd \
|
||||
SDIRS= md2 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn ec rsa dsa ecdsa ecdh dh dso engine aes \
|
||||
buffer bio stack lhash rand err \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
|
||||
store
|
||||
bn rsa dsa dh dso engine \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
|
||||
|
||||
GENERAL=Makefile README crypto-lib.com install.com
|
||||
|
||||
LIB= $(TOP)/libcrypto.a
|
||||
SHARED_LIB= libcrypto$(SHLIB_EXT)
|
||||
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c
|
||||
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o
|
||||
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
|
||||
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
|
||||
ossl_typ.h
|
||||
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER)
|
||||
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
|
||||
HEADER= cryptlib.h buildinf.h md32_common.h $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
@(cd ..; $(MAKE) DIRS=$(DIR) all)
|
||||
|
||||
all: shared
|
||||
all: buildinf.h lib subdirs
|
||||
|
||||
buildinf.h: ../Makefile.ssl
|
||||
( echo "#ifndef MK1MF_BUILD"; \
|
||||
@ -78,42 +73,38 @@ files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making 'files' in crypto/$$i..." && \
|
||||
(cd $$i; echo "making 'files' in crypto/$$i..."; \
|
||||
$(MAKE) PERL='${PERL}' files ); \
|
||||
done;
|
||||
|
||||
links:
|
||||
@sh $(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
|
||||
@sh $(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@for i in $(SDIRS); do \
|
||||
(cd $$i && echo "making links in crypto/$$i..." && \
|
||||
(cd $$i; echo "making links in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
|
||||
done;
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@echo You may get an error following this line. Please ignore.
|
||||
- $(RANLIB) $(LIB)
|
||||
@touch lib
|
||||
|
||||
shared: buildinf.h lib subdirs
|
||||
if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
(cd ..; $(MAKE) $(SHARED_LIB)); \
|
||||
fi
|
||||
|
||||
libs:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making libs in crypto/$$i..." && \
|
||||
(cd $$i; echo "making libs in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
|
||||
done;
|
||||
|
||||
tests:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making tests in crypto/$$i..." && \
|
||||
(cd $$i; echo "making tests in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
|
||||
done;
|
||||
|
||||
@ -125,32 +116,32 @@ install:
|
||||
done;
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making install in crypto/$$i..." && \
|
||||
(cd $$i; echo "making install in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
|
||||
done;
|
||||
|
||||
lint:
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making lint in crypto/$$i..." && \
|
||||
(cd $$i; echo "making lint in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
|
||||
done;
|
||||
|
||||
depend:
|
||||
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making depend in crypto/$$i..." && \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
|
||||
(cd $$i; echo "making depend in crypto/$$i..."; \
|
||||
$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
|
||||
done;
|
||||
|
||||
clean:
|
||||
rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making clean in crypto/$$i..." && \
|
||||
(cd $$i; echo "making clean in crypto/$$i..."; \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
|
||||
done;
|
||||
|
||||
@ -159,64 +150,55 @@ dclean:
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
@for i in $(SDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making dclean in crypto/$$i..." && \
|
||||
(cd $$i; echo "making dclean in crypto/$$i..."; \
|
||||
$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
|
||||
done;
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
|
||||
cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
|
||||
cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
|
||||
cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
|
||||
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
|
||||
cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
|
||||
cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
|
||||
cryptlib.o: ../include/openssl/symhacks.h cryptlib.h
|
||||
cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
|
||||
ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
|
||||
cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h
|
||||
ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
|
||||
ex_data.o: ../include/openssl/symhacks.h cryptlib.h
|
||||
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
|
||||
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem.o: ../include/openssl/symhacks.h cryptlib.h
|
||||
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
|
||||
mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
|
||||
mem_clr.o: ../include/openssl/symhacks.h
|
||||
mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
|
||||
o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
|
||||
o_str.o: o_str.h
|
||||
o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
|
||||
o_time.o: o_time.h
|
||||
mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h
|
||||
tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
|
||||
tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
|
||||
tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
|
||||
tmdiff.o: tmdiff.c
|
||||
uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
|
||||
uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
|
||||
uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
|
||||
uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
uid.o: ../include/openssl/symhacks.h uid.c
|
||||
uid.o: ../include/openssl/symhacks.h
|
||||
|
@ -1,103 +0,0 @@
|
||||
#
|
||||
# crypto/aes/Makefile
|
||||
#
|
||||
|
||||
DIR= aes
|
||||
TOP= ../..
|
||||
CC= cc
|
||||
CPP= $(CC) -E
|
||||
INCLUDES=
|
||||
CFLAG=-g
|
||||
INSTALL_PREFIX=
|
||||
OPENSSLDIR= /usr/local/ssl
|
||||
INSTALLTOP= /usr/local/ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
MAKEDEPPROG= makedepend
|
||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||
MAKEFILE= Makefile.ssl
|
||||
AR= ar r
|
||||
|
||||
# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
#TEST=aestest.c
|
||||
TEST=
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
|
||||
LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= aes.h
|
||||
HEADER= aes_locl.h $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
|
||||
|
||||
all: lib
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
$(LIBOBJ): $(LIBSRC)
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
|
||||
|
||||
links:
|
||||
@sh $(TOP)/util/point.sh Makefile.ssl Makefile
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install: installs
|
||||
|
||||
installs:
|
||||
@for i in $(EXHEADER) ; \
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
|
||||
tests:
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
depend:
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
|
||||
clean:
|
||||
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
|
||||
aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
|
||||
aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
|
||||
aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
|
||||
aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
|
||||
aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_misc.o: ../../include/openssl/opensslconf.h
|
||||
aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
|
||||
aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
|
||||
aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
|
@ -1,3 +0,0 @@
|
||||
This is an OpenSSL-compatible version of AES (also called Rijndael).
|
||||
aes_core.c is basically the same as rijndael-alg-fst.c but with an
|
||||
API that looks like the rest of the OpenSSL symmetric cipher suite.
|
114
crypto/aes/aes.h
114
crypto/aes/aes.h
@ -1,114 +0,0 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_AES_H
|
||||
#define HEADER_AES_H
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#ifdef OPENSSL_NO_AES
|
||||
#error AES is disabled.
|
||||
#endif
|
||||
|
||||
#define AES_ENCRYPT 1
|
||||
#define AES_DECRYPT 0
|
||||
|
||||
/* Because array size can't be a const in C, the following two are macros.
|
||||
Both sizes are in bytes. */
|
||||
#define AES_MAXNR 14
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* This should be a hidden type, but EVP requires that the size be known */
|
||||
struct aes_key_st {
|
||||
unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
int rounds;
|
||||
};
|
||||
typedef struct aes_key_st AES_KEY;
|
||||
|
||||
const char *AES_options(void);
|
||||
|
||||
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key);
|
||||
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key);
|
||||
|
||||
void AES_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key);
|
||||
void AES_decrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key, const int enc);
|
||||
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc);
|
||||
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num, const int enc);
|
||||
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num);
|
||||
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char ivec[AES_BLOCK_SIZE],
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !HEADER_AES_H */
|
@ -1,111 +0,0 @@
|
||||
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, const int enc) {
|
||||
|
||||
unsigned long n;
|
||||
unsigned long len = length;
|
||||
unsigned char tmp[AES_BLOCK_SIZE];
|
||||
|
||||
assert(in && out && key && ivec);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
|
||||
if (AES_ENCRYPT == enc) {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
for(n=0; n < AES_BLOCK_SIZE; ++n)
|
||||
tmp[n] = in[n] ^ ivec[n];
|
||||
AES_encrypt(tmp, out, key);
|
||||
memcpy(ivec, out, AES_BLOCK_SIZE);
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (len) {
|
||||
for(n=0; n < len; ++n)
|
||||
tmp[n] = in[n] ^ ivec[n];
|
||||
for(n=len; n < AES_BLOCK_SIZE; ++n)
|
||||
tmp[n] = ivec[n];
|
||||
AES_encrypt(tmp, tmp, key);
|
||||
memcpy(out, tmp, AES_BLOCK_SIZE);
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
} else {
|
||||
while (len >= AES_BLOCK_SIZE) {
|
||||
memcpy(tmp, in, AES_BLOCK_SIZE);
|
||||
AES_decrypt(in, out, key);
|
||||
for(n=0; n < AES_BLOCK_SIZE; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
len -= AES_BLOCK_SIZE;
|
||||
in += AES_BLOCK_SIZE;
|
||||
out += AES_BLOCK_SIZE;
|
||||
}
|
||||
if (len) {
|
||||
memcpy(tmp, in, AES_BLOCK_SIZE);
|
||||
AES_decrypt(tmp, tmp, key);
|
||||
for(n=0; n < len; ++n)
|
||||
out[n] = tmp[n] ^ ivec[n];
|
||||
memcpy(ivec, tmp, AES_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
}
|
@ -1,157 +0,0 @@
|
||||
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
/* The input and output encrypted as though 128bit cfb mode is being
|
||||
* used. The extra state information to record how much of the
|
||||
* 128bit block we have used is contained in *num;
|
||||
*/
|
||||
|
||||
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char *ivec, int *num, const int enc) {
|
||||
|
||||
unsigned int n;
|
||||
unsigned long l = length;
|
||||
unsigned char c;
|
||||
|
||||
assert(in && out && key && ivec && num);
|
||||
|
||||
n = *num;
|
||||
|
||||
if (enc) {
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ivec, key);
|
||||
}
|
||||
ivec[n] = *(out++) = *(in++) ^ ivec[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
} else {
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ivec, key);
|
||||
}
|
||||
c = *(in);
|
||||
*(out++) = *(in++) ^ ivec[n];
|
||||
ivec[n] = c;
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
}
|
||||
|
||||
*num=n;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,139 +0,0 @@
|
||||
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
|
||||
* is endian-neutral. */
|
||||
|
||||
/* increment counter (128-bit int) by 1 */
|
||||
static void AES_ctr128_inc(unsigned char *counter) {
|
||||
unsigned long c;
|
||||
|
||||
/* Grab bottom dword of counter and increment */
|
||||
c = GETU32(counter + 12);
|
||||
c++;
|
||||
PUTU32(counter + 12, c);
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab 1st dword of counter and increment */
|
||||
c = GETU32(counter + 8);
|
||||
c++;
|
||||
PUTU32(counter + 8, c);
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab 2nd dword of counter and increment */
|
||||
c = GETU32(counter + 4);
|
||||
c++;
|
||||
PUTU32(counter + 4, c);
|
||||
|
||||
/* if no overflow, we're done */
|
||||
if (c)
|
||||
return;
|
||||
|
||||
/* Grab top dword of counter and increment */
|
||||
c = GETU32(counter + 0);
|
||||
c++;
|
||||
PUTU32(counter + 0, c);
|
||||
}
|
||||
|
||||
/* The input encrypted as though 128bit counter mode is being
|
||||
* used. The extra state information to record how much of the
|
||||
* 128bit block we have used is contained in *num, and the
|
||||
* encrypted counter is kept in ecount_buf. Both *num and
|
||||
* ecount_buf must be initialised with zeros before the first
|
||||
* call to AES_ctr128_encrypt().
|
||||
*
|
||||
* This algorithm assumes that the counter is in the x lower bits
|
||||
* of the IV (ivec), and that the application has full control over
|
||||
* overflow and the rest of the IV. This implementation takes NO
|
||||
* responsability for checking that the counter doesn't overflow
|
||||
* into the rest of the IV when incremented.
|
||||
*/
|
||||
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const unsigned long length, const AES_KEY *key,
|
||||
unsigned char ivec[AES_BLOCK_SIZE],
|
||||
unsigned char ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num) {
|
||||
|
||||
unsigned int n;
|
||||
unsigned long l=length;
|
||||
|
||||
assert(in && out && key && counter && num);
|
||||
assert(*num < AES_BLOCK_SIZE);
|
||||
|
||||
n = *num;
|
||||
|
||||
while (l--) {
|
||||
if (n == 0) {
|
||||
AES_encrypt(ivec, ecount_buf, key);
|
||||
AES_ctr128_inc(ivec);
|
||||
}
|
||||
*(out++) = *(in++) ^ ecount_buf[n];
|
||||
n = (n+1) % AES_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
*num=n;
|
||||
}
|
@ -1,73 +0,0 @@
|
||||
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef AES_DEBUG
|
||||
# ifndef NDEBUG
|
||||
# define NDEBUG
|
||||
# endif
|
||||
#endif
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key, const int enc) {
|
||||
|
||||
assert(in && out && key);
|
||||
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
|
||||
|
||||
if (AES_ENCRYPT == enc)
|
||||
AES_encrypt(in, out, key);
|
||||
else
|
||||
AES_decrypt(in, out, key);
|
||||
}
|
||||
|
@ -1,85 +0,0 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_AES_LOCL_H
|
||||
#define HEADER_AES_LOCL_H
|
||||
|
||||
#include <openssl/e_os2.h>
|
||||
|
||||
#ifdef OPENSSL_NO_AES
|
||||
#error AES is disabled.
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
|
||||
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
|
||||
# define GETU32(p) SWAP(*((u32 *)(p)))
|
||||
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
|
||||
#else
|
||||
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
|
||||
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
|
||||
#endif
|
||||
|
||||
typedef unsigned long u32;
|
||||
typedef unsigned short u16;
|
||||
typedef unsigned char u8;
|
||||
|
||||
#define MAXKC (256/32)
|
||||
#define MAXKB (256/8)
|
||||
#define MAXNR 14
|
||||
|
||||
/* This controls loop-unrolling in aes_core.c */
|
||||
#undef FULL_UNROLL
|
||||
|
||||
#endif /* !HEADER_AES_LOCL_H */
|
@ -1,64 +0,0 @@
|
||||
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_locl.h"
|
||||
|
||||
const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
|
||||
|
||||
const char *AES_options(void) {
|
||||
#ifdef FULL_UNROLL
|
||||
return "aes(full)";
|
||||
#else
|
||||
return "aes(partial)";
|
||||
#endif
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user