mirror of https://github.com/lukechilds/node.git
Ryan Dahl
14 years ago
1579 changed files with 458639 additions and 14 deletions
@ -0,0 +1,48 @@ |
|||
Name: openssl |
|||
URL: http://openssl.org/source/ |
|||
Version: 0.9.8o |
|||
License: BSDish |
|||
License File: openssl/LICENSE |
|||
|
|||
Description: |
|||
This is OpenSSL, the standard SSL/TLS library, which is used only for testing. |
|||
It's an unmodified, upstream source except for the patches listed below. |
|||
|
|||
|
|||
Patches are applied in this order: |
|||
|
|||
missing_stddef.patch |
|||
|
|||
Add stddef.h to header files which use size_t, otherwise apps that include |
|||
those headers get compiler errors. |
|||
|
|||
|
|||
handshake_cutthrough.patch |
|||
|
|||
Enables SSL3+ clients to send application data immediately following the |
|||
Finished message even when negotiating full-handshakes. With this patch, |
|||
clients can negotiate SSL connections in 1-RTT even when performing |
|||
full-handshakes. |
|||
|
|||
|
|||
next_proto_neg.patch |
|||
|
|||
Adds next-protocol-negotation support: |
|||
http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00 |
|||
|
|||
EXPERIMENTAL: this patches uses extension and handshake numbers that are not |
|||
assigned by IANA. |
|||
|
|||
This patch implements server and client side support. Additionally, it includes |
|||
code that assumes the structure of the 'opaque' protocol strings in the draft. |
|||
|
|||
|
|||
snap_start.patch |
|||
|
|||
Adds server-side support for Snap Start. This allows for 0-RTT handshakes in |
|||
the case that the application protocol involves the client side speaking first. |
|||
|
|||
http://tools.ietf.org/html/draft-agl-tls-snapstart-00 |
|||
|
|||
EXPERIMENTAL: this patches uses an extension number that is not assigned by |
|||
IANA. |
@ -0,0 +1,7 @@ |
|||
/* crypto/Makefile usually creates the file at build time. Since we don't care
|
|||
* about the build timestamp we fill in placeholder values. */ |
|||
#ifndef MK1MF_BUILD |
|||
#define CFLAGS "-C flags not included-" |
|||
#define PLATFORM "google" |
|||
#define DATE "Sun Jan 1 00:00:00 GMT 1970" |
|||
#endif |
@ -0,0 +1,278 @@ |
|||
/* opensslconf.h */ |
|||
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ |
|||
|
|||
/* OpenSSL was configured with the following options: */ |
|||
#ifndef OPENSSL_DOING_MAKEDEPEND |
|||
|
|||
|
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
# define OPENSSL_NO_CAMELLIA |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAPIENG |
|||
# define OPENSSL_NO_CAPIENG |
|||
#endif |
|||
#ifndef OPENSSL_NO_CMS |
|||
# define OPENSSL_NO_CMS |
|||
#endif |
|||
#ifndef OPENSSL_NO_FIPS |
|||
# define OPENSSL_NO_FIPS |
|||
#endif |
|||
#ifndef OPENSSL_NO_GMP |
|||
# define OPENSSL_NO_GMP |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
# define OPENSSL_NO_IDEA |
|||
#endif |
|||
#ifndef OPENSSL_NO_JPAKE |
|||
# define OPENSSL_NO_JPAKE |
|||
#endif |
|||
#ifndef OPENSSL_NO_KRB5 |
|||
# define OPENSSL_NO_KRB5 |
|||
#endif |
|||
#ifndef OPENSSL_NO_MDC2 |
|||
# define OPENSSL_NO_MDC2 |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
# define OPENSSL_NO_RC5 |
|||
#endif |
|||
#ifndef OPENSSL_NO_RFC3779 |
|||
# define OPENSSL_NO_RFC3779 |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
# define OPENSSL_NO_SEED |
|||
#endif |
|||
#ifndef OPENSSL_NO_ASM |
|||
# define OPENSSL_NO_ASM |
|||
#endif |
|||
|
|||
#endif /* OPENSSL_DOING_MAKEDEPEND */ |
|||
|
|||
#ifndef OPENSSL_THREADS |
|||
# define OPENSSL_THREADS |
|||
#endif |
|||
#ifndef OPENSSL_NO_DYNAMIC_ENGINE |
|||
# define OPENSSL_NO_DYNAMIC_ENGINE |
|||
#endif |
|||
|
|||
/* The OPENSSL_NO_* macros are also defined as NO_* if the application
|
|||
asks for it. This is a transient feature that is provided for those |
|||
who haven't had the time to do the appropriate changes in their |
|||
applications. */ |
|||
#ifdef OPENSSL_ALGORITHM_DEFINES |
|||
# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) |
|||
# define NO_CAMELLIA |
|||
# endif |
|||
# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) |
|||
# define NO_CAPIENG |
|||
# endif |
|||
# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) |
|||
# define NO_CMS |
|||
# endif |
|||
# if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS) |
|||
# define NO_FIPS |
|||
# endif |
|||
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) |
|||
# define NO_GMP |
|||
# endif |
|||
# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA) |
|||
# define NO_IDEA |
|||
# endif |
|||
# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) |
|||
# define NO_JPAKE |
|||
# endif |
|||
# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) |
|||
# define NO_KRB5 |
|||
# endif |
|||
# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) |
|||
# define NO_MDC2 |
|||
# endif |
|||
# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) |
|||
# define NO_RC5 |
|||
# endif |
|||
# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) |
|||
# define NO_RFC3779 |
|||
# endif |
|||
# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) |
|||
# define NO_SEED |
|||
# endif |
|||
#endif |
|||
|
|||
#define OPENSSL_CPUID_OBJ |
|||
|
|||
/* crypto/opensslconf.h.in */ |
|||
|
|||
#ifdef OPENSSL_DOING_MAKEDEPEND |
|||
|
|||
/* Include any symbols here that have to be explicitly set to enable a feature
|
|||
* that should be visible to makedepend. |
|||
* |
|||
* [Our "make depend" doesn't actually look at this, we use actual build settings |
|||
* instead; we want to make it easy to remove subdirectories with disabled algorithms.] |
|||
*/ |
|||
|
|||
#ifndef OPENSSL_FIPS |
|||
#define OPENSSL_FIPS |
|||
#endif |
|||
|
|||
#endif |
|||
|
|||
/* Generate 80386 code? */ |
|||
#undef I386_ONLY |
|||
|
|||
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ |
|||
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) |
|||
#define ENGINESDIR "/usr/local/ssl/lib/engines" |
|||
#define OPENSSLDIR "/usr/local/ssl" |
|||
#endif |
|||
#endif |
|||
|
|||
#undef OPENSSL_UNISTD |
|||
#define OPENSSL_UNISTD <unistd.h> |
|||
#if !defined(SWIG) |
|||
#include <unistd.h> |
|||
#endif |
|||
|
|||
#undef OPENSSL_EXPORT_VAR_AS_FUNCTION |
|||
|
|||
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) |
|||
#define IDEA_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_MD2_H) && !defined(MD2_INT) |
|||
#define MD2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC2_H) && !defined(RC2_INT) |
|||
/* I need to put in a mod for the alpha - eay */ |
|||
#define RC2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_H) |
|||
#if !defined(RC4_INT) |
|||
/* using int types make the structure larger but make the code faster
|
|||
* on most boxes I have tested - up to %20 faster. */ |
|||
/*
|
|||
* I don't know what does "most" mean, but declaring "int" is a must on: |
|||
* - Intel P6 because partial register stalls are very expensive; |
|||
* - elder Alpha because it lacks byte load/store instructions; |
|||
*/ |
|||
#define RC4_INT unsigned int |
|||
#endif |
|||
#if !defined(RC4_CHUNK) |
|||
/*
|
|||
* This enables code handling data aligned at natural CPU word |
|||
* boundary. See crypto/rc4/rc4_enc.c for further details. |
|||
*/ |
|||
#define RC4_CHUNK unsigned long |
|||
#endif |
|||
#endif |
|||
|
|||
#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) |
|||
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
|
|||
* %20 speed up (longs are 8 bytes, int's are 4). */ |
|||
#ifndef DES_LONG |
|||
#define DES_LONG unsigned int |
|||
#endif |
|||
#endif |
|||
|
|||
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) |
|||
#define CONFIG_HEADER_BN_H |
|||
#undef BN_LLONG |
|||
|
|||
/* Should we define BN_DIV2W here? */ |
|||
|
|||
/* Only one for the following should be defined */ |
|||
/* The prime number generation stuff may not work when
|
|||
* EIGHT_BIT but I don't care since I've only used this mode |
|||
* for debuging the bignum libraries */ |
|||
#define SIXTY_FOUR_BIT_LONG |
|||
#undef SIXTY_FOUR_BIT |
|||
#undef THIRTY_TWO_BIT |
|||
#undef SIXTEEN_BIT |
|||
#undef EIGHT_BIT |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) |
|||
#define CONFIG_HEADER_RC4_LOCL_H |
|||
/* if this is defined data[i] is used instead of *data, this is a %20
|
|||
* speedup on x86 */ |
|||
#undef RC4_INDEX |
|||
#endif |
|||
|
|||
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) |
|||
#define CONFIG_HEADER_BF_LOCL_H |
|||
#undef BF_PTR |
|||
#endif /* HEADER_BF_LOCL_H */ |
|||
|
|||
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) |
|||
#define CONFIG_HEADER_DES_LOCL_H |
|||
#ifndef DES_DEFAULT_OPTIONS |
|||
/* the following is tweaked from a config script, that is why it is a
|
|||
* protected undef/define */ |
|||
#ifndef DES_PTR |
|||
#undef DES_PTR |
|||
#endif |
|||
|
|||
/* This helps C compiler generate the correct code for multiple functional
|
|||
* units. It reduces register dependancies at the expense of 2 more |
|||
* registers */ |
|||
#ifndef DES_RISC1 |
|||
#undef DES_RISC1 |
|||
#endif |
|||
|
|||
#ifndef DES_RISC2 |
|||
#undef DES_RISC2 |
|||
#endif |
|||
|
|||
#if defined(DES_RISC1) && defined(DES_RISC2) |
|||
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! |
|||
#endif |
|||
|
|||
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
|
|||
* Very mucy CPU dependant */ |
|||
#ifndef DES_UNROLL |
|||
#define DES_UNROLL |
|||
#endif |
|||
|
|||
/* These default values were supplied by
|
|||
* Peter Gutman <pgut001@cs.auckland.ac.nz> |
|||
* They are only used if nothing else has been defined */ |
|||
#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) |
|||
/* Special defines which change the way the code is built depending on the
|
|||
CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find |
|||
even newer MIPS CPU's, but at the moment one size fits all for |
|||
optimization options. Older Sparc's work better with only UNROLL, but |
|||
there's no way to tell at compile time what it is you're running on */ |
|||
|
|||
#if defined( sun ) /* Newer Sparc's */ |
|||
# define DES_PTR |
|||
# define DES_RISC1 |
|||
# define DES_UNROLL |
|||
#elif defined( __ultrix ) /* Older MIPS */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
# define DES_UNROLL |
|||
#elif defined( __osf1__ ) /* Alpha */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
#elif defined ( _AIX ) /* RS6000 */ |
|||
/* Unknown */ |
|||
#elif defined( __hpux ) /* HP-PA */ |
|||
/* Unknown */ |
|||
#elif defined( __aux ) /* 68K */ |
|||
/* Unknown */ |
|||
#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ |
|||
# define DES_UNROLL |
|||
#elif defined( __sgi ) /* Newer MIPS */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
# define DES_UNROLL |
|||
#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ |
|||
# define DES_PTR |
|||
# define DES_RISC1 |
|||
# define DES_UNROLL |
|||
#endif /* Systems-specific speed defines */ |
|||
#endif |
|||
|
|||
#endif /* DES_DEFAULT_OPTIONS */ |
|||
#endif /* HEADER_DES_LOCL_H */ |
@ -0,0 +1,278 @@ |
|||
/* opensslconf.h */ |
|||
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ |
|||
|
|||
/* OpenSSL was configured with the following options: */ |
|||
#ifndef OPENSSL_DOING_MAKEDEPEND |
|||
|
|||
|
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
# define OPENSSL_NO_CAMELLIA |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAPIENG |
|||
# define OPENSSL_NO_CAPIENG |
|||
#endif |
|||
#ifndef OPENSSL_NO_CMS |
|||
# define OPENSSL_NO_CMS |
|||
#endif |
|||
#ifndef OPENSSL_NO_FIPS |
|||
# define OPENSSL_NO_FIPS |
|||
#endif |
|||
#ifndef OPENSSL_NO_GMP |
|||
# define OPENSSL_NO_GMP |
|||
#endif |
|||
#ifndef OPENSSL_NO_IDEA |
|||
# define OPENSSL_NO_IDEA |
|||
#endif |
|||
#ifndef OPENSSL_NO_JPAKE |
|||
# define OPENSSL_NO_JPAKE |
|||
#endif |
|||
#ifndef OPENSSL_NO_KRB5 |
|||
# define OPENSSL_NO_KRB5 |
|||
#endif |
|||
#ifndef OPENSSL_NO_MDC2 |
|||
# define OPENSSL_NO_MDC2 |
|||
#endif |
|||
#ifndef OPENSSL_NO_RC5 |
|||
# define OPENSSL_NO_RC5 |
|||
#endif |
|||
#ifndef OPENSSL_NO_RFC3779 |
|||
# define OPENSSL_NO_RFC3779 |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
# define OPENSSL_NO_SEED |
|||
#endif |
|||
#ifndef OPENSSL_NO_ASM |
|||
# define OPENSSL_NO_ASM |
|||
#endif |
|||
|
|||
#endif /* OPENSSL_DOING_MAKEDEPEND */ |
|||
|
|||
#ifndef OPENSSL_THREADS |
|||
# define OPENSSL_THREADS |
|||
#endif |
|||
#ifndef OPENSSL_NO_DYNAMIC_ENGINE |
|||
# define OPENSSL_NO_DYNAMIC_ENGINE |
|||
#endif |
|||
|
|||
/* The OPENSSL_NO_* macros are also defined as NO_* if the application
|
|||
asks for it. This is a transient feature that is provided for those |
|||
who haven't had the time to do the appropriate changes in their |
|||
applications. */ |
|||
#ifdef OPENSSL_ALGORITHM_DEFINES |
|||
# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) |
|||
# define NO_CAMELLIA |
|||
# endif |
|||
# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) |
|||
# define NO_CAPIENG |
|||
# endif |
|||
# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) |
|||
# define NO_CMS |
|||
# endif |
|||
# if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS) |
|||
# define NO_FIPS |
|||
# endif |
|||
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) |
|||
# define NO_GMP |
|||
# endif |
|||
# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA) |
|||
# define NO_IDEA |
|||
# endif |
|||
# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) |
|||
# define NO_JPAKE |
|||
# endif |
|||
# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) |
|||
# define NO_KRB5 |
|||
# endif |
|||
# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) |
|||
# define NO_MDC2 |
|||
# endif |
|||
# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) |
|||
# define NO_RC5 |
|||
# endif |
|||
# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) |
|||
# define NO_RFC3779 |
|||
# endif |
|||
# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) |
|||
# define NO_SEED |
|||
# endif |
|||
#endif |
|||
|
|||
#define OPENSSL_CPUID_OBJ |
|||
|
|||
/* crypto/opensslconf.h.in */ |
|||
|
|||
#ifdef OPENSSL_DOING_MAKEDEPEND |
|||
|
|||
/* Include any symbols here that have to be explicitly set to enable a feature
|
|||
* that should be visible to makedepend. |
|||
* |
|||
* [Our "make depend" doesn't actually look at this, we use actual build settings |
|||
* instead; we want to make it easy to remove subdirectories with disabled algorithms.] |
|||
*/ |
|||
|
|||
#ifndef OPENSSL_FIPS |
|||
#define OPENSSL_FIPS |
|||
#endif |
|||
|
|||
#endif |
|||
|
|||
/* Generate 80386 code? */ |
|||
#undef I386_ONLY |
|||
|
|||
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ |
|||
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) |
|||
#define ENGINESDIR "/usr/local/ssl/lib/engines" |
|||
#define OPENSSLDIR "/usr/local/ssl" |
|||
#endif |
|||
#endif |
|||
|
|||
#undef OPENSSL_UNISTD |
|||
#define OPENSSL_UNISTD <unistd.h> |
|||
#if !defined(SWIG) |
|||
#include <unistd.h> |
|||
#endif |
|||
|
|||
#undef OPENSSL_EXPORT_VAR_AS_FUNCTION |
|||
|
|||
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) |
|||
#define IDEA_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_MD2_H) && !defined(MD2_INT) |
|||
#define MD2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC2_H) && !defined(RC2_INT) |
|||
/* I need to put in a mod for the alpha - eay */ |
|||
#define RC2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_H) |
|||
#if !defined(RC4_INT) |
|||
/* using int types make the structure larger but make the code faster
|
|||
* on most boxes I have tested - up to %20 faster. */ |
|||
/*
|
|||
* I don't know what does "most" mean, but declaring "int" is a must on: |
|||
* - Intel P6 because partial register stalls are very expensive; |
|||
* - elder Alpha because it lacks byte load/store instructions; |
|||
*/ |
|||
#define RC4_INT unsigned int |
|||
#endif |
|||
#if !defined(RC4_CHUNK) |
|||
/*
|
|||
* This enables code handling data aligned at natural CPU word |
|||
* boundary. See crypto/rc4/rc4_enc.c for further details. |
|||
*/ |
|||
#undef RC4_CHUNK |
|||
#endif |
|||
#endif |
|||
|
|||
#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) |
|||
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
|
|||
* %20 speed up (longs are 8 bytes, int's are 4). */ |
|||
#ifndef DES_LONG |
|||
#define DES_LONG unsigned long |
|||
#endif |
|||
#endif |
|||
|
|||
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) |
|||
#define CONFIG_HEADER_BN_H |
|||
#define BN_LLONG |
|||
|
|||
/* Should we define BN_DIV2W here? */ |
|||
|
|||
/* Only one for the following should be defined */ |
|||
/* The prime number generation stuff may not work when
|
|||
* EIGHT_BIT but I don't care since I've only used this mode |
|||
* for debuging the bignum libraries */ |
|||
#undef SIXTY_FOUR_BIT_LONG |
|||
#undef SIXTY_FOUR_BIT |
|||
#define THIRTY_TWO_BIT |
|||
#undef SIXTEEN_BIT |
|||
#undef EIGHT_BIT |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) |
|||
#define CONFIG_HEADER_RC4_LOCL_H |
|||
/* if this is defined data[i] is used instead of *data, this is a %20
|
|||
* speedup on x86 */ |
|||
#define RC4_INDEX |
|||
#endif |
|||
|
|||
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) |
|||
#define CONFIG_HEADER_BF_LOCL_H |
|||
#undef BF_PTR |
|||
#endif /* HEADER_BF_LOCL_H */ |
|||
|
|||
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) |
|||
#define CONFIG_HEADER_DES_LOCL_H |
|||
#ifndef DES_DEFAULT_OPTIONS |
|||
/* the following is tweaked from a config script, that is why it is a
|
|||
* protected undef/define */ |
|||
#ifndef DES_PTR |
|||
#define DES_PTR |
|||
#endif |
|||
|
|||
/* This helps C compiler generate the correct code for multiple functional
|
|||
* units. It reduces register dependancies at the expense of 2 more |
|||
* registers */ |
|||
#ifndef DES_RISC1 |
|||
#define DES_RISC1 |
|||
#endif |
|||
|
|||
#ifndef DES_RISC2 |
|||
#undef DES_RISC2 |
|||
#endif |
|||
|
|||
#if defined(DES_RISC1) && defined(DES_RISC2) |
|||
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! |
|||
#endif |
|||
|
|||
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
|
|||
* Very mucy CPU dependant */ |
|||
#ifndef DES_UNROLL |
|||
#define DES_UNROLL |
|||
#endif |
|||
|
|||
/* These default values were supplied by
|
|||
* Peter Gutman <pgut001@cs.auckland.ac.nz> |
|||
* They are only used if nothing else has been defined */ |
|||
#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) |
|||
/* Special defines which change the way the code is built depending on the
|
|||
CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find |
|||
even newer MIPS CPU's, but at the moment one size fits all for |
|||
optimization options. Older Sparc's work better with only UNROLL, but |
|||
there's no way to tell at compile time what it is you're running on */ |
|||
|
|||
#if defined( sun ) /* Newer Sparc's */ |
|||
# define DES_PTR |
|||
# define DES_RISC1 |
|||
# define DES_UNROLL |
|||
#elif defined( __ultrix ) /* Older MIPS */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
# define DES_UNROLL |
|||
#elif defined( __osf1__ ) /* Alpha */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
#elif defined ( _AIX ) /* RS6000 */ |
|||
/* Unknown */ |
|||
#elif defined( __hpux ) /* HP-PA */ |
|||
/* Unknown */ |
|||
#elif defined( __aux ) /* 68K */ |
|||
/* Unknown */ |
|||
#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ |
|||
# define DES_UNROLL |
|||
#elif defined( __sgi ) /* Newer MIPS */ |
|||
# define DES_PTR |
|||
# define DES_RISC2 |
|||
# define DES_UNROLL |
|||
#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ |
|||
# define DES_PTR |
|||
# define DES_RISC1 |
|||
# define DES_UNROLL |
|||
#endif /* Systems-specific speed defines */ |
|||
#endif |
|||
|
|||
#endif /* DES_DEFAULT_OPTIONS */ |
|||
#endif /* HEADER_DES_LOCL_H */ |
@ -0,0 +1,626 @@ |
|||
# Copyright (c) 2010 The Chromium Authors. All rights reserved. |
|||
# Use of this source code is governed by a BSD-style license that can be |
|||
# found in the LICENSE file. |
|||
|
|||
{ |
|||
'targets': [ |
|||
{ |
|||
'target_name': 'openssl', |
|||
'type': '<(library)', |
|||
'defines': [ |
|||
# ENGINESDIR must be defined if OPENSSLDIR is. |
|||
'ENGINESDIR="/dev/null"', |
|||
'L_ENDIAN', |
|||
# Set to ubuntu default path for convenience. If necessary, override |
|||
# this at runtime with the SSL_CERT_DIR environment variable. |
|||
'OPENSSLDIR="/etc/ssl"', |
|||
'OPENSSL_THREADS', |
|||
'PURIFY', |
|||
'TERMIO', |
|||
'_REENTRANT', |
|||
], |
|||
'copts': [ |
|||
'-w', |
|||
'-Wno-cast-qual', |
|||
'-Wno-error', |
|||
], |
|||
'sources': [ |
|||
'openssl/ssl/bio_ssl.c', |
|||
'openssl/ssl/d1_both.c', |
|||
'openssl/ssl/d1_clnt.c', |
|||
'openssl/ssl/d1_enc.c', |
|||
'openssl/ssl/d1_lib.c', |
|||
'openssl/ssl/d1_meth.c', |
|||
'openssl/ssl/d1_pkt.c', |
|||
'openssl/ssl/d1_srvr.c', |
|||
'openssl/ssl/fnv1a64.c', |
|||
'openssl/ssl/kssl.c', |
|||
'openssl/ssl/s23_clnt.c', |
|||
'openssl/ssl/s23_lib.c', |
|||
'openssl/ssl/s23_meth.c', |
|||
'openssl/ssl/s23_pkt.c', |
|||
'openssl/ssl/s23_srvr.c', |
|||
'openssl/ssl/s2_clnt.c', |
|||
'openssl/ssl/s2_enc.c', |
|||
'openssl/ssl/s2_lib.c', |
|||
'openssl/ssl/s2_meth.c', |
|||
'openssl/ssl/s2_pkt.c', |
|||
'openssl/ssl/s2_srvr.c', |
|||
'openssl/ssl/s3_both.c', |
|||
'openssl/ssl/s3_clnt.c', |
|||
'openssl/ssl/s3_enc.c', |
|||
'openssl/ssl/s3_lib.c', |
|||
'openssl/ssl/s3_meth.c', |
|||
'openssl/ssl/s3_pkt.c', |
|||
'openssl/ssl/s3_srvr.c', |
|||
'openssl/ssl/ssl_algs.c', |
|||
'openssl/ssl/ssl_asn1.c', |
|||
'openssl/ssl/ssl_cert.c', |
|||
'openssl/ssl/ssl_ciph.c', |
|||
'openssl/ssl/ssl_err.c', |
|||
'openssl/ssl/ssl_err2.c', |
|||
'openssl/ssl/ssl_lib.c', |
|||
'openssl/ssl/ssl_rsa.c', |
|||
'openssl/ssl/ssl_sess.c', |
|||
'openssl/ssl/ssl_stat.c', |
|||
'openssl/ssl/ssl_txt.c', |
|||
'openssl/ssl/t1_clnt.c', |
|||
'openssl/ssl/t1_enc.c', |
|||
'openssl/ssl/t1_lib.c', |
|||
'openssl/ssl/t1_meth.c', |
|||
'openssl/ssl/t1_reneg.c', |
|||
'openssl/ssl/t1_srvr.c', |
|||
|
|||
'openssl/crypto/aes/aes_cbc.c', |
|||
'openssl/crypto/aes/aes_cfb.c', |
|||
'openssl/crypto/aes/aes_core.c', |
|||
'openssl/crypto/aes/aes_ctr.c', |
|||
'openssl/crypto/aes/aes_ecb.c', |
|||
'openssl/crypto/aes/aes_ige.c', |
|||
'openssl/crypto/aes/aes_misc.c', |
|||
'openssl/crypto/aes/aes_ofb.c', |
|||
'openssl/crypto/aes/aes_wrap.c', |
|||
'openssl/crypto/asn1/a_bitstr.c', |
|||
'openssl/crypto/asn1/a_bool.c', |
|||
'openssl/crypto/asn1/a_bytes.c', |
|||
'openssl/crypto/asn1/a_d2i_fp.c', |
|||
'openssl/crypto/asn1/a_digest.c', |
|||
'openssl/crypto/asn1/a_dup.c', |
|||
'openssl/crypto/asn1/a_enum.c', |
|||
'openssl/crypto/asn1/a_gentm.c', |
|||
'openssl/crypto/asn1/a_hdr.c', |
|||
'openssl/crypto/asn1/a_i2d_fp.c', |
|||
'openssl/crypto/asn1/a_int.c', |
|||
'openssl/crypto/asn1/a_mbstr.c', |
|||
'openssl/crypto/asn1/a_meth.c', |
|||
'openssl/crypto/asn1/a_object.c', |
|||
'openssl/crypto/asn1/a_octet.c', |
|||
'openssl/crypto/asn1/a_print.c', |
|||
'openssl/crypto/asn1/a_set.c', |
|||
'openssl/crypto/asn1/a_sign.c', |
|||
'openssl/crypto/asn1/a_strex.c', |
|||
'openssl/crypto/asn1/a_strnid.c', |
|||
'openssl/crypto/asn1/a_time.c', |
|||
'openssl/crypto/asn1/a_type.c', |
|||
'openssl/crypto/asn1/a_utctm.c', |
|||
'openssl/crypto/asn1/a_utf8.c', |
|||
'openssl/crypto/asn1/a_verify.c', |
|||
'openssl/crypto/asn1/asn1_err.c', |
|||
'openssl/crypto/asn1/asn1_gen.c', |
|||
'openssl/crypto/asn1/asn1_lib.c', |
|||
'openssl/crypto/asn1/asn1_par.c', |
|||
'openssl/crypto/asn1/asn_mime.c', |
|||
'openssl/crypto/asn1/asn_moid.c', |
|||
'openssl/crypto/asn1/asn_pack.c', |
|||
'openssl/crypto/asn1/d2i_pr.c', |
|||
'openssl/crypto/asn1/d2i_pu.c', |
|||
'openssl/crypto/asn1/evp_asn1.c', |
|||
'openssl/crypto/asn1/f_enum.c', |
|||
'openssl/crypto/asn1/f_int.c', |
|||
'openssl/crypto/asn1/f_string.c', |
|||
'openssl/crypto/asn1/i2d_pr.c', |
|||
'openssl/crypto/asn1/i2d_pu.c', |
|||
'openssl/crypto/asn1/n_pkey.c', |
|||
'openssl/crypto/asn1/nsseq.c', |
|||
'openssl/crypto/asn1/p5_pbe.c', |
|||
'openssl/crypto/asn1/p5_pbev2.c', |
|||
'openssl/crypto/asn1/p8_pkey.c', |
|||
'openssl/crypto/asn1/t_bitst.c', |
|||
'openssl/crypto/asn1/t_crl.c', |
|||
'openssl/crypto/asn1/t_pkey.c', |
|||
'openssl/crypto/asn1/t_req.c', |
|||
'openssl/crypto/asn1/t_spki.c', |
|||
'openssl/crypto/asn1/t_x509.c', |
|||
'openssl/crypto/asn1/t_x509a.c', |
|||
'openssl/crypto/asn1/tasn_dec.c', |
|||
'openssl/crypto/asn1/tasn_enc.c', |
|||
'openssl/crypto/asn1/tasn_fre.c', |
|||
'openssl/crypto/asn1/tasn_new.c', |
|||
'openssl/crypto/asn1/tasn_typ.c', |
|||
'openssl/crypto/asn1/tasn_utl.c', |
|||
'openssl/crypto/asn1/x_algor.c', |
|||
'openssl/crypto/asn1/x_attrib.c', |
|||
'openssl/crypto/asn1/x_bignum.c', |
|||
'openssl/crypto/asn1/x_crl.c', |
|||
'openssl/crypto/asn1/x_exten.c', |
|||
'openssl/crypto/asn1/x_info.c', |
|||
'openssl/crypto/asn1/x_long.c', |
|||
'openssl/crypto/asn1/x_name.c', |
|||
'openssl/crypto/asn1/x_pkey.c', |
|||
'openssl/crypto/asn1/x_pubkey.c', |
|||
'openssl/crypto/asn1/x_req.c', |
|||
'openssl/crypto/asn1/x_sig.c', |
|||
'openssl/crypto/asn1/x_spki.c', |
|||
'openssl/crypto/asn1/x_val.c', |
|||
'openssl/crypto/asn1/x_x509.c', |
|||
'openssl/crypto/asn1/x_x509a.c', |
|||
'openssl/crypto/bf/bf_cfb64.c', |
|||
'openssl/crypto/bf/bf_ecb.c', |
|||
'openssl/crypto/bf/bf_enc.c', |
|||
'openssl/crypto/bf/bf_enc.c', |
|||
'openssl/crypto/bf/bf_ofb64.c', |
|||
'openssl/crypto/bf/bf_skey.c', |
|||
'openssl/crypto/bio/b_dump.c', |
|||
'openssl/crypto/bio/b_print.c', |
|||
'openssl/crypto/bio/b_sock.c', |
|||
'openssl/crypto/bio/bf_buff.c', |
|||
'openssl/crypto/bio/bf_nbio.c', |
|||
'openssl/crypto/bio/bf_null.c', |
|||
'openssl/crypto/bio/bio_cb.c', |
|||
'openssl/crypto/bio/bio_err.c', |
|||
'openssl/crypto/bio/bio_lib.c', |
|||
'openssl/crypto/bio/bss_acpt.c', |
|||
'openssl/crypto/bio/bss_bio.c', |
|||
'openssl/crypto/bio/bss_conn.c', |
|||
'openssl/crypto/bio/bss_dgram.c', |
|||
'openssl/crypto/bio/bss_fd.c', |
|||
'openssl/crypto/bio/bss_file.c', |
|||
'openssl/crypto/bio/bss_log.c', |
|||
'openssl/crypto/bio/bss_mem.c', |
|||
'openssl/crypto/bio/bss_null.c', |
|||
'openssl/crypto/bio/bss_sock.c', |
|||
'openssl/crypto/bn/bn_add.c', |
|||
'openssl/crypto/bn/bn_asm.c', |
|||
'openssl/crypto/bn/bn_blind.c', |
|||
'openssl/crypto/bn/bn_const.c', |
|||
'openssl/crypto/bn/bn_ctx.c', |
|||
'openssl/crypto/bn/bn_depr.c', |
|||
'openssl/crypto/bn/bn_div.c', |
|||
'openssl/crypto/bn/bn_err.c', |
|||
'openssl/crypto/bn/bn_exp.c', |
|||
'openssl/crypto/bn/bn_exp2.c', |
|||
'openssl/crypto/bn/bn_gcd.c', |
|||
'openssl/crypto/bn/bn_gf2m.c', |
|||
'openssl/crypto/bn/bn_kron.c', |
|||
'openssl/crypto/bn/bn_lib.c', |
|||
'openssl/crypto/bn/bn_mod.c', |
|||
'openssl/crypto/bn/bn_mont.c', |
|||
'openssl/crypto/bn/bn_mpi.c', |
|||
'openssl/crypto/bn/bn_mul.c', |
|||
'openssl/crypto/bn/bn_nist.c', |
|||
'openssl/crypto/bn/bn_opt.c', |
|||
'openssl/crypto/bn/bn_prime.c', |
|||
'openssl/crypto/bn/bn_print.c', |
|||
'openssl/crypto/bn/bn_rand.c', |
|||
'openssl/crypto/bn/bn_recp.c', |
|||
'openssl/crypto/bn/bn_shift.c', |
|||
'openssl/crypto/bn/bn_sqr.c', |
|||
'openssl/crypto/bn/bn_sqrt.c', |
|||
'openssl/crypto/bn/bn_word.c', |
|||
'openssl/crypto/bn/bn_x931p.c', |
|||
'openssl/crypto/buffer/buf_err.c', |
|||
'openssl/crypto/buffer/buf_str.c', |
|||
'openssl/crypto/buffer/buffer.c', |
|||
'openssl/crypto/cast/c_cfb64.c', |
|||
'openssl/crypto/cast/c_ecb.c', |
|||
'openssl/crypto/cast/c_enc.c', |
|||
'openssl/crypto/cast/c_ofb64.c', |
|||
'openssl/crypto/cast/c_skey.c', |
|||
'openssl/crypto/comp/c_rle.c', |
|||
'openssl/crypto/comp/c_zlib.c', |
|||
'openssl/crypto/comp/comp_err.c', |
|||
'openssl/crypto/comp/comp_lib.c', |
|||
'openssl/crypto/conf/conf_api.c', |
|||
'openssl/crypto/conf/conf_def.c', |
|||
'openssl/crypto/conf/conf_err.c', |
|||
'openssl/crypto/conf/conf_lib.c', |
|||
'openssl/crypto/conf/conf_mall.c', |
|||
'openssl/crypto/conf/conf_mod.c', |
|||
'openssl/crypto/conf/conf_sap.c', |
|||
'openssl/crypto/cpt_err.c', |
|||
'openssl/crypto/cryptlib.c', |
|||
'openssl/crypto/cversion.c', |
|||
'openssl/crypto/des/cbc_cksm.c', |
|||
'openssl/crypto/des/cbc_enc.c', |
|||
'openssl/crypto/des/cfb64ede.c', |
|||
'openssl/crypto/des/cfb64enc.c', |
|||
'openssl/crypto/des/cfb_enc.c', |
|||
'openssl/crypto/des/des_enc.c', |
|||
'openssl/crypto/des/des_lib.c', |
|||
'openssl/crypto/des/des_old.c', |
|||
'openssl/crypto/des/des_old2.c', |
|||
'openssl/crypto/des/ecb3_enc.c', |
|||
'openssl/crypto/des/ecb_enc.c', |
|||
'openssl/crypto/des/ede_cbcm_enc.c', |
|||
'openssl/crypto/des/enc_read.c', |
|||
'openssl/crypto/des/enc_writ.c', |
|||
'openssl/crypto/des/fcrypt.c', |
|||
'openssl/crypto/des/fcrypt_b.c', |
|||
'openssl/crypto/des/ofb64ede.c', |
|||
'openssl/crypto/des/ofb64enc.c', |
|||
'openssl/crypto/des/ofb_enc.c', |
|||
'openssl/crypto/des/pcbc_enc.c', |
|||
'openssl/crypto/des/qud_cksm.c', |
|||
'openssl/crypto/des/rand_key.c', |
|||
'openssl/crypto/des/read2pwd.c', |
|||
'openssl/crypto/des/rpc_enc.c', |
|||
'openssl/crypto/des/set_key.c', |
|||
'openssl/crypto/des/str2key.c', |
|||
'openssl/crypto/des/xcbc_enc.c', |
|||
'openssl/crypto/dh/dh_asn1.c', |
|||
'openssl/crypto/dh/dh_check.c', |
|||
'openssl/crypto/dh/dh_depr.c', |
|||
'openssl/crypto/dh/dh_err.c', |
|||
'openssl/crypto/dh/dh_gen.c', |
|||
'openssl/crypto/dh/dh_key.c', |
|||
'openssl/crypto/dh/dh_lib.c', |
|||
'openssl/crypto/dsa/dsa_asn1.c', |
|||
'openssl/crypto/dsa/dsa_depr.c', |
|||
'openssl/crypto/dsa/dsa_err.c', |
|||
'openssl/crypto/dsa/dsa_gen.c', |
|||
'openssl/crypto/dsa/dsa_key.c', |
|||
'openssl/crypto/dsa/dsa_lib.c', |
|||
'openssl/crypto/dsa/dsa_ossl.c', |
|||
'openssl/crypto/dsa/dsa_sign.c', |
|||
'openssl/crypto/dsa/dsa_utl.c', |
|||
'openssl/crypto/dsa/dsa_vrf.c', |
|||
'openssl/crypto/dso/dso_err.c', |
|||
'openssl/crypto/dso/dso_lib.c', |
|||
'openssl/crypto/dso/dso_null.c', |
|||
'openssl/crypto/dso/dso_openssl.c', |
|||
'openssl/crypto/dyn_lck.c', |
|||
'openssl/crypto/ebcdic.c', |
|||
'openssl/crypto/ec/ec2_mult.c', |
|||
'openssl/crypto/ec/ec2_smpl.c', |
|||
'openssl/crypto/ec/ec_asn1.c', |
|||
'openssl/crypto/ec/ec_check.c', |
|||
'openssl/crypto/ec/ec_curve.c', |
|||
'openssl/crypto/ec/ec_cvt.c', |
|||
'openssl/crypto/ec/ec_err.c', |
|||
'openssl/crypto/ec/ec_key.c', |
|||
'openssl/crypto/ec/ec_lib.c', |
|||
'openssl/crypto/ec/ec_mult.c', |
|||
'openssl/crypto/ec/ec_print.c', |
|||
'openssl/crypto/ec/ecp_mont.c', |
|||
'openssl/crypto/ec/ecp_nist.c', |
|||
'openssl/crypto/ec/ecp_smpl.c', |
|||
'openssl/crypto/ecdh/ech_err.c', |
|||
'openssl/crypto/ecdh/ech_key.c', |
|||
'openssl/crypto/ecdh/ech_lib.c', |
|||
'openssl/crypto/ecdh/ech_ossl.c', |
|||
'openssl/crypto/ecdsa/ecs_asn1.c', |
|||
'openssl/crypto/ecdsa/ecs_err.c', |
|||
'openssl/crypto/ecdsa/ecs_lib.c', |
|||
'openssl/crypto/ecdsa/ecs_ossl.c', |
|||
'openssl/crypto/ecdsa/ecs_sign.c', |
|||
'openssl/crypto/ecdsa/ecs_vrf.c', |
|||
'openssl/crypto/engine/eng_all.c', |
|||
'openssl/crypto/engine/eng_cnf.c', |
|||
'openssl/crypto/engine/eng_cryptodev.c', |
|||
'openssl/crypto/engine/eng_ctrl.c', |
|||
'openssl/crypto/engine/eng_dyn.c', |
|||
'openssl/crypto/engine/eng_err.c', |
|||
'openssl/crypto/engine/eng_fat.c', |
|||
'openssl/crypto/engine/eng_init.c', |
|||
'openssl/crypto/engine/eng_lib.c', |
|||
'openssl/crypto/engine/eng_list.c', |
|||
'openssl/crypto/engine/eng_openssl.c', |
|||
'openssl/crypto/engine/eng_padlock.c', |
|||
'openssl/crypto/engine/eng_pkey.c', |
|||
'openssl/crypto/engine/eng_table.c', |
|||
'openssl/crypto/engine/tb_cipher.c', |
|||
'openssl/crypto/engine/tb_dh.c', |
|||
'openssl/crypto/engine/tb_digest.c', |
|||
'openssl/crypto/engine/tb_dsa.c', |
|||
'openssl/crypto/engine/tb_ecdh.c', |
|||
'openssl/crypto/engine/tb_ecdsa.c', |
|||
'openssl/crypto/engine/tb_rand.c', |
|||
'openssl/crypto/engine/tb_rsa.c', |
|||
'openssl/crypto/engine/tb_store.c', |
|||
'openssl/crypto/err/err.c', |
|||
'openssl/crypto/err/err_all.c', |
|||
'openssl/crypto/err/err_bio.c', |
|||
'openssl/crypto/err/err_def.c', |
|||
'openssl/crypto/err/err_prn.c', |
|||
'openssl/crypto/err/err_str.c', |
|||
'openssl/crypto/evp/bio_b64.c', |
|||
'openssl/crypto/evp/bio_enc.c', |
|||
'openssl/crypto/evp/bio_md.c', |
|||
'openssl/crypto/evp/bio_ok.c', |
|||
'openssl/crypto/evp/c_all.c', |
|||
'openssl/crypto/evp/c_allc.c', |
|||
'openssl/crypto/evp/c_alld.c', |
|||
'openssl/crypto/evp/dig_eng.c', |
|||
'openssl/crypto/evp/digest.c', |
|||
'openssl/crypto/evp/e_aes.c', |
|||
'openssl/crypto/evp/e_bf.c', |
|||
'openssl/crypto/evp/e_camellia.c', |
|||
'openssl/crypto/evp/e_cast.c', |
|||
'openssl/crypto/evp/e_des.c', |
|||
'openssl/crypto/evp/e_des3.c', |
|||
'openssl/crypto/evp/e_null.c', |
|||
'openssl/crypto/evp/e_old.c', |
|||
'openssl/crypto/evp/e_rc2.c', |
|||
'openssl/crypto/evp/e_rc4.c', |
|||
'openssl/crypto/evp/e_rc5.c', |
|||
'openssl/crypto/evp/e_seed.c', |
|||
'openssl/crypto/evp/e_xcbc_d.c', |
|||
'openssl/crypto/evp/enc_min.c', |
|||
'openssl/crypto/evp/encode.c', |
|||
'openssl/crypto/evp/evp_acnf.c', |
|||
'openssl/crypto/evp/evp_cnf.c', |
|||
'openssl/crypto/evp/evp_enc.c', |
|||
'openssl/crypto/evp/evp_err.c', |
|||
'openssl/crypto/evp/evp_key.c', |
|||
'openssl/crypto/evp/evp_lib.c', |
|||
'openssl/crypto/evp/evp_pbe.c', |
|||
'openssl/crypto/evp/evp_pkey.c', |
|||
'openssl/crypto/evp/m_dss.c', |
|||
'openssl/crypto/evp/m_dss1.c', |
|||
'openssl/crypto/evp/m_ecdsa.c', |
|||
'openssl/crypto/evp/m_md2.c', |
|||
'openssl/crypto/evp/m_md4.c', |
|||
'openssl/crypto/evp/m_md5.c', |
|||
'openssl/crypto/evp/m_mdc2.c', |
|||
'openssl/crypto/evp/m_null.c', |
|||
'openssl/crypto/evp/m_ripemd.c', |
|||
'openssl/crypto/evp/m_sha.c', |
|||
'openssl/crypto/evp/m_sha1.c', |
|||
'openssl/crypto/evp/names.c', |
|||
'openssl/crypto/evp/p5_crpt.c', |
|||
'openssl/crypto/evp/p5_crpt2.c', |
|||
'openssl/crypto/evp/p_dec.c', |
|||
'openssl/crypto/evp/p_enc.c', |
|||
'openssl/crypto/evp/p_lib.c', |
|||
'openssl/crypto/evp/p_open.c', |
|||
'openssl/crypto/evp/p_seal.c', |
|||
'openssl/crypto/evp/p_sign.c', |
|||
'openssl/crypto/evp/p_verify.c', |
|||
'openssl/crypto/ex_data.c', |
|||
'openssl/crypto/fips_err.c', |
|||
'openssl/crypto/hmac/hmac.c', |
|||
'openssl/crypto/krb5/krb5_asn.c', |
|||
'openssl/crypto/lhash/lh_stats.c', |
|||
'openssl/crypto/lhash/lhash.c', |
|||
'openssl/crypto/md2/md2_dgst.c', |
|||
'openssl/crypto/md2/md2_one.c', |
|||
'openssl/crypto/md4/md4_dgst.c', |
|||
'openssl/crypto/md4/md4_one.c', |
|||
'openssl/crypto/md5/md5_dgst.c', |
|||
'openssl/crypto/md5/md5_one.c', |
|||
'openssl/crypto/mem.c', |
|||
'openssl/crypto/mem_clr.c', |
|||
'openssl/crypto/mem_dbg.c', |
|||
'openssl/crypto/o_dir.c', |
|||
'openssl/crypto/o_init.c', |
|||
'openssl/crypto/o_str.c', |
|||
'openssl/crypto/o_time.c', |
|||
'openssl/crypto/objects/o_names.c', |
|||
'openssl/crypto/objects/obj_dat.c', |
|||
'openssl/crypto/objects/obj_err.c', |
|||
'openssl/crypto/objects/obj_lib.c', |
|||
'openssl/crypto/ocsp/ocsp_asn.c', |
|||
'openssl/crypto/ocsp/ocsp_cl.c', |
|||
'openssl/crypto/ocsp/ocsp_err.c', |
|||
'openssl/crypto/ocsp/ocsp_ext.c', |
|||
'openssl/crypto/ocsp/ocsp_ht.c', |
|||
'openssl/crypto/ocsp/ocsp_lib.c', |
|||
'openssl/crypto/ocsp/ocsp_prn.c', |
|||
'openssl/crypto/ocsp/ocsp_srv.c', |
|||
'openssl/crypto/ocsp/ocsp_vfy.c', |
|||
'openssl/crypto/pem/pem_all.c', |
|||
'openssl/crypto/pem/pem_err.c', |
|||
'openssl/crypto/pem/pem_info.c', |
|||
'openssl/crypto/pem/pem_lib.c', |
|||
'openssl/crypto/pem/pem_oth.c', |
|||
'openssl/crypto/pem/pem_pk8.c', |
|||
'openssl/crypto/pem/pem_pkey.c', |
|||
'openssl/crypto/pem/pem_seal.c', |
|||
'openssl/crypto/pem/pem_sign.c', |
|||
'openssl/crypto/pem/pem_x509.c', |
|||
'openssl/crypto/pem/pem_xaux.c', |
|||
'openssl/crypto/pkcs12/p12_add.c', |
|||
'openssl/crypto/pkcs12/p12_asn.c', |
|||
'openssl/crypto/pkcs12/p12_attr.c', |
|||
'openssl/crypto/pkcs12/p12_crpt.c', |
|||
'openssl/crypto/pkcs12/p12_crt.c', |
|||
'openssl/crypto/pkcs12/p12_decr.c', |
|||
'openssl/crypto/pkcs12/p12_init.c', |
|||
'openssl/crypto/pkcs12/p12_key.c', |
|||
'openssl/crypto/pkcs12/p12_kiss.c', |
|||
'openssl/crypto/pkcs12/p12_mutl.c', |
|||
'openssl/crypto/pkcs12/p12_npas.c', |
|||
'openssl/crypto/pkcs12/p12_p8d.c', |
|||
'openssl/crypto/pkcs12/p12_p8e.c', |
|||
'openssl/crypto/pkcs12/p12_utl.c', |
|||
'openssl/crypto/pkcs12/pk12err.c', |
|||
'openssl/crypto/pkcs7/pk7_asn1.c', |
|||
'openssl/crypto/pkcs7/pk7_attr.c', |
|||
'openssl/crypto/pkcs7/pk7_doit.c', |
|||
'openssl/crypto/pkcs7/pk7_lib.c', |
|||
'openssl/crypto/pkcs7/pk7_mime.c', |
|||
'openssl/crypto/pkcs7/pk7_smime.c', |
|||
'openssl/crypto/pkcs7/pkcs7err.c', |
|||
'openssl/crypto/pqueue/pqueue.c', |
|||
'openssl/crypto/rand/md_rand.c', |
|||
'openssl/crypto/rand/rand_egd.c', |
|||
'openssl/crypto/rand/rand_eng.c', |
|||
'openssl/crypto/rand/rand_err.c', |
|||
'openssl/crypto/rand/rand_lib.c', |
|||
'openssl/crypto/rand/rand_nw.c', |
|||
'openssl/crypto/rand/rand_os2.c', |
|||
'openssl/crypto/rand/rand_unix.c', |
|||
'openssl/crypto/rand/rand_win.c', |
|||
'openssl/crypto/rand/randfile.c', |
|||
'openssl/crypto/rc2/rc2_cbc.c', |
|||
'openssl/crypto/rc2/rc2_ecb.c', |
|||
'openssl/crypto/rc2/rc2_skey.c', |
|||
'openssl/crypto/rc2/rc2cfb64.c', |
|||
'openssl/crypto/rc2/rc2ofb64.c', |
|||
'openssl/crypto/rc4/rc4_enc.c', |
|||
'openssl/crypto/rc4/rc4_fblk.c', |
|||
'openssl/crypto/rc4/rc4_skey.c', |
|||
'openssl/crypto/ripemd/rmd_dgst.c', |
|||
'openssl/crypto/ripemd/rmd_one.c', |
|||
'openssl/crypto/rsa/rsa_asn1.c', |
|||
'openssl/crypto/rsa/rsa_chk.c', |
|||
'openssl/crypto/rsa/rsa_depr.c', |
|||
'openssl/crypto/rsa/rsa_eay.c', |
|||
'openssl/crypto/rsa/rsa_eng.c', |
|||
'openssl/crypto/rsa/rsa_err.c', |
|||
'openssl/crypto/rsa/rsa_gen.c', |
|||
'openssl/crypto/rsa/rsa_lib.c', |
|||
'openssl/crypto/rsa/rsa_none.c', |
|||
'openssl/crypto/rsa/rsa_null.c', |
|||
'openssl/crypto/rsa/rsa_oaep.c', |
|||
'openssl/crypto/rsa/rsa_pk1.c', |
|||
'openssl/crypto/rsa/rsa_pss.c', |
|||
'openssl/crypto/rsa/rsa_saos.c', |
|||
'openssl/crypto/rsa/rsa_sign.c', |
|||
'openssl/crypto/rsa/rsa_ssl.c', |
|||
'openssl/crypto/rsa/rsa_x931.c', |
|||
'openssl/crypto/rsa/rsa_x931g.c', |
|||
'openssl/crypto/sha/sha1_one.c', |
|||
'openssl/crypto/sha/sha1dgst.c', |
|||
'openssl/crypto/sha/sha256.c', |
|||
'openssl/crypto/sha/sha512.c', |
|||
'openssl/crypto/sha/sha_dgst.c', |
|||
'openssl/crypto/sha/sha_one.c', |
|||
'openssl/crypto/stack/stack.c', |
|||
'openssl/crypto/store/str_err.c', |
|||
'openssl/crypto/store/str_lib.c', |
|||
'openssl/crypto/store/str_mem.c', |
|||
'openssl/crypto/store/str_meth.c', |
|||
'openssl/crypto/tmdiff.c', |
|||
'openssl/crypto/txt_db/txt_db.c', |
|||
'openssl/crypto/ui/ui_compat.c', |
|||
'openssl/crypto/ui/ui_err.c', |
|||
'openssl/crypto/ui/ui_lib.c', |
|||
'openssl/crypto/ui/ui_openssl.c', |
|||
'openssl/crypto/ui/ui_util.c', |
|||
'openssl/crypto/uid.c', |
|||
'openssl/crypto/x509/by_dir.c', |
|||
'openssl/crypto/x509/by_file.c', |
|||
'openssl/crypto/x509/x509_att.c', |
|||
'openssl/crypto/x509/x509_cmp.c', |
|||
'openssl/crypto/x509/x509_d2.c', |
|||
'openssl/crypto/x509/x509_def.c', |
|||
'openssl/crypto/x509/x509_err.c', |
|||
'openssl/crypto/x509/x509_ext.c', |
|||
'openssl/crypto/x509/x509_lu.c', |
|||
'openssl/crypto/x509/x509_obj.c', |
|||
'openssl/crypto/x509/x509_r2x.c', |
|||
'openssl/crypto/x509/x509_req.c', |
|||
'openssl/crypto/x509/x509_set.c', |
|||
'openssl/crypto/x509/x509_trs.c', |
|||
'openssl/crypto/x509/x509_txt.c', |
|||
'openssl/crypto/x509/x509_v3.c', |
|||
'openssl/crypto/x509/x509_vfy.c', |
|||
'openssl/crypto/x509/x509_vpm.c', |
|||
'openssl/crypto/x509/x509cset.c', |
|||
'openssl/crypto/x509/x509name.c', |
|||
'openssl/crypto/x509/x509rset.c', |
|||
'openssl/crypto/x509/x509spki.c', |
|||
'openssl/crypto/x509/x509type.c', |
|||
'openssl/crypto/x509/x_all.c', |
|||
'openssl/crypto/x509v3/pcy_cache.c', |
|||
'openssl/crypto/x509v3/pcy_data.c', |
|||
'openssl/crypto/x509v3/pcy_lib.c', |
|||
'openssl/crypto/x509v3/pcy_map.c', |
|||
'openssl/crypto/x509v3/pcy_node.c', |
|||
'openssl/crypto/x509v3/pcy_tree.c', |
|||
'openssl/crypto/x509v3/v3_addr.c', |
|||
'openssl/crypto/x509v3/v3_akey.c', |
|||
'openssl/crypto/x509v3/v3_akeya.c', |
|||
'openssl/crypto/x509v3/v3_alt.c', |
|||
'openssl/crypto/x509v3/v3_asid.c', |
|||
'openssl/crypto/x509v3/v3_bcons.c', |
|||
'openssl/crypto/x509v3/v3_bitst.c', |
|||
'openssl/crypto/x509v3/v3_conf.c', |
|||
'openssl/crypto/x509v3/v3_cpols.c', |
|||
'openssl/crypto/x509v3/v3_crld.c', |
|||
'openssl/crypto/x509v3/v3_enum.c', |
|||
'openssl/crypto/x509v3/v3_extku.c', |
|||
'openssl/crypto/x509v3/v3_genn.c', |
|||
'openssl/crypto/x509v3/v3_ia5.c', |
|||
'openssl/crypto/x509v3/v3_info.c', |
|||
'openssl/crypto/x509v3/v3_int.c', |
|||
'openssl/crypto/x509v3/v3_lib.c', |
|||
'openssl/crypto/x509v3/v3_ncons.c', |
|||
'openssl/crypto/x509v3/v3_ocsp.c', |
|||
'openssl/crypto/x509v3/v3_pci.c', |
|||
'openssl/crypto/x509v3/v3_pcia.c', |
|||
'openssl/crypto/x509v3/v3_pcons.c', |
|||
'openssl/crypto/x509v3/v3_pku.c', |
|||
'openssl/crypto/x509v3/v3_pmaps.c', |
|||
'openssl/crypto/x509v3/v3_prn.c', |
|||
'openssl/crypto/x509v3/v3_purp.c', |
|||
'openssl/crypto/x509v3/v3_skey.c', |
|||
'openssl/crypto/x509v3/v3_sxnet.c', |
|||
'openssl/crypto/x509v3/v3_utl.c', |
|||
'openssl/crypto/x509v3/v3err.c', |
|||
'openssl/engines/e_4758cca.c', |
|||
'openssl/engines/e_aep.c', |
|||
'openssl/engines/e_atalla.c', |
|||
'openssl/engines/e_capi.c', |
|||
'openssl/engines/e_chil.c', |
|||
'openssl/engines/e_cswift.c', |
|||
'openssl/engines/e_gmp.c', |
|||
'openssl/engines/e_nuron.c', |
|||
'openssl/engines/e_sureware.c', |
|||
'openssl/engines/e_ubsec.c', |
|||
], |
|||
'include_dirs': [ |
|||
'.', |
|||
'openssl', |
|||
'openssl/crypto', |
|||
'openssl/crypto/asn1', |
|||
'openssl/crypto/evp', |
|||
'openssl/include', |
|||
], |
|||
'conditions': [ |
|||
['OS=="mac"', { |
|||
'defines!': [ 'TERMIO' ], |
|||
'defines': [ 'TERMIOS' ], |
|||
}], |
|||
['target_arch=="ia32"', { |
|||
'include_dirs': [ |
|||
'config/piii', |
|||
], |
|||
'direct_dependent_settings': { |
|||
'include_dirs': [ |
|||
'openssl/include', |
|||
'config/piii', |
|||
], |
|||
}, |
|||
}, { |
|||
'include_dirs': [ |
|||
'config/k8', |
|||
], |
|||
'direct_dependent_settings': { |
|||
'include_dirs': [ |
|||
'openssl/include', |
|||
'config/k8', |
|||
], |
|||
}, |
|||
}], |
|||
], |
|||
}, |
|||
], |
|||
} |
|||
|
|||
# Local Variables: |
|||
# tab-width:2 |
|||
# indent-tabs-mode:nil |
|||
# End: |
|||
# vim: set expandtab tabstop=2 shiftwidth=2: |
File diff suppressed because it is too large
@ -0,0 +1,968 @@ |
|||
This file contains the changes for the SSLeay library up to version |
|||
0.9.0b. For later changes, see the file "CHANGES". |
|||
|
|||
SSLeay CHANGES |
|||
______________ |
|||
|
|||
Changes between 0.8.x and 0.9.0b |
|||
|
|||
10-Apr-1998 |
|||
|
|||
I said the next version would go out at easter, and so it shall. |
|||
I expect a 0.9.1 will follow with portability fixes in the next few weeks. |
|||
|
|||
This is a quick, meet the deadline. Look to ssl-users for comments on what |
|||
is new etc. |
|||
|
|||
eric (about to go bushwalking for the 4 day easter break :-) |
|||
|
|||
16-Mar-98 |
|||
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU> |
|||
- Lots and lots of changes |
|||
|
|||
29-Jan-98 |
|||
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from |
|||
Goetz Babin-Ebell <babinebell@trustcenter.de>. |
|||
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or |
|||
TLS1_VERSION. |
|||
|
|||
7-Jan-98 |
|||
- Finally reworked the cipher string to ciphers again, so it |
|||
works correctly |
|||
- All the app_data stuff is now ex_data with funcion calls to access. |
|||
The index is supplied by a function and 'methods' can be setup |
|||
for the types that are called on XXX_new/XXX_free. This lets |
|||
applications get notified on creation and destruction. Some of |
|||
the RSA methods could be implemented this way and I may do so. |
|||
- Oh yes, SSL under perl5 is working at the basic level. |
|||
|
|||
15-Dec-97 |
|||
- Warning - the gethostbyname cache is not fully thread safe, |
|||
but it should work well enough. |
|||
- Major internal reworking of the app_data stuff. More functions |
|||
but if you were accessing ->app_data directly, things will |
|||
stop working. |
|||
- The perlv5 stuff is working. Currently on message digests, |
|||
ciphers and the bignum library. |
|||
|
|||
9-Dec-97 |
|||
- Modified re-negotiation so that server initated re-neg |
|||
will cause a SSL_read() to return -1 should retry. |
|||
The danger otherwise was that the server and the |
|||
client could end up both trying to read when using non-blocking |
|||
sockets. |
|||
|
|||
4-Dec-97 |
|||
- Lots of small changes |
|||
- Fix for binaray mode in Windows for the FILE BIO, thanks to |
|||
Bob Denny <rdenny@dc3.com> |
|||
|
|||
17-Nov-97 |
|||
- Quite a few internal cleanups, (removal of errno, and using macros |
|||
defined in e_os.h). |
|||
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where |
|||
the automactic naming out output files was being stuffed up. |
|||
|
|||
29-Oct-97 |
|||
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember |
|||
for x86. |
|||
|
|||
21-Oct-97 |
|||
- Fixed a bug in the BIO_gethostbyname() cache. |
|||
|
|||
15-Oct-97 |
|||
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm |
|||
has also been improved. At this point in time, on the pentium, |
|||
md5 is %80 faster, the unoptimesed sha-1 is %79 faster, |
|||
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc |
|||
is %62 faster. |
|||
|
|||
12-Oct-97 |
|||
- MEM_BUF_grow() has been fixed so that it always sets the buf->length |
|||
to the value we are 'growing' to. Think of MEM_BUF_grow() as the |
|||
way to set the length value correctly. |
|||
|
|||
10-Oct-97 |
|||
- I now hash for certificate lookup on the raw DER encoded RDN (md5). |
|||
This breaks things again :-(. This is efficent since I cache |
|||
the DER encoding of the RDN. |
|||
- The text DN now puts in the numeric OID instead of UNKNOWN. |
|||
- req can now process arbitary OIDs in the config file. |
|||
- I've been implementing md5 in x86 asm, much faster :-). |
|||
- Started sha1 in x86 asm, needs more work. |
|||
- Quite a few speedups in the BN stuff. RSA public operation |
|||
has been made faster by caching the BN_MONT_CTX structure. |
|||
The calulating of the Ai where A*Ai === 1 mod m was rather |
|||
expensive. Basically a 40-50% speedup on public operations. |
|||
The RSA speedup is now 15% on pentiums and %20 on pentium |
|||
pro. |
|||
|
|||
30-Sep-97 |
|||
- After doing some profiling, I added x86 adm for bn_add_words(), |
|||
which just adds 2 arrays of longs together. A %10 speedup |
|||
for 512 and 1024 bit RSA on the pentium pro. |
|||
|
|||
29-Sep-97 |
|||
- Converted the x86 bignum assembler to us the perl scripts |
|||
for generation. |
|||
|
|||
23-Sep-97 |
|||
- If SSL_set_session() is passed a NULL session, it now clears the |
|||
current session-id. |
|||
|
|||
22-Sep-97 |
|||
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned |
|||
certificates. |
|||
- Bug in crypto/evp/encode.c where by decoding of 65 base64 |
|||
encoded lines, one line at a time (via a memory BIO) would report |
|||
EOF after the first line was decoded. |
|||
- Fix in X509_find_by_issuer_and_serial() from |
|||
Dr Stephen Henson <shenson@bigfoot.com> |
|||
|
|||
19-Sep-97 |
|||
- NO_FP_API and NO_STDIO added. |
|||
- Put in sh config command. It auto runs Configure with the correct |
|||
parameters. |
|||
|
|||
18-Sep-97 |
|||
- Fix x509.c so if a DSA cert has different parameters to its parent, |
|||
they are left in place. Not tested yet. |
|||
|
|||
16-Sep-97 |
|||
- ssl_create_cipher_list() had some bugs, fixes from |
|||
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de> |
|||
- Fixed a bug in the Base64 BIO, where it would return 1 instead |
|||
of -1 when end of input was encountered but should retry. |
|||
Basically a Base64/Memory BIO interaction problem. |
|||
- Added a HMAC set of functions in preporarion for TLS work. |
|||
|
|||
15-Sep-97 |
|||
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au> |
|||
- Prime generation spead up %25 (512 bit prime, pentium pro linux) |
|||
by using montgomery multiplication in the prime number test. |
|||
|
|||
11-Sep-97 |
|||
- Ugly bug in ssl3_write_bytes(). Basically if application land |
|||
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code |
|||
did not check the size and tried to copy the entire buffer. |
|||
This would tend to cause memory overwrites since SSLv3 has |
|||
a maximum packet size of 16k. If your program uses |
|||
buffers <= 16k, you would probably never see this problem. |
|||
- Fixed a new errors that were cause by malloc() not returning |
|||
0 initialised memory.. |
|||
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using |
|||
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing |
|||
since this flags stops SSLeay being able to handle client |
|||
cert requests correctly. |
|||
|
|||
08-Sep-97 |
|||
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched |
|||
on, the SSL server routines will not use a SSL_SESSION that is |
|||
held in it's cache. This in intended to be used with the session-id |
|||
callbacks so that while the session-ids are still stored in the |
|||
cache, the decision to use them and how to look them up can be |
|||
done by the callbacks. The are the 'new', 'get' and 'remove' |
|||
callbacks. This can be used to determine the session-id |
|||
to use depending on information like which port/host the connection |
|||
is coming from. Since the are also SSL_SESSION_set_app_data() and |
|||
SSL_SESSION_get_app_data() functions, the application can hold |
|||
information against the session-id as well. |
|||
|
|||
03-Sep-97 |
|||
- Added lookup of CRLs to the by_dir method, |
|||
X509_load_crl_file() also added. Basically it means you can |
|||
lookup CRLs via the same system used to lookup certificates. |
|||
- Changed things so that the X509_NAME structure can contain |
|||
ASN.1 BIT_STRINGS which is required for the unique |
|||
identifier OID. |
|||
- Fixed some problems with the auto flushing of the session-id |
|||
cache. It was not occuring on the server side. |
|||
|
|||
02-Sep-97 |
|||
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) |
|||
which is the maximum number of entries allowed in the |
|||
session-id cache. This is enforced with a simple FIFO list. |
|||
The default size is 20*1024 entries which is rather large :-). |
|||
The Timeout code is still always operating. |
|||
|
|||
01-Sep-97 |
|||
- Added an argument to all the 'generate private key/prime` |
|||
callbacks. It is the last parameter so this should not |
|||
break existing code but it is needed for C++. |
|||
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() |
|||
BIO. This lets the BIO read and write base64 encoded data |
|||
without inserting or looking for '\n' characters. The '-A' |
|||
flag turns this on when using apps/enc.c. |
|||
- RSA_NO_PADDING added to help BSAFE functionality. This is a |
|||
very dangerous thing to use, since RSA private key |
|||
operations without random padding bytes (as PKCS#1 adds) can |
|||
be attacked such that the private key can be revealed. |
|||
- ASN.1 bug and rc2-40-cbc and rc4-40 added by |
|||
Dr Stephen Henson <shenson@bigfoot.com> |
|||
|
|||
31-Aug-97 (stuff added while I was away) |
|||
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com). |
|||
- RSA_flags() added allowing bypass of pub/priv match check |
|||
in ssl/ssl_rsa.c - Tim Hudson. |
|||
- A few minor bugs. |
|||
|
|||
SSLeay 0.8.1 released. |
|||
|
|||
19-Jul-97 |
|||
- Server side initated dynamic renegotiation is broken. I will fix |
|||
it when I get back from holidays. |
|||
|
|||
15-Jul-97 |
|||
- Quite a few small changes. |
|||
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk> |
|||
|
|||
09-Jul-97 |
|||
- Added 2 new values to the SSL info callback. |
|||
SSL_CB_START which is passed when the SSL protocol is started |
|||
and SSL_CB_DONE when it has finished sucsessfully. |
|||
|
|||
08-Jul-97 |
|||
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c |
|||
that related to DSA public/private keys. |
|||
- Added all the relevent PEM and normal IO functions to support |
|||
reading and writing RSAPublic keys. |
|||
- Changed makefiles to use ${AR} instead of 'ar r' |
|||
|
|||
07-Jul-97 |
|||
- Error in ERR_remove_state() that would leave a dangling reference |
|||
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk> |
|||
- s_client now prints the X509_NAMEs passed from the server |
|||
when requesting a client cert. |
|||
- Added a ssl->type, which is one of SSL_ST_CONNECT or |
|||
SSL_ST_ACCEPT. I had to add it so I could tell if I was |
|||
a connect or an accept after the handshake had finished. |
|||
- SSL_get_client_CA_list(SSL *s) now returns the CA names |
|||
passed by the server if called by a client side SSL. |
|||
|
|||
05-Jul-97 |
|||
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index |
|||
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). |
|||
|
|||
04-Jul-97 |
|||
- Fixed some things in X509_NAME_add_entry(), thanks to |
|||
Matthew Donald <matthew@world.net>. |
|||
- I had a look at the cipher section and though that it was a |
|||
bit confused, so I've changed it. |
|||
- I was not setting up the RC4-64-MD5 cipher correctly. It is |
|||
a MS special that appears in exported MS Money. |
|||
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 |
|||
spec. I was missing the two byte length header for the |
|||
ClientDiffieHellmanPublic value. This is a packet sent from |
|||
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
|||
option will enable SSLeay server side SSLv3 accept either |
|||
the correct or my 080 packet format. |
|||
- Fixed a few typos in crypto/pem.org. |
|||
|
|||
02-Jul-97 |
|||
- Alias mapping for EVP_get_(digest|cipher)byname is now |
|||
performed before a lookup for actual cipher. This means |
|||
that an alias can be used to 're-direct' a cipher or a |
|||
digest. |
|||
- ASN1_read_bio() had a bug that only showed up when using a |
|||
memory BIO. When EOF is reached in the memory BIO, it is |
|||
reported as a -1 with BIO_should_retry() set to true. |
|||
|
|||
01-Jul-97 |
|||
- Fixed an error in X509_verify_cert() caused by my |
|||
miss-understanding how 'do { contine } while(0);' works. |
|||
Thanks to Emil Sit <sit@mit.edu> for educating me :-) |
|||
|
|||
30-Jun-97 |
|||
- Base64 decoding error. If the last data line did not end with |
|||
a '=', sometimes extra data would be returned. |
|||
- Another 'cut and paste' bug in x509.c related to setting up the |
|||
STDout BIO. |
|||
|
|||
27-Jun-97 |
|||
- apps/ciphers.c was not printing due to an editing error. |
|||
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for |
|||
a library build error in util/mk1mf.pl |
|||
|
|||
26-Jun-97 |
|||
- Still did not have the auto 'experimental' code removal |
|||
script correct. |
|||
- A few header tweaks for Watcom 11.0 under Win32 from |
|||
Rolf Lindemann <Lindemann@maz-hh.de> |
|||
- 0 length OCTET_STRING bug in asn1_parse |
|||
- A minor fix with an non-existent function in the MS .def files. |
|||
- A few changes to the PKCS7 stuff. |
|||
|
|||
25-Jun-97 |
|||
SSLeay 0.8.0 finally it gets released. |
|||
|
|||
24-Jun-97 |
|||
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to |
|||
use a temporary RSA key. This is experimental and needs some more work. |
|||
Fixed a few Win16 build problems. |
|||
|
|||
23-Jun-97 |
|||
SSLv3 bug. I was not doing the 'lookup' of the CERT structure |
|||
correctly. I was taking the SSL->ctx->default_cert when I should |
|||
have been using SSL->cert. The bug was in ssl/s3_srvr.c |
|||
|
|||
20-Jun-97 |
|||
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the |
|||
rest of the library. Even though I had the code required to do |
|||
it correctly, apps/req.c was doing the wrong thing. I have fixed |
|||
and tested everything. |
|||
|
|||
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. |
|||
|
|||
19-Jun-97 |
|||
Fixed a bug in the SSLv2 server side first packet handling. When |
|||
using the non-blocking test BIO, the ssl->s2->first_packet flag |
|||
was being reset when a would-block failure occurred when reading |
|||
the first 5 bytes of the first packet. This caused the checking |
|||
logic to run at the wrong time and cause an error. |
|||
|
|||
Fixed a problem with specifying cipher. If RC4-MD5 were used, |
|||
only the SSLv3 version would be picked up. Now this will pick |
|||
up both SSLv2 and SSLv3 versions. This required changing the |
|||
SSL_CIPHER->mask values so that they only mask the ciphers, |
|||
digests, authentication, export type and key-exchange algorithms. |
|||
|
|||
I found that when a SSLv23 session is established, a reused |
|||
session, of type SSLv3 was attempting to write the SSLv2 |
|||
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char |
|||
method has been modified so it will only write out cipher which |
|||
that method knows about. |
|||
|
|||
|
|||
Changes between 0.8.0 and 0.8.1 |
|||
|
|||
*) Mostly bug fixes. |
|||
There is an Ephemeral DH cipher problem which is fixed. |
|||
|
|||
SSLeay 0.8.0 |
|||
|
|||
This version of SSLeay has quite a lot of things different from the |
|||
previous version. |
|||
|
|||
Basically check all callback parameters, I will be producing documentation |
|||
about how to use things in th future. Currently I'm just getting 080 out |
|||
the door. Please not that there are several ways to do everything, and |
|||
most of the applications in the apps directory are hybrids, some using old |
|||
methods and some using new methods. |
|||
|
|||
Have a look in demos/bio for some very simple programs and |
|||
apps/s_client.c and apps/s_server.c for some more advanced versions. |
|||
Notes are definitly needed but they are a week or so away. |
|||
|
|||
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) |
|||
--- |
|||
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to |
|||
get those people that want to move to using the new code base off to |
|||
a quick start. |
|||
|
|||
Note that Eric has tidied up a lot of the areas of the API that were |
|||
less than desirable and renamed quite a few things (as he had to break |
|||
the API in lots of places anyrate). There are a whole pile of additional |
|||
functions for making dealing with (and creating) certificates a lot |
|||
cleaner. |
|||
|
|||
01-Jul-97 |
|||
Tim Hudson |
|||
tjh@cryptsoft.com |
|||
|
|||
---8<--- |
|||
|
|||
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could |
|||
use something like the following (assuming you #include "crypto.h" which |
|||
is something that you really should be doing). |
|||
|
|||
#if SSLEAY_VERSION_NUMBER >= 0x0800 |
|||
#define SSLEAY8 |
|||
#endif |
|||
|
|||
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h |
|||
too if you are working with BIO internal stuff (as distinct |
|||
from simply using the interface in an opaque manner) |
|||
|
|||
#include "bio.h" - required along with "buffer.h" if you write |
|||
your own BIO routines as the buffer and bio |
|||
stuff that was intermixed has been separated |
|||
out |
|||
|
|||
envelope.h -> evp.h (which should have been done ages ago) |
|||
|
|||
Initialisation ... don't forget these or you end up with code that |
|||
is missing the bits required to do useful things (like ciphers): |
|||
|
|||
SSLeay_add_ssl_algorithms() |
|||
(probably also want SSL_load_error_strings() too but you should have |
|||
already had that call in place) |
|||
|
|||
SSL_CTX_new() - requires an extra method parameter |
|||
SSL_CTX_new(SSLv23_method()) |
|||
SSL_CTX_new(SSLv2_method()) |
|||
SSL_CTX_new(SSLv3_method()) |
|||
|
|||
OR to only have the server or the client code |
|||
SSL_CTX_new(SSLv23_server_method()) |
|||
SSL_CTX_new(SSLv2_server_method()) |
|||
SSL_CTX_new(SSLv3_server_method()) |
|||
or |
|||
SSL_CTX_new(SSLv23_client_method()) |
|||
SSL_CTX_new(SSLv2_client_method()) |
|||
SSL_CTX_new(SSLv3_client_method()) |
|||
|
|||
SSL_set_default_verify_paths() ... renamed to the more appropriate |
|||
SSL_CTX_set_default_verify_paths() |
|||
|
|||
If you want to use client certificates then you have to add in a bit |
|||
of extra stuff in that a SSLv3 server sends a list of those CAs that |
|||
it will accept certificates from ... so you have to provide a list to |
|||
SSLeay otherwise certain browsers will not send client certs. |
|||
|
|||
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); |
|||
|
|||
|
|||
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) |
|||
or provide a buffer and size to copy the |
|||
result into |
|||
|
|||
X509_add_cert -> X509_STORE_add_cert (and you might want to read the |
|||
notes on X509_NAME structure changes too) |
|||
|
|||
|
|||
VERIFICATION CODE |
|||
================= |
|||
|
|||
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to |
|||
more accurately reflect things. |
|||
|
|||
The verification callback args are now packaged differently so that |
|||
extra fields for verification can be added easily in future without |
|||
having to break things by adding extra parameters each release :-) |
|||
|
|||
X509_cert_verify_error_string -> X509_verify_cert_error_string |
|||
|
|||
|
|||
BIO INTERNALS |
|||
============= |
|||
|
|||
Eric has fixed things so that extra flags can be introduced in |
|||
the BIO layer in future without having to play with all the BIO |
|||
modules by adding in some macros. |
|||
|
|||
The ugly stuff using |
|||
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) |
|||
becomes |
|||
BIO_clear_retry_flags(b) |
|||
|
|||
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) |
|||
becomes |
|||
BIO_set_retry_read(b) |
|||
|
|||
Also ... BIO_get_retry_flags(b), BIO_set_flags(b) |
|||
|
|||
|
|||
|
|||
OTHER THINGS |
|||
============ |
|||
|
|||
X509_NAME has been altered so that it isn't just a STACK ... the STACK |
|||
is now in the "entries" field ... and there are a pile of nice functions |
|||
for getting at the details in a much cleaner manner. |
|||
|
|||
SSL_CTX has been altered ... "cert" is no longer a direct member of this |
|||
structure ... things are now down under "cert_store" (see x509_vfy.h) and |
|||
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. |
|||
If your code "knows" about this level of detail then it will need some |
|||
surgery. |
|||
|
|||
If you depending on the incorrect spelling of a number of the error codes |
|||
then you will have to change your code as these have been fixed. |
|||
|
|||
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually |
|||
has been all along so this makes things clearer. |
|||
ify_cert_error_string(ctx->error)); |
|||
|
|||
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST |
|||
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO |
|||
|
|||
|
|||
|
|||
Changes between 0.7.x and 0.8.0 |
|||
|
|||
*) There have been lots of changes, mostly the addition of SSLv3. |
|||
There have been many additions from people and amongst |
|||
others, C2Net has assisted greatly. |
|||
|
|||
Changes between 0.7.x and 0.7.x |
|||
|
|||
*) Internal development version only |
|||
|
|||
SSLeay 0.6.6 13-Jan-1997 |
|||
|
|||
The main additions are |
|||
|
|||
- assember for x86 DES improvments. |
|||
From 191,000 per second on a pentium 100, I now get 281,000. The inner |
|||
loop and the IP/FP modifications are from |
|||
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his |
|||
contribution. |
|||
- The 'DES macros' introduced in 0.6.5 now have 3 types. |
|||
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which |
|||
is best and there is a summery of mine in crypto/des/options.txt |
|||
- A few bug fixes. |
|||
- Added blowfish. It is not used by SSL but all the other stuff that |
|||
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. |
|||
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. |
|||
BF_PTR2 is pentium/x86 specific. The correct option is setup in |
|||
the 'Configure' script. |
|||
- There is now a 'get client certificate' callback which can be |
|||
'non-blocking'. If more details are required, let me know. It will |
|||
documented more in SSLv3 when I finish it. |
|||
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' |
|||
now tests the ca program. |
|||
- Lots of little things modified and tweaked. |
|||
|
|||
SSLeay 0.6.5 |
|||
|
|||
After quite some time (3 months), the new release. I have been very busy |
|||
for the last few months and so this is mostly bug fixes and improvments. |
|||
|
|||
The main additions are |
|||
|
|||
- assember for x86 DES. For all those gcc based systems, this is a big |
|||
improvement. From 117,000 DES operation a second on a pentium 100, |
|||
I now get 191,000. I have also reworked the C version so it |
|||
now gives 148,000 DESs per second. |
|||
- As mentioned above, the inner DES macros now have some more variant that |
|||
sometimes help, sometimes hinder performance. There are now 3 options |
|||
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) |
|||
and DES_RISC (a more register intensive version of the inner macro). |
|||
The crypto/des/des_opts.c program, when compiled and run, will give |
|||
an indication of the correct options to use. |
|||
- The BIO stuff has been improved. Read doc/bio.doc. There are now |
|||
modules for encryption and base64 encoding and a BIO_printf() function. |
|||
- The CA program will accept simple one line X509v3 extensions in the |
|||
ssleay.cnf file. Have a look at the example. Currently this just |
|||
puts the text into the certificate as an OCTET_STRING so currently |
|||
the more advanced X509v3 data types are not handled but this is enough |
|||
for the netscape extensions. |
|||
- There is the start of a nicer higher level interface to the X509 |
|||
strucutre. |
|||
- Quite a lot of bug fixes. |
|||
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used |
|||
to define the malloc(), free() and realloc() routines to use |
|||
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when |
|||
using DLLs and mixing CRT libraries. |
|||
|
|||
In general, read the 'VERSION' file for changes and be aware that some of |
|||
the new stuff may not have been tested quite enough yet, so don't just plonk |
|||
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. |
|||
|
|||
SSLeay 0.6.4 30/08/96 eay |
|||
|
|||
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, |
|||
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). |
|||
|
|||
The main changes in this release |
|||
|
|||
- Thread safe. have a read of doc/threads.doc and play in the mt directory. |
|||
For anyone using 0.6.3 with threads, I found 2 major errors so consider |
|||
moving to 0.6.4. I have a test program that builds under NT and |
|||
solaris. |
|||
- The get session-id callback has changed. Have a read of doc/callback.doc. |
|||
- The X509_cert_verify callback (the SSL_verify callback) now |
|||
has another argument. Have a read of doc/callback.doc |
|||
- 'ca -preserve', sign without re-ordering the DN. Not tested much. |
|||
- VMS support. |
|||
- Compile time memory leak detection can now be built into SSLeay. |
|||
Read doc/memory.doc |
|||
- CONF routines now understand '\', '\n', '\r' etc. What this means is that |
|||
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. |
|||
- 'ssleay ciphers' added, lists the default cipher list for SSLeay. |
|||
- RC2 key setup is now compatable with Netscape. |
|||
- Modifed server side of SSL implementation, big performance difference when |
|||
using session-id reuse. |
|||
|
|||
0.6.3 |
|||
|
|||
Bug fixes and the addition of some nice stuff to the 'ca' program. |
|||
Have a read of doc/ns-ca.doc for how hit has been modified so |
|||
it can be driven from a CGI script. The CGI script is not provided, |
|||
but that is just being left as an excersize for the reader :-). |
|||
|
|||
0.6.2 |
|||
|
|||
This is most bug fixes and functionality improvements. |
|||
|
|||
Additions are |
|||
- More thread debugging patches, the thread stuff is still being |
|||
tested, but for those keep to play with stuff, have a look in |
|||
crypto/cryptlib.c. The application needs to define 1 (or optionaly |
|||
a second) callback that is used to implement locking. Compiling |
|||
with LOCK_DEBUG spits out lots of locking crud :-). |
|||
This is what I'm currently working on. |
|||
- SSL_CTX_set_default_passwd_cb() can be used to define the callback |
|||
function used in the SSL*_file() functions used to load keys. I was |
|||
always of the opinion that people should call |
|||
PEM_read_RSAPrivateKey() and pass the callback they want to use, but |
|||
it appears they just want to use the SSL_*_file() function() :-(. |
|||
- 'enc' now has a -kfile so a key can be read from a file. This is |
|||
mostly used so that the passwd does not appear when using 'ps', |
|||
which appears imposible to stop under solaris. |
|||
- X509v3 certificates now work correctly. I even have more examples |
|||
in my tests :-). There is now a X509_EXTENSION type that is used in |
|||
X509v3 certificates and CRLv2. |
|||
- Fixed that signature type error :-( |
|||
- Fixed quite a few potential memory leaks and problems when reusing |
|||
X509, CRL and REQ structures. |
|||
- EVP_set_pw_prompt() now sets the library wide default password |
|||
prompt. |
|||
- The 'pkcs7' command will now, given the -print_certs flag, output in |
|||
pem format, all certificates and CRL contained within. This is more |
|||
of a pre-emtive thing for the new verisign distribution method. I |
|||
should also note, that this also gives and example in code, of how |
|||
to do this :-), or for that matter, what is involved in going the |
|||
other way (list of certs and crl -> pkcs7). |
|||
- Added RSA's DESX to the DES library. It is also available via the |
|||
EVP_desx_cbc() method and via 'enc desx'. |
|||
|
|||
SSLeay 0.6.1 |
|||
|
|||
The main functional changes since 0.6.0 are as follows |
|||
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is |
|||
that from now on, I'll keep the .def numbers the same so they will be. |
|||
- RSA private key operations are about 2 times faster that 0.6.0 |
|||
- The SSL_CTX now has more fields so default values can be put against |
|||
it. When an SSL structure is created, these default values are used |
|||
but can be overwritten. There are defaults for cipher, certificate, |
|||
private key, verify mode and callback. This means SSL session |
|||
creation can now be |
|||
ssl=SSL_new() |
|||
SSL_set_fd(ssl,sock); |
|||
SSL_accept(ssl) |
|||
.... |
|||
All the other uglyness with having to keep a global copy of the |
|||
private key and certificate/verify mode in the server is now gone. |
|||
- ssl/ssltest.c - one process talking SSL to its self for testing. |
|||
- Storage of Session-id's can be controled via a session_cache_mode |
|||
flag. There is also now an automatic default flushing of |
|||
old session-id's. |
|||
- The X509_cert_verify() function now has another parameter, this |
|||
should not effect most people but it now means that the reason for |
|||
the failure to verify is now available via SSL_get_verify_result(ssl). |
|||
You don't have to use a global variable. |
|||
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some |
|||
application data against the SSL structure. It is upto the application |
|||
to free the data. I don't use it, but it is available. |
|||
- SSL_CTX_set_cert_verify_callback() can be used to specify a |
|||
verify callback function that completly replaces my certificate |
|||
verification code. Xcert should be able to use this :-). |
|||
The callback is of the form int app_verify_callback(arg,ssl,cert). |
|||
This needs to be documented more. |
|||
- I have started playing with shared library builds, have a look in |
|||
the shlib directory. It is very simple. If you need a numbered |
|||
list of functions, have a look at misc/crypto.num and misc/ssl.num. |
|||
- There is some stuff to do locking to make the library thread safe. |
|||
I have only started this stuff and have not finished. If anyone is |
|||
keen to do so, please send me the patches when finished. |
|||
|
|||
So I have finally made most of the additions to the SSL interface that |
|||
I thought were needed. |
|||
|
|||
There will probably be a pause before I make any non-bug/documentation |
|||
related changes to SSLeay since I'm feeling like a bit of a break. |
|||
|
|||
eric - 12 Jul 1996 |
|||
I saw recently a comment by some-one that we now seem to be entering |
|||
the age of perpetual Beta software. |
|||
Pioneered by packages like linux but refined to an art form by |
|||
netscape. |
|||
|
|||
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). |
|||
|
|||
There are quite a large number of sections that are 'works in |
|||
progress' in this package. I will also list the major changes and |
|||
what files you should read. |
|||
|
|||
BIO - this is the new IO structure being used everywhere in SSLeay. I |
|||
started out developing this because of microsoft, I wanted a mechanism |
|||
to callback to the application for all IO, so Windows 3.1 DLL |
|||
perversion could be hidden from me and the 15 different ways to write |
|||
to a file under NT would also not be dictated by me at library build |
|||
time. What the 'package' is is an API for a data structure containing |
|||
functions. IO interfaces can be written to conform to the |
|||
specification. This in not intended to hide the underlying data type |
|||
from the application, but to hide it from SSLeay :-). |
|||
I have only really finished testing the FILE * and socket/fd modules. |
|||
There are also 'filter' BIO's. Currently I have only implemented |
|||
message digests, and it is in use in the dgst application. This |
|||
functionality will allow base64/encrypto/buffering modules to be |
|||
'push' into a BIO without it affecting the semantics. I'm also |
|||
working on an SSL BIO which will hide the SSL_accept()/SLL_connet() |
|||
from an event loop which uses the interface. |
|||
It is also possible to 'attach' callbacks to a BIO so they get called |
|||
before and after each operation, alowing extensive debug output |
|||
to be generated (try running dgst with -d). |
|||
|
|||
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few |
|||
functions that used to take FILE *, now take BIO *. |
|||
The wrappers are easy to write |
|||
|
|||
function_fp(fp,x) |
|||
FILE *fp; |
|||
{ |
|||
BIO *b; |
|||
int ret; |
|||
|
|||
if ((b=BIO_new(BIO_s_file())) == NULL) error..... |
|||
BIO_set_fp(b,fp,BIO_NOCLOSE); |
|||
ret=function_bio(b,x); |
|||
BIO_free(b); |
|||
return(ret); |
|||
} |
|||
Remember, there are no functions that take FILE * in SSLeay when |
|||
compiled for Windows 3.1 DLL's. |
|||
|
|||
-- |
|||
I have added a general EVP_PKEY type that can hold a public/private |
|||
key. This is now what is used by the EVP_ functions and is passed |
|||
around internally. I still have not done the PKCS#8 stuff, but |
|||
X509_PKEY is defined and waiting :-) |
|||
|
|||
-- |
|||
For a full function name listings, have a look at ms/crypt32.def and |
|||
ms/ssl32.def. These are auto-generated but are complete. |
|||
Things like ASN1_INTEGER_get() have been added and are in here if you |
|||
look. I have renamed a few things, again, have a look through the |
|||
function list and you will probably find what you are after. I intend |
|||
to at least put a one line descrition for each one..... |
|||
|
|||
-- |
|||
Microsoft - thats what this release is about, read the MICROSOFT file. |
|||
|
|||
-- |
|||
Multi-threading support. I have started hunting through the code and |
|||
flaging where things need to be done. In a state of work but high on |
|||
the list. |
|||
|
|||
-- |
|||
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) |
|||
be be you random data device, otherwise 'RFILE' in e_os.h |
|||
will be used, in your home directory. It will be updated |
|||
periodically. The environment variable RANDFILE will override this |
|||
choice and read/write to that file instead. DEVRANDOM is used in |
|||
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random |
|||
number generator, pick on one of these files. |
|||
|
|||
-- |
|||
|
|||
The list of things to read and do |
|||
|
|||
dgst -d |
|||
s_client -state (this uses a callback placed in the SSL state loop and |
|||
will be used else-where to help debug/monitor what |
|||
is happening.) |
|||
|
|||
doc/why.doc |
|||
doc/bio.doc <- hmmm, needs lots of work. |
|||
doc/bss_file.doc <- one that is working :-) |
|||
doc/session.doc <- it has changed |
|||
doc/speed.doc |
|||
also play with ssleay version -a. I have now added a SSLeay() |
|||
function that returns a version number, eg 0600 for this release |
|||
which is primarily to be used to check DLL version against the |
|||
application. |
|||
util/* Quite a few will not interest people, but some may, like |
|||
mk1mf.pl, mkdef.pl, |
|||
util/do_ms.sh |
|||
|
|||
try |
|||
cc -Iinclude -Icrypto -c crypto/crypto.c |
|||
cc -Iinclude -Issl -c ssl/ssl.c |
|||
You have just built the SSLeay libraries as 2 object files :-) |
|||
|
|||
Have a general rummage around in the bin stall directory and look at |
|||
what is in there, like CA.sh and c_rehash |
|||
|
|||
There are lots more things but it is 12:30am on a Friday night and I'm |
|||
heading home :-). |
|||
|
|||
eric 22-Jun-1996 |
|||
This version has quite a few major bug fixes and improvements. It DOES NOT |
|||
do SSLv3 yet. |
|||
|
|||
The main things changed |
|||
- A Few days ago I added the s_mult application to ssleay which is |
|||
a demo of an SSL server running in an event loop type thing. |
|||
It supports non-blocking IO, I have finally gotten it right, SSL_accept() |
|||
can operate in non-blocking IO mode, look at the code to see how :-). |
|||
Have a read of doc/s_mult as well. This program leaks memory and |
|||
file descriptors everywhere but I have not cleaned it up yet. |
|||
This is a demo of how to do non-blocking IO. |
|||
- The SSL session management has been 'worked over' and there is now |
|||
quite an expansive set of functions to manipulate them. Have a read of |
|||
doc/session.doc for some-things I quickly whipped up about how it now works. |
|||
This assume you know the SSLv2 protocol :-) |
|||
- I can now read/write the netscape certificate format, use the |
|||
-inform/-outform 'net' options to the x509 command. I have not put support |
|||
for this type in the other demo programs, but it would be easy to add. |
|||
- asn1parse and 'enc' have been modified so that when reading base64 |
|||
encoded files (pem format), they do not require '-----BEGIN' header lines. |
|||
The 'enc' program had a buffering bug fixed, it can be used as a general |
|||
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' |
|||
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command |
|||
into a form of 'cat'. |
|||
- The 'x509' and 'req' programs have been fixed and modified a little so |
|||
that they generate self-signed certificates correctly. The test |
|||
script actually generates a 'CA' certificate and then 'signs' a |
|||
'user' certificate. Have a look at this shell script (test/sstest) |
|||
to see how things work, it tests most possible combinations of what can |
|||
be done. |
|||
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name |
|||
of SSL_set_cipher_list() is now the correct API (stops confusion :-). |
|||
If this function is used in the client, only the specified ciphers can |
|||
be used, with preference given to the order the ciphers were listed. |
|||
For the server, if this is used, only the specified ciphers will be used |
|||
to accept connections. If this 'option' is not used, a default set of |
|||
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this |
|||
list for all ciphers started against the SSL_CTX. So the order is |
|||
SSL cipher_list, if not present, SSL_CTX cipher list, if not |
|||
present, then the library default. |
|||
What this means is that normally ciphers like |
|||
NULL-MD5 will never be used. The only way this cipher can be used |
|||
for both ends to specify to use it. |
|||
To enable or disable ciphers in the library at build time, modify the |
|||
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. |
|||
This file also contains the 'pref_cipher' list which is the default |
|||
cipher preference order. |
|||
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' |
|||
options work. They should, and they enable loading and writing the |
|||
netscape rsa private key format. I will be re-working this section of |
|||
SSLeay for the next version. What is currently in place is a quick and |
|||
dirty hack. |
|||
- I've re-written parts of the bignum library. This gives speedups |
|||
for all platforms. I now provide assembler for use under Windows NT. |
|||
I have not tested the Windows 3.1 assembler but it is quite simple code. |
|||
This gives RSAprivate_key operation encryption times of 0.047s (512bit key) |
|||
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. |
|||
Basically the times available under linux/solaris x86 can be achieve under |
|||
Windows NT. I still don't know how these times compare to RSA's BSAFE |
|||
library but I have been emailing with people and with their help, I should |
|||
be able to get my library's quite a bit faster still (more algorithm changes). |
|||
The object file crypto/bn/asm/x86-32.obj should be used when linking |
|||
under NT. |
|||
- 'make makefile.one' in the top directory will generate a single makefile |
|||
called 'makefile.one' This makefile contains no perl references and |
|||
will build the SSLeay library into the 'tmp' and 'out' directories. |
|||
util/mk1mf.pl >makefile.one is how this makefile is |
|||
generated. The mk1mf.pl command take several option to generate the |
|||
makefile for use with cc, gcc, Visual C++ and Borland C++. This is |
|||
still under development. I have only build .lib's for NT and MSDOS |
|||
I will be working on this more. I still need to play with the |
|||
correct compiler setups for these compilers and add some more stuff but |
|||
basically if you just want to compile the library |
|||
on a 'non-unix' platform, this is a very very good file to start with :-). |
|||
Have a look in the 'microsoft' directory for my current makefiles. |
|||
I have not yet modified things to link with sockets under Windows NT. |
|||
You guys should be able to do this since this is actually outside of the |
|||
SSLeay scope :-). I will be doing it for myself soon. |
|||
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock |
|||
to build without RC2/RC4, to require RSAref for linking, and to |
|||
build with no socket code. |
|||
|
|||
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher |
|||
that was posted to sci.crypt has been added to the library and SSL. |
|||
I take the view that if RC2 is going to be included in a standard, |
|||
I'll include the cipher to make my package complete. |
|||
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers |
|||
at compile time. I have not tested this recently but it should all work |
|||
and if you are in the USA and don't want RSA threatening to sue you, |
|||
you could probably remove the RC4/RC2 code inside these sections. |
|||
I may in the future include a perl script that does this code |
|||
removal automatically for those in the USA :-). |
|||
- I have removed all references to sed in the makefiles. So basically, |
|||
the development environment requires perl and sh. The build environment |
|||
does not (use the makefile.one makefile). |
|||
The Configure script still requires perl, this will probably stay that way |
|||
since I have perl for Windows NT :-). |
|||
|
|||
eric (03-May-1996) |
|||
|
|||
PS Have a look in the VERSION file for more details on the changes and |
|||
bug fixes. |
|||
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned |
|||
things up. This version will be quite stable, mostly because I'm on |
|||
holidays until 10-March-1996. For any problems in the interum, send email |
|||
to Tim Hudson <tjh@mincom.oz.au>. |
|||
|
|||
SSLeay 0.5.0 |
|||
|
|||
12-12-95 |
|||
This is going out before it should really be released. |
|||
|
|||
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on |
|||
this for 11 weeks or get things out. It is still going to change a |
|||
lot in the next week so if you do grab this version, please test and |
|||
give me feed back ASAP, inculuding questions on how to do things with |
|||
the library. This will prompt me to write documentation so I don't |
|||
have to answer the same question again :-). |
|||
|
|||
This 'pre' release version is for people who are interested in the |
|||
library. The applications will have to be changed to use |
|||
the new version of the SSL interface. I intend to finish more |
|||
documentation before I leave but until then, look at the programs in |
|||
the apps directory. As far as code goes, it is much much nicer than |
|||
the old version. |
|||
|
|||
The current library works, has no memory leaks (as far as I can tell) |
|||
and is far more bug free that 0.4.5d. There are no global variable of |
|||
consequence (I believe) and I will produce some documentation that |
|||
tell where to look for those people that do want to do multi-threaded |
|||
stuff. |
|||
|
|||
There should be more documentation. Have a look in the |
|||
doc directory. I'll be adding more before I leave, it is a start |
|||
by mostly documents the crypto library. Tim Hudson will update |
|||
the web page ASAP. The spelling and grammar are crap but |
|||
it is better than nothing :-) |
|||
|
|||
Reasons to start playing with version 0.5.0 |
|||
- All the programs in the apps directory build into one ssleay binary. |
|||
- There is a new version of the 'req' program that generates certificate |
|||
requests, there is even documentation for this one :-) |
|||
- There is a demo certification authorithy program. Currently it will |
|||
look at the simple database and update it. It will generate CRL from |
|||
the data base. You need to edit the database by hand to revoke a |
|||
certificate, it is my aim to use perl5/Tk but I don't have time to do |
|||
this right now. It will generate the certificates but the management |
|||
scripts still need to be written. This is not a hard task. |
|||
- Things have been cleaned up alot. |
|||
- Have a look at the enc and dgst programs in the apps directory. |
|||
- It supports v3 of x509 certiticates. |
|||
|
|||
|
|||
Major things missing. |
|||
- I have been working on (and thinging about) the distributed x509 |
|||
hierachy problem. I have not had time to put my solution in place. |
|||
It will have to wait until I come back. |
|||
- I have not put in CRL checking in the certificate verification but |
|||
it would not be hard to do. I was waiting until I could generate my |
|||
own CRL (which has only been in the last week) and I don't have time |
|||
to put it in correctly. |
|||
- Montgomery multiplication need to be implemented. I know the |
|||
algorithm, just ran out of time. |
|||
- PKCS#7. I can load and write the DER version. I need to re-work |
|||
things to support BER (if that means nothing, read the ASN1 spec :-). |
|||
- Testing of the higher level digital envelope routines. I have not |
|||
played with the *_seal() and *_open() type functions. They are |
|||
written but need testing. The *_sign() and *_verify() functions are |
|||
rock solid. |
|||
- PEM. Doing this and PKCS#7 have been dependant on the distributed |
|||
x509 heirachy problem. I started implementing my ideas, got |
|||
distracted writing a CA program and then ran out of time. I provide |
|||
the functionality of RSAref at least. |
|||
- Re work the asm. code for the x86. I've changed by low level bignum |
|||
interface again, so I really need to tweak the x86 stuff. gcc is |
|||
good enough for the other boxes. |
|||
|
File diff suppressed because it is too large
@ -0,0 +1,982 @@ |
|||
OpenSSL - Frequently Asked Questions |
|||
-------------------------------------- |
|||
|
|||
[MISC] Miscellaneous questions |
|||
|
|||
* Which is the current version of OpenSSL? |
|||
* Where is the documentation? |
|||
* How can I contact the OpenSSL developers? |
|||
* Where can I get a compiled version of OpenSSL? |
|||
* Why aren't tools like 'autoconf' and 'libtool' used? |
|||
* What is an 'engine' version? |
|||
* How do I check the authenticity of the OpenSSL distribution? |
|||
|
|||
[LEGAL] Legal questions |
|||
|
|||
* Do I need patent licenses to use OpenSSL? |
|||
* Can I use OpenSSL with GPL software? |
|||
|
|||
[USER] Questions on using the OpenSSL applications |
|||
|
|||
* Why do I get a "PRNG not seeded" error message? |
|||
* Why do I get an "unable to write 'random state'" error message? |
|||
* How do I create certificates or certificate requests? |
|||
* Why can't I create certificate requests? |
|||
* Why does <SSL program> fail with a certificate verify error? |
|||
* Why can I only use weak ciphers when I connect to a server using OpenSSL? |
|||
* How can I create DSA certificates? |
|||
* Why can't I make an SSL connection using a DSA certificate? |
|||
* How can I remove the passphrase on a private key? |
|||
* Why can't I use OpenSSL certificates with SSL client authentication? |
|||
* Why does my browser give a warning about a mismatched hostname? |
|||
* How do I install a CA certificate into a browser? |
|||
* Why is OpenSSL x509 DN output not conformant to RFC2253? |
|||
* What is a "128 bit certificate"? Can I create one with OpenSSL? |
|||
* Why does OpenSSL set the authority key identifier extension incorrectly? |
|||
* How can I set up a bundle of commercial root CA certificates? |
|||
|
|||
[BUILD] Questions about building and testing OpenSSL |
|||
|
|||
* Why does the linker complain about undefined symbols? |
|||
* Why does the OpenSSL test fail with "bc: command not found"? |
|||
* Why does the OpenSSL test fail with "bc: 1 no implemented"? |
|||
* Why does the OpenSSL test fail with "bc: stack empty"? |
|||
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? |
|||
* Why does the OpenSSL compilation fail with "ar: command not found"? |
|||
* Why does the OpenSSL compilation fail on Win32 with VC++? |
|||
* What is special about OpenSSL on Redhat? |
|||
* Why does the OpenSSL compilation fail on MacOS X? |
|||
* Why does the OpenSSL test suite fail on MacOS X? |
|||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? |
|||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? |
|||
* Why does the OpenSSL test suite fail in sha512t on x86 CPU? |
|||
* Why does compiler fail to compile sha512.c? |
|||
* Test suite still fails, what to do? |
|||
|
|||
[PROG] Questions about programming with OpenSSL |
|||
|
|||
* Is OpenSSL thread-safe? |
|||
* I've compiled a program under Windows and it crashes: why? |
|||
* How do I read or write a DER encoded buffer using the ASN1 functions? |
|||
* OpenSSL uses DER but I need BER format: does OpenSSL support BER? |
|||
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? |
|||
* I've called <some function> and it fails, why? |
|||
* I just get a load of numbers for the error output, what do they mean? |
|||
* Why do I get errors about unknown algorithms? |
|||
* Why can't the OpenSSH configure script detect OpenSSL? |
|||
* Can I use OpenSSL's SSL library with non-blocking I/O? |
|||
* Why doesn't my server application receive a client certificate? |
|||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? |
|||
* I think I've detected a memory leak, is this a bug? |
|||
* Why does Valgrind complain about the use of uninitialized data? |
|||
* Why doesn't a memory BIO work when a file does? |
|||
* Where are the declarations and implementations of d2i_X509() etc? |
|||
|
|||
=============================================================================== |
|||
|
|||
[MISC] ======================================================================== |
|||
|
|||
* Which is the current version of OpenSSL? |
|||
|
|||
The current version is available from <URL: http://www.openssl.org>. |
|||
OpenSSL 1.0.0 was released on Mar 29th, 2010. |
|||
|
|||
In addition to the current stable release, you can also access daily |
|||
snapshots of the OpenSSL development version at <URL: |
|||
ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. |
|||
|
|||
|
|||
* Where is the documentation? |
|||
|
|||
OpenSSL is a library that provides cryptographic functionality to |
|||
applications such as secure web servers. Be sure to read the |
|||
documentation of the application you want to use. The INSTALL file |
|||
explains how to install this library. |
|||
|
|||
OpenSSL includes a command line utility that can be used to perform a |
|||
variety of cryptographic functions. It is described in the openssl(1) |
|||
manpage. Documentation for developers is currently being written. Many |
|||
manual pages are available; overviews over libcrypto and |
|||
libssl are given in the crypto(3) and ssl(3) manpages. |
|||
|
|||
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a |
|||
different directory if you specified one as described in INSTALL). |
|||
In addition, you can read the most current versions at |
|||
<URL: http://www.openssl.org/docs/>. Note that the online documents refer |
|||
to the very latest development versions of OpenSSL and may include features |
|||
not present in released versions. If in doubt refer to the documentation |
|||
that came with the version of OpenSSL you are using. |
|||
|
|||
For information on parts of libcrypto that are not yet documented, you |
|||
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's |
|||
predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much |
|||
of this still applies to OpenSSL. |
|||
|
|||
There is some documentation about certificate extensions and PKCS#12 |
|||
in doc/openssl.txt |
|||
|
|||
The original SSLeay documentation is included in OpenSSL as |
|||
doc/ssleay.txt. It may be useful when none of the other resources |
|||
help, but please note that it reflects the obsolete version SSLeay |
|||
0.6.6. |
|||
|
|||
|
|||
* How can I contact the OpenSSL developers? |
|||
|
|||
The README file describes how to submit bug reports and patches to |
|||
OpenSSL. Information on the OpenSSL mailing lists is available from |
|||
<URL: http://www.openssl.org>. |
|||
|
|||
|
|||
* Where can I get a compiled version of OpenSSL? |
|||
|
|||
You can finder pointers to binary distributions in |
|||
http://www.openssl.org/related/binaries.html . |
|||
|
|||
Some applications that use OpenSSL are distributed in binary form. |
|||
When using such an application, you don't need to install OpenSSL |
|||
yourself; the application will include the required parts (e.g. DLLs). |
|||
|
|||
If you want to build OpenSSL on a Windows system and you don't have |
|||
a C compiler, read the "Mingw32" section of INSTALL.W32 for information |
|||
on how to obtain and install the free GNU C compiler. |
|||
|
|||
A number of Linux and *BSD distributions include OpenSSL. |
|||
|
|||
|
|||
* Why aren't tools like 'autoconf' and 'libtool' used? |
|||
|
|||
autoconf will probably be used in future OpenSSL versions. If it was |
|||
less Unix-centric, it might have been used much earlier. |
|||
|
|||
* What is an 'engine' version? |
|||
|
|||
With version 0.9.6 OpenSSL was extended to interface to external crypto |
|||
hardware. This was realized in a special release '0.9.6-engine'. With |
|||
version 0.9.7 the changes were merged into the main development line, |
|||
so that the special release is no longer necessary. |
|||
|
|||
* How do I check the authenticity of the OpenSSL distribution? |
|||
|
|||
We provide MD5 digests and ASC signatures of each tarball. |
|||
Use MD5 to check that a tarball from a mirror site is identical: |
|||
|
|||
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 |
|||
|
|||
You can check authenticity using pgp or gpg. You need the OpenSSL team |
|||
member public key used to sign it (download it from a key server, see a |
|||
list of keys at <URL: http://www.openssl.org/about/>). Then |
|||
just do: |
|||
|
|||
pgp TARBALL.asc |
|||
|
|||
[LEGAL] ======================================================================= |
|||
|
|||
* Do I need patent licenses to use OpenSSL? |
|||
|
|||
The patents section of the README file lists patents that may apply to |
|||
you if you want to use OpenSSL. For information on intellectual |
|||
property rights, please consult a lawyer. The OpenSSL team does not |
|||
offer legal advice. |
|||
|
|||
You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using |
|||
./config no-idea no-mdc2 no-rc5 |
|||
|
|||
|
|||
* Can I use OpenSSL with GPL software? |
|||
|
|||
On many systems including the major Linux and BSD distributions, yes (the |
|||
GPL does not place restrictions on using libraries that are part of the |
|||
normal operating system distribution). |
|||
|
|||
On other systems, the situation is less clear. Some GPL software copyright |
|||
holders claim that you infringe on their rights if you use OpenSSL with |
|||
their software on operating systems that don't normally include OpenSSL. |
|||
|
|||
If you develop open source software that uses OpenSSL, you may find it |
|||
useful to choose an other license than the GPL, or state explicitly that |
|||
"This program is released under the GPL with the additional exemption that |
|||
compiling, linking, and/or using OpenSSL is allowed." If you are using |
|||
GPL software developed by others, you may want to ask the copyright holder |
|||
for permission to use their software with OpenSSL. |
|||
|
|||
|
|||
[USER] ======================================================================== |
|||
|
|||
* Why do I get a "PRNG not seeded" error message? |
|||
|
|||
Cryptographic software needs a source of unpredictable data to work |
|||
correctly. Many open source operating systems provide a "randomness |
|||
device" (/dev/urandom or /dev/random) that serves this purpose. |
|||
All OpenSSL versions try to use /dev/urandom by default; starting with |
|||
version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not |
|||
available. |
|||
|
|||
On other systems, applications have to call the RAND_add() or |
|||
RAND_seed() function with appropriate data before generating keys or |
|||
performing public key encryption. (These functions initialize the |
|||
pseudo-random number generator, PRNG.) Some broken applications do |
|||
not do this. As of version 0.9.5, the OpenSSL functions that need |
|||
randomness report an error if the random number generator has not been |
|||
seeded with at least 128 bits of randomness. If this error occurs and |
|||
is not discussed in the documentation of the application you are |
|||
using, please contact the author of that application; it is likely |
|||
that it never worked correctly. OpenSSL 0.9.5 and later make the |
|||
error visible by refusing to perform potentially insecure encryption. |
|||
|
|||
If you are using Solaris 8, you can add /dev/urandom and /dev/random |
|||
devices by installing patch 112438 (Sparc) or 112439 (x86), which are |
|||
available via the Patchfinder at <URL: http://sunsolve.sun.com> |
|||
(Solaris 9 includes these devices by default). For /dev/random support |
|||
for earlier Solaris versions, see Sun's statement at |
|||
<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> |
|||
(the SUNWski package is available in patch 105710). |
|||
|
|||
On systems without /dev/urandom and /dev/random, it is a good idea to |
|||
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for |
|||
details. Starting with version 0.9.7, OpenSSL will automatically look |
|||
for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and |
|||
/etc/entropy. |
|||
|
|||
Most components of the openssl command line utility automatically try |
|||
to seed the random number generator from a file. The name of the |
|||
default seeding file is determined as follows: If environment variable |
|||
RANDFILE is set, then it names the seeding file. Otherwise if |
|||
environment variable HOME is set, then the seeding file is $HOME/.rnd. |
|||
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will |
|||
use file .rnd in the current directory while OpenSSL 0.9.6a uses no |
|||
default seeding file at all. OpenSSL 0.9.6b and later will behave |
|||
similarly to 0.9.6a, but will use a default of "C:\" for HOME on |
|||
Windows systems if the environment variable has not been set. |
|||
|
|||
If the default seeding file does not exist or is too short, the "PRNG |
|||
not seeded" error message may occur. |
|||
|
|||
The openssl command line utility will write back a new state to the |
|||
default seeding file (and create this file if necessary) unless |
|||
there was no sufficient seeding. |
|||
|
|||
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. |
|||
Use the "-rand" option of the OpenSSL command line tools instead. |
|||
The $RANDFILE environment variable and $HOME/.rnd are only used by the |
|||
OpenSSL command line tools. Applications using the OpenSSL library |
|||
provide their own configuration options to specify the entropy source, |
|||
please check out the documentation coming the with application. |
|||
|
|||
|
|||
* Why do I get an "unable to write 'random state'" error message? |
|||
|
|||
|
|||
Sometimes the openssl command line utility does not abort with |
|||
a "PRNG not seeded" error message, but complains that it is |
|||
"unable to write 'random state'". This message refers to the |
|||
default seeding file (see previous answer). A possible reason |
|||
is that no default filename is known because neither RANDFILE |
|||
nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the |
|||
current directory in this case, but this has changed with 0.9.6a.) |
|||
|
|||
|
|||
* How do I create certificates or certificate requests? |
|||
|
|||
Check out the CA.pl(1) manual page. This provides a simple wrapper round |
|||
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check |
|||
out the manual pages for the individual utilities and the certificate |
|||
extensions documentation (currently in doc/openssl.txt). |
|||
|
|||
|
|||
* Why can't I create certificate requests? |
|||
|
|||
You typically get the error: |
|||
|
|||
unable to find 'distinguished_name' in config |
|||
problems making Certificate Request |
|||
|
|||
This is because it can't find the configuration file. Check out the |
|||
DIAGNOSTICS section of req(1) for more information. |
|||
|
|||
|
|||
* Why does <SSL program> fail with a certificate verify error? |
|||
|
|||
This problem is usually indicated by log messages saying something like |
|||
"unable to get local issuer certificate" or "self signed certificate". |
|||
When a certificate is verified its root CA must be "trusted" by OpenSSL |
|||
this typically means that the CA certificate must be placed in a directory |
|||
or file and the relevant program configured to read it. The OpenSSL program |
|||
'verify' behaves in a similar way and issues similar error messages: check |
|||
the verify(1) program manual page for more information. |
|||
|
|||
|
|||
* Why can I only use weak ciphers when I connect to a server using OpenSSL? |
|||
|
|||
This is almost certainly because you are using an old "export grade" browser |
|||
which only supports weak encryption. Upgrade your browser to support 128 bit |
|||
ciphers. |
|||
|
|||
|
|||
* How can I create DSA certificates? |
|||
|
|||
Check the CA.pl(1) manual page for a DSA certificate example. |
|||
|
|||
|
|||
* Why can't I make an SSL connection to a server using a DSA certificate? |
|||
|
|||
Typically you'll see a message saying there are no shared ciphers when |
|||
the same setup works fine with an RSA certificate. There are two possible |
|||
causes. The client may not support connections to DSA servers most web |
|||
browsers (including Netscape and MSIE) only support connections to servers |
|||
supporting RSA cipher suites. The other cause is that a set of DH parameters |
|||
has not been supplied to the server. DH parameters can be created with the |
|||
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: |
|||
check the source to s_server in apps/s_server.c for an example. |
|||
|
|||
|
|||
* How can I remove the passphrase on a private key? |
|||
|
|||
Firstly you should be really *really* sure you want to do this. Leaving |
|||
a private key unencrypted is a major security risk. If you decide that |
|||
you do have to do this check the EXAMPLES sections of the rsa(1) and |
|||
dsa(1) manual pages. |
|||
|
|||
|
|||
* Why can't I use OpenSSL certificates with SSL client authentication? |
|||
|
|||
What will typically happen is that when a server requests authentication |
|||
it will either not include your certificate or tell you that you have |
|||
no client certificates (Netscape) or present you with an empty list box |
|||
(MSIE). The reason for this is that when a server requests a client |
|||
certificate it includes a list of CAs names which it will accept. Browsers |
|||
will only let you select certificates from the list on the grounds that |
|||
there is little point presenting a certificate which the server will |
|||
reject. |
|||
|
|||
The solution is to add the relevant CA certificate to your servers "trusted |
|||
CA list". How you do this depends on the server software in uses. You can |
|||
print out the servers list of acceptable CAs using the OpenSSL s_client tool: |
|||
|
|||
openssl s_client -connect www.some.host:443 -prexit |
|||
|
|||
If your server only requests certificates on certain URLs then you may need |
|||
to manually issue an HTTP GET command to get the list when s_client connects: |
|||
|
|||
GET /some/page/needing/a/certificate.html |
|||
|
|||
If your CA does not appear in the list then this confirms the problem. |
|||
|
|||
|
|||
* Why does my browser give a warning about a mismatched hostname? |
|||
|
|||
Browsers expect the server's hostname to match the value in the commonName |
|||
(CN) field of the certificate. If it does not then you get a warning. |
|||
|
|||
|
|||
* How do I install a CA certificate into a browser? |
|||
|
|||
The usual way is to send the DER encoded certificate to the browser as |
|||
MIME type application/x-x509-ca-cert, for example by clicking on an appropriate |
|||
link. On MSIE certain extensions such as .der or .cacert may also work, or you |
|||
can import the certificate using the certificate import wizard. |
|||
|
|||
You can convert a certificate to DER form using the command: |
|||
|
|||
openssl x509 -in ca.pem -outform DER -out ca.der |
|||
|
|||
Occasionally someone suggests using a command such as: |
|||
|
|||
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem |
|||
|
|||
DO NOT DO THIS! This command will give away your CAs private key and |
|||
reduces its security to zero: allowing anyone to forge certificates in |
|||
whatever name they choose. |
|||
|
|||
* Why is OpenSSL x509 DN output not conformant to RFC2253? |
|||
|
|||
The ways to print out the oneline format of the DN (Distinguished Name) have |
|||
been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() |
|||
interface, the "-nameopt" option could be introduded. See the manual |
|||
page of the "openssl x509" commandline tool for details. The old behaviour |
|||
has however been left as default for the sake of compatibility. |
|||
|
|||
* What is a "128 bit certificate"? Can I create one with OpenSSL? |
|||
|
|||
The term "128 bit certificate" is a highly misleading marketing term. It does |
|||
*not* refer to the size of the public key in the certificate! A certificate |
|||
containing a 128 bit RSA key would have negligible security. |
|||
|
|||
There were various other names such as "magic certificates", "SGC |
|||
certificates", "step up certificates" etc. |
|||
|
|||
You can't generally create such a certificate using OpenSSL but there is no |
|||
need to any more. Nowadays web browsers using unrestricted strong encryption |
|||
are generally available. |
|||
|
|||
When there were tight restrictions on the export of strong encryption |
|||
software from the US only weak encryption algorithms could be freely exported |
|||
(initially 40 bit and then 56 bit). It was widely recognised that this was |
|||
inadequate. A relaxation of the rules allowed the use of strong encryption but |
|||
only to an authorised server. |
|||
|
|||
Two slighly different techniques were developed to support this, one used by |
|||
Netscape was called "step up", the other used by MSIE was called "Server Gated |
|||
Cryptography" (SGC). When a browser initially connected to a server it would |
|||
check to see if the certificate contained certain extensions and was issued by |
|||
an authorised authority. If these test succeeded it would reconnect using |
|||
strong encryption. |
|||
|
|||
Only certain (initially one) certificate authorities could issue the |
|||
certificates and they generally cost more than ordinary certificates. |
|||
|
|||
Although OpenSSL can create certificates containing the appropriate extensions |
|||
the certificate would not come from a permitted authority and so would not |
|||
be recognized. |
|||
|
|||
The export laws were later changed to allow almost unrestricted use of strong |
|||
encryption so these certificates are now obsolete. |
|||
|
|||
|
|||
* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? |
|||
|
|||
It doesn't: this extension is often the cause of confusion. |
|||
|
|||
Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose |
|||
certificate C contains AKID. |
|||
|
|||
The purpose of this extension is to identify the authority certificate B. This |
|||
can be done either by including the subject key identifier of B or its issuer |
|||
name and serial number. |
|||
|
|||
In this latter case because it is identifying certifcate B it must contain the |
|||
issuer name and serial number of B. |
|||
|
|||
It is often wrongly assumed that it should contain the subject name of B. If it |
|||
did this would be redundant information because it would duplicate the issuer |
|||
name of C. |
|||
|
|||
|
|||
* How can I set up a bundle of commercial root CA certificates? |
|||
|
|||
The OpenSSL software is shipped without any root CA certificate as the |
|||
OpenSSL project does not have any policy on including or excluding |
|||
any specific CA and does not intend to set up such a policy. Deciding |
|||
about which CAs to support is up to application developers or |
|||
administrators. |
|||
|
|||
Other projects do have other policies so you can for example extract the CA |
|||
bundle used by Mozilla and/or modssl as described in this article: |
|||
|
|||
http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html |
|||
|
|||
|
|||
[BUILD] ======================================================================= |
|||
|
|||
* Why does the linker complain about undefined symbols? |
|||
|
|||
Maybe the compilation was interrupted, and make doesn't notice that |
|||
something is missing. Run "make clean; make". |
|||
|
|||
If you used ./Configure instead of ./config, make sure that you |
|||
selected the right target. File formats may differ slightly between |
|||
OS versions (for example sparcv8/sparcv9, or a.out/elf). |
|||
|
|||
In case you get errors about the following symbols, use the config |
|||
option "no-asm", as described in INSTALL: |
|||
|
|||
BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, |
|||
CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, |
|||
RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, |
|||
bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, |
|||
bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, |
|||
des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, |
|||
des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order |
|||
|
|||
If none of these helps, you may want to try using the current snapshot. |
|||
If the problem persists, please submit a bug report. |
|||
|
|||
|
|||
* Why does the OpenSSL test fail with "bc: command not found"? |
|||
|
|||
You didn't install "bc", the Unix calculator. If you want to run the |
|||
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. |
|||
|
|||
|
|||
* Why does the OpenSSL test fail with "bc: 1 no implemented"? |
|||
|
|||
On some SCO installations or versions, bc has a bug that gets triggered |
|||
when you run the test suite (using "make test"). The message returned is |
|||
"bc: 1 not implemented". |
|||
|
|||
The best way to deal with this is to find another implementation of bc |
|||
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html |
|||
for download instructions) can be safely used, for example. |
|||
|
|||
|
|||
* Why does the OpenSSL test fail with "bc: stack empty"? |
|||
|
|||
On some DG/ux versions, bc seems to have a too small stack for calculations |
|||
that the OpenSSL bntest throws at it. This gets triggered when you run the |
|||
test suite (using "make test"). The message returned is "bc: stack empty". |
|||
|
|||
The best way to deal with this is to find another implementation of bc |
|||
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html |
|||
for download instructions) can be safely used, for example. |
|||
|
|||
|
|||
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? |
|||
|
|||
On some Alpha installations running Tru64 Unix and Compaq C, the compilation |
|||
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual |
|||
memory to continue compilation.' As far as the tests have shown, this may be |
|||
a compiler bug. What happens is that it eats up a lot of resident memory |
|||
to build something, probably a table. The problem is clearly in the |
|||
optimization code, because if one eliminates optimization completely (-O0), |
|||
the compilation goes through (and the compiler consumes about 2MB of resident |
|||
memory instead of 240MB or whatever one's limit is currently). |
|||
|
|||
There are three options to solve this problem: |
|||
|
|||
1. set your current data segment size soft limit higher. Experience shows |
|||
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do |
|||
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of |
|||
kbytes to set the limit to. |
|||
|
|||
2. If you have a hard limit that is lower than what you need and you can't |
|||
get it changed, you can compile all of OpenSSL with -O0 as optimization |
|||
level. This is however not a very nice thing to do for those who expect to |
|||
get the best result from OpenSSL. A bit more complicated solution is the |
|||
following: |
|||
|
|||
----- snip:start ----- |
|||
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ |
|||
sed -e 's/ -O[0-9] / -O0 /'`" |
|||
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` |
|||
make |
|||
----- snip:end ----- |
|||
|
|||
This will only compile sha_dgst.c with -O0, the rest with the optimization |
|||
level chosen by the configuration process. When the above is done, do the |
|||
test and installation and you're set. |
|||
|
|||
3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It |
|||
should not be used and is not used in SSL/TLS nor any other recognized |
|||
protocol in either case. |
|||
|
|||
|
|||
* Why does the OpenSSL compilation fail with "ar: command not found"? |
|||
|
|||
Getting this message is quite usual on Solaris 2, because Sun has hidden |
|||
away 'ar' and other development commands in directories that aren't in |
|||
$PATH by default. One of those directories is '/usr/ccs/bin'. The |
|||
quickest way to fix this is to do the following (it assumes you use sh |
|||
or any sh-compatible shell): |
|||
|
|||
----- snip:start ----- |
|||
PATH=${PATH}:/usr/ccs/bin; export PATH |
|||
----- snip:end ----- |
|||
|
|||
and then redo the compilation. What you should really do is make sure |
|||
'/usr/ccs/bin' is permanently in your $PATH, for example through your |
|||
'.profile' (again, assuming you use a sh-compatible shell). |
|||
|
|||
|
|||
* Why does the OpenSSL compilation fail on Win32 with VC++? |
|||
|
|||
Sometimes, you may get reports from VC++ command line (cl) that it |
|||
can't find standard include files like stdio.h and other weirdnesses. |
|||
One possible cause is that the environment isn't correctly set up. |
|||
To solve that problem for VC++ versions up to 6, one should run |
|||
VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ |
|||
installation directory (somewhere under 'Program Files'). For VC++ |
|||
version 7 (and up?), which is also called VS.NET, the file is called |
|||
VSVARS32.BAT instead. |
|||
This needs to be done prior to running NMAKE, and the changes are only |
|||
valid for the current DOS session. |
|||
|
|||
|
|||
* What is special about OpenSSL on Redhat? |
|||
|
|||
Red Hat Linux (release 7.0 and later) include a preinstalled limited |
|||
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 |
|||
is disabled in this version. The same may apply to other Linux distributions. |
|||
Users may therefore wish to install more or all of the features left out. |
|||
|
|||
To do this you MUST ensure that you do not overwrite the openssl that is in |
|||
/usr/bin on your Red Hat machine. Several packages depend on this file, |
|||
including sendmail and ssh. /usr/local/bin is a good alternative choice. The |
|||
libraries that come with Red Hat 7.0 onwards have different names and so are |
|||
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and |
|||
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and |
|||
/lib/libcrypto.so.2 respectively). |
|||
|
|||
Please note that we have been advised by Red Hat attempting to recompile the |
|||
openssl rpm with all the cryptography enabled will not work. All other |
|||
packages depend on the original Red Hat supplied openssl package. It is also |
|||
worth noting that due to the way Red Hat supplies its packages, updates to |
|||
openssl on each distribution never change the package version, only the |
|||
build number. For example, on Red Hat 7.1, the latest openssl package has |
|||
version number 0.9.6 and build number 9 even though it contains all the |
|||
relevant updates in packages up to and including 0.9.6b. |
|||
|
|||
A possible way around this is to persuade Red Hat to produce a non-US |
|||
version of Red Hat Linux. |
|||
|
|||
FYI: Patent numbers and expiry dates of US patents: |
|||
MDC-2: 4,908,861 13/03/2007 |
|||
IDEA: 5,214,703 25/05/2010 |
|||
RC5: 5,724,428 03/03/2015 |
|||
|
|||
|
|||
* Why does the OpenSSL compilation fail on MacOS X? |
|||
|
|||
If the failure happens when trying to build the "openssl" binary, with |
|||
a large number of undefined symbols, it's very probable that you have |
|||
OpenSSL 0.9.6b delivered with the operating system (you can find out by |
|||
running '/usr/bin/openssl version') and that you were trying to build |
|||
OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in |
|||
MacOS X has a misfeature that's quite difficult to go around. |
|||
Look in the file PROBLEMS for a more detailed explanation and for possible |
|||
solutions. |
|||
|
|||
|
|||
* Why does the OpenSSL test suite fail on MacOS X? |
|||
|
|||
If the failure happens when running 'make test' and the RC4 test fails, |
|||
it's very probable that you have OpenSSL 0.9.6b delivered with the |
|||
operating system (you can find out by running '/usr/bin/openssl version') |
|||
and that you were trying to build OpenSSL 0.9.6d. The problem is that |
|||
the loader ('ld') in MacOS X has a misfeature that's quite difficult to |
|||
go around and has linked the programs "openssl" and the test programs |
|||
with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the |
|||
libraries you just built. |
|||
Look in the file PROBLEMS for a more detailed explanation and for possible |
|||
solutions. |
|||
|
|||
* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? |
|||
|
|||
Failure in BN_sqr test is most likely caused by a failure to configure the |
|||
toolkit for current platform or lack of support for the platform in question. |
|||
Run './config -t' and './apps/openssl version -p'. Do these platform |
|||
identifiers match? If they don't, then you most likely failed to run |
|||
./config and you're hereby advised to do so before filing a bug report. |
|||
If ./config itself fails to run, then it's most likely problem with your |
|||
local environment and you should turn to your system administrator (or |
|||
similar). If identifiers match (and/or no alternative identifier is |
|||
suggested by ./config script), then the platform is unsupported. There might |
|||
or might not be a workaround. Most notably on SPARC64 platforms with GNU |
|||
C compiler you should be able to produce a working build by running |
|||
'./config -m32'. I understand that -m32 might not be what you want/need, |
|||
but the build should be operational. For further details turn to |
|||
<openssl-dev@openssl.org>. |
|||
|
|||
* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? |
|||
|
|||
As of 0.9.7 assembler routines were overhauled for position independence |
|||
of the machine code, which is essential for shared library support. For |
|||
some reason OpenBSD is equipped with an out-of-date GNU assembler which |
|||
finds the new code offensive. To work around the problem, configure with |
|||
no-asm (and sacrifice a great deal of performance) or patch your assembler |
|||
according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. |
|||
For your convenience a pre-compiled replacement binary is provided at |
|||
<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. |
|||
Reportedly elder *BSD a.out platforms also suffer from this problem and |
|||
remedy should be same. Provided binary is statically linked and should be |
|||
working across wider range of *BSD branches, not just OpenBSD. |
|||
|
|||
* Why does the OpenSSL test suite fail in sha512t on x86 CPU? |
|||
|
|||
If the test program in question fails withs SIGILL, Illegal Instruction |
|||
exception, then you more than likely to run SSE2-capable CPU, such as |
|||
Intel P4, under control of kernel which does not support SSE2 |
|||
instruction extentions. See accompanying INSTALL file and |
|||
OPENSSL_ia32cap(3) documentation page for further information. |
|||
|
|||
* Why does compiler fail to compile sha512.c? |
|||
|
|||
OpenSSL SHA-512 implementation depends on compiler support for 64-bit |
|||
integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a |
|||
couple] lack support for this and therefore are incapable of compiling |
|||
the module in question. The recommendation is to disable SHA-512 by |
|||
adding no-sha512 to ./config [or ./Configure] command line. Another |
|||
possible alternative might be to switch to GCC. |
|||
|
|||
* Test suite still fails, what to do? |
|||
|
|||
Another common reason for failure to complete some particular test is |
|||
simply bad code generated by a buggy component in toolchain or deficiency |
|||
in run-time environment. There are few cases documented in PROBLEMS file, |
|||
consult it for possible workaround before you beat the drum. Even if you |
|||
don't find solution or even mention there, do reserve for possibility of |
|||
a compiler bug. Compiler bugs might appear in rather bizarre ways, they |
|||
never make sense, and tend to emerge when you least expect them. In order |
|||
to identify one, drop optimization level, e.g. by editing CFLAG line in |
|||
top-level Makefile, recompile and re-run the test. |
|||
|
|||
[PROG] ======================================================================== |
|||
|
|||
* Is OpenSSL thread-safe? |
|||
|
|||
Yes (with limitations: an SSL connection may not concurrently be used |
|||
by multiple threads). On Windows and many Unix systems, OpenSSL |
|||
automatically uses the multi-threaded versions of the standard |
|||
libraries. If your platform is not one of these, consult the INSTALL |
|||
file. |
|||
|
|||
Multi-threaded applications must provide two callback functions to |
|||
OpenSSL by calling CRYPTO_set_locking_callback() and |
|||
CRYPTO_set_id_callback(), for all versions of OpenSSL up to and |
|||
including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() |
|||
and associated APIs are deprecated by CRYPTO_THREADID_set_callback() |
|||
and friends. This is described in the threads(3) manpage. |
|||
|
|||
* I've compiled a program under Windows and it crashes: why? |
|||
|
|||
This is usually because you've missed the comment in INSTALL.W32. |
|||
Your application must link against the same version of the Win32 |
|||
C-Runtime against which your openssl libraries were linked. The |
|||
default version for OpenSSL is /MD - "Multithreaded DLL". |
|||
|
|||
If you are using Microsoft Visual C++'s IDE (Visual Studio), in |
|||
many cases, your new project most likely defaulted to "Debug |
|||
Singlethreaded" - /ML. This is NOT interchangeable with /MD and your |
|||
program will crash, typically on the first BIO related read or write |
|||
operation. |
|||
|
|||
For each of the six possible link stage configurations within Win32, |
|||
your application must link against the same by which OpenSSL was |
|||
built. If you are using MS Visual C++ (Studio) this can be changed |
|||
by: |
|||
|
|||
1. Select Settings... from the Project Menu. |
|||
2. Select the C/C++ Tab. |
|||
3. Select "Code Generation from the "Category" drop down list box |
|||
4. Select the Appropriate library (see table below) from the "Use |
|||
run-time library" drop down list box. Perform this step for both |
|||
your debug and release versions of your application (look at the |
|||
top left of the settings panel to change between the two) |
|||
|
|||
Single Threaded /ML - MS VC++ often defaults to |
|||
this for the release |
|||
version of a new project. |
|||
Debug Single Threaded /MLd - MS VC++ often defaults to |
|||
this for the debug version |
|||
of a new project. |
|||
Multithreaded /MT |
|||
Debug Multithreaded /MTd |
|||
Multithreaded DLL /MD - OpenSSL defaults to this. |
|||
Debug Multithreaded DLL /MDd |
|||
|
|||
Note that debug and release libraries are NOT interchangeable. If you |
|||
built OpenSSL with /MD your application must use /MD and cannot use /MDd. |
|||
|
|||
As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL |
|||
.DLLs compiled with some specific run-time option [we insist on the |
|||
default /MD] can be deployed with application compiled with different |
|||
option or even different compiler. But there is a catch! Instead of |
|||
re-compiling OpenSSL toolkit, as you would have to with prior versions, |
|||
you have to compile small C snippet with compiler and/or options of |
|||
your choice. The snippet gets installed as |
|||
<install-root>/include/openssl/applink.c and should be either added to |
|||
your application project or simply #include-d in one [and only one] |
|||
of your application source files. Failure to link this shim module |
|||
into your application manifests itself as fatal "no OPENSSL_Applink" |
|||
run-time error. An explicit reminder is due that in this situation |
|||
[mixing compiler options] it is as important to add CRYPTO_malloc_init |
|||
prior first call to OpenSSL. |
|||
|
|||
* How do I read or write a DER encoded buffer using the ASN1 functions? |
|||
|
|||
You have two options. You can either use a memory BIO in conjunction |
|||
with the i2d_*_bio() or d2i_*_bio() functions or you can use the |
|||
i2d_*(), d2i_*() functions directly. Since these are often the |
|||
cause of grief here are some code fragments using PKCS7 as an example: |
|||
|
|||
unsigned char *buf, *p; |
|||
int len; |
|||
|
|||
len = i2d_PKCS7(p7, NULL); |
|||
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ |
|||
p = buf; |
|||
i2d_PKCS7(p7, &p); |
|||
|
|||
At this point buf contains the len bytes of the DER encoding of |
|||
p7. |
|||
|
|||
The opposite assumes we already have len bytes in buf: |
|||
|
|||
unsigned char *p; |
|||
p = buf; |
|||
p7 = d2i_PKCS7(NULL, &p, len); |
|||
|
|||
At this point p7 contains a valid PKCS7 structure of NULL if an error |
|||
occurred. If an error occurred ERR_print_errors(bio) should give more |
|||
information. |
|||
|
|||
The reason for the temporary variable 'p' is that the ASN1 functions |
|||
increment the passed pointer so it is ready to read or write the next |
|||
structure. This is often a cause of problems: without the temporary |
|||
variable the buffer pointer is changed to point just after the data |
|||
that has been read or written. This may well be uninitialized data |
|||
and attempts to free the buffer will have unpredictable results |
|||
because it no longer points to the same address. |
|||
|
|||
|
|||
* OpenSSL uses DER but I need BER format: does OpenSSL support BER? |
|||
|
|||
The short answer is yes, because DER is a special case of BER and OpenSSL |
|||
ASN1 decoders can process BER. |
|||
|
|||
The longer answer is that ASN1 structures can be encoded in a number of |
|||
different ways. One set of ways is the Basic Encoding Rules (BER) with various |
|||
permissible encodings. A restriction of BER is the Distinguished Encoding |
|||
Rules (DER): these uniquely specify how a given structure is encoded. |
|||
|
|||
Therefore, because DER is a special case of BER, DER is an acceptable encoding |
|||
for BER. |
|||
|
|||
|
|||
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? |
|||
|
|||
This usually happens when you try compiling something using the PKCS#12 |
|||
macros with a C++ compiler. There is hardly ever any need to use the |
|||
PKCS#12 macros in a program, it is much easier to parse and create |
|||
PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions |
|||
documented in doc/openssl.txt and with examples in demos/pkcs12. The |
|||
'pkcs12' application has to use the macros because it prints out |
|||
debugging information. |
|||
|
|||
|
|||
* I've called <some function> and it fails, why? |
|||
|
|||
Before submitting a report or asking in one of the mailing lists, you |
|||
should try to determine the cause. In particular, you should call |
|||
ERR_print_errors() or ERR_print_errors_fp() after the failed call |
|||
and see if the message helps. Note that the problem may occur earlier |
|||
than you think -- you should check for errors after every call where |
|||
it is possible, otherwise the actual problem may be hidden because |
|||
some OpenSSL functions clear the error state. |
|||
|
|||
|
|||
* I just get a load of numbers for the error output, what do they mean? |
|||
|
|||
The actual format is described in the ERR_print_errors() manual page. |
|||
You should call the function ERR_load_crypto_strings() before hand and |
|||
the message will be output in text form. If you can't do this (for example |
|||
it is a pre-compiled binary) you can use the errstr utility on the error |
|||
code itself (the hex digits after the second colon). |
|||
|
|||
|
|||
* Why do I get errors about unknown algorithms? |
|||
|
|||
The cause is forgetting to load OpenSSL's table of algorithms with |
|||
OpenSSL_add_all_algorithms(). See the manual page for more information. This |
|||
can cause several problems such as being unable to read in an encrypted |
|||
PEM file, unable to decrypt a PKCS#12 file or signature failure when |
|||
verifying certificates. |
|||
|
|||
* Why can't the OpenSSH configure script detect OpenSSL? |
|||
|
|||
Several reasons for problems with the automatic detection exist. |
|||
OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. |
|||
Sometimes the distribution has installed an older version in the system |
|||
locations that is detected instead of a new one installed. The OpenSSL |
|||
library might have been compiled for another CPU or another mode (32/64 bits). |
|||
Permissions might be wrong. |
|||
|
|||
The general answer is to check the config.log file generated when running |
|||
the OpenSSH configure script. It should contain the detailed information |
|||
on why the OpenSSL library was not detected or considered incompatible. |
|||
|
|||
|
|||
* Can I use OpenSSL's SSL library with non-blocking I/O? |
|||
|
|||
Yes; make sure to read the SSL_get_error(3) manual page! |
|||
|
|||
A pitfall to avoid: Don't assume that SSL_read() will just read from |
|||
the underlying transport or that SSL_write() will just write to it -- |
|||
it is also possible that SSL_write() cannot do any useful work until |
|||
there is data to read, or that SSL_read() cannot do anything until it |
|||
is possible to send data. One reason for this is that the peer may |
|||
request a new TLS/SSL handshake at any time during the protocol, |
|||
requiring a bi-directional message exchange; both SSL_read() and |
|||
SSL_write() will try to continue any pending handshake. |
|||
|
|||
|
|||
* Why doesn't my server application receive a client certificate? |
|||
|
|||
Due to the TLS protocol definition, a client will only send a certificate, |
|||
if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the |
|||
SSL_CTX_set_verify() function to enable the use of client certificates. |
|||
|
|||
|
|||
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? |
|||
|
|||
For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier |
|||
versions, uniqueIdentifier was incorrectly used for X.509 certificates. |
|||
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. |
|||
Change your code to use the new name when compiling against OpenSSL 0.9.7. |
|||
|
|||
|
|||
* I think I've detected a memory leak, is this a bug? |
|||
|
|||
In most cases the cause of an apparent memory leak is an OpenSSL internal table |
|||
that is allocated when an application starts up. Since such tables do not grow |
|||
in size over time they are harmless. |
|||
|
|||
These internal tables can be freed up when an application closes using various |
|||
functions. Currently these include following: |
|||
|
|||
Thread-local cleanup functions: |
|||
|
|||
ERR_remove_state() |
|||
|
|||
Application-global cleanup functions that are aware of usage (and therefore |
|||
thread-safe): |
|||
|
|||
ENGINE_cleanup() and CONF_modules_unload() |
|||
|
|||
"Brutal" (thread-unsafe) Application-global cleanup functions: |
|||
|
|||
ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). |
|||
|
|||
|
|||
* Why does Valgrind complain about the use of uninitialized data? |
|||
|
|||
When OpenSSL's PRNG routines are called to generate random numbers the supplied |
|||
buffer contents are mixed into the entropy pool: so it technically does not |
|||
matter whether the buffer is initialized at this point or not. Valgrind (and |
|||
other test tools) will complain about this. When using Valgrind, make sure the |
|||
OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) |
|||
to get rid of these warnings. |
|||
|
|||
|
|||
* Why doesn't a memory BIO work when a file does? |
|||
|
|||
This can occur in several cases for example reading an S/MIME email message. |
|||
The reason is that a memory BIO can do one of two things when all the data |
|||
has been read from it. |
|||
|
|||
The default behaviour is to indicate that no more data is available and that |
|||
the call should be retried, this is to allow the application to fill up the BIO |
|||
again if necessary. |
|||
|
|||
Alternatively it can indicate that no more data is available and that EOF has |
|||
been reached. |
|||
|
|||
If a memory BIO is to behave in the same way as a file this second behaviour |
|||
is needed. This must be done by calling: |
|||
|
|||
BIO_set_mem_eof_return(bio, 0); |
|||
|
|||
See the manual pages for more details. |
|||
|
|||
|
|||
* Where are the declarations and implementations of d2i_X509() etc? |
|||
|
|||
These are defined and implemented by macros of the form: |
|||
|
|||
|
|||
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) |
|||
|
|||
The implementation passes an ASN1 "template" defining the structure into an |
|||
ASN1 interpreter using generalised functions such as ASN1_item_d2i(). |
|||
|
|||
|
|||
=============================================================================== |
@ -0,0 +1,350 @@ |
|||
|
|||
INSTALLATION ON THE UNIX PLATFORM |
|||
--------------------------------- |
|||
|
|||
[Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) |
|||
and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, |
|||
INSTALL.MacOS and INSTALL.NW. |
|||
|
|||
This document describes installation on operating systems in the Unix |
|||
family.] |
|||
|
|||
To install OpenSSL, you will need: |
|||
|
|||
* make |
|||
* Perl 5 |
|||
* an ANSI C compiler |
|||
* a development environment in form of development libraries and C |
|||
header files |
|||
* a supported Unix operating system |
|||
|
|||
Quick Start |
|||
----------- |
|||
|
|||
If you want to just get on with it, do: |
|||
|
|||
$ ./config |
|||
$ make |
|||
$ make test |
|||
$ make install |
|||
|
|||
[If any of these steps fails, see section Installation in Detail below.] |
|||
|
|||
This will build and install OpenSSL in the default location, which is (for |
|||
historical reasons) /usr/local/ssl. If you want to install it anywhere else, |
|||
run config like this: |
|||
|
|||
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl |
|||
|
|||
|
|||
Configuration Options |
|||
--------------------- |
|||
|
|||
There are several options to ./config (or ./Configure) to customize |
|||
the build: |
|||
|
|||
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. |
|||
Configuration files used by OpenSSL will be in DIR/ssl |
|||
or the directory specified by --openssldir. |
|||
|
|||
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified, |
|||
the library files and binaries are also installed there. |
|||
|
|||
no-threads Don't try to build with support for multi-threaded |
|||
applications. |
|||
|
|||
threads Build with support for multi-threaded applications. |
|||
This will usually require additional system-dependent options! |
|||
See "Note on multi-threading" below. |
|||
|
|||
no-zlib Don't try to build with support for zlib compression and |
|||
decompression. |
|||
|
|||
zlib Build with support for zlib compression/decompression. |
|||
|
|||
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically |
|||
when needed. This is only supported on systems where loading |
|||
of shared libraries is supported. This is the default choice. |
|||
|
|||
no-shared Don't try to create shared libraries. |
|||
|
|||
shared In addition to the usual static libraries, create shared |
|||
libraries on platforms where it's supported. See "Note on |
|||
shared libraries" below. |
|||
|
|||
no-asm Do not use assembler code. |
|||
|
|||
386 Use the 80386 instruction set only (the default x86 code is |
|||
more efficient, but requires at least a 486). Note: Use |
|||
compiler flags for any other CPU specific configuration, |
|||
e.g. "-m32" to build x86 code on an x64 system. |
|||
|
|||
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is |
|||
detected at run-time, but the decision whether or not the |
|||
machine code will be executed is taken solely on CPU |
|||
capability vector. This means that if you happen to run OS |
|||
kernel which does not support SSE2 extension on Intel P4 |
|||
processor, then your application might be exposed to |
|||
"illegal instruction" exception. There might be a way |
|||
to enable support in kernel, e.g. FreeBSD kernel can be |
|||
compiled with CPU_ENABLE_SSE, and there is a way to |
|||
disengage SSE2 code pathes upon application start-up, |
|||
but if you aim for wider "audience" running such kernel, |
|||
consider no-sse2. Both 386 and no-asm options above imply |
|||
no-sse2. |
|||
|
|||
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa, |
|||
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). |
|||
The crypto/<cipher> directory can be removed after running |
|||
"make depend". |
|||
|
|||
-Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will |
|||
be passed through to the compiler to allow you to |
|||
define preprocessor symbols, specify additional libraries, |
|||
library directories or other compiler options. |
|||
|
|||
|
|||
Installation in Detail |
|||
---------------------- |
|||
|
|||
1a. Configure OpenSSL for your operation system automatically: |
|||
|
|||
$ ./config [options] |
|||
|
|||
This guesses at your operating system (and compiler, if necessary) and |
|||
configures OpenSSL based on this guess. Run ./config -t to see |
|||
if it guessed correctly. If you want to use a different compiler, you |
|||
are cross-compiling for another platform, or the ./config guess was |
|||
wrong for other reasons, go to step 1b. Otherwise go to step 2. |
|||
|
|||
On some systems, you can include debugging information as follows: |
|||
|
|||
$ ./config -d [options] |
|||
|
|||
1b. Configure OpenSSL for your operating system manually |
|||
|
|||
OpenSSL knows about a range of different operating system, hardware and |
|||
compiler combinations. To see the ones it knows about, run |
|||
|
|||
$ ./Configure |
|||
|
|||
Pick a suitable name from the list that matches your system. For most |
|||
operating systems there is a choice between using "cc" or "gcc". When |
|||
you have identified your system (and if necessary compiler) use this name |
|||
as the argument to ./Configure. For example, a "linux-elf" user would |
|||
run: |
|||
|
|||
$ ./Configure linux-elf [options] |
|||
|
|||
If your system is not available, you will have to edit the Configure |
|||
program and add the correct configuration for your system. The |
|||
generic configurations "cc" or "gcc" should usually work on 32 bit |
|||
systems. |
|||
|
|||
Configure creates the file Makefile.ssl from Makefile.org and |
|||
defines various macros in crypto/opensslconf.h (generated from |
|||
crypto/opensslconf.h.in). |
|||
|
|||
2. Build OpenSSL by running: |
|||
|
|||
$ make |
|||
|
|||
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the |
|||
OpenSSL binary ("openssl"). The libraries will be built in the top-level |
|||
directory, and the binary will be in the "apps" directory. |
|||
|
|||
If "make" fails, look at the output. There may be reasons for |
|||
the failure that aren't problems in OpenSSL itself (like missing |
|||
standard headers). If it is a problem with OpenSSL itself, please |
|||
report the problem to <openssl-bugs@openssl.org> (note that your |
|||
message will be recorded in the request tracker publicly readable |
|||
via http://www.openssl.org/support/rt.html and will be forwarded to a |
|||
public mailing list). Include the output of "make report" in your message. |
|||
Please check out the request tracker. Maybe the bug was already |
|||
reported or has already been fixed. |
|||
|
|||
[If you encounter assembler error messages, try the "no-asm" |
|||
configuration option as an immediate fix.] |
|||
|
|||
Compiling parts of OpenSSL with gcc and others with the system |
|||
compiler will result in unresolved symbols on some systems. |
|||
|
|||
3. After a successful build, the libraries should be tested. Run: |
|||
|
|||
$ make test |
|||
|
|||
If a test fails, look at the output. There may be reasons for |
|||
the failure that isn't a problem in OpenSSL itself (like a missing |
|||
or malfunctioning bc). If it is a problem with OpenSSL itself, |
|||
try removing any compiler optimization flags from the CFLAG line |
|||
in Makefile.ssl and run "make clean; make". Please send a bug |
|||
report to <openssl-bugs@openssl.org>, including the output of |
|||
"make report" in order to be added to the request tracker at |
|||
http://www.openssl.org/support/rt.html. |
|||
|
|||
4. If everything tests ok, install OpenSSL with |
|||
|
|||
$ make install |
|||
|
|||
This will create the installation directory (if it does not exist) and |
|||
then the following subdirectories: |
|||
|
|||
certs Initially empty, this is the default location |
|||
for certificate files. |
|||
man/man1 Manual pages for the 'openssl' command line tool |
|||
man/man3 Manual pages for the libraries (very incomplete) |
|||
misc Various scripts. |
|||
private Initially empty, this is the default location |
|||
for private key files. |
|||
|
|||
If you didn't choose a different installation prefix, the |
|||
following additional subdirectories will be created: |
|||
|
|||
bin Contains the openssl binary and a few other |
|||
utility programs. |
|||
include/openssl Contains the header files needed if you want to |
|||
compile programs with libcrypto or libssl. |
|||
lib Contains the OpenSSL library files themselves. |
|||
|
|||
Package builders who want to configure the library for standard |
|||
locations, but have the package installed somewhere else so that |
|||
it can easily be packaged, can use |
|||
|
|||
$ make INSTALL_PREFIX=/tmp/package-root install |
|||
|
|||
(or specify "--install_prefix=/tmp/package-root" as a configure |
|||
option). The specified prefix will be prepended to all |
|||
installation target filenames. |
|||
|
|||
|
|||
NOTE: The header files used to reside directly in the include |
|||
directory, but have now been moved to include/openssl so that |
|||
OpenSSL can co-exist with other libraries which use some of the |
|||
same filenames. This means that applications that use OpenSSL |
|||
should now use C preprocessor directives of the form |
|||
|
|||
#include <openssl/ssl.h> |
|||
|
|||
instead of "#include <ssl.h>", which was used with library versions |
|||
up to OpenSSL 0.9.2b. |
|||
|
|||
If you install a new version of OpenSSL over an old library version, |
|||
you should delete the old header files in the include directory. |
|||
|
|||
Compatibility issues: |
|||
|
|||
* COMPILING existing applications |
|||
|
|||
To compile an application that uses old filenames -- e.g. |
|||
"#include <ssl.h>" --, it will usually be enough to find |
|||
the CFLAGS definition in the application's Makefile and |
|||
add a C option such as |
|||
|
|||
-I/usr/local/ssl/include/openssl |
|||
|
|||
to it. |
|||
|
|||
But don't delete the existing -I option that points to |
|||
the ..../include directory! Otherwise, OpenSSL header files |
|||
could not #include each other. |
|||
|
|||
* WRITING applications |
|||
|
|||
To write an application that is able to handle both the new |
|||
and the old directory layout, so that it can still be compiled |
|||
with library versions up to OpenSSL 0.9.2b without bothering |
|||
the user, you can proceed as follows: |
|||
|
|||
- Always use the new filename of OpenSSL header files, |
|||
e.g. #include <openssl/ssl.h>. |
|||
|
|||
- Create a directory "incl" that contains only a symbolic |
|||
link named "openssl", which points to the "include" directory |
|||
of OpenSSL. |
|||
For example, your application's Makefile might contain the |
|||
following rule, if OPENSSLDIR is a pathname (absolute or |
|||
relative) of the directory where OpenSSL resides: |
|||
|
|||
incl/openssl: |
|||
-mkdir incl |
|||
cd $(OPENSSLDIR) # Check whether the directory really exists |
|||
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl |
|||
|
|||
You will have to add "incl/openssl" to the dependencies |
|||
of those C files that include some OpenSSL header file. |
|||
|
|||
- Add "-Iincl" to your CFLAGS. |
|||
|
|||
With these additions, the OpenSSL header files will be available |
|||
under both name variants if an old library version is used: |
|||
Your application can reach them under names like <openssl/foo.h>, |
|||
while the header files still are able to #include each other |
|||
with names of the form <foo.h>. |
|||
|
|||
|
|||
Note on multi-threading |
|||
----------------------- |
|||
|
|||
For some systems, the OpenSSL Configure script knows what compiler options |
|||
are needed to generate a library that is suitable for multi-threaded |
|||
applications. On these systems, support for multi-threading is enabled |
|||
by default; use the "no-threads" option to disable (this should never be |
|||
necessary). |
|||
|
|||
On other systems, to enable support for multi-threading, you will have |
|||
to specify at least two options: "threads", and a system-dependent option. |
|||
(The latter is "-D_REENTRANT" on various systems.) The default in this |
|||
case, obviously, is not to include support for multi-threading (but |
|||
you can still use "no-threads" to suppress an annoying warning message |
|||
from the Configure script.) |
|||
|
|||
|
|||
Note on shared libraries |
|||
------------------------ |
|||
|
|||
Shared libraries have certain caveats. Binary backward compatibility |
|||
can't be guaranteed before OpenSSL version 1.0. The only reason to |
|||
use them would be to conserve memory on systems where several programs |
|||
are using OpenSSL. |
|||
|
|||
For some systems, the OpenSSL Configure script knows what is needed to |
|||
build shared libraries for libcrypto and libssl. On these systems, |
|||
the shared libraries are currently not created by default, but giving |
|||
the option "shared" will get them created. This method supports Makefile |
|||
targets for shared library creation, like linux-shared. Those targets |
|||
can currently be used on their own just as well, but this is expected |
|||
to change in future versions of OpenSSL. |
|||
|
|||
Note on random number generation |
|||
-------------------------------- |
|||
|
|||
Availability of cryptographically secure random numbers is required for |
|||
secret key generation. OpenSSL provides several options to seed the |
|||
internal PRNG. If not properly seeded, the internal PRNG will refuse |
|||
to deliver random bytes and a "PRNG not seeded error" will occur. |
|||
On systems without /dev/urandom (or similar) device, it may be necessary |
|||
to install additional support software to obtain random seed. |
|||
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), |
|||
and the FAQ for more information. |
|||
|
|||
Note on support for multiple builds |
|||
----------------------------------- |
|||
|
|||
OpenSSL is usually built in its source tree. Unfortunately, this doesn't |
|||
support building for multiple platforms from the same source tree very well. |
|||
It is however possible to build in a separate tree through the use of lots |
|||
of symbolic links, which should be prepared like this: |
|||
|
|||
mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" |
|||
cd objtree/"`uname -s`-`uname -r`-`uname -m`" |
|||
(cd $OPENSSL_SOURCE; find . -type f) | while read F; do |
|||
mkdir -p `dirname $F` |
|||
rm -f $F; ln -s $OPENSSL_SOURCE/$F $F |
|||
echo $F '->' $OPENSSL_SOURCE/$F |
|||
done |
|||
make -f Makefile.org clean |
|||
|
|||
OPENSSL_SOURCE is an environment variable that contains the absolute (this |
|||
is important!) path to the OpenSSL source tree. |
|||
|
|||
Also, operations like 'make update' should still be made in the source tree. |
@ -0,0 +1,47 @@ |
|||
|
|||
|
|||
INSTALLATION ON THE DOS PLATFORM WITH DJGPP |
|||
------------------------------------------- |
|||
|
|||
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time |
|||
environment for 16-bit DOS, but only with long filename support. |
|||
If you wish to compile on native DOS with 8+3 filenames, you will |
|||
have to tweak the installation yourself, including renaming files |
|||
with illegal or duplicate names. |
|||
|
|||
You should have a full DJGPP environment installed, including the |
|||
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package |
|||
requires that PERL and BC also be installed. |
|||
|
|||
All of these can be obtained from the usual DJGPP mirror sites or |
|||
directly at "http://www.delorie.com/pub/djgpp". For help on which |
|||
files to download, see the DJGPP "ZIP PICKER" page at |
|||
"http://www.delorie.com/djgpp/zip-picker.html". You also need to have |
|||
the WATT-32 networking package installed before you try to compile |
|||
OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/". |
|||
The Makefile assumes that the WATT-32 code is in the directory |
|||
specified by the environment variable WATT_ROOT. If you have watt-32 |
|||
in directory "watt32" under your main DJGPP directory, specify |
|||
WATT_ROOT="/dev/env/DJDIR/watt32". |
|||
|
|||
To compile OpenSSL, start your BASH shell, then configure for DJGPP by |
|||
running "./Configure" with appropriate arguments: |
|||
|
|||
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP |
|||
|
|||
And finally fire up "make". You may run out of DPMI selectors when |
|||
running in a DOS box under Windows. If so, just close the BASH |
|||
shell, go back to Windows, and restart BASH. Then run "make" again. |
|||
|
|||
RUN-TIME CAVEAT LECTOR |
|||
-------------- |
|||
|
|||
Quoting FAQ: |
|||
|
|||
"Cryptographic software needs a source of unpredictable data to work |
|||
correctly. Many open source operating systems provide a "randomness |
|||
device" (/dev/urandom or /dev/random) that serves this purpose." |
|||
|
|||
As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd |
|||
party "randomness" DOS driver. One such driver, NOISE.SYS, can be |
|||
obtained from "http://www.rahul.net/dkaufman/index.html". |
@ -0,0 +1,72 @@ |
|||
OpenSSL - Port To The Macintosh OS 9 or Earlier |
|||
=============================================== |
|||
|
|||
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre |
|||
X) is now provided. "Initial" means that unlike other platforms where you |
|||
get an SDK and a "swiss army" openssl application, on Macintosh you only |
|||
get one sample application which fetches a page over HTTPS(*) and dumps it |
|||
in a window. We don't even build the test applications so that we can't |
|||
guarantee that all algorithms are operational. |
|||
|
|||
Required software: |
|||
|
|||
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; |
|||
- Scriptable Finder; |
|||
- CodeWarrior Pro 5; |
|||
|
|||
Installation procedure: |
|||
|
|||
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already |
|||
did, huh?) |
|||
- unpack the .tar.gz file: |
|||
- if you have StuffIt Expander then just drag it over it; |
|||
- otherwise uncompress it with MacGzip and then unpack with SUNtar; |
|||
- locate MacOS folder in OpenSSL source tree and open it; |
|||
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it |
|||
"in-place", i.e. unpacked files should end-up in the very same folder; |
|||
- execute mklinks.as; |
|||
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); |
|||
- that's it for now; |
|||
|
|||
(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 |
|||
to 42, change appropriately. |
|||
(**) If you use SUNtar, then it might have already unbinhexed the files |
|||
in question. |
|||
(***) The project file was saved with CW Pro 5.3. If you have an earlier |
|||
version and it refuses to open it, then download |
|||
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it |
|||
overwriting the original OpenSSL.mcp. |
|||
(****) Other targets are works in progress. If you feel like giving 'em a |
|||
shot, then you should know that OpenSSL* and Lib* targets are |
|||
supposed to be built with the GUSI, MacOS library which mimics |
|||
BSD sockets and some other POSIX APIs. The GUSI distribution is |
|||
expected to be found in the same directory as the openssl source tree, |
|||
i.e., in the parent directory to the one where this very file, |
|||
namely INSTALL.MacOS, resides. For more information about GUSI, see |
|||
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html |
|||
|
|||
Finally some essential comments from our generous contributor:-) |
|||
|
|||
"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a |
|||
hack, but it works for what I'm doing. If you don't like the way I've done |
|||
it, then feel free to change what I've done. I freely admit that I've done |
|||
some less-than-ideal things in my port, and if you don't like the way I've |
|||
done something, then feel free to change it-- I won't be offended! |
|||
|
|||
... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" |
|||
library I wrote. My MacSocket library is a wrapper around OpenTransport, |
|||
handling stuff like endpoint creation, reading, writing, etc. It is not |
|||
designed as a high-performance package such as you'd use in a webserver, |
|||
but is fine for lots of other applications. MacSocket also uses some other |
|||
code libraries I've written to deal with string manipulations and error |
|||
handling. Feel free to use these things in your own code, but give me |
|||
credit and/or send me free stuff in appreciation! :-) |
|||
|
|||
... |
|||
|
|||
If you have any questions, feel free to email me as the following: |
|||
|
|||
roy@centricsystems.ca |
|||
|
|||
-Roy Wood" |
|||
|
@ -0,0 +1,454 @@ |
|||
|
|||
INSTALLATION ON THE NETWARE PLATFORM |
|||
------------------------------------ |
|||
|
|||
Notes about building OpenSSL for NetWare. |
|||
|
|||
|
|||
BUILD PLATFORM: |
|||
--------------- |
|||
The build scripts (batch files, perl scripts, etc) have been developed and |
|||
tested on W2K. The scripts should run fine on other Windows platforms |
|||
(NT, Win9x, WinXP) but they have not been tested. They may require some |
|||
modifications. |
|||
|
|||
|
|||
Supported NetWare Platforms - NetWare 5.x, NetWare 6.x: |
|||
------------------------------------------------------- |
|||
OpenSSL can either use the WinSock interfaces introduced in NetWare 5, |
|||
or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x, |
|||
are only supported if OpenSSL is build for CLIB and BSD sockets; |
|||
WinSock builds only support NetWare 5 and up. |
|||
|
|||
On NetWare there are two c-runtime libraries. There is the legacy CLIB |
|||
interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the |
|||
functionality in CLIB and LIBC is similar but the LIBC interfaces are built |
|||
using Novell Kernal Services (NKS) which is designed to leverage |
|||
multi-processor environments. |
|||
|
|||
The NetWare port of OpenSSL can be configured to build using CLIB or LIBC. |
|||
The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC |
|||
build was developed and tested using the NetWare 6.0 FCS. |
|||
|
|||
The necessary LIBC functionality ships with NetWare 6. However, earlier |
|||
NetWare 5.x versions will require updates in order to run the OpenSSL LIBC |
|||
build (NetWare 5.1 SP8 is known to work). |
|||
|
|||
As of June 2005, the LIBC build can be configured to use BSD sockets instead |
|||
of WinSock sockets. Call Configure (usually through netware\build.bat) using |
|||
a target of "netware-libc-bsdsock" instead of "netware-libc". |
|||
|
|||
As of June 2007, support for CLIB and BSD sockets is also now available |
|||
using a target of "netware-clib-bsdsock" instead of "netware-clib"; |
|||
also gcc builds are now supported on both Linux and Win32 (post 0.9.8e). |
|||
|
|||
REQUIRED TOOLS: |
|||
--------------- |
|||
Based upon the configuration and build options used, some or all of the |
|||
following tools may be required: |
|||
|
|||
* Perl for Win32 - required (http://www.activestate.com/ActivePerl) |
|||
Used to run the various perl scripts on the build platform. |
|||
|
|||
* Perl 5.8.0 for NetWare v3.20 (or later) - required |
|||
(http://developer.novell.com) Used to run the test script on NetWare |
|||
after building. |
|||
|
|||
* Compiler / Linker - required: |
|||
Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial): |
|||
Provides command line tools used for building. |
|||
Tools: |
|||
mwccnlm.exe - C/C++ Compiler for NetWare |
|||
mwldnlm.exe - Linker for NetWare |
|||
mwasmnlm.exe - x86 assembler for NetWare (if using assembly option) |
|||
|
|||
gcc / nlmconv Cross-Compiler, available from Novell Forge (free): |
|||
http://forge.novell.com/modules/xfmod/project/?aunixnw |
|||
|
|||
* Assemblers - optional: |
|||
If you intend to build using the assembly options you will need an |
|||
assembler. Work has been completed to support two assemblers, Metrowerks |
|||
and NASM. However, during development, a bug was found in the Metrowerks |
|||
assembler which generates incorrect code. Until this problem is fixed, |
|||
the Metrowerks assembler cannot be used. |
|||
|
|||
mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools. |
|||
(version 2.2 Built Aug 23, 1999 - not useable due to code |
|||
generation bug) |
|||
|
|||
nasmw.exe - Netwide Assembler NASM |
|||
version 0.98 was used in development and testing |
|||
|
|||
* Make Tool - required: |
|||
In order to build you will need a make tool. Two make tools are |
|||
supported, GNU make (gmake.exe) or Microsoft nmake.exe. |
|||
|
|||
make.exe - GNU make for Windows (version 3.75 used for development) |
|||
http://gnuwin32.sourceforge.net/packages/make.htm |
|||
|
|||
nmake.exe - Microsoft make (Version 6.00.8168.0 used for development) |
|||
http://support.microsoft.com/kb/132084/EN-US/ |
|||
|
|||
* Novell Developer Kit (NDK) - required: (http://developer.novell.com) |
|||
|
|||
CLIB - BUILDS: |
|||
|
|||
WinSock2 Developer Components for NetWare: |
|||
For initial development, the October 27, 2000 version was used. |
|||
However, future versions should also work. |
|||
|
|||
NOTE: The WinSock2 components include headers & import files for |
|||
NetWare, but you will also need the winsock2.h and supporting |
|||
headers (pshpack4.h, poppack.h, qos.h) delivered in the |
|||
Microsoft SDK. Note: The winsock2.h support headers may change |
|||
with various versions of winsock2.h. Check the dependencies |
|||
section on the NDK WinSock2 download page for the latest |
|||
information on dependencies. These components are unsupported by |
|||
Novell. They are provided as a courtesy, but it is strongly |
|||
suggested that all development be done using LIBC, not CLIB. |
|||
|
|||
As of June 2005, the WinSock2 components are available at: |
|||
http://forgeftp.novell.com//ws2comp/ |
|||
|
|||
|
|||
NLM and NetWare libraries for C (including CLIB and XPlat): |
|||
If you are going to build a CLIB version of OpenSSL, you will |
|||
need the CLIB headers and imports. The March, 2001 NDK release or |
|||
later is recommended. |
|||
|
|||
Earlier versions should work but haven't been tested. In recent |
|||
versions the import files have been consolidated and function |
|||
names moved. This means you may run into link problems |
|||
(undefined symbols) when using earlier versions. The functions |
|||
are available in earlier versions, but you will have to modifiy |
|||
the make files to include additional import files (see |
|||
openssl\util\pl\netware.pl). |
|||
|
|||
|
|||
LIBC - BUILDS: |
|||
|
|||
Libraries for C (LIBC) - LIBC headers and import files |
|||
If you are going to build a LIBC version of OpenSSL, you will |
|||
need the LIBC headers and imports. The March 14, 2002 NDK release or |
|||
later is required. |
|||
|
|||
NOTE: The LIBC SDK includes the necessary WinSock2 support. |
|||
It is not necessary to download the WinSock2 NDK when building for |
|||
LIBC. The LIBC SDK also includes the appropriate BSD socket support |
|||
if configuring to use BSD sockets. |
|||
|
|||
|
|||
BUILDING: |
|||
--------- |
|||
Before building, you will need to set a few environment variables. You can |
|||
set them manually or you can modify the "netware\set_env.bat" file. |
|||
|
|||
The set_env.bat file is a template you can use to set up the path |
|||
and environment variables you will need to build. Modify the |
|||
various lines to point to YOUR tools and run set_env.bat. |
|||
|
|||
netware\set_env.bat <target> [compiler] |
|||
|
|||
target - "netware-clib" - CLIB NetWare build |
|||
- "netware-libc" - LIBC NetWare build |
|||
|
|||
compiler - "gnuc" - GNU GCC Compiler |
|||
- "codewarrior" - MetroWerks CodeWarrior (default) |
|||
|
|||
If you don't use set_env.bat, you will need to set up the following |
|||
environment variables: |
|||
|
|||
PATH - Set PATH to point to the tools you will use. |
|||
|
|||
INCLUDE - The location of the NDK include files. |
|||
|
|||
CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm |
|||
LIBC ex: set INCLUDE=c:\ndk\libc\include |
|||
|
|||
PRELUDE - The absolute path of the prelude object to link with. For |
|||
a CLIB build it is recommended you use the "clibpre.o" files shipped |
|||
with the Metrowerks PDK for NetWare. For a LIBC build you should |
|||
use the "libcpre.o" file delivered with the LIBC NDK components. |
|||
|
|||
CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o |
|||
LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o |
|||
|
|||
IMPORTS - The locaton of the NDK import files. |
|||
|
|||
CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports |
|||
LIBC ex: set IMPORTS=c:\ndk\libc\imports |
|||
|
|||
|
|||
In order to build, you need to run the Perl scripts to configure the build |
|||
process and generate a make file. There is a batch file, |
|||
"netware\build.bat", to automate the process. |
|||
|
|||
Build.bat runs the build configuration scripts and generates a make file. |
|||
If an assembly option is specified, it also runs the scripts to generate |
|||
the assembly code. Always run build.bat from the "openssl" directory. |
|||
|
|||
netware\build [target] [debug opts] [assembly opts] [configure opts] |
|||
|
|||
target - "netware-clib" - CLIB NetWare build (WinSock Sockets) |
|||
- "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets) |
|||
- "netware-libc" - LIBC NetWare build (WinSock Sockets) |
|||
- "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets) |
|||
|
|||
debug opts - "debug" - build debug |
|||
|
|||
assembly opts - "nw-mwasm" - use Metrowerks assembler |
|||
"nw-nasm" - use NASM assembler |
|||
"no-asm" - don't use assembly |
|||
|
|||
configure opts- all unrecognized arguments are passed to the |
|||
perl 'configure' script. See that script for |
|||
internal documentation regarding options that |
|||
are available. |
|||
|
|||
examples: |
|||
|
|||
CLIB build, debug, without assembly: |
|||
netware\build.bat netware-clib debug no-asm |
|||
|
|||
LIBC build, non-debug, using NASM assembly, add mdc2 support: |
|||
netware\build.bat netware-libc nw-nasm enable-mdc2 |
|||
|
|||
LIBC build, BSD sockets, non-debug, without assembly: |
|||
netware\build.bat netware-libc-bsdsock no-asm |
|||
|
|||
Running build.bat generates a make file to be processed by your make |
|||
tool (gmake or nmake): |
|||
|
|||
CLIB ex: gmake -f netware\nlm_clib_dbg.mak |
|||
LIBC ex: gmake -f netware\nlm_libc.mak |
|||
LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak |
|||
|
|||
|
|||
You can also run the build scripts manually if you do not want to use the |
|||
build.bat file. Run the following scripts in the "\openssl" |
|||
subdirectory (in the order listed below): |
|||
|
|||
perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock] |
|||
configures no assembly build for specified netware environment |
|||
(CLIB or LIBC). |
|||
|
|||
perl util\mkfiles.pl >MINFO |
|||
generates a listing of source files (used by mk1mf) |
|||
|
|||
perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak |
|||
generates the makefile for NetWare |
|||
|
|||
gmake -f netware\nlm.mak |
|||
build with the make tool (nmake.exe also works) |
|||
|
|||
NOTE: If you are building using the assembly option, you must also run the |
|||
various Perl scripts to generate the assembly files. See build.bat |
|||
for an example of running the various assembly scripts. You must use the |
|||
"no-asm" option to build without assembly. The configure and mk1mf scripts |
|||
also have various other options. See the scripts for more information. |
|||
|
|||
|
|||
The output from the build is placed in the following directories: |
|||
|
|||
CLIB Debug build: |
|||
out_nw_clib.dbg - static libs & test nlm(s) |
|||
tmp_nw_clib.dbg - temporary build files |
|||
outinc_nw_clib - necessary include files |
|||
|
|||
CLIB Non-debug build: |
|||
out_nw_clib - static libs & test nlm(s) |
|||
tmp_nw_clib - temporary build files |
|||
outinc_nw_clib - necesary include files |
|||
|
|||
LIBC Debug build: |
|||
out_nw_libc.dbg - static libs & test nlm(s) |
|||
tmp_nw_libc.dbg - temporary build files |
|||
outinc_nw_libc - necessary include files |
|||
|
|||
LIBC Non-debug build: |
|||
out_nw_libc - static libs & test nlm(s) |
|||
tmp_nw_libc - temporary build files |
|||
outinc_nw_libc - necesary include files |
|||
|
|||
|
|||
TESTING: |
|||
-------- |
|||
The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, |
|||
rsaglue.lib ) and several test programs. You should copy the test programs |
|||
to your NetWare server and run the tests. |
|||
|
|||
The batch file "netware\cpy_tests.bat" will copy all the necessary files |
|||
to your server for testing. In order to run the batch file, you need a |
|||
drive mapped to your target server. It will create an "OpenSSL" directory |
|||
on the drive and copy the test files to it. CAUTION: If a directory with the |
|||
name of "OpenSSL" already exists, it will be deleted. |
|||
|
|||
To run cpy_tests.bat: |
|||
|
|||
netware\cpy_tests [output directory] [NetWare drive] |
|||
|
|||
output directory - "out_nw_clib.dbg", "out_nw_libc", etc. |
|||
NetWare drive - drive letter of mapped drive |
|||
|
|||
CLIB ex: netware\cpy_tests out_nw_clib m: |
|||
LIBC ex: netware\cpy_tests out_nw_libc m: |
|||
|
|||
|
|||
The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server |
|||
should be used to execute the tests. Before running the script, make sure |
|||
your SEARCH PATH includes the "OpenSSL" directory. For example, if you |
|||
copied the files to the "sys:" volume you use the command: |
|||
|
|||
SEARCH ADD SYS:\OPENSSL |
|||
|
|||
|
|||
To run do_tests.pl type (at the console prompt): |
|||
|
|||
perl \openssl\do_tests.pl [options] |
|||
|
|||
options: |
|||
-p - pause after executing each test |
|||
|
|||
The do_tests.pl script generates a log file "\openssl\test_out\tests.log" |
|||
which should be reviewed for errors. Any errors will be denoted by the word |
|||
"ERROR" in the log. |
|||
|
|||
DEVELOPING WITH THE OPENSSL SDK: |
|||
-------------------------------- |
|||
Now that everything is built and tested, you are ready to use the OpenSSL |
|||
libraries in your development. |
|||
|
|||
There is no real installation procedure, just copy the static libs and |
|||
headers to your build location. The libs (crypto.lib & ssl.lib) are |
|||
located in the appropriate "out_nw_XXXX" directory |
|||
(out_nw_clib, out_nw_libc, etc). |
|||
|
|||
The headers are located in the appropriate "outinc_nw_XXX" directory |
|||
(outinc_nw_clib, outinc_nw_libc). |
|||
|
|||
One suggestion is to create the following directory |
|||
structure for the OpenSSL SDK: |
|||
|
|||
\openssl |
|||
|- bin |
|||
| |- openssl.nlm |
|||
| |- (other tests you want) |
|||
| |
|||
|- lib |
|||
| | - crypto.lib |
|||
| | - ssl.lib |
|||
| |
|||
|- include |
|||
| | - openssl |
|||
| | | - (all the headers in "outinc_nw\openssl") |
|||
|
|||
|
|||
The program "openssl.nlm" can be very useful. It has dozens of |
|||
options and you may want to keep it handy for debugging, testing, etc. |
|||
|
|||
When building your apps using OpenSSL, define "NETWARE". It is needed by |
|||
some of the OpenSSL headers. One way to do this is with a compile option, |
|||
for example "-DNETWARE". |
|||
|
|||
|
|||
|
|||
NOTES: |
|||
------ |
|||
|
|||
Resource leaks in Tests |
|||
------------------------ |
|||
Some OpenSSL tests do not clean up resources and NetWare reports |
|||
the resource leaks when the tests unload. If this really bugs you, |
|||
you can stop the messages by setting the developer option off at the console |
|||
prompt (set developer option = off). Or better yet, fix the tests to |
|||
clean up the resources! |
|||
|
|||
|
|||
Multi-threaded Development |
|||
--------------------------- |
|||
The NetWare version of OpenSSL is thread-safe, however multi-threaded |
|||
applications must provide the necessary locking function callbacks. This |
|||
is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c" |
|||
is a multi-threaded test program and demonstrates the locking functions. |
|||
|
|||
|
|||
What is openssl2.nlm? |
|||
--------------------- |
|||
The openssl program has numerous options and can be used for many different |
|||
things. Many of the options operate in an interactive mode requiring the |
|||
user to enter data. Because of this, a default screen is created for the |
|||
program. However, when running the test script it is not desirable to |
|||
have a seperate screen. Therefore, the build also creates openssl2.nlm. |
|||
Openssl2.nlm is functionally identical but uses the console screen. |
|||
Openssl2 can be used when a non-interactive mode is desired. |
|||
|
|||
NOTE: There are may other possibilities (command line options, etc) |
|||
which could have been used to address the screen issue. The openssl2.nlm |
|||
option was chosen because it impacted only the build not the code. |
|||
|
|||
|
|||
Why only static libraries? |
|||
-------------------------- |
|||
Globals, globals, and more globals. The OpenSSL code uses many global |
|||
variables that are allocated and initialized when used for the first time. |
|||
|
|||
On NetWare, most applications (at least historically) run in the kernel. |
|||
When running in the kernel, there is one instance of global variables. |
|||
For regular application type NLM(s) this isn't a problem because they are |
|||
the only ones using the globals. However, for a library NLM (an NLM which |
|||
exposes functions and has no threads of execution), the globals cause |
|||
problems. Applications could inadvertently step on each other if they |
|||
change some globals. Even worse, the first application that triggers a |
|||
global to be allocated and initialized has the allocated memory charged to |
|||
itself. Now when that application unloads, NetWare will clean up all the |
|||
applicaton's memory. The global pointer variables inside OpenSSL now |
|||
point to freed memory. An abend waiting to happen! |
|||
|
|||
To work correctly in the kernel, library NLM(s) that use globals need to |
|||
provide a set of globals (instance data) for each application. Another |
|||
option is to require the library only be loaded in a protected address |
|||
space along with the application using it. |
|||
|
|||
Modifying the OpenSSL code to provide a set of globals (instance data) for |
|||
each application isn't technically difficult, but due to the large number |
|||
globals it would require substantial code changes and it wasn't done. Hence, |
|||
the build currently only builds static libraries which are then linked |
|||
into each application. |
|||
|
|||
NOTE: If you are building a library NLM that uses the OpenSSL static |
|||
libraries, you will still have to deal with the global variable issue. |
|||
This is because when you link in the OpenSSL code you bring in all the |
|||
globals. One possible solution for the global pointer variables is to |
|||
register memory functions with OpenSSL which allocate memory and charge it |
|||
to your library NLM (see the function CRYPTO_set_mem_functions). However, |
|||
be aware that now all memory allocated by OpenSSL is charged to your NLM. |
|||
|
|||
|
|||
CodeWarrior Tools and W2K |
|||
--------------------------- |
|||
There have been problems reported with the CodeWarrior Linker |
|||
(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The |
|||
problems cause the link step to fail. The only work around is to obtain an |
|||
updated linker from Metrowerks. It is expected Metrowerks will release |
|||
PDK 3.0 (in beta testing at this time - May, 2001) in the near future which |
|||
will fix these problems. |
|||
|
|||
|
|||
Makefile "vclean" |
|||
------------------ |
|||
The generated makefile has a "vclean" target which cleans up the build |
|||
directories. If you have been building successfully and suddenly |
|||
experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry. |
|||
|
|||
|
|||
"Undefined Symbol" Linker errors |
|||
-------------------------------- |
|||
There have been linker errors reported when doing a CLIB build. The problems |
|||
occur because some versions of the CLIB SDK import files inadvertently |
|||
left out some symbols. One symbol in particular is "_lrotl". The missing |
|||
functions are actually delivered in the binaries, but they were left out of |
|||
the import files. The issues should be fixed in the September 2001 release |
|||
of the NDK. If you experience the problems you can temporarily |
|||
work around it by manually adding the missing symbols to your version of |
|||
"clib.imp". |
|||
|
@ -0,0 +1,31 @@ |
|||
|
|||
Installation on OS/2 |
|||
-------------------- |
|||
|
|||
You need to have the following tools installed: |
|||
|
|||
* EMX GCC |
|||
* PERL |
|||
* GNU make |
|||
|
|||
|
|||
To build the makefile, run |
|||
|
|||
> os2\os2-emx |
|||
|
|||
This will configure OpenSSL and create OS2-EMX.mak which you then use to |
|||
build the OpenSSL libraries & programs by running |
|||
|
|||
> make -f os2-emx.mak |
|||
|
|||
If that finishes successfully you will find the libraries and programs in the |
|||
"out" directory. |
|||
|
|||
Alternatively, you can make a dynamic build that puts the library code into |
|||
crypto.dll and ssl.dll by running |
|||
|
|||
> make -f os2-emx-dll.mak |
|||
|
|||
This will build the above mentioned dlls and a matching pair of import |
|||
libraries in the "out_dll" directory along with the set of test programs |
|||
and the openssl application. |
@ -0,0 +1,299 @@ |
|||
VMS Installation instructions |
|||
written by Richard Levitte |
|||
<richard@levitte.org> |
|||
|
|||
|
|||
Intro: |
|||
====== |
|||
|
|||
This file is divided in the following parts: |
|||
|
|||
Requirements - Mandatory reading. |
|||
Checking the distribution - Mandatory reading. |
|||
Compilation - Mandatory reading. |
|||
Logical names - Mandatory reading. |
|||
Test - Mandatory reading. |
|||
Installation - Mandatory reading. |
|||
Backward portability - Read if it's an issue. |
|||
Possible bugs or quirks - A few warnings on things that |
|||
may go wrong or may surprise you. |
|||
TODO - Things that are to come. |
|||
|
|||
|
|||
Requirements: |
|||
============= |
|||
|
|||
To build and install OpenSSL, you will need: |
|||
|
|||
* DEC C or some other ANSI C compiler. VAX C is *not* supported. |
|||
[Note: OpenSSL has only been tested with DEC C. Compiling with |
|||
a different ANSI C compiler may require some work] |
|||
|
|||
Checking the distribution: |
|||
========================== |
|||
|
|||
There have been reports of places where the distribution didn't quite get |
|||
through, for example if you've copied the tree from a NFS-mounted Unix |
|||
mount point. |
|||
|
|||
The easiest way to check if everything got through as it should is to check |
|||
for one of the following files: |
|||
|
|||
[.CRYPTO]OPENSSLCONF.H_IN |
|||
[.CRYPTO]OPENSSLCONF_H.IN |
|||
|
|||
They should never exist both at once, but one of them should (preferably |
|||
the first variant). If you can't find any of those two, something went |
|||
wrong. |
|||
|
|||
The best way to get a correct distribution is to download the gzipped tar |
|||
file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and |
|||
use VMSTAR to unpack the resulting tar file. |
|||
|
|||
GUNZIP is available in many places on the net. One of the distribution |
|||
points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ . |
|||
|
|||
VMSTAR is also available in many places on the net. The recommended place |
|||
to find information about it is http://www.free.lp.se/vmstar/ . |
|||
|
|||
|
|||
Compilation: |
|||
============ |
|||
|
|||
I've used the very good command procedures written by Robert Byer |
|||
<byer@mail.all-net.net>, and just slightly modified them, making |
|||
them slightly more general and easier to maintain. |
|||
|
|||
You can actually compile in almost any directory separately. Look |
|||
for a command procedure name xxx-LIB.COM (in the library directories) |
|||
or MAKExxx.COM (in the program directories) and read the comments at |
|||
the top to understand how to use them. However, if you want to |
|||
compile all you can get, the simplest is to use MAKEVMS.COM in the top |
|||
directory. The syntax is the following: |
|||
|
|||
@MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>] |
|||
|
|||
<option> must be one of the following: |
|||
|
|||
ALL Just build "everything". |
|||
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file. |
|||
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file. |
|||
SOFTLINKS Just copies some files, to simulate Unix soft links. |
|||
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done. |
|||
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library. |
|||
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library. |
|||
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library. |
|||
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program. |
|||
TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. |
|||
APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. |
|||
|
|||
<rsaref-p> must be one of the following: |
|||
|
|||
RSAREF compile using the RSAREF Library |
|||
NORSAREF compile without using RSAREF |
|||
|
|||
Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent |
|||
expires September 20, 2000, and RSA Security chose to make |
|||
the algorithm public domain two weeks before that. |
|||
|
|||
Note 1: If you still want to use RSAREF, the library is NOT INCLUDED |
|||
and you have to download it. RSA Security doesn't carry it |
|||
any more, but there are a number of places where you can find |
|||
it. You have to get the ".tar-Z" file as the ".zip" file |
|||
doesn't have the directory structure stored. You have to |
|||
extract the file into the [.RSAREF] directory as that is where |
|||
the scripts will look for the files. |
|||
|
|||
Note 2: I have never done this, so I've no idea if it works or not. |
|||
|
|||
<debug-p> must be one of the following: |
|||
|
|||
DEBUG compile with debugging info (will not optimize) |
|||
NODEBUG compile without debugging info (will optimize) |
|||
|
|||
<compiler> must be one of the following: |
|||
|
|||
DECC For DEC C. |
|||
GNUC For GNU C. |
|||
|
|||
|
|||
You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB, |
|||
where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL], |
|||
named LIBSSL.OLB, and you will find a bunch of useful programs in |
|||
[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's |
|||
just to test them. For production use, make sure you install first, see |
|||
Installation below. |
|||
|
|||
Note 1: Some programs in this package require a TCP/IP library. |
|||
|
|||
Note 2: if you want to compile the crypto library only, please make sure |
|||
you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and |
|||
a @MAKEVMS SOFTLINKS. A lot of things will break if you don't. |
|||
|
|||
|
|||
Logical names: |
|||
============== |
|||
|
|||
There are a few things that can't currently be given through the command |
|||
line. Instead, logical names are used. |
|||
|
|||
Currently, the logical names supported are: |
|||
|
|||
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will |
|||
not be used. Instead, plain C implementations are |
|||
used. This is good to try if something doesn't work. |
|||
OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm |
|||
will not be implemented. Supported algorithms to |
|||
do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD, |
|||
SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC, |
|||
SSL2. So, for example, having the logical name |
|||
OPENSSL_NO_RSA with the value YES means that the |
|||
LIBCRYPTO.OLB library will not contain an RSA |
|||
implementation. |
|||
|
|||
|
|||
Test: |
|||
===== |
|||
|
|||
Testing is very simple, just do the following: |
|||
|
|||
@[.TEST]TESTS |
|||
|
|||
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes, |
|||
it's an ugly hack!) and rebuild. Please send a bug report to |
|||
<openssl-bugs@openssl.org>, including the output of "openssl version -a" |
|||
and of the failed test. |
|||
|
|||
|
|||
Installation: |
|||
============= |
|||
|
|||
Installation is easy, just do the following: |
|||
|
|||
@INSTALL <root> |
|||
|
|||
<root> is the directory in which everything will be installed, |
|||
subdirectories, libraries, header files, programs and startup command |
|||
procedures. |
|||
|
|||
N.B.: INSTALL.COM builds a new directory structure, different from |
|||
the directory tree where you have now build OpenSSL. |
|||
|
|||
In the [.VMS] subdirectory of the installation, you will find the |
|||
following command procedures: |
|||
|
|||
OPENSSL_STARTUP.COM |
|||
|
|||
defines all needed logical names. Takes one argument that |
|||
tells it in what logical name table to insert the logical |
|||
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the |
|||
call should look like this: |
|||
|
|||
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM" |
|||
|
|||
OPENSSL_UTILS.COM |
|||
|
|||
sets up the symbols to the applications. Should be called |
|||
from for example SYS$MANAGER:SYLOGIN.COM |
|||
|
|||
The logical names that are set up are the following: |
|||
|
|||
SSLROOT a dotted concealed logical name pointing at the |
|||
root directory. |
|||
|
|||
SSLCERTS Initially an empty directory, this is the default |
|||
location for certificate files. |
|||
SSLMISC Various scripts. |
|||
SSLPRIVATE Initially an empty directory, this is the default |
|||
location for private key files. |
|||
|
|||
SSLEXE Contains the openssl binary and a few other utility |
|||
programs. |
|||
SSLINCLUDE Contains the header files needed if you want to |
|||
compile programs with libcrypto or libssl. |
|||
SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB |
|||
and LIBSSL.OLB) themselves. |
|||
|
|||
OPENSSL Same as SSLINCLUDE. This is because the standard |
|||
way to include OpenSSL header files from version |
|||
0.9.3 and on is: |
|||
|
|||
#include <openssl/header.h> |
|||
|
|||
For more info on this issue, see the INSTALL. file |
|||
(the NOTE in section 4 of "Installation in Detail"). |
|||
You don't need to "deleting old header files"!!! |
|||
|
|||
|
|||
Backward portability: |
|||
===================== |
|||
|
|||
One great problem when you build a library is making sure it will work |
|||
on as many versions of VMS as possible. Especially, code compiled on |
|||
OpenVMS version 7.x and above tend to be unusable in version 6.x or |
|||
lower, because some C library routines have changed names internally |
|||
(the C programmer won't usually see it, because the old name is |
|||
maintained through C macros). One obvious solution is to make sure |
|||
you have a development machine with an old enough version of OpenVMS. |
|||
However, if you are stuck with a bunch of Alphas running OpenVMS version |
|||
7.1, you seem to be out of luck. Fortunately, the DEC C header files |
|||
are cluttered with conditionals that make some declarations and definitions |
|||
dependent on the OpenVMS version or the C library version, *and* you |
|||
can use those macros to simulate older OpenVMS or C library versions, |
|||
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with |
|||
correct values. In the compilation scripts, I've provided the possibility |
|||
for the user to influence the creation of such macros, through a bunch of |
|||
symbols, all having names starting with USER_. Here's the list of them: |
|||
|
|||
USER_CCFLAGS - Used to give additional qualifiers to the |
|||
compiler. It can't be used to define macros |
|||
since the scripts will do such things as well. |
|||
To do such things, use USER_CCDEFS. |
|||
USER_CCDEFS - Used to define macros on the command line. The |
|||
value of this symbol will be inserted inside a |
|||
/DEFINE=(...). |
|||
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is |
|||
inserted inside a /DISABLE=WARNING=(...). |
|||
|
|||
So, to maintain backward compatibility with older VMS versions, do the |
|||
following before you start compiling: |
|||
|
|||
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000 |
|||
$ USER_CCDISABLEWARNINGS := PREOPTW |
|||
|
|||
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain |
|||
that those macros have been changed. |
|||
|
|||
Note: Currently, this is only useful for library compilation. The |
|||
programs will still be linked with the current version of the |
|||
C library shareable image, and will thus complain if they are |
|||
faced with an older version of the same C library shareable image. |
|||
This will probably be fixed in a future revision of OpenSSL. |
|||
|
|||
|
|||
Possible bugs or quirks: |
|||
======================== |
|||
|
|||
I'm not perfectly sure all the programs will use the SSLCERTS: |
|||
directory by default, it may very well be that you have to give them |
|||
extra arguments. Please experiment. |
|||
|
|||
|
|||
TODO: |
|||
===== |
|||
|
|||
There are a few things that need to be worked out in the VMS version of |
|||
OpenSSL, still: |
|||
|
|||
- Description files. ("Makefile's" :-)) |
|||
- Script code to link an already compiled build tree. |
|||
- A VMSINSTALlable version (way in the future, unless someone else hacks). |
|||
- shareable images (DLL for you Windows folks). |
|||
|
|||
There may be other things that I have missed and that may be desirable. |
|||
Please send mail to <openssl-users@openssl.org> or to me directly if you |
|||
have any ideas. |
|||
|
|||
-- |
|||
Richard Levitte <richard@levitte.org> |
|||
2000-02-27 |
@ -0,0 +1,321 @@ |
|||
|
|||
INSTALLATION ON THE WIN32 PLATFORM |
|||
---------------------------------- |
|||
|
|||
[Instructions for building for Windows CE can be found in INSTALL.WCE] |
|||
[Instructions for building for Win64 can be found in INSTALL.W64] |
|||
|
|||
Heres a few comments about building OpenSSL in Windows environments. Most |
|||
of this is tested on Win32 but it may also work in Win 3.1 with some |
|||
modification. |
|||
|
|||
You need Perl for Win32. Unless you will build on Cygwin, you will need |
|||
ActiveState Perl, available from http://www.activestate.com/ActivePerl. |
|||
|
|||
and one of the following C compilers: |
|||
|
|||
* Visual C++ |
|||
* Borland C |
|||
* GNU C (Cygwin or MinGW) |
|||
|
|||
If you are compiling from a tarball or a CVS snapshot then the Win32 files |
|||
may well be not up to date. This may mean that some "tweaking" is required to |
|||
get it all to work. See the trouble shooting section later on for if (when?) |
|||
it goes wrong. |
|||
|
|||
Visual C++ |
|||
---------- |
|||
|
|||
If you want to compile in the assembly language routines with Visual C++ then |
|||
you will need an assembler. This is worth doing because it will result in |
|||
faster code: for example it will typically result in a 2 times speedup in the |
|||
RSA routines. Currently the following assemblers are supported: |
|||
|
|||
* Microsoft MASM (aka "ml") |
|||
* Free Netwide Assembler NASM. |
|||
|
|||
MASM is distributed with most versions of VC++. For the versions where it is |
|||
not included in VC++, it is also distributed with some Microsoft DDKs, for |
|||
example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have |
|||
either of these DDKs then you can just download the binaries for the Windows |
|||
98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to |
|||
ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be |
|||
downloaded from the Microsoft developers site www.msdn.com. |
|||
|
|||
NASM is freely available. Version 0.98 was used during testing: other versions |
|||
may also work. It is available from many places, see for example: |
|||
http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ |
|||
The NASM binary nasmw.exe needs to be installed anywhere on your PATH. |
|||
|
|||
Firstly you should run Configure: |
|||
|
|||
> perl Configure VC-WIN32 --prefix=c:/some/openssl/dir |
|||
|
|||
Where the prefix argument specifies where OpenSSL will be installed to. |
|||
|
|||
Next you need to build the Makefiles and optionally the assembly language |
|||
files: |
|||
|
|||
- If you are using MASM then run: |
|||
|
|||
> ms\do_masm |
|||
|
|||
- If you are using NASM then run: |
|||
|
|||
> ms\do_nasm |
|||
|
|||
- If you don't want to use the assembly language files at all then run: |
|||
|
|||
> ms\do_ms |
|||
|
|||
If you get errors about things not having numbers assigned then check the |
|||
troubleshooting section: you probably won't be able to compile it as it |
|||
stands. |
|||
|
|||
Then from the VC++ environment at a prompt do: |
|||
|
|||
> nmake -f ms\ntdll.mak |
|||
|
|||
If all is well it should compile and you will have some DLLs and executables |
|||
in out32dll. If you want to try the tests then do: |
|||
|
|||
> nmake -f ms\ntdll.mak test |
|||
|
|||
|
|||
To install OpenSSL to the specified location do: |
|||
|
|||
> nmake -f ms\ntdll.mak install |
|||
|
|||
Tweaks: |
|||
|
|||
There are various changes you can make to the Win32 compile environment. By |
|||
default the library is not compiled with debugging symbols. If you add 'debug' |
|||
to the mk1mf.pl lines in the do_* batch file then debugging symbols will be |
|||
compiled in. Note that mk1mf.pl expects the platform to be the last argument |
|||
on the command line, so 'debug' must appear before that, as all other options. |
|||
|
|||
|
|||
By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll |
|||
shared library. If you specify the "no-static-engine" option on the command |
|||
line to Configure the shared library build (ms\ntdll.mak) will compile the |
|||
engines as separate DLLs. |
|||
|
|||
The default Win32 environment is to leave out any Windows NT specific |
|||
features. |
|||
|
|||
If you want to enable the NT specific features of OpenSSL (currently only the |
|||
logging BIO) follow the instructions above but call the batch file do_nt.bat |
|||
instead of do_ms.bat. |
|||
|
|||
You can also build a static version of the library using the Makefile |
|||
ms\nt.mak |
|||
|
|||
|
|||
|
|||
Borland C++ builder 5 |
|||
--------------------- |
|||
|
|||
* Configure for building with Borland Builder: |
|||
> perl Configure BC-32 |
|||
|
|||
* Create the appropriate makefile |
|||
> ms\do_nasm |
|||
|
|||
* Build |
|||
> make -f ms\bcb.mak |
|||
|
|||
Borland C++ builder 3 and 4 |
|||
--------------------------- |
|||
|
|||
* Setup PATH. First must be GNU make then bcb4/bin |
|||
|
|||
* Run ms\bcb4.bat |
|||
|
|||
* Run make: |
|||
> make -f bcb.mak |
|||
|
|||
GNU C (Cygwin) |
|||
-------------- |
|||
|
|||
Cygwin provides a bash shell and GNU tools environment running |
|||
on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. |
|||
Consequently, a make of OpenSSL with Cygwin is closer to a GNU |
|||
bash environment such as Linux than to other the other Win32 |
|||
makes. |
|||
|
|||
Cygwin implements a Posix/Unix runtime system (cygwin1.dll). |
|||
It is also possible to create Win32 binaries that only use the |
|||
Microsoft C runtime system (msvcrt.dll or crtdll.dll) using |
|||
MinGW. MinGW can be used in the Cygwin development environment |
|||
or in a standalone setup as described in the following section. |
|||
|
|||
To build OpenSSL using Cygwin: |
|||
|
|||
* Install Cygwin (see http://cygwin.com/) |
|||
|
|||
* Install Perl and ensure it is in the path. Both Cygwin perl |
|||
(5.6.1-2 or newer) and ActivePerl work. |
|||
|
|||
* Run the Cygwin bash shell |
|||
|
|||
* $ tar zxvf openssl-x.x.x.tar.gz |
|||
$ cd openssl-x.x.x |
|||
|
|||
To build the Cygwin version of OpenSSL: |
|||
|
|||
$ ./config |
|||
[...] |
|||
$ make |
|||
[...] |
|||
$ make test |
|||
$ make install |
|||
|
|||
This will create a default install in /usr/local/ssl. |
|||
|
|||
To build the MinGW version (native Windows) in Cygwin: |
|||
|
|||
$ ./Configure mingw |
|||
[...] |
|||
$ make |
|||
[...] |
|||
$ make test |
|||
$ make install |
|||
|
|||
Cygwin Notes: |
|||
|
|||
"make test" and normal file operations may fail in directories |
|||
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin |
|||
stripping of carriage returns. To avoid this ensure that a binary |
|||
mount is used, e.g. mount -b c:\somewhere /home. |
|||
|
|||
"bc" is not provided in older Cygwin distribution. This causes a |
|||
non-fatal error in "make test" but is otherwise harmless. If |
|||
desired and needed, GNU bc can be built with Cygwin without change. |
|||
|
|||
GNU C (MinGW) |
|||
------------- |
|||
|
|||
* Compiler installation: |
|||
|
|||
MinGW is available from http://www.mingw.org. Run the installer and |
|||
set the MinGW bin directory to the PATH in "System Properties" or |
|||
autoexec.bat. |
|||
|
|||
* Compile OpenSSL: |
|||
|
|||
> ms\mingw32 |
|||
|
|||
This will create the library and binaries in out. In case any problems |
|||
occur, try |
|||
> ms\mingw32 no-asm |
|||
instead. |
|||
|
|||
libcrypto.a and libssl.a are the static libraries. To use the DLLs, |
|||
link with libeay32.a and libssl32.a instead. |
|||
|
|||
See troubleshooting if you get error messages about functions not having |
|||
a number assigned. |
|||
|
|||
* You can now try the tests: |
|||
|
|||
> cd out |
|||
> ..\ms\test |
|||
|
|||
|
|||
Installation |
|||
------------ |
|||
|
|||
If you used the Cygwin procedure above, you have already installed and |
|||
can skip this section. For all other procedures, there's currently no real |
|||
installation procedure for Win32. There are, however, some suggestions: |
|||
|
|||
- do nothing. The include files are found in the inc32/ subdirectory, |
|||
all binaries are found in out32dll/ or out32/ depending if you built |
|||
dynamic or static libraries. |
|||
|
|||
- do as is written in INSTALL.Win32 that comes with modssl: |
|||
|
|||
$ md c:\openssl |
|||
$ md c:\openssl\bin |
|||
$ md c:\openssl\lib |
|||
$ md c:\openssl\include |
|||
$ md c:\openssl\include\openssl |
|||
$ copy /b inc32\openssl\* c:\openssl\include\openssl |
|||
$ copy /b out32dll\ssleay32.lib c:\openssl\lib |
|||
$ copy /b out32dll\libeay32.lib c:\openssl\lib |
|||
$ copy /b out32dll\ssleay32.dll c:\openssl\bin |
|||
$ copy /b out32dll\libeay32.dll c:\openssl\bin |
|||
$ copy /b out32dll\openssl.exe c:\openssl\bin |
|||
|
|||
Of course, you can choose another device than c:. C: is used here |
|||
because that's usually the first (and often only) harddisk device. |
|||
Note: in the modssl INSTALL.Win32, p: is used rather than c:. |
|||
|
|||
|
|||
Troubleshooting |
|||
--------------- |
|||
|
|||
Since the Win32 build is only occasionally tested it may not always compile |
|||
cleanly. If you get an error about functions not having numbers assigned |
|||
when you run ms\do_ms then this means the Win32 ordinal files are not up to |
|||
date. You can do: |
|||
|
|||
> perl util\mkdef.pl crypto ssl update |
|||
|
|||
then ms\do_XXX should not give a warning any more. However the numbers that |
|||
get assigned by this technique may not match those that eventually get |
|||
assigned in the CVS tree: so anything linked against this version of the |
|||
library may need to be recompiled. |
|||
|
|||
If you get errors about unresolved symbols there are several possible |
|||
causes. |
|||
|
|||
If this happens when the DLL is being linked and you have disabled some |
|||
ciphers then it is possible the DEF file generator hasn't removed all |
|||
the disabled symbols: the easiest solution is to edit the DEF files manually |
|||
to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. |
|||
|
|||
Another cause is if you missed or ignored the errors about missing numbers |
|||
mentioned above. |
|||
|
|||
If you get warnings in the code then the compilation will halt. |
|||
|
|||
The default Makefile for Win32 halts whenever any warnings occur. Since VC++ |
|||
has its own ideas about warnings which don't always match up to other |
|||
environments this can happen. The best fix is to edit the file with the |
|||
warning in and fix it. Alternatively you can turn off the halt on warnings by |
|||
editing the CFLAG line in the Makefile and deleting the /WX option. |
|||
|
|||
You might get compilation errors. Again you will have to fix these or report |
|||
them. |
|||
|
|||
One final comment about compiling applications linked to the OpenSSL library. |
|||
If you don't use the multithreaded DLL runtime library (/MD option) your |
|||
program will almost certainly crash because malloc gets confused -- the |
|||
OpenSSL DLLs are statically linked to one version, the application must |
|||
not use a different one. You might be able to work around such problems |
|||
by adding CRYPTO_malloc_init() to your program before any calls to the |
|||
OpenSSL libraries: This tells the OpenSSL libraries to use the same |
|||
malloc(), free() and realloc() as the application. However there are many |
|||
standard library functions used by OpenSSL that call malloc() internally |
|||
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot |
|||
rely on CRYPTO_malloc_init() solving your problem, and you should |
|||
consistently use the multithreaded library. |
|||
|
|||
Linking your application |
|||
------------------------ |
|||
|
|||
If you link with static OpenSSL libraries [those built with ms/nt.mak], |
|||
then you're expected to additionally link your application with |
|||
WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing |
|||
non-interactive service applications might feel concerned about linking |
|||
with latter two, as they are justly associated with interactive desktop, |
|||
which is not available to service processes. The toolkit is designed |
|||
to detect in which context it's currently executed, GUI, console app |
|||
or service, and act accordingly, namely whether or not to actually make |
|||
GUI calls. |
|||
|
|||
If you link with OpenSSL .DLLs, then you're expected to include into |
|||
your application code small "shim" snippet, which provides glue between |
|||
OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink |
|||
reference page for further details. |
@ -0,0 +1,66 @@ |
|||
|
|||
INSTALLATION ON THE WIN64 PLATFORM |
|||
---------------------------------- |
|||
|
|||
Caveat lector |
|||
------------- |
|||
|
|||
As of moment of this writing Win64 support is classified "initial" |
|||
for the following reasons. |
|||
|
|||
- No assembler modules are engaged upon initial 0.9.8 release. |
|||
- API might change within 0.9.8 life-span, *but* in a manner which |
|||
doesn't break backward binary compatibility. Or in other words, |
|||
application programs compiled with initial 0.9.8 headers will |
|||
be expected to work with future minor release .DLL without need |
|||
to re-compile, even if future minor release features modified API. |
|||
- Above mentioned API modifications have everything to do with |
|||
elimination of a number of limitations, which are normally |
|||
considered inherent to 32-bit platforms. Which in turn is why they |
|||
are treated as limitations on 64-bit platform such as Win64:-) |
|||
The current list comprises [but not necessarily limited to]: |
|||
|
|||
- null-terminated strings may not be longer than 2G-1 bytes, |
|||
longer strings are treated as zero-length; |
|||
- dynamically and *internally* allocated chunks can't be larger |
|||
than 2G-1 bytes; |
|||
- inability to encrypt/decrypt chunks of data larger than 4GB |
|||
[it's possibly to *hash* chunks of arbitrary size through]; |
|||
|
|||
Neither of these is actually big deal and hardly encountered |
|||
in real-life applications. |
|||
|
|||
Compiling procedure |
|||
------------------- |
|||
|
|||
You will need Perl. You can run under Cygwin or you can download |
|||
ActiveState Perl from http://www.activestate.com/ActivePerl. |
|||
|
|||
You will need Microsoft Platform SDK, available for download at |
|||
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per |
|||
April 2005 Platform SDK is equipped with Win64 compilers, as well |
|||
as assemblers, but it might change in the future. |
|||
|
|||
To build for Win64/x64: |
|||
|
|||
> perl Configure VC-WIN64A |
|||
> ms\do_win64a |
|||
> nmake -f ms\ntdll.mak |
|||
> cd out32dll |
|||
> ..\ms\test |
|||
|
|||
To build for Win64/IA64: |
|||
|
|||
> perl Configure VC-WIN64I |
|||
> ms\do_win64i |
|||
> nmake -f ms\ntdll.mak |
|||
> cd out32dll |
|||
> ..\ms\test |
|||
|
|||
Naturally test-suite itself has to be executed on the target platform. |
|||
|
|||
Installation |
|||
------------ |
|||
|
|||
TBD, for now see INSTALL.W32. |
|||
|
@ -0,0 +1,74 @@ |
|||
|
|||
INSTALLATION FOR THE WINDOWS CE PLATFORM |
|||
---------------------------------------- |
|||
|
|||
Building OpenSSL for Windows CE requires the following external tools: |
|||
|
|||
* Microsoft eMbedded Visual C++ 3.0 |
|||
* wcecompat compatibility library (www.essemer.com.au) |
|||
* Optionally ceutils for running automated tests (www.essemer.com.au) |
|||
|
|||
You also need Perl for Win32. You will need ActiveState Perl, available |
|||
from http://www.activestate.com/ActivePerl. |
|||
|
|||
Windows CE support in OpenSSL relies on wcecompat and therefore it's |
|||
appropriate to check http://www.essemer.com.au/windowsce/ for updates in |
|||
case of compilation problems. As for the moment of this writing version |
|||
1.1 is available and actually required for WCE 4.2 and newer platforms. |
|||
All Windows CE specific issues should be directed to www.essemer.com.au. |
|||
|
|||
The C Runtime Library implementation for Windows CE that is included with |
|||
Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places |
|||
incorrect. wcecompat plugs the holes and tries to bring the Windows CE |
|||
CRT to a level that is more compatible with ANSI C. wcecompat goes further |
|||
and provides low-level IO and stream IO support for stdin/stdout/stderr |
|||
(which Windows CE does not provide). This IO functionality is not needed |
|||
by the OpenSSL library itself but is used for the tests and openssl.exe. |
|||
More information is available at www.essemer.com.au. |
|||
|
|||
Building |
|||
-------- |
|||
|
|||
Setup the eMbedded Visual C++ environment. There are batch files for doing |
|||
this installed with eVC++. For an ARM processor, for example, execute: |
|||
|
|||
> "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT" |
|||
|
|||
Next indicate where wcecompat is located: |
|||
|
|||
> set WCECOMPAT=C:\wcecompat |
|||
|
|||
Next you should run Configure: |
|||
|
|||
> perl Configure VC-CE |
|||
|
|||
Next you need to build the Makefiles: |
|||
|
|||
> ms\do_ms |
|||
|
|||
If you get errors about things not having numbers assigned then check the |
|||
troubleshooting section in INSTALL.W32: you probably won't be able to compile |
|||
it as it stands. |
|||
|
|||
Then from the VC++ environment at a prompt do: |
|||
|
|||
- to build static libraries: |
|||
|
|||
> nmake -f ms\ce.mak |
|||
|
|||
- or to build DLLs: |
|||
|
|||
> nmake -f ms\cedll.mak |
|||
|
|||
If all is well it should compile and you will have some static libraries and |
|||
executables in out32, or some DLLs and executables in out32dll. If you want |
|||
to try the tests then make sure the ceutils are in the path and do: |
|||
|
|||
> cd out32 |
|||
> ..\ms\testce |
|||
|
|||
This will copy each of the test programs to the Windows CE device and execute |
|||
them, displaying the output of the tests on this computer. The output should |
|||
look similar to the output produced by running the tests for a regular Windows |
|||
build. |
|||
|
@ -0,0 +1,127 @@ |
|||
|
|||
LICENSE ISSUES |
|||
============== |
|||
|
|||
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of |
|||
the OpenSSL License and the original SSLeay license apply to the toolkit. |
|||
See below for the actual license texts. Actually both licenses are BSD-style |
|||
Open Source licenses. In case of any license issues related to OpenSSL |
|||
please contact openssl-core@openssl.org. |
|||
|
|||
OpenSSL License |
|||
--------------- |
|||
|
|||
/* ==================================================================== |
|||
* Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
Original SSLeay License |
|||
----------------------- |
|||
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
@ -0,0 +1,62 @@ |
|||
/**************** BEGIN GUSI CONFIGURATION ****************************
|
|||
* |
|||
* GUSI Configuration section generated by GUSI Configurator |
|||
* last modified: Wed Jan 5 20:33:51 2000 |
|||
* |
|||
* This section will be overwritten by the next run of Configurator. |
|||
*/ |
|||
|
|||
#define GUSI_SOURCE |
|||
#include <GUSIConfig.h> |
|||
#include <sys/cdefs.h> |
|||
|
|||
/* Declarations of Socket Factories */ |
|||
|
|||
__BEGIN_DECLS |
|||
void GUSIwithInetSockets(); |
|||
void GUSIwithLocalSockets(); |
|||
void GUSIwithMTInetSockets(); |
|||
void GUSIwithMTTcpSockets(); |
|||
void GUSIwithMTUdpSockets(); |
|||
void GUSIwithOTInetSockets(); |
|||
void GUSIwithOTTcpSockets(); |
|||
void GUSIwithOTUdpSockets(); |
|||
void GUSIwithPPCSockets(); |
|||
void GUSISetupFactories(); |
|||
__END_DECLS |
|||
|
|||
/* Configure Socket Factories */ |
|||
|
|||
void GUSISetupFactories() |
|||
{ |
|||
#ifdef GUSISetupFactories_BeginHook |
|||
GUSISetupFactories_BeginHook |
|||
#endif |
|||
GUSIwithInetSockets(); |
|||
#ifdef GUSISetupFactories_EndHook |
|||
GUSISetupFactories_EndHook |
|||
#endif |
|||
} |
|||
|
|||
/* Declarations of File Devices */ |
|||
|
|||
__BEGIN_DECLS |
|||
void GUSIwithDConSockets(); |
|||
void GUSIwithNullSockets(); |
|||
void GUSISetupDevices(); |
|||
__END_DECLS |
|||
|
|||
/* Configure File Devices */ |
|||
|
|||
void GUSISetupDevices() |
|||
{ |
|||
#ifdef GUSISetupDevices_BeginHook |
|||
GUSISetupDevices_BeginHook |
|||
#endif |
|||
GUSIwithNullSockets(); |
|||
#ifdef GUSISetupDevices_EndHook |
|||
GUSISetupDevices_EndHook |
|||
#endif |
|||
} |
|||
|
|||
/**************** END GUSI CONFIGURATION *************************/ |
File diff suppressed because it is too large
@ -0,0 +1,104 @@ |
|||
#pragma once |
|||
|
|||
#ifdef __cplusplus |
|||
extern "C" { |
|||
#endif |
|||
|
|||
void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength); |
|||
void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength); |
|||
void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength); |
|||
void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength); |
|||
void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength); |
|||
void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength); |
|||
void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength); |
|||
void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength); |
|||
|
|||
void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength); |
|||
void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength); |
|||
|
|||
int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true); |
|||
int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true); |
|||
int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true); |
|||
|
|||
Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true); |
|||
Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true); |
|||
|
|||
void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1); |
|||
void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength); |
|||
void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1); |
|||
void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); |
|||
|
|||
void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1); |
|||
void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1); |
|||
|
|||
long CStrLength(const char *theCString); |
|||
long PStrLength(const unsigned char *thePString); |
|||
|
|||
OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle); |
|||
OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle); |
|||
|
|||
OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle); |
|||
OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle); |
|||
OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle); |
|||
|
|||
OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil); |
|||
OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil); |
|||
OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil); |
|||
OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil); |
|||
|
|||
void ZeroMem(void *theMemPtr,const unsigned long numBytes); |
|||
|
|||
char *FindCharInCStr(const char theChar,const char *theCString); |
|||
long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false); |
|||
long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false); |
|||
|
|||
void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength); |
|||
void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength); |
|||
|
|||
void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength); |
|||
void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength); |
|||
OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset); |
|||
|
|||
void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength); |
|||
|
|||
void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength); |
|||
|
|||
void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); |
|||
void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength); |
|||
void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength); |
|||
|
|||
void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength); |
|||
OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle); |
|||
|
|||
|
|||
OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength); |
|||
OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle); |
|||
|
|||
OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength); |
|||
OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle); |
|||
|
|||
OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true); |
|||
OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true); |
|||
|
|||
|
|||
void ConvertCStrToUpperCase(char *theSrcCStr); |
|||
|
|||
|
|||
int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr); |
|||
int CountWordsInCStr(const char *inSrcCStr); |
|||
|
|||
OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits); |
|||
|
|||
void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false); |
|||
OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false); |
|||
|
|||
|
|||
OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat); |
|||
OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1); |
|||
|
|||
void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false); |
|||
|
|||
|
|||
#ifdef __cplusplus |
|||
} |
|||
#endif |
@ -0,0 +1,170 @@ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
|
|||
|
|||
#include "ErrorHandling.hpp" |
|||
#include "CPStringUtils.hpp" |
|||
|
|||
#ifdef __EXCEPTIONS_ENABLED__ |
|||
#include "CMyException.hpp" |
|||
#endif |
|||
|
|||
|
|||
static char gErrorMessageBuffer[512]; |
|||
|
|||
char *gErrorMessage = gErrorMessageBuffer; |
|||
int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer); |
|||
|
|||
|
|||
|
|||
void SetErrorMessage(const char *theErrorMessage) |
|||
{ |
|||
if (theErrorMessage != nil) |
|||
{ |
|||
CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
} |
|||
|
|||
|
|||
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt) |
|||
{ |
|||
if (theErrorMessage != nil) |
|||
{ |
|||
CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
} |
|||
|
|||
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt) |
|||
{ |
|||
if (theErrorMessage != nil) |
|||
{ |
|||
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
|
|||
} |
|||
|
|||
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr) |
|||
{ |
|||
if (theErrorMessage != nil) |
|||
{ |
|||
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
} |
|||
|
|||
|
|||
void AppendCStrToErrorMessage(const char *theErrorMessage) |
|||
{ |
|||
if (theErrorMessage != nil) |
|||
{ |
|||
ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
} |
|||
|
|||
|
|||
void AppendLongIntToErrorMessage(const long theLongInt) |
|||
{ |
|||
ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength); |
|||
} |
|||
|
|||
|
|||
|
|||
char *GetErrorMessage(void) |
|||
{ |
|||
return gErrorMessage; |
|||
} |
|||
|
|||
|
|||
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle) |
|||
{ |
|||
OSErr errCode; |
|||
|
|||
|
|||
errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle); |
|||
|
|||
return(errCode); |
|||
} |
|||
|
|||
|
|||
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle) |
|||
{ |
|||
OSErr errCode; |
|||
|
|||
|
|||
errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle); |
|||
|
|||
return(errCode); |
|||
} |
|||
|
|||
|
|||
|
|||
OSErr AppendErrorMessageToHandle(Handle inoutHandle) |
|||
{ |
|||
OSErr errCode; |
|||
|
|||
|
|||
errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil); |
|||
|
|||
return(errCode); |
|||
} |
|||
|
|||
|
|||
#ifdef __EXCEPTIONS_ENABLED__ |
|||
|
|||
void ThrowErrorMessageException(void) |
|||
{ |
|||
ThrowDescriptiveException(gErrorMessage); |
|||
} |
|||
|
|||
#endif |
@ -0,0 +1,147 @@ |
|||
#ifdef __cplusplus |
|||
extern "C" { |
|||
#endif |
|||
|
|||
#ifndef kGenericError |
|||
#define kGenericError -1 |
|||
#endif |
|||
|
|||
extern char *gErrorMessage; |
|||
|
|||
|
|||
void SetErrorMessage(const char *theErrorMessage); |
|||
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt); |
|||
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt); |
|||
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr); |
|||
void AppendCStrToErrorMessage(const char *theErrorMessage); |
|||
void AppendLongIntToErrorMessage(const long theLongInt); |
|||
|
|||
|
|||
char *GetErrorMessage(void); |
|||
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle); |
|||
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle); |
|||
OSErr AppendErrorMessageToHandle(Handle inoutHandle); |
|||
|
|||
|
|||
#ifdef __EXCEPTIONS_ENABLED__ |
|||
void ThrowErrorMessageException(void); |
|||
#endif |
|||
|
|||
|
|||
|
|||
// A bunch of evil macros that would be unnecessary if I were always using C++ !
|
|||
|
|||
#define SetErrorMessageAndBailIfNil(theArg,theMessage) \ |
|||
{ \ |
|||
if (theArg == nil) \ |
|||
{ \ |
|||
SetErrorMessage(theMessage); \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndBail(theMessage) \ |
|||
{ \ |
|||
SetErrorMessage(theMessage); \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \ |
|||
{ \ |
|||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \ |
|||
{ \ |
|||
if (theErrCode != noErr) \ |
|||
{ \ |
|||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ |
|||
errCode = theErrCode; \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \ |
|||
{ \ |
|||
if (theErrCode != noErr) \ |
|||
{ \ |
|||
SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \ |
|||
errCode = theErrCode; \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \ |
|||
{ \ |
|||
SetErrorMessageAndCStr(theMessage,theCStr); \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \ |
|||
{ \ |
|||
if (theErrCode != noErr) \ |
|||
{ \ |
|||
SetErrorMessage(theMessage); \ |
|||
errCode = theErrCode; \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \ |
|||
{ \ |
|||
if (theArg == nil) \ |
|||
{ \ |
|||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define BailIfError(theErrCode) \ |
|||
{ \ |
|||
if ((theErrCode) != noErr) \ |
|||
{ \ |
|||
goto EXITPOINT; \ |
|||
} \ |
|||
} |
|||
|
|||
|
|||
#define SetErrCodeAndBail(theErrCode) \ |
|||
{ \ |
|||
errCode = theErrCode; \ |
|||
\ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \ |
|||
{ \ |
|||
SetErrorMessage(theMessage); \ |
|||
errCode = theErrCode; \ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#define BailNow() \ |
|||
{ \ |
|||
errCode = kGenericError; \ |
|||
goto EXITPOINT; \ |
|||
} |
|||
|
|||
|
|||
#ifdef __cplusplus |
|||
} |
|||
#endif |
@ -0,0 +1,209 @@ |
|||
/*
|
|||
* An demo illustrating how to retrieve a URI from a secure HTTP server. |
|||
* |
|||
* Author: Roy Wood |
|||
* Date: September 7, 1999 |
|||
* Comments: This relies heavily on my MacSockets library. |
|||
* This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this) |
|||
* to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example: |
|||
* |
|||
* Macintosh HD: |
|||
* Development: |
|||
* OpenSSL-0.9.4: |
|||
* (OpenSSL sources here) |
|||
* OpenSSL Example: |
|||
* (OpenSSL example junk here) |
|||
* |
|||
* |
|||
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" |
|||
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this! |
|||
*/ |
|||
/* modified to seed the PRNG */ |
|||
/* modified to use CRandomizer for seeding */ |
|||
|
|||
|
|||
// Include some funky libs I've developed over time
|
|||
|
|||
#include "CPStringUtils.hpp" |
|||
#include "ErrorHandling.hpp" |
|||
#include "MacSocket.h" |
|||
#include "Randomizer.h" |
|||
|
|||
// We use the OpenSSL implementation of SSL....
|
|||
// This was a lot of work to finally get going, though you wouldn't know it by the results!
|
|||
|
|||
#include <openssl/ssl.h> |
|||
#include <openssl/err.h> |
|||
|
|||
#include <timer.h> |
|||
|
|||
// Let's try grabbing some data from here:
|
|||
|
|||
#define kHTTPS_DNS "www.apache-ssl.org" |
|||
#define kHTTPS_Port 443 |
|||
#define kHTTPS_URI "/" |
|||
|
|||
|
|||
// Forward-declare this
|
|||
|
|||
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr); |
|||
|
|||
// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking.
|
|||
|
|||
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr) |
|||
{ |
|||
#pragma unused(inUserRefPtr) |
|||
|
|||
EventRecord theEvent; |
|||
::EventAvail(everyEvent,&theEvent); |
|||
|
|||
CRandomizer *randomizer = (CRandomizer*)inUserRefPtr; |
|||
if (randomizer) |
|||
randomizer->PeriodicAction(); |
|||
|
|||
return(noErr); |
|||
} |
|||
|
|||
|
|||
// Finally!
|
|||
|
|||
void main(void) |
|||
{ |
|||
OSErr errCode; |
|||
int theSocket = -1; |
|||
int theTimeout = 30; |
|||
|
|||
SSL_CTX *ssl_ctx = nil; |
|||
SSL *ssl = nil; |
|||
|
|||
char tempString[256]; |
|||
UnsignedWide microTickCount; |
|||
|
|||
|
|||
CRandomizer randomizer; |
|||
|
|||
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n"); |
|||
|
|||
BailIfError(errCode = MacSocket_Startup()); |
|||
|
|||
|
|||
|
|||
// Create a socket-like object
|
|||
|
|||
BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer)); |
|||
|
|||
|
|||
// Set up the connect string and try to connect
|
|||
|
|||
CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString)); |
|||
|
|||
printf("Connecting to %s....\n",tempString); |
|||
|
|||
BailIfError(errCode = MacSocket_connect(theSocket,tempString)); |
|||
|
|||
|
|||
// Init SSL stuff
|
|||
|
|||
SSL_load_error_strings(); |
|||
|
|||
SSLeay_add_ssl_algorithms(); |
|||
|
|||
|
|||
// Pick the SSL method
|
|||
|
|||
// ssl_ctx = SSL_CTX_new(SSLv2_client_method());
|
|||
ssl_ctx = SSL_CTX_new(SSLv23_client_method()); |
|||
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
|
|||
|
|||
|
|||
// Create an SSL thingey and try to negotiate the connection
|
|||
|
|||
ssl = SSL_new(ssl_ctx); |
|||
|
|||
SSL_set_fd(ssl,theSocket); |
|||
|
|||
errCode = SSL_connect(ssl); |
|||
|
|||
if (errCode < 0) |
|||
{ |
|||
SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode); |
|||
} |
|||
|
|||
// Request the URI from the host
|
|||
|
|||
CopyCStrToCStr("GET ",tempString,sizeof(tempString)); |
|||
ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString)); |
|||
ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString)); |
|||
|
|||
|
|||
errCode = SSL_write(ssl,tempString,CStrLength(tempString)); |
|||
|
|||
if (errCode < 0) |
|||
{ |
|||
SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode); |
|||
} |
|||
|
|||
|
|||
for (;;) |
|||
{ |
|||
char tempString[256]; |
|||
int bytesRead; |
|||
|
|||
|
|||
// Read some bytes and dump them to the console
|
|||
|
|||
bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1); |
|||
|
|||
if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket)) |
|||
{ |
|||
break; |
|||
} |
|||
|
|||
else if (bytesRead < 0) |
|||
{ |
|||
SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead); |
|||
} |
|||
|
|||
|
|||
tempString[bytesRead] = '\0'; |
|||
|
|||
printf("%s", tempString); |
|||
} |
|||
|
|||
printf("\n\n\n"); |
|||
|
|||
// All done!
|
|||
|
|||
errCode = noErr; |
|||
|
|||
|
|||
EXITPOINT: |
|||
|
|||
// Clean up and go home
|
|||
|
|||
if (theSocket >= 0) |
|||
{ |
|||
MacSocket_close(theSocket); |
|||
} |
|||
|
|||
if (ssl != nil) |
|||
{ |
|||
SSL_free(ssl); |
|||
} |
|||
|
|||
if (ssl_ctx != nil) |
|||
{ |
|||
SSL_CTX_free(ssl_ctx); |
|||
} |
|||
|
|||
|
|||
if (errCode != noErr) |
|||
{ |
|||
printf("An error occurred:\n"); |
|||
|
|||
printf("%s",GetErrorMessage()); |
|||
} |
|||
|
|||
|
|||
MacSocket_Shutdown(); |
|||
} |
File diff suppressed because it is too large
@ -0,0 +1,103 @@ |
|||
#pragma once |
|||
|
|||
|
|||
#ifdef __cplusplus |
|||
extern "C" { |
|||
#endif |
|||
|
|||
|
|||
|
|||
enum |
|||
{ |
|||
kMacSocket_TimeoutErr = -2 |
|||
}; |
|||
|
|||
|
|||
// Since MacSocket does busy waiting, I do a callback while waiting
|
|||
|
|||
typedef OSErr (*MacSocket_IdleWaitCallback)(void *); |
|||
|
|||
|
|||
// Call this before anything else!
|
|||
|
|||
OSErr MacSocket_Startup(void); |
|||
|
|||
|
|||
// Call this to cleanup before quitting
|
|||
|
|||
OSErr MacSocket_Shutdown(void); |
|||
|
|||
|
|||
// Call this to allocate a "socket" (reference number is returned in outSocketNum)
|
|||
// Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
|
|||
// The inTimeoutTicks parameter is applied during reads/writes of data
|
|||
// The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
|
|||
// The inUserRefPtr parameter is passed back to the idle-wait callback
|
|||
|
|||
OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr); |
|||
|
|||
|
|||
// Call this to connect to an IP/DNS address
|
|||
// Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
|
|||
|
|||
OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort); |
|||
|
|||
|
|||
// Call this to listen on a port
|
|||
// Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
|
|||
|
|||
OSErr MacSocket_listen(const int inSocketNum,const int inPortNum); |
|||
|
|||
|
|||
// Call this to close a socket
|
|||
|
|||
OSErr MacSocket_close(const int inSocketNum); |
|||
|
|||
|
|||
// Call this to receive data on a socket
|
|||
// Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
|
|||
|
|||
int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock); |
|||
|
|||
|
|||
// Call this to send data on a socket
|
|||
|
|||
int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength); |
|||
|
|||
|
|||
// If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
|
|||
// This function will let you check whether that's true or not
|
|||
|
|||
Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum); |
|||
|
|||
|
|||
// Call this to see if the listen has completed after a call to MacSocket_listen()
|
|||
|
|||
Boolean MacSocket_ListenCompleted(const int inSocketNum); |
|||
|
|||
|
|||
// These really aren't very useful anymore
|
|||
|
|||
Boolean MacSocket_LocalEndIsOpen(const int inSocketNum); |
|||
Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum); |
|||
|
|||
|
|||
// You may wish to change the userRefPtr for a socket callback-- use this to do it
|
|||
|
|||
void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr); |
|||
|
|||
|
|||
// Call these to get the socket's IP:port descriptor
|
|||
|
|||
void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); |
|||
void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength); |
|||
|
|||
|
|||
// Call this to get error info from a socket
|
|||
|
|||
void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength); |
|||
|
|||
|
|||
#ifdef __cplusplus |
|||
} |
|||
#endif |
File diff suppressed because it is too large
@ -0,0 +1,476 @@ |
|||
/*
|
|||
------- Strong random data generation on a Macintosh (pre - OS X) ------ |
|||
|
|||
-- GENERAL: We aim to generate unpredictable bits without explicit |
|||
user interaction. A general review of the problem may be found |
|||
in RFC 1750, "Randomness Recommendations for Security", and some |
|||
more discussion, of general and Mac-specific issues has appeared |
|||
in "Using and Creating Cryptographic- Quality Random Numbers" by |
|||
Jon Callas (www.merrymeet.com/jon/usingrandom.html). |
|||
|
|||
The data and entropy estimates provided below are based on my |
|||
limited experimentation and estimates, rather than by any |
|||
rigorous study, and the entropy estimates tend to be optimistic. |
|||
They should not be considered absolute. |
|||
|
|||
Some of the information being collected may be correlated in |
|||
subtle ways. That includes mouse positions, timings, and disk |
|||
size measurements. Some obvious correlations will be eliminated |
|||
by the programmer, but other, weaker ones may remain. The |
|||
reliability of the code depends on such correlations being |
|||
poorly understood, both by us and by potential interceptors. |
|||
|
|||
This package has been planned to be used with OpenSSL, v. 0.9.5. |
|||
It requires the OpenSSL function RAND_add. |
|||
|
|||
-- OTHER WORK: Some source code and other details have been |
|||
published elsewhere, but I haven't found any to be satisfactory |
|||
for the Mac per se: |
|||
|
|||
* The Linux random number generator (by Theodore Ts'o, in |
|||
drivers/char/random.c), is a carefully designed open-source |
|||
crypto random number package. It collects data from a variety |
|||
of sources, including mouse, keyboard and other interrupts. |
|||
One nice feature is that it explicitly estimates the entropy |
|||
of the data it collects. Some of its features (e.g. interrupt |
|||
timing) cannot be reliably exported to the Mac without using |
|||
undocumented APIs. |
|||
|
|||
* Truerand by Don P. Mitchell and Matt Blaze uses variations |
|||
between different timing mechanisms on the same system. This |
|||
has not been tested on the Mac, but requires preemptive |
|||
multitasking, and is hardware-dependent, and can't be relied |
|||
on to work well if only one oscillator is present. |
|||
|
|||
* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann), |
|||
gathers a lot of information about the machine and system |
|||
environment. Unfortunately, much of it is constant from one |
|||
startup to the next. In other words, the random seed could be |
|||
the same from one day to the next. Some of the APIs are |
|||
hardware-dependent, and not all are compatible with Carbon (OS |
|||
X). Incidentally, the EGD library is based on the UNIX entropy |
|||
gathering methods in cryptlib, and isn't suitable for MacOS |
|||
either. |
|||
|
|||
* Mozilla (and perhaps earlier versions of Netscape) uses the |
|||
time of day (in seconds) and an uninitialized local variable |
|||
to seed the random number generator. The time of day is known |
|||
to an outside interceptor (to within the accuracy of the |
|||
system clock). The uninitialized variable could easily be |
|||
identical between subsequent launches of an application, if it |
|||
is reached through the same path. |
|||
|
|||
* OpenSSL provides the function RAND_screen(), by G. van |
|||
Oosten, which hashes the contents of the screen to generate a |
|||
seed. This is not useful for an extension or for an |
|||
application which launches at startup time, since the screen |
|||
is likely to look identical from one launch to the next. This |
|||
method is also rather slow. |
|||
|
|||
* Using variations in disk drive seek times has been proposed |
|||
(Davis, Ihaka and Fenstermacher, world.std.com/~dtd/; |
|||
Jakobsson, Shriver, Hillyer and Juels, |
|||
www.bell-labs.com/user/shriver/random.html). These variations |
|||
appear to be due to air turbulence inside the disk drive |
|||
mechanism, and are very strongly unpredictable. Unfortunately |
|||
this technique is slow, and some implementations of it may be |
|||
patented (see Shriver's page above.) It of course cannot be |
|||
used with a RAM disk. |
|||
|
|||
-- TIMING: On the 601 PowerPC the time base register is guaranteed |
|||
to change at least once every 10 addi instructions, i.e. 10 |
|||
cycles. On a 60 MHz machine (slowest PowerPC) this translates to |
|||
a resolution of 1/6 usec. Newer machines seem to be using a 10 |
|||
cycle resolution as well. |
|||
|
|||
For 68K Macs, the Microseconds() call may be used. See Develop |
|||
issue 29 on the Apple developer site |
|||
(developer.apple.com/dev/techsupport/develop/issue29/minow.html) |
|||
for information on its accuracy and resolution. The code below |
|||
has been tested only on PowerPC based machines. |
|||
|
|||
The time from machine startup to the launch of an application in |
|||
the startup folder has a variance of about 1.6 msec on a new G4 |
|||
machine with a defragmented and optimized disk, most extensions |
|||
off and no icons on the desktop. This can be reasonably taken as |
|||
a lower bound on the variance. Most of this variation is likely |
|||
due to disk seek time variability. The distribution of startup |
|||
times is probably not entirely even or uncorrelated. This needs |
|||
to be investigated, but I am guessing that it not a majpor |
|||
problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz |
|||
machine, ~16 bits for a 450 MHz machine. |
|||
|
|||
User-launched application startup times will have a variance of |
|||
a second or more relative to machine startup time. Entropy >~22 |
|||
bits. |
|||
|
|||
Machine startup time is available with a 1-second resolution. It |
|||
is predictable to no better a minute or two, in the case of |
|||
people who show up punctually to work at the same time and |
|||
immediately start their computer. Using the scheduled startup |
|||
feature (when available) will cause the machine to start up at |
|||
the same time every day, making the value predictable. Entropy |
|||
>~7 bits, or 0 bits with scheduled startup. |
|||
|
|||
The time of day is of course known to an outsider and thus has 0 |
|||
entropy if the system clock is regularly calibrated. |
|||
|
|||
-- KEY TIMING: A very fast typist (120 wpm) will have a typical |
|||
inter-key timing interval of 100 msec. We can assume a variance |
|||
of no less than 2 msec -- maybe. Do good typists have a constant |
|||
rhythm, like drummers? Since what we measure is not the |
|||
key-generated interrupt but the time at which the key event was |
|||
taken off the event queue, our resolution is roughly the time |
|||
between process switches, at best 1 tick (17 msec). I therefore |
|||
consider this technique questionable and not very useful for |
|||
obtaining high entropy data on the Mac. |
|||
|
|||
-- MOUSE POSITION AND TIMING: The high bits of the mouse position |
|||
are far from arbitrary, since the mouse tends to stay in a few |
|||
limited areas of the screen. I am guessing that the position of |
|||
the mouse is arbitrary within a 6 pixel square. Since the mouse |
|||
stays still for long periods of time, it should be sampled only |
|||
after it was moved, to avoid correlated data. This gives an |
|||
entropy of log2(6*6) ~= 5 bits per measurement. |
|||
|
|||
The time during which the mouse stays still can vary from zero |
|||
to, say, 5 seconds (occasionally longer). If the still time is |
|||
measured by sampling the mouse during null events, and null |
|||
events are received once per tick, its resolution is 1/60th of a |
|||
second, giving an entropy of log2 (60*5) ~= 8 bits per |
|||
measurement. Since the distribution of still times is uneven, |
|||
this estimate is on the high side. |
|||
|
|||
For simplicity and compatibility across system versions, the |
|||
mouse is to be sampled explicitly (e.g. in the event loop), |
|||
rather than in a time manager task. |
|||
|
|||
-- STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k |
|||
from one startup to the next, with 'minimal' computer use. Won't |
|||
vary at all if machine is started again immediately after |
|||
startup (unless virtual memory is on), but any application which |
|||
uses the web and caches information to disk is likely to cause |
|||
this much variation or more. The variation is probably not |
|||
random, but I don't know in what way. File sizes tend to be |
|||
divisible by 4 bytes since file format fields are often |
|||
long-aligned. Entropy > log2 (20000/4) ~= 12 bits. |
|||
|
|||
-- STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume |
|||
gets fragmented this could be anywhere in principle. In a |
|||
perfectly unfragmented volume this will be strongly correlated |
|||
with the total file size on the disk. With more fragmentation |
|||
comes less certainty. I took the variation in this value to be |
|||
1/8 of the total file size on the volume. |
|||
|
|||
-- SYSTEM REQUIREMENTS: The code here requires System 7.0 and above |
|||
(for Gestalt and Microseconds calls). All the calls used are |
|||
Carbon-compatible. |
|||
*/ |
|||
|
|||
/*------------------------------ Includes ----------------------------*/ |
|||
|
|||
#include "Randomizer.h" |
|||
|
|||
// Mac OS API
|
|||
#include <Files.h> |
|||
#include <Folders.h> |
|||
#include <Events.h> |
|||
#include <Processes.h> |
|||
#include <Gestalt.h> |
|||
#include <Resources.h> |
|||
#include <LowMem.h> |
|||
|
|||
// Standard C library
|
|||
#include <stdlib.h> |
|||
#include <math.h> |
|||
|
|||
/*---------------------- Function declarations -----------------------*/ |
|||
|
|||
// declared in OpenSSL/crypto/rand/rand.h
|
|||
extern "C" void RAND_add (const void *buf, int num, double entropy); |
|||
|
|||
unsigned long GetPPCTimer (bool is601); // Make it global if needed
|
|||
// elsewhere
|
|||
|
|||
/*---------------------------- Constants -----------------------------*/ |
|||
|
|||
#define kMouseResolution 6 // Mouse position has to differ
|
|||
// from the last one by this
|
|||
// much to be entered
|
|||
#define kMousePositionEntropy 5.16 // log2 (kMouseResolution**2)
|
|||
#define kTypicalMouseIdleTicks 300.0 // I am guessing that a typical
|
|||
// amount of time between mouse
|
|||
// moves is 5 seconds
|
|||
#define kVolumeBytesEntropy 12.0 // about log2 (20000/4),
|
|||
// assuming a variation of 20K
|
|||
// in total file size and
|
|||
// long-aligned file formats.
|
|||
#define kApplicationUpTimeEntropy 6.0 // Variance > 1 second, uptime
|
|||
// in ticks
|
|||
#define kSysStartupEntropy 7.0 // Entropy for machine startup
|
|||
// time
|
|||
|
|||
|
|||
/*------------------------ Function definitions ----------------------*/ |
|||
|
|||
CRandomizer::CRandomizer (void) |
|||
{ |
|||
long result; |
|||
|
|||
mSupportsLargeVolumes = |
|||
(Gestalt(gestaltFSAttr, &result) == noErr) && |
|||
((result & (1L << gestaltFSSupports2TBVols)) != 0); |
|||
|
|||
if (Gestalt (gestaltNativeCPUtype, &result) != noErr) |
|||
{ |
|||
mIsPowerPC = false; |
|||
mIs601 = false; |
|||
} |
|||
else |
|||
{ |
|||
mIs601 = (result == gestaltCPU601); |
|||
mIsPowerPC = (result >= gestaltCPU601); |
|||
} |
|||
mLastMouse.h = mLastMouse.v = -10; // First mouse will
|
|||
// always be recorded
|
|||
mLastPeriodicTicks = TickCount(); |
|||
GetTimeBaseResolution (); |
|||
|
|||
// Add initial entropy
|
|||
AddTimeSinceMachineStartup (); |
|||
AddAbsoluteSystemStartupTime (); |
|||
AddStartupVolumeInfo (); |
|||
AddFiller (); |
|||
} |
|||
|
|||
void CRandomizer::PeriodicAction (void) |
|||
{ |
|||
AddCurrentMouse (); |
|||
AddNow (0.0); // Should have a better entropy estimate here
|
|||
mLastPeriodicTicks = TickCount(); |
|||
} |
|||
|
|||
/*------------------------- Private Methods --------------------------*/ |
|||
|
|||
void CRandomizer::AddCurrentMouse (void) |
|||
{ |
|||
Point mouseLoc; |
|||
unsigned long lastCheck; // Ticks since mouse was last
|
|||
// sampled
|
|||
|
|||
#if TARGET_API_MAC_CARBON |
|||
GetGlobalMouse (&mouseLoc); |
|||
#else |
|||
mouseLoc = LMGetMouseLocation(); |
|||
#endif |
|||
|
|||
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 && |
|||
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2) |
|||
AddBytes (&mouseLoc, sizeof (mouseLoc), |
|||
kMousePositionEntropy); |
|||
|
|||
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v) |
|||
mMouseStill ++; |
|||
else |
|||
{ |
|||
double entropy; |
|||
|
|||
// Mouse has moved. Add the number of measurements for
|
|||
// which it's been still. If the resolution is too
|
|||
// coarse, assume the entropy is 0.
|
|||
|
|||
lastCheck = TickCount() - mLastPeriodicTicks; |
|||
if (lastCheck <= 0) |
|||
lastCheck = 1; |
|||
entropy = log2l |
|||
(kTypicalMouseIdleTicks/(double)lastCheck); |
|||
if (entropy < 0.0) |
|||
entropy = 0.0; |
|||
AddBytes (&mMouseStill, sizeof (mMouseStill), entropy); |
|||
mMouseStill = 0; |
|||
} |
|||
mLastMouse = mouseLoc; |
|||
} |
|||
|
|||
void CRandomizer::AddAbsoluteSystemStartupTime (void) |
|||
{ |
|||
unsigned long now; // Time in seconds since
|
|||
// 1/1/1904
|
|||
GetDateTime (&now); |
|||
now -= TickCount() / 60; // Time in ticks since machine
|
|||
// startup
|
|||
AddBytes (&now, sizeof (now), kSysStartupEntropy); |
|||
} |
|||
|
|||
void CRandomizer::AddTimeSinceMachineStartup (void) |
|||
{ |
|||
AddNow (1.5); // Uncertainty in app startup
|
|||
// time is > 1.5 msec (for
|
|||
// automated app startup).
|
|||
} |
|||
|
|||
void CRandomizer::AddAppRunningTime (void) |
|||
{ |
|||
ProcessSerialNumber PSN; |
|||
ProcessInfoRec ProcessInfo; |
|||
|
|||
ProcessInfo.processInfoLength = sizeof (ProcessInfoRec); |
|||
ProcessInfo.processName = nil; |
|||
ProcessInfo.processAppSpec = nil; |
|||
|
|||
GetCurrentProcess (&PSN); |
|||
GetProcessInformation (&PSN, &ProcessInfo); |
|||
|
|||
// Now add the amount of time in ticks that the current process
|
|||
// has been active
|
|||
|
|||
AddBytes (&ProcessInfo, sizeof (ProcessInfoRec), |
|||
kApplicationUpTimeEntropy); |
|||
} |
|||
|
|||
void CRandomizer::AddStartupVolumeInfo (void) |
|||
{ |
|||
short vRefNum; |
|||
long dirID; |
|||
XVolumeParam pb; |
|||
OSErr err; |
|||
|
|||
if (!mSupportsLargeVolumes) |
|||
return; |
|||
|
|||
FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder, |
|||
&vRefNum, &dirID); |
|||
pb.ioVRefNum = vRefNum; |
|||
pb.ioCompletion = 0; |
|||
pb.ioNamePtr = 0; |
|||
pb.ioVolIndex = 0; |
|||
err = PBXGetVolInfoSync (&pb); |
|||
if (err != noErr) |
|||
return; |
|||
|
|||
// Base the entropy on the amount of space used on the disk and
|
|||
// on the next available allocation block. A lot else might be
|
|||
// unpredictable, so might as well toss the whole block in. See
|
|||
// comments for entropy estimate justifications.
|
|||
|
|||
AddBytes (&pb, sizeof (pb), |
|||
kVolumeBytesEntropy + |
|||
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi) |
|||
* 4294967296.0D + |
|||
(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo)) |
|||
/ pb.ioVAlBlkSiz - 3.0)); |
|||
} |
|||
|
|||
/*
|
|||
On a typical startup CRandomizer will come up with about 60 |
|||
bits of good, unpredictable data. Assuming no more input will |
|||
be available, we'll need some more lower-quality data to give |
|||
OpenSSL the 128 bits of entropy it desires. AddFiller adds some |
|||
relatively predictable data into the soup. |
|||
*/ |
|||
|
|||
void CRandomizer::AddFiller (void) |
|||
{ |
|||
struct |
|||
{ |
|||
ProcessSerialNumber psn; // Front process serial
|
|||
// number
|
|||
RGBColor hiliteRGBValue; // User-selected
|
|||
// highlight color
|
|||
long processCount; // Number of active
|
|||
// processes
|
|||
long cpuSpeed; // Processor speed
|
|||
long totalMemory; // Total logical memory
|
|||
// (incl. virtual one)
|
|||
long systemVersion; // OS version
|
|||
short resFile; // Current resource file
|
|||
} data; |
|||
|
|||
GetNextProcess ((ProcessSerialNumber*) kNoProcess); |
|||
while (GetNextProcess (&data.psn) == noErr) |
|||
data.processCount++; |
|||
GetFrontProcess (&data.psn); |
|||
LMGetHiliteRGB (&data.hiliteRGBValue); |
|||
Gestalt (gestaltProcClkSpeed, &data.cpuSpeed); |
|||
Gestalt (gestaltLogicalRAMSize, &data.totalMemory); |
|||
Gestalt (gestaltSystemVersion, &data.systemVersion); |
|||
data.resFile = CurResFile (); |
|||
|
|||
// Here we pretend to feed the PRNG completely random data. This
|
|||
// is of course false, as much of the above data is predictable
|
|||
// by an outsider. At this point we don't have any more
|
|||
// randomness to add, but with OpenSSL we must have a 128 bit
|
|||
// seed before we can start. We just add what we can, without a
|
|||
// real entropy estimate, and hope for the best.
|
|||
|
|||
AddBytes (&data, sizeof(data), 8.0 * sizeof(data)); |
|||
AddCurrentMouse (); |
|||
AddNow (1.0); |
|||
} |
|||
|
|||
//------------------- LOW LEVEL ---------------------
|
|||
|
|||
void CRandomizer::AddBytes (void *data, long size, double entropy) |
|||
{ |
|||
RAND_add (data, size, entropy * 0.125); // Convert entropy bits
|
|||
// to bytes
|
|||
} |
|||
|
|||
void CRandomizer::AddNow (double millisecondUncertainty) |
|||
{ |
|||
long time = SysTimer(); |
|||
AddBytes (&time, sizeof (time), log2l (millisecondUncertainty * |
|||
mTimebaseTicksPerMillisec)); |
|||
} |
|||
|
|||
//----------------- TIMING SUPPORT ------------------
|
|||
|
|||
void CRandomizer::GetTimeBaseResolution (void) |
|||
{ |
|||
#ifdef __powerc |
|||
long speed; |
|||
|
|||
// gestaltProcClkSpeed available on System 7.5.2 and above
|
|||
if (Gestalt (gestaltProcClkSpeed, &speed) != noErr) |
|||
// Only PowerPCs running pre-7.5.2 are 60-80 MHz
|
|||
// machines.
|
|||
mTimebaseTicksPerMillisec = 6000.0D; |
|||
// Assume 10 cycles per clock update, as in 601 spec. Seems true
|
|||
// for later chips as well.
|
|||
mTimebaseTicksPerMillisec = speed / 1.0e4D; |
|||
#else |
|||
// 68K VIA-based machines (see Develop Magazine no. 29)
|
|||
mTimebaseTicksPerMillisec = 783.360D; |
|||
#endif |
|||
} |
|||
|
|||
unsigned long CRandomizer::SysTimer (void) // returns the lower 32
|
|||
// bit of the chip timer
|
|||
{ |
|||
#ifdef __powerc |
|||
return GetPPCTimer (mIs601); |
|||
#else |
|||
UnsignedWide usec; |
|||
Microseconds (&usec); |
|||
return usec.lo; |
|||
#endif |
|||
} |
|||
|
|||
#ifdef __powerc |
|||
// The timebase is available through mfspr on 601, mftb on later chips.
|
|||
// Motorola recommends that an 601 implementation map mftb to mfspr
|
|||
// through an exception, but I haven't tested to see if MacOS actually
|
|||
// does this. We only sample the lower 32 bits of the timer (i.e. a
|
|||
// few minutes of resolution)
|
|||
|
|||
asm unsigned long GetPPCTimer (register bool is601) |
|||
{ |
|||
cmplwi is601, 0 // Check if 601
|
|||
bne _601 // if non-zero goto _601
|
|||
mftb r3 // Available on 603 and later.
|
|||
blr // return with result in r3
|
|||
_601: |
|||
mfspr r3, spr5 // Available on 601 only.
|
|||
// blr inserted automatically
|
|||
} |
|||
#endif |
@ -0,0 +1,43 @@ |
|||
|
|||
// Gathers unpredictable system data to be used for generating
|
|||
// random bits
|
|||
|
|||
#include <MacTypes.h> |
|||
|
|||
class CRandomizer |
|||
{ |
|||
public: |
|||
CRandomizer (void); |
|||
void PeriodicAction (void); |
|||
|
|||
private: |
|||
|
|||
// Private calls
|
|||
|
|||
void AddTimeSinceMachineStartup (void); |
|||
void AddAbsoluteSystemStartupTime (void); |
|||
void AddAppRunningTime (void); |
|||
void AddStartupVolumeInfo (void); |
|||
void AddFiller (void); |
|||
|
|||
void AddCurrentMouse (void); |
|||
void AddNow (double millisecondUncertainty); |
|||
void AddBytes (void *data, long size, double entropy); |
|||
|
|||
void GetTimeBaseResolution (void); |
|||
unsigned long SysTimer (void); |
|||
|
|||
// System Info
|
|||
bool mSupportsLargeVolumes; |
|||
bool mIsPowerPC; |
|||
bool mIs601; |
|||
|
|||
// Time info
|
|||
double mTimebaseTicksPerMillisec; |
|||
unsigned long mLastPeriodicTicks; |
|||
|
|||
// Mouse info
|
|||
long mSamplePeriod; |
|||
Point mLastMouse; |
|||
long mMouseStill; |
|||
}; |
@ -0,0 +1,18 @@ |
|||
------------------------------------------------------------------- |
|||
Verify server certificate |
|||
------------------------------------------------------------------- |
|||
Currently omitted from the project: |
|||
|
|||
crypto/tmdiff.c |
|||
crypto/bio/bss_conn.c |
|||
crypto/bio/b_sock.c |
|||
crypto/bio/bss_acpt.c |
|||
crypto/bio/bss_log.h |
|||
|
|||
------------------------------------------------------------------- |
|||
Build libraries to link with... |
|||
------------------------------------------------------------------- |
|||
Port openssl application. |
|||
------------------------------------------------------------------- |
|||
BN optimizations (currently PPC version is compiled with BN_LLONG) |
|||
------------------------------------------------------------------- |
@ -0,0 +1,9 @@ |
|||
#include <MacHeaders.h> |
|||
#define B_ENDIAN |
|||
#ifdef __POWERPC__ |
|||
#pragma longlong on |
|||
#endif |
|||
#if 1 |
|||
#define MAC_OS_GUSI_SOURCE |
|||
#endif |
|||
#define MONOLITH |
@ -0,0 +1,9 @@ |
|||
#include <MacHeaders.h> |
|||
#define B_ENDIAN |
|||
#ifdef __POWERPC__ |
|||
#pragma longlong on |
|||
#endif |
|||
#if 0 |
|||
#define MAC_OS_GUSI_SOURCE |
|||
#endif |
|||
#define MONOLITH |
@ -0,0 +1,5 @@ |
|||
#ifndef MK1MF_BUILD |
|||
# define CFLAGS "-DB_ENDIAN" |
|||
# define PLATFORM "macos" |
|||
# define DATE "Sun Feb 27 19:44:16 MET 2000" |
|||
#endif |
@ -0,0 +1,820 @@ |
|||
(This file must be converted with BinHex 4.0) |
|||
|
|||
:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J! |
|||
!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C |
|||
cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3) |
|||
%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!! |
|||
!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J) |
|||
#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS |
|||
#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!! |
|||
!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9 |
|||
Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a |
|||
X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8 |
|||
[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P |
|||
d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'& |
|||
dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!` |
|||
!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0 |
|||
f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL |
|||
KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m |
|||
SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q |
|||
JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m |
|||
J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P* |
|||
&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4 |
|||
!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ! |
|||
J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J |
|||
%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr |
|||
m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr |
|||
rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!( |
|||
!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!! |
|||
2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c |
|||
-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h |
|||
`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph |
|||
-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$ |
|||
!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!` |
|||
!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!! |
|||
-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$ |
|||
-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh |
|||
mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`! |
|||
!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B! |
|||
13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr |
|||
r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`! |
|||
2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h |
|||
`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2! |
|||
!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i |
|||
Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a |
|||
TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9 |
|||
KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b! |
|||
!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M% |
|||
`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!* |
|||
X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X |
|||
!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!! |
|||
%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'& |
|||
`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp |
|||
XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j |
|||
N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R- |
|||
!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi |
|||
!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X |
|||
!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!" |
|||
KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9 |
|||
XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!! |
|||
!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!! |
|||
!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC |
|||
TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
|||
!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!! |
|||
!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0 |
|||
dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0 |
|||
dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#! |
|||
!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J! |
|||
A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F |
|||
!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa |
|||
NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3! |
|||
U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!! |
|||
!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`! |
|||
`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X |
|||
!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R |
|||
rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r |
|||
Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3! |
|||
!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0 |
|||
d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3! |
|||
q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3 |
|||
+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri |
|||
0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!& |
|||
Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'& |
|||
dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!! |
|||
#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ! |
|||
!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4 |
|||
SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%` |
|||
!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9 |
|||
NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!! |
|||
!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!! |
|||
!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K |
|||
P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`! |
|||
"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T |
|||
849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& |
|||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J" |
|||
K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J" |
|||
Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3! |
|||
!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3 |
|||
0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp |
|||
XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3" |
|||
U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0 |
|||
dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J! |
|||
!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0 |
|||
cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8 |
|||
!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp |
|||
UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3 |
|||
0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa |
|||
'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8 |
|||
!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p |
|||
XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J |
|||
!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d |
|||
!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3 |
|||
!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA) |
|||
JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!" |
|||
mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X |
|||
!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0 |
|||
d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm |
|||
!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3! |
|||
#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j |
|||
ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl` |
|||
0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS |
|||
U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q |
|||
irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3# |
|||
(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!) |
|||
!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J# |
|||
Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J |
|||
!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq |
|||
Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`! |
|||
!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP" |
|||
KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq |
|||
U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!! |
|||
Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8 |
|||
#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!! |
|||
!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9 |
|||
bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R) |
|||
!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi |
|||
!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark- |
|||
+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d |
|||
!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb" |
|||
dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j |
|||
MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY |
|||
[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ |
|||
0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K |
|||
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'& |
|||
dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$ |
|||
i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj |
|||
Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![ |
|||
rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!! |
|||
#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``! |
|||
#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'& |
|||
dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!) |
|||
!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J! |
|||
#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*! |
|||
!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q |
|||
-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS |
|||
!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9 |
|||
bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T |
|||
dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$ |
|||
6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8 |
|||
!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E |
|||
rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS |
|||
U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!! |
|||
"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`& |
|||
2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa |
|||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l |
|||
rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ! |
|||
%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!! |
|||
!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4 |
|||
S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip |
|||
f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ! |
|||
"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA* |
|||
3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![ |
|||
rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2 |
|||
rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$ |
|||
`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2- |
|||
+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA |
|||
rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 |
|||
NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$ |
|||
h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9 |
|||
LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$ |
|||
rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q` |
|||
!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m |
|||
!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR" |
|||
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J! |
|||
!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33 |
|||
""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j |
|||
eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3 |
|||
+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T |
|||
MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& |
|||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb! |
|||
J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!& |
|||
Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p |
|||
C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J |
|||
'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!% |
|||
9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[ |
|||
r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3! |
|||
!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF(" |
|||
KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp |
|||
bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0 |
|||
X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3% |
|||
J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh" |
|||
PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J |
|||
'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`) |
|||
'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3! |
|||
#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA" |
|||
`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`! |
|||
!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d |
|||
",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa |
|||
NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!! |
|||
!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!) |
|||
#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J% |
|||
d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2 |
|||
r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m |
|||
!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 |
|||
-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!) |
|||
Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J` |
|||
"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`! |
|||
"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8! |
|||
"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!* |
|||
2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4 |
|||
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X |
|||
!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&" |
|||
KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS |
|||
!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!* |
|||
8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q, |
|||
r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9 |
|||
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im |
|||
V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3 |
|||
+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh |
|||
r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9 |
|||
YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J& |
|||
B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!* |
|||
l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d |
|||
"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3 |
|||
`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@) |
|||
+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V |
|||
r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`! |
|||
%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm |
|||
G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp |
|||
XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N |
|||
!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA! |
|||
ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm |
|||
B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V) |
|||
#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ! |
|||
!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!! |
|||
3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d |
|||
"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ |
|||
0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a |
|||
X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q& |
|||
XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC |
|||
[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J |
|||
!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d |
|||
"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3! |
|||
!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC |
|||
[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!) |
|||
"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!* |
|||
b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!! |
|||
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`' |
|||
0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K |
|||
dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh* |
|||
PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3' |
|||
4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!) |
|||
d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0 |
|||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3 |
|||
!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S |
|||
"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3 |
|||
!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'& |
|||
dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!( |
|||
qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D) |
|||
!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9 |
|||
b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![ |
|||
qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2 |
|||
qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3' |
|||
S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX |
|||
+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch |
|||
ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 |
|||
NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ' |
|||
[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4 |
|||
ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ |
|||
,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!) |
|||
$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!* |
|||
L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4 |
|||
S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!! |
|||
0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!' |
|||
p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 |
|||
XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T |
|||
KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0 |
|||
QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 |
|||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#! |
|||
0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d |
|||
!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC |
|||
[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!) |
|||
"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!* |
|||
b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!! |
|||
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!( |
|||
5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K |
|||
dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9 |
|||
X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ! |
|||
"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!! |
|||
!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa |
|||
TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2 |
|||
qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi |
|||
+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!! |
|||
$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J |
|||
!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB |
|||
!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!& |
|||
[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP" |
|||
KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl |
|||
%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl |
|||
#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd |
|||
"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V |
|||
q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k |
|||
p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4 |
|||
P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3 |
|||
0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9 |
|||
fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ |
|||
,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!) |
|||
$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!* |
|||
L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4 |
|||
S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J! |
|||
!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J% |
|||
#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j |
|||
eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3 |
|||
+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T |
|||
MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'& |
|||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb! |
|||
J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!& |
|||
Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T |
|||
MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`! |
|||
!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K% |
|||
!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3 |
|||
`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3 |
|||
j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4 |
|||
S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9 |
|||
MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d |
|||
#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3! |
|||
#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j |
|||
cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J) |
|||
H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk |
|||
D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J! |
|||
#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA" |
|||
`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`! |
|||
!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d |
|||
#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa |
|||
NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!! |
|||
!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4 |
|||
f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M% |
|||
!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`! |
|||
$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!& |
|||
[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0 |
|||
66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!! |
|||
%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX |
|||
-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!! |
|||
"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md |
|||
#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35 |
|||
X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4 |
|||
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S |
|||
!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'& |
|||
dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J! |
|||
!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",% |
|||
%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj |
|||
q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4 |
|||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX |
|||
+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T |
|||
QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN |
|||
#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA" |
|||
3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93! |
|||
#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6 |
|||
ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX |
|||
!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K |
|||
dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR- |
|||
!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3! |
|||
%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP |
|||
ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3 |
|||
`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9 |
|||
b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3 |
|||
!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!) |
|||
!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$! |
|||
!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI |
|||
qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8 |
|||
@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP |
|||
`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!& |
|||
[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!! |
|||
$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ) |
|||
!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B |
|||
#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3* |
|||
l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh" |
|||
PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!* |
|||
Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8 |
|||
q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+ |
|||
"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!) |
|||
#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9 |
|||
'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP |
|||
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS |
|||
!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K |
|||
dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9 |
|||
X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ! |
|||
"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!) |
|||
d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0 |
|||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T% |
|||
!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS |
|||
#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+ |
|||
9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9 |
|||
YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij |
|||
(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+ |
|||
J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC |
|||
[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!! |
|||
!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@ |
|||
*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3 |
|||
!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2 |
|||
q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m |
|||
!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 |
|||
-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@ |
|||
H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ` |
|||
#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`! |
|||
!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d |
|||
#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'` |
|||
"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a |
|||
TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp |
|||
X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!! |
|||
BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+ |
|||
i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!! |
|||
&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp |
|||
X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+ |
|||
a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R) |
|||
!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!"" |
|||
MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB |
|||
-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J |
|||
!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0 |
|||
bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3, |
|||
+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!) |
|||
d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0 |
|||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd |
|||
!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi |
|||
#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y% |
|||
!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e |
|||
`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX |
|||
!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y` |
|||
0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp |
|||
XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!! |
|||
!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!) |
|||
')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J, |
|||
J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2 |
|||
q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m |
|||
!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0 |
|||
-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B |
|||
h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ` |
|||
#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!& |
|||
[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!, |
|||
Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ |
|||
#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p |
|||
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`! |
|||
&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'& |
|||
dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J! |
|||
!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd |
|||
'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri |
|||
#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4 |
|||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm |
|||
+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T |
|||
QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h |
|||
p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e |
|||
`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3 |
|||
!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3 |
|||
'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3- |
|||
+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!! |
|||
)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV |
|||
pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h |
|||
e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3 |
|||
+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI% |
|||
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa |
|||
NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3! |
|||
#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ |
|||
!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!! |
|||
8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[ |
|||
pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D |
|||
l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0 |
|||
bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`! |
|||
"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b- |
|||
!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih |
|||
Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@% |
|||
'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d |
|||
$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p |
|||
`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`! |
|||
#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF |
|||
'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3- |
|||
`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!) |
|||
$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E |
|||
b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP |
|||
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN |
|||
!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA" |
|||
3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS |
|||
U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!! |
|||
(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F |
|||
3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa |
|||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d, |
|||
pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ! |
|||
%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[ |
|||
pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9 |
|||
YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0 |
|||
*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F |
|||
T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d |
|||
$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ |
|||
!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB |
|||
$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0 |
|||
9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h |
|||
$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF% |
|||
,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9 |
|||
'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d |
|||
$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP |
|||
`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e( |
|||
p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q` |
|||
!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f- |
|||
!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR" |
|||
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!) |
|||
!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0 |
|||
S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!" |
|||
ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!! |
|||
%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3 |
|||
+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR" |
|||
KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm |
|||
J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30 |
|||
c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3! |
|||
%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f |
|||
[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d |
|||
$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN |
|||
!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H |
|||
D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA" |
|||
`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0 |
|||
[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp |
|||
ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d |
|||
$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p |
|||
`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4 |
|||
S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m! |
|||
(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!! |
|||
0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K |
|||
dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS |
|||
$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!! |
|||
$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j- |
|||
+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr |
|||
pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 |
|||
NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1 |
|||
A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y |
|||
cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`! |
|||
!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1 |
|||
F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3 |
|||
$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p |
|||
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J! |
|||
%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4 |
|||
S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!! |
|||
!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J |
|||
-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB |
|||
$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9 |
|||
QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V |
|||
pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC |
|||
TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31 |
|||
a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&" |
|||
KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!) |
|||
$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2 |
|||
pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3! |
|||
"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$! |
|||
!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V |
|||
pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e |
|||
j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3 |
|||
+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8 |
|||
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa |
|||
NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!! |
|||
#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4 |
|||
L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![ |
|||
pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK |
|||
R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q) |
|||
!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J |
|||
!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!! |
|||
0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2 |
|||
6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 |
|||
XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T |
|||
KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0 |
|||
QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 |
|||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#! |
|||
0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!& |
|||
Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3 |
|||
+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@- |
|||
!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J! |
|||
!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+) |
|||
)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e |
|||
D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4 |
|||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F |
|||
+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T |
|||
QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L |
|||
c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!! |
|||
)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J! |
|||
!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m |
|||
!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'& |
|||
dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9! |
|||
,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre |
|||
2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d |
|||
$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2 |
|||
p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M |
|||
Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa |
|||
eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!! |
|||
%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J! |
|||
)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M |
|||
Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8 |
|||
!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8! |
|||
%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3 |
|||
,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d |
|||
p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X |
|||
,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9 |
|||
'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d |
|||
%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0 |
|||
X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[ |
|||
p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33 |
|||
@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9 |
|||
XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T |
|||
KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0 |
|||
QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4 |
|||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#! |
|||
0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d |
|||
!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0 |
|||
QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9 |
|||
b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0 |
|||
bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33 |
|||
Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!) |
|||
d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0 |
|||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N |
|||
!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5! |
|||
%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3! |
|||
#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C |
|||
[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B% |
|||
*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`! |
|||
$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N |
|||
%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!! |
|||
*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P |
|||
ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ |
|||
P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d |
|||
!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!! |
|||
*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!) |
|||
%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!! |
|||
!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd |
|||
1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B |
|||
+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp |
|||
XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S |
|||
!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a |
|||
P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%` |
|||
+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0 |
|||
cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!( |
|||
p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS |
|||
U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!! |
|||
*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R |
|||
Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa |
|||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I |
|||
mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ! |
|||
%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R |
|||
X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa |
|||
NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS |
|||
##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3! |
|||
B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3 |
|||
+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j |
|||
cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$! |
|||
!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA* |
|||
3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!! |
|||
!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B |
|||
ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc |
|||
U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'! |
|||
!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!# |
|||
3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV |
|||
mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c |
|||
N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4 |
|||
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3 |
|||
+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d |
|||
%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S |
|||
+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J |
|||
!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0` |
|||
"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i |
|||
!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!# |
|||
3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV |
|||
meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c |
|||
8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4 |
|||
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3 |
|||
+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d |
|||
%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c |
|||
2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!! |
|||
4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-` |
|||
%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!! |
|||
%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*- |
|||
+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6 |
|||
ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9 |
|||
NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5 |
|||
A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G |
|||
PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U |
|||
Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E |
|||
ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3! |
|||
"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d |
|||
!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X |
|||
!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!! |
|||
!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N |
|||
0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J |
|||
!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S |
|||
!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35 |
|||
Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb |
|||
Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!! |
|||
U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA- |
|||
!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4 |
|||
3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C |
|||
[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9 |
|||
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh* |
|||
jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9 |
|||
bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p |
|||
`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4 |
|||
SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib |
|||
K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4 |
|||
[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!! |
|||
#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c |
|||
mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb |
|||
!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3% |
|||
q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43* |
|||
5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30 |
|||
R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35 |
|||
Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'& |
|||
QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV |
|||
mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3 |
|||
+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4 |
|||
S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`! |
|||
Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K |
|||
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'& |
|||
dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!! |
|||
H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C |
|||
[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0 |
|||
cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS |
|||
U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ! |
|||
%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M! |
|||
!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a |
|||
k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3 |
|||
`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a |
|||
a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9 |
|||
4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA |
|||
Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[ |
|||
Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K |
|||
B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp |
|||
K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp |
|||
K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp |
|||
K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3! |
|||
`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`! |
|||
Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3! |
|||
T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3! |
|||
CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3! |
|||
SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j |
|||
2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@% |
|||
!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!` |
|||
!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q% |
|||
!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m |
|||
!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f% |
|||
!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q% |
|||
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'% |
|||
!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!! |
|||
Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9 |
|||
K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#` |
|||
-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T |
|||
K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P |
|||
I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp |
|||
K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T |
|||
K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#" |
|||
K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@! |
|||
!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`! |
|||
9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3! |
|||
X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp |
|||
I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp |
|||
K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp |
|||
K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T |
|||
K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m |
|||
!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'% |
|||
!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT |
|||
K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B |
|||
P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0 |
|||
2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N |
|||
[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i |
|||
[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q% |
|||
!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m |
|||
!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f% |
|||
!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q% |
|||
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"- |
|||
[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#% |
|||
UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m |
|||
!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3! |
|||
T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P |
|||
I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f% |
|||
!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S |
|||
[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!` |
|||
!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q% |
|||
!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K |
|||
K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q% |
|||
!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0 |
|||
K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0 |
|||
[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!! |
|||
1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`! |
|||
%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0 |
|||
VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf` |
|||
Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp |
|||
XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",% |
|||
!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf` |
|||
Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9 |
|||
cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa |
|||
eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9 |
|||
b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3 |
|||
!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90 |
|||
139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#" |
|||
'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6 |
|||
%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6 |
|||
,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p |
|||
`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8 |
|||
!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e |
|||
KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139! |
|||
Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'& |
|||
cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!# |
|||
#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$ |
|||
LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!% |
|||
UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!! |
|||
!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!! |
|||
!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!! |
|||
!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH% |
|||
i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!! |
|||
!*4S: |
@ -0,0 +1,116 @@ |
|||
/* MacOS/opensslconf.h */ |
|||
|
|||
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ |
|||
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) |
|||
#define OPENSSLDIR "/usr/local/ssl" |
|||
#endif |
|||
#endif |
|||
|
|||
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) |
|||
#define IDEA_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_MD2_H) && !defined(MD2_INT) |
|||
#define MD2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC2_H) && !defined(RC2_INT) |
|||
/* I need to put in a mod for the alpha - eay */ |
|||
#define RC2_INT unsigned int |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_H) |
|||
#if !defined(RC4_INT) |
|||
/* using int types make the structure larger but make the code faster
|
|||
* on most boxes I have tested - up to %20 faster. */ |
|||
/*
|
|||
* I don't know what does "most" mean, but declaring "int" is a must on: |
|||
* - Intel P6 because partial register stalls are very expensive; |
|||
* - elder Alpha because it lacks byte load/store instructions; |
|||
*/ |
|||
#define RC4_INT unsigned char |
|||
#endif |
|||
#if !defined(RC4_CHUNK) |
|||
/*
|
|||
* This enables code handling data aligned at natural CPU word |
|||
* boundary. See crypto/rc4/rc4_enc.c for further details. |
|||
*/ |
|||
#define RC4_CHUNK unsigned long |
|||
#endif |
|||
#endif |
|||
|
|||
#if defined(HEADER_DES_H) && !defined(DES_LONG) |
|||
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
|
|||
* %20 speed up (longs are 8 bytes, int's are 4). */ |
|||
#ifndef DES_LONG |
|||
#define DES_LONG unsigned long |
|||
#endif |
|||
#endif |
|||
|
|||
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) |
|||
#define CONFIG_HEADER_BN_H |
|||
#if __option(longlong) |
|||
# define BN_LLONG |
|||
#else |
|||
# undef BN_LLONG |
|||
#endif |
|||
|
|||
/* Should we define BN_DIV2W here? */ |
|||
|
|||
/* Only one for the following should be defined */ |
|||
/* The prime number generation stuff may not work when
|
|||
* EIGHT_BIT but I don't care since I've only used this mode |
|||
* for debuging the bignum libraries */ |
|||
#undef SIXTY_FOUR_BIT_LONG |
|||
#undef SIXTY_FOUR_BIT |
|||
#define THIRTY_TWO_BIT |
|||
#undef SIXTEEN_BIT |
|||
#undef EIGHT_BIT |
|||
#endif |
|||
|
|||
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) |
|||
#define CONFIG_HEADER_RC4_LOCL_H |
|||
/* if this is defined data[i] is used instead of *data, this is a %20
|
|||
* speedup on x86 */ |
|||
#undef RC4_INDEX |
|||
#endif |
|||
|
|||
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) |
|||
#define CONFIG_HEADER_BF_LOCL_H |
|||
#define BF_PTR |
|||
#endif /* HEADER_BF_LOCL_H */ |
|||
|
|||
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) |
|||
#define CONFIG_HEADER_DES_LOCL_H |
|||
/* the following is tweaked from a config script, that is why it is a
|
|||
* protected undef/define */ |
|||
#ifndef DES_PTR |
|||
#define DES_PTR |
|||
#endif |
|||
|
|||
/* This helps C compiler generate the correct code for multiple functional
|
|||
* units. It reduces register dependancies at the expense of 2 more |
|||
* registers */ |
|||
#ifndef DES_RISC1 |
|||
#define DES_RISC1 |
|||
#endif |
|||
|
|||
#ifndef DES_RISC2 |
|||
#undef DES_RISC2 |
|||
#endif |
|||
|
|||
#if defined(DES_RISC1) && defined(DES_RISC2) |
|||
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! |
|||
#endif |
|||
|
|||
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
|
|||
* Very mucy CPU dependant */ |
|||
#ifndef DES_UNROLL |
|||
#define DES_UNROLL |
|||
#endif |
|||
|
|||
#endif /* HEADER_DES_LOCL_H */ |
|||
|
|||
#ifndef __POWERPC__ |
|||
#define MD32_XARRAY |
|||
#endif |
@ -0,0 +1,732 @@ |
|||
### Generated automatically from Makefile.org by Configure.
|
|||
|
|||
##
|
|||
## Makefile for OpenSSL
|
|||
##
|
|||
|
|||
VERSION=0.9.8o |
|||
MAJOR=0 |
|||
MINOR=9.8 |
|||
SHLIB_VERSION_NUMBER=0.9.8 |
|||
SHLIB_VERSION_HISTORY= |
|||
SHLIB_MAJOR=0 |
|||
SHLIB_MINOR=9.8 |
|||
SHLIB_EXT= |
|||
PLATFORM=dist |
|||
OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic |
|||
CONFIGURE_ARGS=dist |
|||
SHLIB_TARGET= |
|||
|
|||
# HERE indicates where this Makefile lives. This can be used to indicate
|
|||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
|||
# and should probably not be bothered with at all.
|
|||
HERE=. |
|||
|
|||
# INSTALL_PREFIX is for package builders so that they can configure
|
|||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
|||
# Normally it is left empty.
|
|||
INSTALL_PREFIX= |
|||
INSTALLTOP=/usr/local/ssl |
|||
|
|||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
|||
OPENSSLDIR=/usr/local/ssl |
|||
|
|||
# NO_IDEA - Define to build without the IDEA algorithm
|
|||
# NO_RC4 - Define to build without the RC4 algorithm
|
|||
# NO_RC2 - Define to build without the RC2 algorithm
|
|||
# THREADS - Define when building with threads, you will probably also need any
|
|||
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
|
|||
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
|
|||
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
|
|||
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
|
|||
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
|
|||
# one. 32 bytes will be read from this when the random
|
|||
# number generator is initalised.
|
|||
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
|
|||
# NULL encryption ciphers.
|
|||
#
|
|||
# LOCK_DEBUG - turns on lots of lock debug output :-)
|
|||
# REF_CHECK - turn on some xyz_free() assertions.
|
|||
# REF_PRINT - prints some stuff on structure free.
|
|||
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
|
|||
# MFUNC - Make all Malloc/Free/Realloc calls call
|
|||
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
|
|||
# call application defined callbacks via CRYPTO_set_mem_functions()
|
|||
# MD5_ASM needs to be defined to use the x86 assembler for MD5
|
|||
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
|
|||
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
|
|||
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
|
|||
# equal 4.
|
|||
# PKCS1_CHECK - pkcs1 tests.
|
|||
|
|||
CC= cc |
|||
CFLAG= -O |
|||
DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED |
|||
PEX_LIBS= |
|||
EX_LIBS= |
|||
EXE_EXT= |
|||
ARFLAGS= |
|||
AR= ar $(ARFLAGS) r |
|||
ARD=ar $(ARFLAGS) d |
|||
RANLIB= /usr/bin/ranlib |
|||
PERL= /usr/bin/perl |
|||
TAR= tar |
|||
TARFLAGS= --no-recursion |
|||
MAKEDEPPROG=makedepend |
|||
LIBDIR=lib |
|||
|
|||
# We let the C compiler driver to take care of .s files. This is done in
|
|||
# order to be excused from maintaining a separate set of architecture
|
|||
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
|
|||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
|||
# and pass it down to assembler.
|
|||
AS=$(CC) -c |
|||
ASFLAG=$(CFLAG) |
|||
|
|||
# For x86 assembler: Set PROCESSOR to 386 if you want to support
|
|||
# the 80386.
|
|||
PROCESSOR= |
|||
|
|||
# CPUID module collects small commonly used assembler snippets
|
|||
CPUID_OBJ= |
|||
BN_ASM= bn_asm.o |
|||
DES_ENC= des_enc.o fcrypt_b.o |
|||
AES_ASM_OBJ= aes_core.o aes_cbc.o |
|||
BF_ENC= bf_enc.o |
|||
CAST_ENC= c_enc.o |
|||
RC4_ENC= rc4_enc.o rc4_skey.o |
|||
RC5_ENC= rc5_enc.o |
|||
MD5_ASM_OBJ= |
|||
SHA1_ASM_OBJ= |
|||
RMD160_ASM_OBJ= |
|||
|
|||
# KRB5 stuff
|
|||
KRB5_INCLUDES= |
|||
LIBKRB5= |
|||
|
|||
# Zlib stuff
|
|||
ZLIB_INCLUDE= |
|||
LIBZLIB= |
|||
|
|||
# This is the location of fipscanister.o and friends.
|
|||
# The FIPS module build will place it $(INSTALLTOP)/lib
|
|||
# but since $(INSTALLTOP) can only take the default value
|
|||
# when the module is built it will be in /usr/local/ssl/lib
|
|||
# $(INSTALLTOP) for this build make be different so hard
|
|||
# code the path.
|
|||
|
|||
FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/ |
|||
|
|||
# This is set to "y" if fipscanister.o is compiled internally as
|
|||
# opposed to coming from an external validated location.
|
|||
|
|||
FIPSCANISTERINTERNAL=n |
|||
|
|||
# The location of the library which contains fipscanister.o
|
|||
# normally it will be libcrypto unless fipsdso is set in which
|
|||
# case it will be libfips. If not compiling in FIPS mode at all
|
|||
# this is empty making it a useful test for a FIPS compile.
|
|||
|
|||
FIPSCANLIB= |
|||
|
|||
# Shared library base address. Currently only used on Windows.
|
|||
#
|
|||
|
|||
BASEADDR=0xFB00000 |
|||
|
|||
DIRS= crypto ssl engines apps test tools |
|||
SHLIBDIRS= crypto ssl |
|||
|
|||
# dirs in crypto to build
|
|||
SDIRS= \
|
|||
objects \
|
|||
md2 md4 md5 sha hmac ripemd \
|
|||
des aes rc2 rc4 idea bf cast \
|
|||
bn ec rsa dsa ecdsa dh ecdh dso engine \
|
|||
buffer bio stack lhash rand err \
|
|||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
|
|||
store pqueue |
|||
# keep in mind that the above list is adjusted by ./Configure
|
|||
# according to no-xxx arguments...
|
|||
|
|||
# tests to perform. "alltests" is a special word indicating that all tests
|
|||
# should be performed.
|
|||
TESTS = alltests |
|||
|
|||
MAKEFILE= Makefile |
|||
|
|||
MANDIR=$(OPENSSLDIR)/man |
|||
MAN1=1 |
|||
MAN3=3 |
|||
MANSUFFIX= |
|||
SHELL=/bin/sh |
|||
|
|||
TOP= . |
|||
ONEDIRS=out tmp |
|||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS |
|||
WDIRS= windows |
|||
LIBS= libcrypto.a libssl.a |
|||
SHARED_CRYPTO=libcrypto$(SHLIB_EXT) |
|||
SHARED_SSL=libssl$(SHLIB_EXT) |
|||
SHARED_FIPS= |
|||
SHARED_LIBS= |
|||
SHARED_LIBS_LINK_EXTS= |
|||
SHARED_LDFLAGS= |
|||
|
|||
GENERAL= Makefile |
|||
BASENAME= openssl |
|||
NAME= $(BASENAME)-$(VERSION) |
|||
TARFILE= $(NAME).tar |
|||
WTARFILE= $(NAME)-win.tar |
|||
EXHEADER= e_os2.h |
|||
HEADER= e_os.h |
|||
|
|||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc |
|||
|
|||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
|||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
|||
# shell, which [annoyingly enough] terminates unset with error if VAR
|
|||
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
|
|||
# which terminates unset with error if no variable was present:-(
|
|||
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
|||
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
|
|||
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
|
|||
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
|
|||
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
|
|||
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
|
|||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
|||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
|
|||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
|||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} |
|||
|
|||
BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
|
|||
CC='${CC}' CFLAG='${CFLAG}' \
|
|||
AS='${CC}' ASFLAG='${CFLAG} -c' \
|
|||
AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
|
|||
SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
|
|||
INSTALL_PREFIX='${INSTALL_PREFIX}' \
|
|||
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
|
|||
LIBDIR='${LIBDIR}' \
|
|||
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
|
|||
DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
|
|||
MAKEDEPPROG='${MAKEDEPPROG}' \
|
|||
SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
|
|||
KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
|
|||
EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
|
|||
SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
|
|||
PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
|
|||
CPUID_OBJ='${CPUID_OBJ}' \
|
|||
BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
|
|||
AES_ASM_OBJ='${AES_ASM_OBJ}' \
|
|||
BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
|
|||
RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
|
|||
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
|
|||
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
|
|||
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
|
|||
FIPSLIBDIR='${FIPSLIBDIR}' \
|
|||
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
|
|||
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
|
|||
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
|
|||
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= |
|||
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
|
|||
# which in turn eliminates ambiguities in variable treatment with -e.
|
|||
|
|||
# BUILD_CMD is a generic macro to build a given target in a given
|
|||
# subdirectory. The target must be given through the shell variable
|
|||
# `target' and the subdirectory to build in must be given through `dir'.
|
|||
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
|
|||
# BUILD_ONE_CMD instead.
|
|||
#
|
|||
# BUILD_ONE_CMD is a macro to build a given target in a given
|
|||
# subdirectory if that subdirectory is part of $(DIRS). It requires
|
|||
# exactly the same shell variables as BUILD_CMD.
|
|||
#
|
|||
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
|
|||
# subdirectories defined in $(DIRS). It requires that the target
|
|||
# is given through the shell variable `target'.
|
|||
BUILD_CMD= if [ -d "$$dir" ]; then \
|
|||
( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
|
|||
cd $$dir && echo "making $$target in $$dir..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
|
|||
) || exit 1; \
|
|||
fi |
|||
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done |
|||
BUILD_ONE_CMD=\
|
|||
if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
|
|||
$(BUILD_CMD); \
|
|||
fi |
|||
|
|||
reflect: |
|||
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) |
|||
|
|||
FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
|
|||
../crypto/aes/aes_ecb.o \
|
|||
../crypto/aes/aes_ofb.o \
|
|||
../crypto/bn/bn_add.o \
|
|||
../crypto/bn/bn_blind.o \
|
|||
../crypto/bn/bn_ctx.o \
|
|||
../crypto/bn/bn_div.o \
|
|||
../crypto/bn/bn_exp2.o \
|
|||
../crypto/bn/bn_exp.o \
|
|||
../crypto/bn/bn_gcd.o \
|
|||
../crypto/bn/bn_lib.o \
|
|||
../crypto/bn/bn_mod.o \
|
|||
../crypto/bn/bn_mont.o \
|
|||
../crypto/bn/bn_mul.o \
|
|||
../crypto/bn/bn_prime.o \
|
|||
../crypto/bn/bn_rand.o \
|
|||
../crypto/bn/bn_recp.o \
|
|||
../crypto/bn/bn_shift.o \
|
|||
../crypto/bn/bn_sqr.o \
|
|||
../crypto/bn/bn_word.o \
|
|||
../crypto/bn/bn_x931p.o \
|
|||
../crypto/buffer/buf_str.o \
|
|||
../crypto/cryptlib.o \
|
|||
../crypto/des/cfb64ede.o \
|
|||
../crypto/des/cfb64enc.o \
|
|||
../crypto/des/cfb_enc.o \
|
|||
../crypto/des/ecb3_enc.o \
|
|||
../crypto/des/ecb_enc.o \
|
|||
../crypto/des/ofb64ede.o \
|
|||
../crypto/des/ofb64enc.o \
|
|||
../crypto/des/fcrypt.o \
|
|||
../crypto/des/set_key.o \
|
|||
../crypto/dsa/dsa_utl.o \
|
|||
../crypto/dsa/dsa_sign.o \
|
|||
../crypto/dsa/dsa_vrf.o \
|
|||
../crypto/err/err.o \
|
|||
../crypto/evp/digest.o \
|
|||
../crypto/evp/enc_min.o \
|
|||
../crypto/evp/e_aes.o \
|
|||
../crypto/evp/e_des3.o \
|
|||
../crypto/evp/p_sign.o \
|
|||
../crypto/evp/p_verify.o \
|
|||
../crypto/mem_clr.o \
|
|||
../crypto/mem.o \
|
|||
../crypto/rand/md_rand.o \
|
|||
../crypto/rand/rand_egd.o \
|
|||
../crypto/rand/randfile.o \
|
|||
../crypto/rand/rand_lib.o \
|
|||
../crypto/rand/rand_os2.o \
|
|||
../crypto/rand/rand_unix.o \
|
|||
../crypto/rand/rand_win.o \
|
|||
../crypto/rsa/rsa_lib.o \
|
|||
../crypto/rsa/rsa_none.o \
|
|||
../crypto/rsa/rsa_oaep.o \
|
|||
../crypto/rsa/rsa_pk1.o \
|
|||
../crypto/rsa/rsa_pss.o \
|
|||
../crypto/rsa/rsa_ssl.o \
|
|||
../crypto/rsa/rsa_x931.o \
|
|||
../crypto/sha/sha1dgst.o \
|
|||
../crypto/sha/sha256.o \
|
|||
../crypto/sha/sha512.o \
|
|||
../crypto/uid.o |
|||
|
|||
sub_all: build_all |
|||
build_all: build_libs build_apps build_tests build_tools |
|||
|
|||
build_libs: build_crypto build_fips build_ssl build_shared build_engines |
|||
|
|||
build_crypto: |
|||
if [ -n "$(FIPSCANLIB)" ]; then \
|
|||
EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
|
|||
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
|
|||
else \
|
|||
ARX='${AR}' ; \
|
|||
fi ; export ARX ; \
|
|||
dir=crypto; target=all; $(BUILD_ONE_CMD) |
|||
build_fips: |
|||
@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) |
|||
build_ssl: build_crypto |
|||
@dir=ssl; target=all; $(BUILD_ONE_CMD) |
|||
build_engines: build_crypto |
|||
@dir=engines; target=all; $(BUILD_ONE_CMD) |
|||
build_apps: build_libs |
|||
@dir=apps; target=all; $(BUILD_ONE_CMD) |
|||
build_tests: build_libs |
|||
@dir=test; target=all; $(BUILD_ONE_CMD) |
|||
build_tools: build_libs |
|||
@dir=tools; target=all; $(BUILD_ONE_CMD) |
|||
|
|||
all_testapps: build_libs build_testapps |
|||
build_testapps: |
|||
@dir=crypto; target=testapps; $(BUILD_ONE_CMD) |
|||
|
|||
build_shared: $(SHARED_LIBS) |
|||
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
|
|||
$(ARD) libcrypto.a fipscanister.o ; \
|
|||
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
|
|||
$(AR) libcrypto.a fips/fipscanister.o ; \
|
|||
else \
|
|||
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
|
|||
FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
|
|||
export CC FIPSLD_CC; \
|
|||
fi; \
|
|||
$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
|
|||
fi \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
shlibdeps=-lcrypto; \
|
|||
[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
|
|||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2 ; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
fips/fipscanister.o: build_fips |
|||
libfips$(SHLIB_EXT): fips/fipscanister.o |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
|
|||
$(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
|||
CC=$${CC} LIBNAME=fips THIS=$@ \
|
|||
LIBEXTRAS=fips/fipscanister.o \
|
|||
LIBDEPS="$(EX_LIBS)" \
|
|||
LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
libfips.a: |
|||
dir=fips; target=all; $(BUILD_ONE_CMD) |
|||
|
|||
clean-shared: |
|||
@set -e; for i in $(SHLIBDIRS); do \
|
|||
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
|
|||
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
|
|||
for j in $${tmp:-x}; do \
|
|||
( set -x; rm -f lib$$i$$j ); \
|
|||
done; \
|
|||
fi; \
|
|||
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
|
|||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
|||
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
|||
fi; \
|
|||
done |
|||
|
|||
link-shared: |
|||
@ set -e; for i in ${SHLIBDIRS}; do \
|
|||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
|||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
|||
symlink.$(SHLIB_TARGET); \
|
|||
libs="$$libs -l$$i"; \
|
|||
done |
|||
|
|||
build-shared: do_$(SHLIB_TARGET) link-shared |
|||
|
|||
do_$(SHLIB_TARGET): |
|||
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
|||
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
|||
libs="$(LIBKRB5) $$libs"; \
|
|||
fi; \
|
|||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
|||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
|||
LIBDEPS="$$libs $(EX_LIBS)" \
|
|||
link_a.$(SHLIB_TARGET); \
|
|||
libs="-l$$i $$libs"; \
|
|||
done |
|||
|
|||
libcrypto.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL-libcrypto'; \
|
|||
echo 'Description: OpenSSL cryptography library'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc |
|||
|
|||
libssl.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL'; \
|
|||
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc |
|||
|
|||
openssl.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL'; \
|
|||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc |
|||
|
|||
Makefile: Makefile.org Configure config |
|||
@echo "Makefile is older than Makefile.org, Configure or config." |
|||
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." |
|||
@false |
|||
|
|||
libclean: |
|||
rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib |
|||
|
|||
clean: libclean |
|||
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c |
|||
@set -e; target=clean; $(RECURSIVE_BUILD_CMD) |
|||
rm -f $(LIBS) |
|||
rm -f openssl.pc libssl.pc libcrypto.pc |
|||
rm -f speed.* .pure |
|||
rm -f $(TARFILE) |
|||
@set -e; for i in $(ONEDIRS) ;\
|
|||
do \
|
|||
rm -fr $$i/*; \
|
|||
done |
|||
|
|||
makefile.one: files |
|||
$(PERL) util/mk1mf.pl >makefile.one; \
|
|||
sh util/do_ms.sh |
|||
|
|||
files: |
|||
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO |
|||
@set -e; target=files; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
links: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl |
|||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) |
|||
@set -e; target=links; $(RECURSIVE_BUILD_CMD) |
|||
@if [ -z "$(FIPSCANLIB)" ]; then \
|
|||
set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
|
|||
fi |
|||
|
|||
gentests: |
|||
@(cd test && echo "generating dummy tests (if needed)..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); |
|||
|
|||
dclean: |
|||
rm -f *.bak |
|||
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
rehash: rehash.time |
|||
rehash.time: certs apps |
|||
@if [ -z "$(CROSS_COMPILE)" ]; then \
|
|||
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
|||
OPENSSL_DEBUG_MEMORY=on; \
|
|||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
|||
$(PERL) tools/c_rehash certs) && \
|
|||
touch rehash.time; \
|
|||
fi |
|||
|
|||
test: tests |
|||
|
|||
tests: rehash |
|||
@(cd test && echo "testing..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); |
|||
util/opensslwrap.sh version -a |
|||
|
|||
report: |
|||
@$(PERL) util/selftest.pl |
|||
|
|||
depend: |
|||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
lint: |
|||
@set -e; target=lint; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
tags: |
|||
rm -f TAGS |
|||
find . -name '[^.]*.[ch]' | xargs etags -a |
|||
|
|||
errors: |
|||
$(PERL) util/mkerr.pl -recurse -write |
|||
(cd engines; $(MAKE) PERL=$(PERL) errors) |
|||
$(PERL) util/ck_errf.pl */*.c */*/*.c |
|||
|
|||
stacks: |
|||
$(PERL) util/mkstack.pl -write |
|||
|
|||
util/libeay.num:: |
|||
$(PERL) util/mkdef.pl crypto update |
|||
|
|||
util/ssleay.num:: |
|||
$(PERL) util/mkdef.pl ssl update |
|||
|
|||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h |
|||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h |
|||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num |
|||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h |
|||
|
|||
apps/openssl-vms.cnf: apps/openssl.cnf |
|||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf |
|||
|
|||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl |
|||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h |
|||
|
|||
|
|||
TABLE: Configure |
|||
(echo 'Output of `Configure TABLE'"':"; \
|
|||
$(PERL) Configure TABLE) > TABLE |
|||
|
|||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend |
|||
|
|||
# Build distribution tar-file. As the list of files returned by "find" is
|
|||
# pretty long, on several platforms a "too many arguments" error or similar
|
|||
# would occur. Therefore the list of files is temporarily stored into a file
|
|||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
|||
# tar does not support the --files-from option.
|
|||
tar: |
|||
find . -type d -print | xargs chmod 755 |
|||
find . -type f -print | xargs chmod a+r |
|||
find . -type f -perm -0100 -print | xargs chmod a+x |
|||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
|||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
|||
tardy --user_number=0 --user_name=openssl \
|
|||
--group_number=0 --group_name=openssl \
|
|||
--prefix=openssl-$(VERSION) - |\
|
|||
gzip --best >../$(TARFILE).gz; \
|
|||
rm -f ../$(TARFILE).list; \
|
|||
ls -l ../$(TARFILE).gz |
|||
|
|||
tar-snap: |
|||
@$(TAR) $(TARFLAGS) -cvf - \
|
|||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
|||
tardy --user_number=0 --user_name=openssl \
|
|||
--group_number=0 --group_name=openssl \
|
|||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
|||
ls -l ../$(TARFILE) |
|||
|
|||
dist: |
|||
$(PERL) Configure dist |
|||
@$(MAKE) dist_pem_h |
|||
@$(MAKE) SDIRS='${SDIRS}' clean |
|||
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar |
|||
|
|||
dist_pem_h: |
|||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) |
|||
|
|||
install: all install_docs install_sw |
|||
|
|||
install_sw: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private |
|||
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
|
|||
do \
|
|||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
|||
done; |
|||
@set -e; target=install; $(RECURSIVE_BUILD_CMD) |
|||
@set -e; for i in $(LIBS) ;\
|
|||
do \
|
|||
if [ -f "$$i" ]; then \
|
|||
( echo installing $$i; \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
|
|||
fi; \
|
|||
done; |
|||
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
|
|||
tmp="$(SHARED_LIBS)"; \
|
|||
for i in $${tmp:-x}; \
|
|||
do \
|
|||
if [ -f "$$i" -o -f "$$i.a" ]; then \
|
|||
( echo installing $$i; \
|
|||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
|||
else \
|
|||
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
|
|||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
|||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
|||
fi ); \
|
|||
fi; \
|
|||
done; \
|
|||
( here="`pwd`"; \
|
|||
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
|
|||
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
|
|||
if [ "$(INSTALLTOP)" != "/usr" ]; then \
|
|||
echo 'OpenSSL shared libraries have been installed in:'; \
|
|||
echo ' $(INSTALLTOP)'; \
|
|||
echo ''; \
|
|||
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
|
|||
fi; \
|
|||
fi |
|||
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc |
|||
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc |
|||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc |
|||
|
|||
install_docs: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man1 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man3 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man7 |
|||
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
|
|||
here="`pwd`"; \
|
|||
filecase=; \
|
|||
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
|
|||
filecase=-i; \
|
|||
fi; \
|
|||
set -e; for i in doc/apps/*.pod; do \
|
|||
fn=`basename $$i .pod`; \
|
|||
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
|
|||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
|||
(cd `$(PERL) util/dirname.pl $$i`; \
|
|||
sh -c "$$pod2man \
|
|||
--section=$$sec --center=OpenSSL \
|
|||
--release=$(VERSION) `basename $$i`") \
|
|||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
|||
$(PERL) util/extract-names.pl < $$i | \
|
|||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
|||
(grep -v "[ ]"; true) | \
|
|||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
|||
while read n; do \
|
|||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
|||
done); \
|
|||
done; \
|
|||
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
|||
fn=`basename $$i .pod`; \
|
|||
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
|
|||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
|||
(cd `$(PERL) util/dirname.pl $$i`; \
|
|||
sh -c "$$pod2man \
|
|||
--section=$$sec --center=OpenSSL \
|
|||
--release=$(VERSION) `basename $$i`") \
|
|||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
|||
$(PERL) util/extract-names.pl < $$i | \
|
|||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
|||
(grep -v "[ ]"; true) | \
|
|||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
|||
while read n; do \
|
|||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
|||
done); \
|
|||
done |
|||
|
|||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
@ -0,0 +1,730 @@ |
|||
##
|
|||
## Makefile for OpenSSL
|
|||
##
|
|||
|
|||
VERSION= |
|||
MAJOR= |
|||
MINOR= |
|||
SHLIB_VERSION_NUMBER= |
|||
SHLIB_VERSION_HISTORY= |
|||
SHLIB_MAJOR= |
|||
SHLIB_MINOR= |
|||
SHLIB_EXT= |
|||
PLATFORM=dist |
|||
OPTIONS= |
|||
CONFIGURE_ARGS= |
|||
SHLIB_TARGET= |
|||
|
|||
# HERE indicates where this Makefile lives. This can be used to indicate
|
|||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
|||
# and should probably not be bothered with at all.
|
|||
HERE=. |
|||
|
|||
# INSTALL_PREFIX is for package builders so that they can configure
|
|||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
|||
# Normally it is left empty.
|
|||
INSTALL_PREFIX= |
|||
INSTALLTOP=/usr/local/ssl |
|||
|
|||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
|||
OPENSSLDIR=/usr/local/ssl |
|||
|
|||
# NO_IDEA - Define to build without the IDEA algorithm
|
|||
# NO_RC4 - Define to build without the RC4 algorithm
|
|||
# NO_RC2 - Define to build without the RC2 algorithm
|
|||
# THREADS - Define when building with threads, you will probably also need any
|
|||
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
|
|||
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
|
|||
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
|
|||
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
|
|||
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
|
|||
# one. 32 bytes will be read from this when the random
|
|||
# number generator is initalised.
|
|||
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
|
|||
# NULL encryption ciphers.
|
|||
#
|
|||
# LOCK_DEBUG - turns on lots of lock debug output :-)
|
|||
# REF_CHECK - turn on some xyz_free() assertions.
|
|||
# REF_PRINT - prints some stuff on structure free.
|
|||
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
|
|||
# MFUNC - Make all Malloc/Free/Realloc calls call
|
|||
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
|
|||
# call application defined callbacks via CRYPTO_set_mem_functions()
|
|||
# MD5_ASM needs to be defined to use the x86 assembler for MD5
|
|||
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
|
|||
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
|
|||
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
|
|||
# equal 4.
|
|||
# PKCS1_CHECK - pkcs1 tests.
|
|||
|
|||
CC= cc |
|||
CFLAG= -O |
|||
DEPFLAG= |
|||
PEX_LIBS= |
|||
EX_LIBS= |
|||
EXE_EXT= |
|||
ARFLAGS= |
|||
AR=ar $(ARFLAGS) r |
|||
ARD=ar $(ARFLAGS) d |
|||
RANLIB= ranlib |
|||
PERL= perl |
|||
TAR= tar |
|||
TARFLAGS= --no-recursion |
|||
MAKEDEPPROG=makedepend |
|||
LIBDIR=lib |
|||
|
|||
# We let the C compiler driver to take care of .s files. This is done in
|
|||
# order to be excused from maintaining a separate set of architecture
|
|||
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
|
|||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
|||
# and pass it down to assembler.
|
|||
AS=$(CC) -c |
|||
ASFLAG=$(CFLAG) |
|||
|
|||
# For x86 assembler: Set PROCESSOR to 386 if you want to support
|
|||
# the 80386.
|
|||
PROCESSOR= |
|||
|
|||
# CPUID module collects small commonly used assembler snippets
|
|||
CPUID_OBJ= |
|||
BN_ASM= bn_asm.o |
|||
DES_ENC= des_enc.o fcrypt_b.o |
|||
AES_ASM_OBJ=aes_core.o aes_cbc.o |
|||
BF_ENC= bf_enc.o |
|||
CAST_ENC= c_enc.o |
|||
RC4_ENC= rc4_enc.o |
|||
RC5_ENC= rc5_enc.o |
|||
MD5_ASM_OBJ= |
|||
SHA1_ASM_OBJ= |
|||
RMD160_ASM_OBJ= |
|||
|
|||
# KRB5 stuff
|
|||
KRB5_INCLUDES= |
|||
LIBKRB5= |
|||
|
|||
# Zlib stuff
|
|||
ZLIB_INCLUDE= |
|||
LIBZLIB= |
|||
|
|||
# This is the location of fipscanister.o and friends.
|
|||
# The FIPS module build will place it $(INSTALLTOP)/lib
|
|||
# but since $(INSTALLTOP) can only take the default value
|
|||
# when the module is built it will be in /usr/local/ssl/lib
|
|||
# $(INSTALLTOP) for this build make be different so hard
|
|||
# code the path.
|
|||
|
|||
FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/ |
|||
|
|||
# This is set to "y" if fipscanister.o is compiled internally as
|
|||
# opposed to coming from an external validated location.
|
|||
|
|||
FIPSCANISTERINTERNAL=n |
|||
|
|||
# The location of the library which contains fipscanister.o
|
|||
# normally it will be libcrypto unless fipsdso is set in which
|
|||
# case it will be libfips. If not compiling in FIPS mode at all
|
|||
# this is empty making it a useful test for a FIPS compile.
|
|||
|
|||
FIPSCANLIB= |
|||
|
|||
# Shared library base address. Currently only used on Windows.
|
|||
#
|
|||
|
|||
BASEADDR= |
|||
|
|||
DIRS= crypto fips ssl engines apps test tools |
|||
SHLIBDIRS= crypto ssl fips |
|||
|
|||
# dirs in crypto to build
|
|||
SDIRS= \
|
|||
objects \
|
|||
md2 md4 md5 sha mdc2 hmac ripemd \
|
|||
des aes rc2 rc4 rc5 idea bf cast camellia seed \
|
|||
bn ec rsa dsa ecdsa dh ecdh dso engine \
|
|||
buffer bio stack lhash rand err \
|
|||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
|
|||
store cms pqueue jpake |
|||
# keep in mind that the above list is adjusted by ./Configure
|
|||
# according to no-xxx arguments...
|
|||
|
|||
# tests to perform. "alltests" is a special word indicating that all tests
|
|||
# should be performed.
|
|||
TESTS = alltests |
|||
|
|||
MAKEFILE= Makefile |
|||
|
|||
MANDIR=$(OPENSSLDIR)/man |
|||
MAN1=1 |
|||
MAN3=3 |
|||
MANSUFFIX= |
|||
SHELL=/bin/sh |
|||
|
|||
TOP= . |
|||
ONEDIRS=out tmp |
|||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS |
|||
WDIRS= windows |
|||
LIBS= libcrypto.a libssl.a |
|||
SHARED_CRYPTO=libcrypto$(SHLIB_EXT) |
|||
SHARED_SSL=libssl$(SHLIB_EXT) |
|||
SHARED_FIPS= |
|||
SHARED_LIBS= |
|||
SHARED_LIBS_LINK_EXTS= |
|||
SHARED_LDFLAGS= |
|||
|
|||
GENERAL= Makefile |
|||
BASENAME= openssl |
|||
NAME= $(BASENAME)-$(VERSION) |
|||
TARFILE= $(NAME).tar |
|||
WTARFILE= $(NAME)-win.tar |
|||
EXHEADER= e_os2.h |
|||
HEADER= e_os.h |
|||
|
|||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc |
|||
|
|||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
|||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
|||
# shell, which [annoyingly enough] terminates unset with error if VAR
|
|||
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
|
|||
# which terminates unset with error if no variable was present:-(
|
|||
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
|||
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
|
|||
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
|
|||
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
|
|||
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
|
|||
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
|
|||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
|||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
|
|||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
|||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} |
|||
|
|||
BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
|
|||
CC='${CC}' CFLAG='${CFLAG}' \
|
|||
AS='${CC}' ASFLAG='${CFLAG} -c' \
|
|||
AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
|
|||
SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
|
|||
INSTALL_PREFIX='${INSTALL_PREFIX}' \
|
|||
INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
|
|||
LIBDIR='${LIBDIR}' \
|
|||
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
|
|||
DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
|
|||
MAKEDEPPROG='${MAKEDEPPROG}' \
|
|||
SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
|
|||
KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
|
|||
EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
|
|||
SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
|
|||
PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
|
|||
CPUID_OBJ='${CPUID_OBJ}' \
|
|||
BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
|
|||
AES_ASM_OBJ='${AES_ASM_OBJ}' \
|
|||
BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
|
|||
RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
|
|||
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
|
|||
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
|
|||
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
|
|||
FIPSLIBDIR='${FIPSLIBDIR}' \
|
|||
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
|
|||
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
|
|||
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
|
|||
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= |
|||
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
|
|||
# which in turn eliminates ambiguities in variable treatment with -e.
|
|||
|
|||
# BUILD_CMD is a generic macro to build a given target in a given
|
|||
# subdirectory. The target must be given through the shell variable
|
|||
# `target' and the subdirectory to build in must be given through `dir'.
|
|||
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
|
|||
# BUILD_ONE_CMD instead.
|
|||
#
|
|||
# BUILD_ONE_CMD is a macro to build a given target in a given
|
|||
# subdirectory if that subdirectory is part of $(DIRS). It requires
|
|||
# exactly the same shell variables as BUILD_CMD.
|
|||
#
|
|||
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
|
|||
# subdirectories defined in $(DIRS). It requires that the target
|
|||
# is given through the shell variable `target'.
|
|||
BUILD_CMD= if [ -d "$$dir" ]; then \
|
|||
( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
|
|||
cd $$dir && echo "making $$target in $$dir..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
|
|||
) || exit 1; \
|
|||
fi |
|||
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done |
|||
BUILD_ONE_CMD=\
|
|||
if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
|
|||
$(BUILD_CMD); \
|
|||
fi |
|||
|
|||
reflect: |
|||
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) |
|||
|
|||
FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
|
|||
../crypto/aes/aes_ecb.o \
|
|||
../crypto/aes/aes_ofb.o \
|
|||
../crypto/bn/bn_add.o \
|
|||
../crypto/bn/bn_blind.o \
|
|||
../crypto/bn/bn_ctx.o \
|
|||
../crypto/bn/bn_div.o \
|
|||
../crypto/bn/bn_exp2.o \
|
|||
../crypto/bn/bn_exp.o \
|
|||
../crypto/bn/bn_gcd.o \
|
|||
../crypto/bn/bn_lib.o \
|
|||
../crypto/bn/bn_mod.o \
|
|||
../crypto/bn/bn_mont.o \
|
|||
../crypto/bn/bn_mul.o \
|
|||
../crypto/bn/bn_prime.o \
|
|||
../crypto/bn/bn_rand.o \
|
|||
../crypto/bn/bn_recp.o \
|
|||
../crypto/bn/bn_shift.o \
|
|||
../crypto/bn/bn_sqr.o \
|
|||
../crypto/bn/bn_word.o \
|
|||
../crypto/bn/bn_x931p.o \
|
|||
../crypto/buffer/buf_str.o \
|
|||
../crypto/cryptlib.o \
|
|||
../crypto/des/cfb64ede.o \
|
|||
../crypto/des/cfb64enc.o \
|
|||
../crypto/des/cfb_enc.o \
|
|||
../crypto/des/ecb3_enc.o \
|
|||
../crypto/des/ecb_enc.o \
|
|||
../crypto/des/ofb64ede.o \
|
|||
../crypto/des/ofb64enc.o \
|
|||
../crypto/des/fcrypt.o \
|
|||
../crypto/des/set_key.o \
|
|||
../crypto/dsa/dsa_utl.o \
|
|||
../crypto/dsa/dsa_sign.o \
|
|||
../crypto/dsa/dsa_vrf.o \
|
|||
../crypto/err/err.o \
|
|||
../crypto/evp/digest.o \
|
|||
../crypto/evp/enc_min.o \
|
|||
../crypto/evp/e_aes.o \
|
|||
../crypto/evp/e_des3.o \
|
|||
../crypto/evp/p_sign.o \
|
|||
../crypto/evp/p_verify.o \
|
|||
../crypto/mem_clr.o \
|
|||
../crypto/mem.o \
|
|||
../crypto/rand/md_rand.o \
|
|||
../crypto/rand/rand_egd.o \
|
|||
../crypto/rand/randfile.o \
|
|||
../crypto/rand/rand_lib.o \
|
|||
../crypto/rand/rand_os2.o \
|
|||
../crypto/rand/rand_unix.o \
|
|||
../crypto/rand/rand_win.o \
|
|||
../crypto/rsa/rsa_lib.o \
|
|||
../crypto/rsa/rsa_none.o \
|
|||
../crypto/rsa/rsa_oaep.o \
|
|||
../crypto/rsa/rsa_pk1.o \
|
|||
../crypto/rsa/rsa_pss.o \
|
|||
../crypto/rsa/rsa_ssl.o \
|
|||
../crypto/rsa/rsa_x931.o \
|
|||
../crypto/sha/sha1dgst.o \
|
|||
../crypto/sha/sha256.o \
|
|||
../crypto/sha/sha512.o \
|
|||
../crypto/uid.o |
|||
|
|||
sub_all: build_all |
|||
build_all: build_libs build_apps build_tests build_tools |
|||
|
|||
build_libs: build_crypto build_fips build_ssl build_shared build_engines |
|||
|
|||
build_crypto: |
|||
if [ -n "$(FIPSCANLIB)" ]; then \
|
|||
EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
|
|||
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
|
|||
else \
|
|||
ARX='${AR}' ; \
|
|||
fi ; export ARX ; \
|
|||
dir=crypto; target=all; $(BUILD_ONE_CMD) |
|||
build_fips: |
|||
@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) |
|||
build_ssl: build_crypto |
|||
@dir=ssl; target=all; $(BUILD_ONE_CMD) |
|||
build_engines: build_crypto |
|||
@dir=engines; target=all; $(BUILD_ONE_CMD) |
|||
build_apps: build_libs |
|||
@dir=apps; target=all; $(BUILD_ONE_CMD) |
|||
build_tests: build_libs |
|||
@dir=test; target=all; $(BUILD_ONE_CMD) |
|||
build_tools: build_libs |
|||
@dir=tools; target=all; $(BUILD_ONE_CMD) |
|||
|
|||
all_testapps: build_libs build_testapps |
|||
build_testapps: |
|||
@dir=crypto; target=testapps; $(BUILD_ONE_CMD) |
|||
|
|||
build_shared: $(SHARED_LIBS) |
|||
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
|
|||
$(ARD) libcrypto.a fipscanister.o ; \
|
|||
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
|
|||
$(AR) libcrypto.a fips/fipscanister.o ; \
|
|||
else \
|
|||
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
|
|||
FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
|
|||
export CC FIPSLD_CC; \
|
|||
fi; \
|
|||
$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
|
|||
fi \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
shlibdeps=-lcrypto; \
|
|||
[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
|
|||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2 ; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
fips/fipscanister.o: build_fips |
|||
libfips$(SHLIB_EXT): fips/fipscanister.o |
|||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
|||
FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
|
|||
$(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
|||
CC=$${CC} LIBNAME=fips THIS=$@ \
|
|||
LIBEXTRAS=fips/fipscanister.o \
|
|||
LIBDEPS="$(EX_LIBS)" \
|
|||
LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
|
|||
else \
|
|||
echo "There's no support for shared libraries on this platform" >&2; \
|
|||
exit 1; \
|
|||
fi |
|||
|
|||
libfips.a: |
|||
dir=fips; target=all; $(BUILD_ONE_CMD) |
|||
|
|||
clean-shared: |
|||
@set -e; for i in $(SHLIBDIRS); do \
|
|||
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
|
|||
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
|
|||
for j in $${tmp:-x}; do \
|
|||
( set -x; rm -f lib$$i$$j ); \
|
|||
done; \
|
|||
fi; \
|
|||
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
|
|||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
|||
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
|||
fi; \
|
|||
done |
|||
|
|||
link-shared: |
|||
@ set -e; for i in ${SHLIBDIRS}; do \
|
|||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
|||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
|||
symlink.$(SHLIB_TARGET); \
|
|||
libs="$$libs -l$$i"; \
|
|||
done |
|||
|
|||
build-shared: do_$(SHLIB_TARGET) link-shared |
|||
|
|||
do_$(SHLIB_TARGET): |
|||
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
|
|||
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
|||
libs="$(LIBKRB5) $$libs"; \
|
|||
fi; \
|
|||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
|||
LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
|
|||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
|||
LIBDEPS="$$libs $(EX_LIBS)" \
|
|||
link_a.$(SHLIB_TARGET); \
|
|||
libs="-l$$i $$libs"; \
|
|||
done |
|||
|
|||
libcrypto.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL-libcrypto'; \
|
|||
echo 'Description: OpenSSL cryptography library'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc |
|||
|
|||
libssl.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL'; \
|
|||
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc |
|||
|
|||
openssl.pc: Makefile |
|||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
|||
echo 'exec_prefix=$${prefix}'; \
|
|||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
|||
echo 'includedir=$${prefix}/include'; \
|
|||
echo ''; \
|
|||
echo 'Name: OpenSSL'; \
|
|||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
|||
echo 'Version: '$(VERSION); \
|
|||
echo 'Requires: '; \
|
|||
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
|
|||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc |
|||
|
|||
Makefile: Makefile.org Configure config |
|||
@echo "Makefile is older than Makefile.org, Configure or config." |
|||
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." |
|||
@false |
|||
|
|||
libclean: |
|||
rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib |
|||
|
|||
clean: libclean |
|||
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c |
|||
@set -e; target=clean; $(RECURSIVE_BUILD_CMD) |
|||
rm -f $(LIBS) |
|||
rm -f openssl.pc libssl.pc libcrypto.pc |
|||
rm -f speed.* .pure |
|||
rm -f $(TARFILE) |
|||
@set -e; for i in $(ONEDIRS) ;\
|
|||
do \
|
|||
rm -fr $$i/*; \
|
|||
done |
|||
|
|||
makefile.one: files |
|||
$(PERL) util/mk1mf.pl >makefile.one; \
|
|||
sh util/do_ms.sh |
|||
|
|||
files: |
|||
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO |
|||
@set -e; target=files; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
links: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl |
|||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) |
|||
@set -e; target=links; $(RECURSIVE_BUILD_CMD) |
|||
@if [ -z "$(FIPSCANLIB)" ]; then \
|
|||
set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
|
|||
fi |
|||
|
|||
gentests: |
|||
@(cd test && echo "generating dummy tests (if needed)..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); |
|||
|
|||
dclean: |
|||
rm -f *.bak |
|||
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
rehash: rehash.time |
|||
rehash.time: certs apps |
|||
@if [ -z "$(CROSS_COMPILE)" ]; then \
|
|||
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
|||
OPENSSL_DEBUG_MEMORY=on; \
|
|||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
|||
$(PERL) tools/c_rehash certs) && \
|
|||
touch rehash.time; \
|
|||
fi |
|||
|
|||
test: tests |
|||
|
|||
tests: rehash |
|||
@(cd test && echo "testing..." && \
|
|||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); |
|||
util/opensslwrap.sh version -a |
|||
|
|||
report: |
|||
@$(PERL) util/selftest.pl |
|||
|
|||
depend: |
|||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
lint: |
|||
@set -e; target=lint; $(RECURSIVE_BUILD_CMD) |
|||
|
|||
tags: |
|||
rm -f TAGS |
|||
find . -name '[^.]*.[ch]' | xargs etags -a |
|||
|
|||
errors: |
|||
$(PERL) util/mkerr.pl -recurse -write |
|||
(cd engines; $(MAKE) PERL=$(PERL) errors) |
|||
$(PERL) util/ck_errf.pl */*.c */*/*.c |
|||
|
|||
stacks: |
|||
$(PERL) util/mkstack.pl -write |
|||
|
|||
util/libeay.num:: |
|||
$(PERL) util/mkdef.pl crypto update |
|||
|
|||
util/ssleay.num:: |
|||
$(PERL) util/mkdef.pl ssl update |
|||
|
|||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h |
|||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h |
|||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num |
|||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h |
|||
|
|||
apps/openssl-vms.cnf: apps/openssl.cnf |
|||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf |
|||
|
|||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl |
|||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h |
|||
|
|||
|
|||
TABLE: Configure |
|||
(echo 'Output of `Configure TABLE'"':"; \
|
|||
$(PERL) Configure TABLE) > TABLE |
|||
|
|||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend |
|||
|
|||
# Build distribution tar-file. As the list of files returned by "find" is
|
|||
# pretty long, on several platforms a "too many arguments" error or similar
|
|||
# would occur. Therefore the list of files is temporarily stored into a file
|
|||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
|||
# tar does not support the --files-from option.
|
|||
tar: |
|||
find . -type d -print | xargs chmod 755 |
|||
find . -type f -print | xargs chmod a+r |
|||
find . -type f -perm -0100 -print | xargs chmod a+x |
|||
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
|
|||
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
|
|||
tardy --user_number=0 --user_name=openssl \
|
|||
--group_number=0 --group_name=openssl \
|
|||
--prefix=openssl-$(VERSION) - |\
|
|||
gzip --best >../$(TARFILE).gz; \
|
|||
rm -f ../$(TARFILE).list; \
|
|||
ls -l ../$(TARFILE).gz |
|||
|
|||
tar-snap: |
|||
@$(TAR) $(TARFLAGS) -cvf - \
|
|||
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
|
|||
tardy --user_number=0 --user_name=openssl \
|
|||
--group_number=0 --group_name=openssl \
|
|||
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
|
|||
ls -l ../$(TARFILE) |
|||
|
|||
dist: |
|||
$(PERL) Configure dist |
|||
@$(MAKE) dist_pem_h |
|||
@$(MAKE) SDIRS='${SDIRS}' clean |
|||
@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar |
|||
|
|||
dist_pem_h: |
|||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) |
|||
|
|||
install: all install_docs install_sw |
|||
|
|||
install_sw: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
|
|||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
|||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private |
|||
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
|
|||
do \
|
|||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
|||
done; |
|||
@set -e; target=install; $(RECURSIVE_BUILD_CMD) |
|||
@set -e; for i in $(LIBS) ;\
|
|||
do \
|
|||
if [ -f "$$i" ]; then \
|
|||
( echo installing $$i; \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
|
|||
fi; \
|
|||
done; |
|||
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
|
|||
tmp="$(SHARED_LIBS)"; \
|
|||
for i in $${tmp:-x}; \
|
|||
do \
|
|||
if [ -f "$$i" -o -f "$$i.a" ]; then \
|
|||
( echo installing $$i; \
|
|||
if [ "$(PLATFORM)" != "Cygwin" ]; then \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
|||
else \
|
|||
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
|
|||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
|||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
|||
fi ); \
|
|||
fi; \
|
|||
done; \
|
|||
( here="`pwd`"; \
|
|||
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
|
|||
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
|
|||
if [ "$(INSTALLTOP)" != "/usr" ]; then \
|
|||
echo 'OpenSSL shared libraries have been installed in:'; \
|
|||
echo ' $(INSTALLTOP)'; \
|
|||
echo ''; \
|
|||
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
|
|||
fi; \
|
|||
fi |
|||
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc |
|||
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc |
|||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig |
|||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc |
|||
|
|||
install_docs: |
|||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man1 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man3 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
|||
$(INSTALL_PREFIX)$(MANDIR)/man7 |
|||
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
|
|||
here="`pwd`"; \
|
|||
filecase=; \
|
|||
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
|
|||
filecase=-i; \
|
|||
fi; \
|
|||
set -e; for i in doc/apps/*.pod; do \
|
|||
fn=`basename $$i .pod`; \
|
|||
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
|
|||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
|||
(cd `$(PERL) util/dirname.pl $$i`; \
|
|||
sh -c "$$pod2man \
|
|||
--section=$$sec --center=OpenSSL \
|
|||
--release=$(VERSION) `basename $$i`") \
|
|||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
|||
$(PERL) util/extract-names.pl < $$i | \
|
|||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
|||
(grep -v "[ ]"; true) | \
|
|||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
|||
while read n; do \
|
|||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
|||
done); \
|
|||
done; \
|
|||
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
|||
fn=`basename $$i .pod`; \
|
|||
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
|
|||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
|||
(cd `$(PERL) util/dirname.pl $$i`; \
|
|||
sh -c "$$pod2man \
|
|||
--section=$$sec --center=OpenSSL \
|
|||
--release=$(VERSION) `basename $$i`") \
|
|||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
|||
$(PERL) util/extract-names.pl < $$i | \
|
|||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
|||
(grep -v "[ ]"; true) | \
|
|||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
|||
while read n; do \
|
|||
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
|||
done); \
|
|||
done |
|||
|
|||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
@ -0,0 +1,609 @@ |
|||
#
|
|||
# Helper makefile to link shared libraries in a portable way.
|
|||
# This is much simpler than libtool, and hopefully not too error-prone.
|
|||
#
|
|||
# The following variables need to be set on the command line to build
|
|||
# properly
|
|||
|
|||
# CC contains the current compiler. This one MUST be defined
|
|||
CC=cc |
|||
CFLAGS=$(CFLAG) |
|||
# LDFLAGS contains flags to be used when temporary object files (when building
|
|||
# shared libraries) are created, or when an application is linked.
|
|||
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
|
|||
LDFLAGS= |
|||
SHARED_LDFLAGS= |
|||
|
|||
# LIBNAME contains just the name of the library, without prefix ("lib"
|
|||
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
|
|||
# .dll, ...). This one MUST have a value when using this makefile to
|
|||
# build shared libraries.
|
|||
# For example, to build libfoo.so, you need to do the following:
|
|||
#LIBNAME=foo
|
|||
LIBNAME= |
|||
|
|||
# APPNAME contains just the name of the application, without suffix (""
|
|||
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
|
|||
# this makefile to build applications.
|
|||
# For example, to build foo, you need to do the following:
|
|||
#APPNAME=foo
|
|||
APPNAME= |
|||
|
|||
# OBJECTS contains all the object files to link together into the application.
|
|||
# This must contain at least one object file.
|
|||
#OBJECTS=foo.o
|
|||
OBJECTS= |
|||
|
|||
# LIBEXTRAS contains extra modules to link together with the library.
|
|||
# For example, if a second library, say libbar.a needs to be linked into
|
|||
# libfoo.so, you need to do the following:
|
|||
#LIBEXTRAS=libbar.a
|
|||
# Note that this MUST be used when using the link_o targets, to hold the
|
|||
# names of all object files that go into the target library.
|
|||
LIBEXTRAS= |
|||
|
|||
# LIBVERSION contains the current version of the library.
|
|||
# For example, to build libfoo.so.1.2, you need to do the following:
|
|||
#LIBVERSION=1.2
|
|||
LIBVERSION= |
|||
|
|||
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
|
|||
# the library. They MUST be in decreasing order.
|
|||
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
|
|||
# and libfoo.so.1, you need to do the following:
|
|||
#LIBCOMPATVERSIONS=1.2 1
|
|||
# Note that on systems that use sonames, the last number will appear as
|
|||
# part of it.
|
|||
# It's also possible, for systems that support it (Tru64, for example),
|
|||
# to add extra compatibility info with more precision, by adding a second
|
|||
# list of versions, separated from the first with a semicolon, like this:
|
|||
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
|
|||
LIBCOMPATVERSIONS= |
|||
|
|||
# LIBDEPS contains all the flags necessary to cover all necessary
|
|||
# dependencies to other libraries.
|
|||
LIBDEPS= |
|||
|
|||
#------------------------------------------------------------------------------
|
|||
# The rest is private to this makefile.
|
|||
|
|||
SET_X=: |
|||
#SET_X=set -x
|
|||
|
|||
top: |
|||
echo "Trying to use this makefile interactively? Don't." |
|||
|
|||
CALC_VERSIONS= \
|
|||
SHLIB_COMPAT=; SHLIB_SOVER=; \
|
|||
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
|
|||
prev=""; \
|
|||
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
|
|||
SHLIB_SOVER_NODOT=$$v; \
|
|||
SHLIB_SOVER=.$$v; \
|
|||
if [ -n "$$prev" ]; then \
|
|||
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
|
|||
fi; \
|
|||
prev=$$v; \
|
|||
done; \
|
|||
fi |
|||
|
|||
LINK_APP= \
|
|||
( $(SET_X); \
|
|||
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
|
|||
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
|
|||
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
|
|||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
|||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
|||
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) |
|||
|
|||
LINK_SO= \
|
|||
( $(SET_X); \
|
|||
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
|
|||
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
|
|||
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
|
|||
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
|
|||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
|||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
|||
$${SHAREDCMD} $${SHAREDFLAGS} \
|
|||
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
|
|||
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
|
|||
) && $(SYMLINK_SO) |
|||
|
|||
SYMLINK_SO= \
|
|||
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
|
|||
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
|
|||
if [ -n "$$SHLIB_COMPAT" ]; then \
|
|||
for x in $$SHLIB_COMPAT; do \
|
|||
( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
|
|||
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
|
|||
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
|
|||
done; \
|
|||
fi; \
|
|||
if [ -n "$$SHLIB_SOVER" ]; then \
|
|||
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
|
|||
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
|
|||
fi; \
|
|||
fi |
|||
|
|||
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO) |
|||
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) |
|||
|
|||
LINK_SO_A_VIA_O= \
|
|||
SHOBJECTS=lib$(LIBNAME).o; \
|
|||
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
|
|||
( $(SET_X); \
|
|||
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
|
|||
$(LINK_SO) && rm -f $(LIBNAME).o |
|||
|
|||
LINK_SO_A_UNPACKED= \
|
|||
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
|
|||
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
|
|||
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
|
|||
SHOBJECTS=$$UNPACKDIR/*.o; \
|
|||
$(LINK_SO) && rm -rf $$UNPACKDIR |
|||
|
|||
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null |
|||
|
|||
DO_GNU_SO=$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
|||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" |
|||
|
|||
DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" |
|||
|
|||
#This is rather special. It's a special target with which one can link
|
|||
#applications without bothering with any features that have anything to
|
|||
#do with shared libraries, for example when linking against static
|
|||
#libraries. It's mostly here to avoid a lot of conditionals everywhere
|
|||
#else...
|
|||
link_app.: |
|||
$(LINK_APP) |
|||
|
|||
link_o.gnu: |
|||
@ $(DO_GNU_SO); $(LINK_SO_O) |
|||
link_a.gnu: |
|||
@ $(DO_GNU_SO); $(LINK_SO_A) |
|||
link_app.gnu: |
|||
@ $(DO_GNU_APP); $(LINK_APP) |
|||
|
|||
link_o.bsd: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
LIBDEPS=" "; \
|
|||
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
|
|||
NOALLSYMSFLAGS=; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
|
|||
fi; $(LINK_SO_O) |
|||
link_a.bsd: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
LIBDEPS=" "; \
|
|||
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
|
|||
NOALLSYMSFLAGS=; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
|
|||
fi; $(LINK_SO_A) |
|||
link_app.bsd: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
|
|||
LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
|
|||
fi; $(LINK_APP) |
|||
|
|||
# For Darwin AKA Mac OS/X (dyld)
|
|||
# link_o.darwin produces .so, because we let it use dso_dlfcn module,
|
|||
# which has .so extension hard-coded. One can argue that one should
|
|||
# develop special dso module for MacOS X. At least manual encourages
|
|||
# to use native NSModule(3) API and refers to dlfcn as termporary hack.
|
|||
link_o.darwin: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
|
|||
SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
|
|||
SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
|
|||
SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
|
|||
ALLSYMSFLAGS='-all_load'; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
|
|||
if [ -n "$(LIBVERSION)" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
|||
fi; \
|
|||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.darwin: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME); \
|
|||
SHLIB_SUFFIX=.dylib; \
|
|||
ALLSYMSFLAGS='-all_load'; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
|
|||
if [ -n "$(LIBVERSION)" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
|||
fi; \
|
|||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
|||
fi; \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
|
|||
$(LINK_SO_A) |
|||
link_app.darwin: # is there run-path on darwin?
|
|||
$(LINK_APP) |
|||
|
|||
link_o.cygwin: |
|||
@ $(CALC_VERSIONS); \
|
|||
INHIBIT_SYMLINKS=yes; \
|
|||
SHLIB=cyg$(LIBNAME); \
|
|||
base=-Wl,--enable-auto-image-base; \
|
|||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
|||
SHLIB=$(LIBNAME)eay32; base=; \
|
|||
fi; \
|
|||
SHLIB_SUFFIX=.dll; \
|
|||
LIBVERSION="$(LIBVERSION)"; \
|
|||
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
|
|||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
|||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
|
|||
$(LINK_SO_O) |
|||
link_a.cygwin: |
|||
@ $(CALC_VERSIONS); \
|
|||
INHIBIT_SYMLINKS=yes; \
|
|||
SHLIB=cyg$(LIBNAME); \
|
|||
base=-Wl,--enable-auto-image-base; \
|
|||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
|||
SHLIB=$(LIBNAME)eay32; \
|
|||
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
|
|||
fi; \
|
|||
SHLIB_SUFFIX=.dll; \
|
|||
SHLIB_SOVER=-$(LIBVERSION); \
|
|||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
|||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
|
|||
[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
|
|||
[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
|
|||
$(LINK_SO_A) || exit 1; \
|
|||
cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
|
|||
cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/ |
|||
link_app.cygwin: |
|||
$(LINK_APP) |
|||
|
|||
link_o.alpha-osf1: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
|||
if [ -n "$$SHLIB_HIST" ]; then \
|
|||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
|||
else \
|
|||
SHLIB_HIST="$(LIBVERSION)"; \
|
|||
fi; \
|
|||
SHLIB_SOVER=; \
|
|||
ALLSYMSFLAGS='-all'; \
|
|||
NOALLSYMSFLAGS='-none'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
|
|||
if [ -n "$$SHLIB_HIST" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
|
|||
fi; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.alpha-osf1: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
|||
if [ -n "$$SHLIB_HIST" ]; then \
|
|||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
|||
else \
|
|||
SHLIB_HIST="$(LIBVERSION)"; \
|
|||
fi; \
|
|||
SHLIB_SOVER=; \
|
|||
ALLSYMSFLAGS='-all'; \
|
|||
NOALLSYMSFLAGS='-none'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
|
|||
if [ -n "$$SHLIB_HIST" ]; then \
|
|||
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
|
|||
fi; \
|
|||
fi; \
|
|||
$(LINK_SO_A) |
|||
link_app.alpha-osf1: |
|||
@if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_APP); \
|
|||
else \
|
|||
LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
|
|||
fi; \
|
|||
$(LINK_APP) |
|||
|
|||
link_o.solaris: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
MINUSZ='-z '; \
|
|||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
|||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.solaris: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
MINUSZ='-z '; \
|
|||
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=;\
|
|||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
|||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
|
|||
fi; \
|
|||
$(LINK_SO_A) |
|||
link_app.solaris: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_APP); \
|
|||
else \
|
|||
LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
|
|||
fi; \
|
|||
$(LINK_APP) |
|||
|
|||
# OpenServer 5 native compilers used
|
|||
link_o.svr3: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=''; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.svr3: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=''; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
|||
fi; \
|
|||
$(LINK_SO_A_UNPACKED) |
|||
link_app.svr3: |
|||
@${DETECT_GNU_LD} && $(DO_GNU_APP); \
|
|||
$(LINK_APP) |
|||
|
|||
# UnixWare 7 and OpenUNIX 8 native compilers used
|
|||
link_o.svr5: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHARE_FLAG='-G'; \
|
|||
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=''; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.svr5: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHARE_FLAG='-G'; \
|
|||
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=''; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
|||
fi; \
|
|||
$(LINK_SO_A_UNPACKED) |
|||
link_app.svr5: |
|||
@${DETECT_GNU_LD} && $(DO_GNU_APP); \
|
|||
$(LINK_APP) |
|||
|
|||
link_o.irix: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
MINUSWL=""; \
|
|||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
|
|||
ALLSYMSFLAGS="$${MINUSWL}-all"; \
|
|||
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
|
|||
fi; \
|
|||
$(LINK_SO_O) |
|||
link_a.irix: |
|||
@ if ${DETECT_GNU_LD}; then \
|
|||
$(DO_GNU_SO); \
|
|||
else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
MINUSWL=""; \
|
|||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
|
|||
ALLSYMSFLAGS="$${MINUSWL}-all"; \
|
|||
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
|
|||
fi; \
|
|||
$(LINK_SO_A) |
|||
link_app.irix: |
|||
@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
|
|||
$(LINK_APP) |
|||
|
|||
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
|
|||
# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
|
|||
# rules imply that we can only link one level down in catalog structure,
|
|||
# but that's what takes place for the moment of this writing. +cdp option
|
|||
# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
|
|||
# editor context only [it's simply ignored in other cases, which are all
|
|||
# ELFs by the way].
|
|||
#
|
|||
link_o.hpux: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).sl; \
|
|||
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS='-Wl,-Fl'; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
|
|||
fi; \
|
|||
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
|
|||
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX |
|||
link_a.hpux: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
|
|||
$(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).sl; \
|
|||
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS='-Wl,-Fl'; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
|
|||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
|
|||
fi; \
|
|||
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
|
|||
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX |
|||
link_app.hpux: |
|||
@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
|
|||
LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
|
|||
fi; \
|
|||
$(LINK_APP) |
|||
|
|||
link_o.aix: |
|||
@ $(CALC_VERSIONS); \
|
|||
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
|
|||
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=''; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
|
|||
$(LINK_SO_O); |
|||
link_a.aix: |
|||
@ $(CALC_VERSIONS); \
|
|||
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
|
|||
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS='-bnogc'; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
|
|||
$(LINK_SO_A_VIA_O) |
|||
link_app.aix: |
|||
LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
|
|||
$(LINK_APP) |
|||
|
|||
link_o.reliantunix: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS='$(CFLAGS) -G'; \
|
|||
$(LINK_SO_O) |
|||
link_a.reliantunix: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
SHLIB_SUFFIX=; \
|
|||
ALLSYMSFLAGS=; \
|
|||
NOALLSYMSFLAGS=''; \
|
|||
SHAREDFLAGS='$(CFLAGS) -G'; \
|
|||
$(LINK_SO_A_UNPACKED) |
|||
link_app.reliantunix: |
|||
$(LINK_APP) |
|||
|
|||
# Targets to build symbolic links when needed
|
|||
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ |
|||
symlink.aix symlink.reliantunix: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).so; \
|
|||
$(SYMLINK_SO) |
|||
symlink.darwin: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME); \
|
|||
SHLIB_SUFFIX=.dylib; \
|
|||
$(SYMLINK_SO) |
|||
symlink.hpux: |
|||
@ $(CALC_VERSIONS); \
|
|||
SHLIB=lib$(LIBNAME).sl; \
|
|||
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
|||
$(SYMLINK_SO) |
|||
# The following lines means those specific architectures do no symlinks
|
|||
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: |
|||
|
|||
# Compatibility targets
|
|||
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu |
|||
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu |
|||
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu |
|||
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu |
|||
link_o.bsd-shared: link_o.bsd |
|||
link_a.bsd-shared: link_a.bsd |
|||
link_app.bsd-shared: link_app.bsd |
|||
link_o.darwin-shared: link_o.darwin |
|||
link_a.darwin-shared: link_a.darwin |
|||
link_app.darwin-shared: link_app.darwin |
|||
symlink.darwin-shared: symlink.darwin |
|||
link_o.cygwin-shared: link_o.cygwin |
|||
link_a.cygwin-shared: link_a.cygwin |
|||
link_app.cygwin-shared: link_app.cygwin |
|||
symlink.cygwin-shared: symlink.cygwin |
|||
link_o.alpha-osf1-shared: link_o.alpha-osf1 |
|||
link_a.alpha-osf1-shared: link_a.alpha-osf1 |
|||
link_app.alpha-osf1-shared: link_app.alpha-osf1 |
|||
symlink.alpha-osf1-shared: symlink.alpha-osf1 |
|||
link_o.tru64-shared: link_o.tru64 |
|||
link_a.tru64-shared: link_a.tru64 |
|||
link_app.tru64-shared: link_app.tru64 |
|||
symlink.tru64-shared: symlink.tru64 |
|||
link_o.tru64-shared-rpath: link_o.tru64-rpath |
|||
link_a.tru64-shared-rpath: link_a.tru64-rpath |
|||
link_app.tru64-shared-rpath: link_app.tru64-rpath |
|||
symlink.tru64-shared-rpath: symlink.tru64-rpath |
|||
link_o.solaris-shared: link_o.solaris |
|||
link_a.solaris-shared: link_a.solaris |
|||
link_app.solaris-shared: link_app.solaris |
|||
symlink.solaris-shared: symlink.solaris |
|||
link_o.svr3-shared: link_o.svr3 |
|||
link_a.svr3-shared: link_a.svr3 |
|||
link_app.svr3-shared: link_app.svr3 |
|||
symlink.svr3-shared: symlink.svr3 |
|||
link_o.svr5-shared: link_o.svr5 |
|||
link_a.svr5-shared: link_a.svr5 |
|||
link_app.svr5-shared: link_app.svr5 |
|||
symlink.svr5-shared: symlink.svr5 |
|||
link_o.irix-shared: link_o.irix |
|||
link_a.irix-shared: link_a.irix |
|||
link_app.irix-shared: link_app.irix |
|||
symlink.irix-shared: symlink.irix |
|||
link_o.hpux-shared: link_o.hpux |
|||
link_a.hpux-shared: link_a.hpux |
|||
link_app.hpux-shared: link_app.hpux |
|||
symlink.hpux-shared: symlink.hpux |
|||
link_o.aix-shared: link_o.aix |
|||
link_a.aix-shared: link_a.aix |
|||
link_app.aix-shared: link_app.aix |
|||
symlink.aix-shared: symlink.aix |
|||
link_o.reliantunix-shared: link_o.reliantunix |
|||
link_a.reliantunix-shared: link_a.reliantunix |
|||
link_app.reliantunix-shared: link_app.reliantunix |
|||
symlink.reliantunix-shared: symlink.reliantunix |
@ -0,0 +1,524 @@ |
|||
|
|||
NEWS |
|||
==== |
|||
|
|||
This file gives a brief overview of the major changes between each OpenSSL |
|||
release. For more details please read the CHANGES file. |
|||
|
|||
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: |
|||
|
|||
o Fix for security issue CVE-2010-0742. |
|||
o Various DTLS fixes. |
|||
o Recognise SHA2 certificates if only SSL algorithms added. |
|||
o Fix for no-rc4 compilation. |
|||
o Chil ENGINE unload workaround. |
|||
|
|||
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: |
|||
|
|||
o CFB cipher definition fixes. |
|||
o Fix security issues CVE-2010-0740 and CVE-2010-0433. |
|||
|
|||
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: |
|||
|
|||
o Cipher definition fixes. |
|||
o Workaround for slow RAND_poll() on some WIN32 versions. |
|||
o Remove MD2 from algorithm tables. |
|||
o SPKAC handling fixes. |
|||
o Support for RFC5746 TLS renegotiation extension. |
|||
o Compression memory leak fixed. |
|||
o Compression session resumption fixed. |
|||
o Ticket and SNI coexistence fixes. |
|||
o Many fixes to DTLS handling. |
|||
|
|||
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: |
|||
|
|||
o Temporary work around for CVE-2009-3555: disable renegotiation. |
|||
|
|||
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: |
|||
|
|||
o Fix various build issues. |
|||
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) |
|||
|
|||
Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: |
|||
|
|||
o Fix security issue (CVE-2008-5077) |
|||
o Merge FIPS 140-2 branch code. |
|||
|
|||
Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: |
|||
|
|||
o CryptoAPI ENGINE support. |
|||
o Various precautionary measures. |
|||
o Fix for bugs affecting certificate request creation. |
|||
o Support for local machine keyset attribute in PKCS#12 files. |
|||
|
|||
Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: |
|||
|
|||
o Backport of CMS functionality to 0.9.8. |
|||
o Fixes for bugs introduced with 0.9.8f. |
|||
|
|||
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: |
|||
|
|||
o Add gcc 4.2 support. |
|||
o Add support for AES and SSE2 assembly lanugauge optimization |
|||
for VC++ build. |
|||
o Support for RFC4507bis and server name extensions if explicitly |
|||
selected at compile time. |
|||
o DTLS improvements. |
|||
o RFC4507bis support. |
|||
o TLS Extensions support. |
|||
|
|||
Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: |
|||
|
|||
o Various ciphersuite selection fixes. |
|||
o RFC3779 support. |
|||
|
|||
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: |
|||
|
|||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940) |
|||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) |
|||
o Changes to ciphersuite selection algorithm |
|||
|
|||
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: |
|||
|
|||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 |
|||
o New cipher Camellia |
|||
|
|||
Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: |
|||
|
|||
o Cipher string fixes. |
|||
o Fixes for VC++ 2005. |
|||
o Updated ECC cipher suite support. |
|||
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). |
|||
o Zlib compression usage fixes. |
|||
o Built in dynamic engine compilation support on Win32. |
|||
o Fixes auto dynamic engine loading in Win32. |
|||
|
|||
Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: |
|||
|
|||
o Fix potential SSL 2.0 rollback, CVE-2005-2969 |
|||
o Extended Windows CE support |
|||
|
|||
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: |
|||
|
|||
o Major work on the BIGNUM library for higher efficiency and to |
|||
make operations more streamlined and less contradictory. This |
|||
is the result of a major audit of the BIGNUM library. |
|||
o Addition of BIGNUM functions for fields GF(2^m) and NIST |
|||
curves, to support the Elliptic Crypto functions. |
|||
o Major work on Elliptic Crypto; ECDH and ECDSA added, including |
|||
the use through EVP, X509 and ENGINE. |
|||
o New ASN.1 mini-compiler that's usable through the OpenSSL |
|||
configuration file. |
|||
o Added support for ASN.1 indefinite length constructed encoding. |
|||
o New PKCS#12 'medium level' API to manipulate PKCS#12 files. |
|||
o Complete rework of shared library construction and linking |
|||
programs with shared or static libraries, through a separate |
|||
Makefile.shared. |
|||
o Rework of the passing of parameters from one Makefile to another. |
|||
o Changed ENGINE framework to load dynamic engine modules |
|||
automatically from specifically given directories. |
|||
o New structure and ASN.1 functions for CertificatePair. |
|||
o Changed the ZLIB compression method to be stateful. |
|||
o Changed the key-generation and primality testing "progress" |
|||
mechanism to take a structure that contains the ticker |
|||
function and an argument. |
|||
o New engine module: GMP (performs private key exponentiation). |
|||
o New engine module: VIA PadLOck ACE extension in VIA C3 |
|||
Nehemiah processors. |
|||
o Added support for IPv6 addresses in certificate extensions. |
|||
See RFC 1884, section 2.2. |
|||
o Added support for certificate policy mappings, policy |
|||
constraints and name constraints. |
|||
o Added support for multi-valued AVAs in the OpenSSL |
|||
configuration file. |
|||
o Added support for multiple certificates with the same subject |
|||
in the 'openssl ca' index file. |
|||
o Make it possible to create self-signed certificates using |
|||
'openssl ca -selfsign'. |
|||
o Make it possible to generate a serial number file with |
|||
'openssl ca -create_serial'. |
|||
o New binary search functions with extended functionality. |
|||
o New BUF functions. |
|||
o New STORE structure and library to provide an interface to all |
|||
sorts of data repositories. Supports storage of public and |
|||
private keys, certificates, CRLs, numbers and arbitrary blobs. |
|||
This library is unfortunately unfinished and unused withing |
|||
OpenSSL. |
|||
o New control functions for the error stack. |
|||
o Changed the PKCS#7 library to support one-pass S/MIME |
|||
processing. |
|||
o Added the possibility to compile without old deprecated |
|||
functionality with the OPENSSL_NO_DEPRECATED macro or the |
|||
'no-deprecated' argument to the config and Configure scripts. |
|||
o Constification of all ASN.1 conversion functions, and other |
|||
affected functions. |
|||
o Improved platform support for PowerPC. |
|||
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). |
|||
o New X509_VERIFY_PARAM structure to support parametrisation |
|||
of X.509 path validation. |
|||
o Major overhaul of RC4 performance on Intel P4, IA-64 and |
|||
AMD64. |
|||
o Changed the Configure script to have some algorithms disabled |
|||
by default. Those can be explicitely enabled with the new |
|||
argument form 'enable-xxx'. |
|||
o Change the default digest in 'openssl' commands from MD5 to |
|||
SHA-1. |
|||
o Added support for DTLS. |
|||
o New BIGNUM blinding. |
|||
o Added support for the RSA-PSS encryption scheme |
|||
o Added support for the RSA X.931 padding. |
|||
o Added support for BSD sockets on NetWare. |
|||
o Added support for files larger than 2GB. |
|||
o Added initial support for Win64. |
|||
o Added alternate pkg-config files. |
|||
|
|||
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: |
|||
|
|||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940) |
|||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) |
|||
|
|||
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: |
|||
|
|||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 |
|||
|
|||
Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: |
|||
|
|||
o Visual C++ 2005 fixes. |
|||
o Update Windows build system for FIPS. |
|||
|
|||
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: |
|||
|
|||
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. |
|||
|
|||
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: |
|||
|
|||
o Fix SSL 2.0 Rollback, CVE-2005-2969 |
|||
o Allow use of fixed-length exponent on DSA signing |
|||
o Default fixed-window RSA, DSA, DH private-key operations |
|||
|
|||
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: |
|||
|
|||
o More compilation issues fixed. |
|||
o Adaptation to more modern Kerberos API. |
|||
o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. |
|||
o Enhanced x86_64 assembler BIGNUM module. |
|||
o More constification. |
|||
o Added processing of proxy certificates (RFC 3820). |
|||
|
|||
Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: |
|||
|
|||
o Several compilation issues fixed. |
|||
o Many memory allocation failure checks added. |
|||
o Improved comparison of X509 Name type. |
|||
o Mandatory basic checks on certificates. |
|||
o Performance improvements. |
|||
|
|||
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: |
|||
|
|||
o Fix race condition in CRL checking code. |
|||
o Fixes to PKCS#7 (S/MIME) code. |
|||
|
|||
Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: |
|||
|
|||
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug |
|||
o Security: Fix null-pointer assignment in do_change_cipher_spec() |
|||
o Allow multiple active certificates with same subject in CA index |
|||
o Multiple X509 verification fixes |
|||
o Speed up HMAC and other operations |
|||
|
|||
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: |
|||
|
|||
o Security: fix various ASN1 parsing bugs. |
|||
o New -ignore_err option to OCSP utility. |
|||
o Various interop and bug fixes in S/MIME code. |
|||
o SSL/TLS protocol fix for unrequested client certificates. |
|||
|
|||
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: |
|||
|
|||
o Security: counter the Klima-Pokorny-Rosa extension of |
|||
Bleichbacher's attack |
|||
o Security: make RSA blinding default. |
|||
o Configuration: Irix fixes, AIX fixes, better mingw support. |
|||
o Support for new platforms: linux-ia64-ecc. |
|||
o Build: shared library support fixes. |
|||
o ASN.1: treat domainComponent correctly. |
|||
o Documentation: fixes and additions. |
|||
|
|||
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: |
|||
|
|||
o Security: Important security related bugfixes. |
|||
o Enhanced compatibility with MIT Kerberos. |
|||
o Can be built without the ENGINE framework. |
|||
o IA32 assembler enhancements. |
|||
o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. |
|||
o Configuration: the no-err option now works properly. |
|||
o SSL/TLS: now handles manual certificate chain building. |
|||
o SSL/TLS: certain session ID malfunctions corrected. |
|||
|
|||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: |
|||
|
|||
o New library section OCSP. |
|||
o Complete rewrite of ASN1 code. |
|||
o CRL checking in verify code and openssl utility. |
|||
o Extension copying in 'ca' utility. |
|||
o Flexible display options in 'ca' utility. |
|||
o Provisional support for international characters with UTF8. |
|||
o Support for external crypto devices ('engine') is no longer |
|||
a separate distribution. |
|||
o New elliptic curve library section. |
|||
o New AES (Rijndael) library section. |
|||
o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, |
|||
Linux x86_64, Linux 64-bit on Sparc v9 |
|||
o Extended support for some platforms: VxWorks |
|||
o Enhanced support for shared libraries. |
|||
o Now only builds PIC code when shared library support is requested. |
|||
o Support for pkg-config. |
|||
o Lots of new manuals. |
|||
o Makes symbolic links to or copies of manuals to cover all described |
|||
functions. |
|||
o Change DES API to clean up the namespace (some applications link also |
|||
against libdes providing similar functions having the same name). |
|||
Provide macros for backward compatibility (will be removed in the |
|||
future). |
|||
o Unify handling of cryptographic algorithms (software and engine) |
|||
to be available via EVP routines for asymmetric and symmetric ciphers. |
|||
o NCONF: new configuration handling routines. |
|||
o Change API to use more 'const' modifiers to improve error checking |
|||
and help optimizers. |
|||
o Finally remove references to RSAref. |
|||
o Reworked parts of the BIGNUM code. |
|||
o Support for new engines: Broadcom ubsec, Accelerated Encryption |
|||
Processing, IBM 4758. |
|||
o A few new engines added in the demos area. |
|||
o Extended and corrected OID (object identifier) table. |
|||
o PRNG: query at more locations for a random device, automatic query for |
|||
EGD style random sources at several locations. |
|||
o SSL/TLS: allow optional cipher choice according to server's preference. |
|||
o SSL/TLS: allow server to explicitly set new session ids. |
|||
o SSL/TLS: support Kerberos cipher suites (RFC2712). |
|||
Only supports MIT Kerberos for now. |
|||
o SSL/TLS: allow more precise control of renegotiations and sessions. |
|||
o SSL/TLS: add callback to retrieve SSL/TLS messages. |
|||
o SSL/TLS: support AES cipher suites (RFC3268). |
|||
|
|||
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: |
|||
|
|||
o Security: fix various ASN1 parsing bugs. |
|||
o SSL/TLS protocol fix for unrequested client certificates. |
|||
|
|||
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: |
|||
|
|||
o Security: counter the Klima-Pokorny-Rosa extension of |
|||
Bleichbacher's attack |
|||
o Security: make RSA blinding default. |
|||
o Build: shared library support fixes. |
|||
|
|||
Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: |
|||
|
|||
o Important security related bugfixes. |
|||
|
|||
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: |
|||
|
|||
o New configuration targets for Tandem OSS and A/UX. |
|||
o New OIDs for Microsoft attributes. |
|||
o Better handling of SSL session caching. |
|||
o Better comparison of distinguished names. |
|||
o Better handling of shared libraries in a mixed GNU/non-GNU environment. |
|||
o Support assembler code with Borland C. |
|||
o Fixes for length problems. |
|||
o Fixes for uninitialised variables. |
|||
o Fixes for memory leaks, some unusual crashes and some race conditions. |
|||
o Fixes for smaller building problems. |
|||
o Updates of manuals, FAQ and other instructive documents. |
|||
|
|||
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: |
|||
|
|||
o Important building fixes on Unix. |
|||
|
|||
Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: |
|||
|
|||
o Various important bugfixes. |
|||
|
|||
Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: |
|||
|
|||
o Important security related bugfixes. |
|||
o Various SSL/TLS library bugfixes. |
|||
|
|||
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: |
|||
|
|||
o Various SSL/TLS library bugfixes. |
|||
o Fix DH parameter generation for 'non-standard' generators. |
|||
|
|||
Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: |
|||
|
|||
o Various SSL/TLS library bugfixes. |
|||
o BIGNUM library fixes. |
|||
o RSA OAEP and random number generation fixes. |
|||
o Object identifiers corrected and added. |
|||
o Add assembler BN routines for IA64. |
|||
o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, |
|||
MIPS Linux; shared library support for Irix, HP-UX. |
|||
o Add crypto accelerator support for AEP, Baltimore SureWare, |
|||
Broadcom and Cryptographic Appliance's keyserver |
|||
[in 0.9.6c-engine release]. |
|||
|
|||
Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: |
|||
|
|||
o Security fix: PRNG improvements. |
|||
o Security fix: RSA OAEP check. |
|||
o Security fix: Reinsert and fix countermeasure to Bleichbacher's |
|||
attack. |
|||
o MIPS bug fix in BIGNUM. |
|||
o Bug fix in "openssl enc". |
|||
o Bug fix in X.509 printing routine. |
|||
o Bug fix in DSA verification routine and DSA S/MIME verification. |
|||
o Bug fix to make PRNG thread-safe. |
|||
o Bug fix in RAND_file_name(). |
|||
o Bug fix in compatibility mode trust settings. |
|||
o Bug fix in blowfish EVP. |
|||
o Increase default size for BIO buffering filter. |
|||
o Compatibility fixes in some scripts. |
|||
|
|||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: |
|||
|
|||
o Security fix: change behavior of OpenSSL to avoid using |
|||
environment variables when running as root. |
|||
o Security fix: check the result of RSA-CRT to reduce the |
|||
possibility of deducing the private key from an incorrectly |
|||
calculated signature. |
|||
o Security fix: prevent Bleichenbacher's DSA attack. |
|||
o Security fix: Zero the premaster secret after deriving the |
|||
master secret in DH ciphersuites. |
|||
o Reimplement SSL_peek(), which had various problems. |
|||
o Compatibility fix: the function des_encrypt() renamed to |
|||
des_encrypt1() to avoid clashes with some Unixen libc. |
|||
o Bug fixes for Win32, HP/UX and Irix. |
|||
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and |
|||
memory checking routines. |
|||
o Bug fixes for RSA operations in threaded environments. |
|||
o Bug fixes in misc. openssl applications. |
|||
o Remove a few potential memory leaks. |
|||
o Add tighter checks of BIGNUM routines. |
|||
o Shared library support has been reworked for generality. |
|||
o More documentation. |
|||
o New function BN_rand_range(). |
|||
o Add "-rand" option to openssl s_client and s_server. |
|||
|
|||
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: |
|||
|
|||
o Some documentation for BIO and SSL libraries. |
|||
o Enhanced chain verification using key identifiers. |
|||
o New sign and verify options to 'dgst' application. |
|||
o Support for DER and PEM encoded messages in 'smime' application. |
|||
o New 'rsautl' application, low level RSA utility. |
|||
o MD4 now included. |
|||
o Bugfix for SSL rollback padding check. |
|||
o Support for external crypto devices [1]. |
|||
o Enhanced EVP interface. |
|||
|
|||
[1] The support for external crypto devices is currently a separate |
|||
distribution. See the file README.ENGINE. |
|||
|
|||
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: |
|||
|
|||
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 |
|||
o Shared library support for HPUX and Solaris-gcc |
|||
o Support of Linux/IA64 |
|||
o Assembler support for Mingw32 |
|||
o New 'rand' application |
|||
o New way to check for existence of algorithms from scripts |
|||
|
|||
Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
|||
|
|||
o S/MIME support in new 'smime' command |
|||
o Documentation for the OpenSSL command line application |
|||
o Automation of 'req' application |
|||
o Fixes to make s_client, s_server work under Windows |
|||
o Support for multiple fieldnames in SPKACs |
|||
o New SPKAC command line utilty and associated library functions |
|||
o Options to allow passwords to be obtained from various sources |
|||
o New public key PEM format and options to handle it |
|||
o Many other fixes and enhancements to command line utilities |
|||
o Usable certificate chain verification |
|||
o Certificate purpose checking |
|||
o Certificate trust settings |
|||
o Support of authority information access extension |
|||
o Extensions in certificate requests |
|||
o Simplified X509 name and attribute routines |
|||
o Initial (incomplete) support for international character sets |
|||
o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
|||
o Read only memory BIOs and simplified creation function |
|||
o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
|||
record; allow fragmentation and interleaving of handshake and other |
|||
data |
|||
o TLS/SSL code now "tolerates" MS SGC |
|||
o Work around for Netscape client certificate hang bug |
|||
o RSA_NULL option that removes RSA patent code but keeps other |
|||
RSA functionality |
|||
o Memory leak detection now allows applications to add extra information |
|||
via a per-thread stack |
|||
o PRNG robustness improved |
|||
o EGD support |
|||
o BIGNUM library bug fixes |
|||
o Faster DSA parameter generation |
|||
o Enhanced support for Alpha Linux |
|||
o Experimental MacOS support |
|||
|
|||
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
|||
|
|||
o Transparent support for PKCS#8 format private keys: these are used |
|||
by several software packages and are more secure than the standard |
|||
form |
|||
o PKCS#5 v2.0 implementation |
|||
o Password callbacks have a new void * argument for application data |
|||
o Avoid various memory leaks |
|||
o New pipe-like BIO that allows using the SSL library when actual I/O |
|||
must be handled by the application (BIO pair) |
|||
|
|||
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
|||
o Lots of enhancements and cleanups to the Configuration mechanism |
|||
o RSA OEAP related fixes |
|||
o Added `openssl ca -revoke' option for revoking a certificate |
|||
o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs |
|||
o Source tree cleanups: removed lots of obsolete files |
|||
o Thawte SXNet, certificate policies and CRL distribution points |
|||
extension support |
|||
o Preliminary (experimental) S/MIME support |
|||
o Support for ASN.1 UTF8String and VisibleString |
|||
o Full integration of PKCS#12 code |
|||
o Sparc assembler bignum implementation, optimized hash functions |
|||
o Option to disable selected ciphers |
|||
|
|||
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
|||
o Fixed a security hole related to session resumption |
|||
o Fixed RSA encryption routines for the p < q case |
|||
o "ALL" in cipher lists now means "everything except NULL ciphers" |
|||
o Support for Triple-DES CBCM cipher |
|||
o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA |
|||
o First support for new TLSv1 ciphers |
|||
o Added a few new BIOs (syslog BIO, reliable BIO) |
|||
o Extended support for DSA certificate/keys. |
|||
o Extended support for Certificate Signing Requests (CSR) |
|||
o Initial support for X.509v3 extensions |
|||
o Extended support for compression inside the SSL record layer |
|||
o Overhauled Win32 builds |
|||
o Cleanups and fixes to the Big Number (BN) library |
|||
o Support for ASN.1 GeneralizedTime |
|||
o Splitted ASN.1 SETs from SEQUENCEs |
|||
o ASN1 and PEM support for Netscape Certificate Sequences |
|||
o Overhauled Perl interface |
|||
o Lots of source tree cleanups. |
|||
o Lots of memory leak fixes. |
|||
o Lots of bug fixes. |
|||
|
|||
Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: |
|||
o Integration of the popular NO_RSA/NO_DSA patches |
|||
o Initial support for compression inside the SSL record layer |
|||
o Added BIO proxy and filtering functionality |
|||
o Extended Big Number (BN) library |
|||
o Added RIPE MD160 message digest |
|||
o Addeed support for RC2/64bit cipher |
|||
o Extended ASN.1 parser routines |
|||
o Adjustations of the source tree for CVS |
|||
o Support for various new platforms |
|||
|
@ -0,0 +1,228 @@ |
|||
@echo off |
|||
|
|||
rem ======================================================================== |
|||
rem Batch file to automate building OpenSSL for NetWare. |
|||
rem |
|||
rem usage: |
|||
rem build [target] [debug opts] [assembly opts] [configure opts] |
|||
rem |
|||
rem target - "netware-clib" - CLib NetWare build (WinSock Sockets) |
|||
rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets) |
|||
rem - "netware-libc" - LibC NetWare build (WinSock Sockets) |
|||
rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets) |
|||
rem |
|||
rem debug opts - "debug" - build debug |
|||
rem |
|||
rem assembly opts - "nw-mwasm" - use Metrowerks assembler |
|||
rem - "nw-nasm" - use NASM assembler |
|||
rem - "no-asm" - don't use assembly |
|||
rem |
|||
rem configure opts- all unrecognized arguments are passed to the |
|||
rem perl configure script |
|||
rem |
|||
rem If no arguments are specified the default is to build non-debug with |
|||
rem no assembly. NOTE: there is no default BLD_TARGET. |
|||
rem |
|||
|
|||
|
|||
|
|||
rem No assembly is the default - Uncomment section below to change |
|||
rem the assembler default |
|||
set ASM_MODE= |
|||
set ASSEMBLER= |
|||
set NO_ASM=no-asm |
|||
|
|||
rem Uncomment to default to the Metrowerks assembler |
|||
rem set ASM_MODE=nw-mwasm |
|||
rem set ASSEMBLER=Metrowerks |
|||
rem set NO_ASM= |
|||
|
|||
rem Uncomment to default to the NASM assembler |
|||
rem set ASM_MODE=nw-nasm |
|||
rem set ASSEMBLER=NASM |
|||
rem set NO_ASM= |
|||
|
|||
rem No default Bld target |
|||
set BLD_TARGET=no_target |
|||
rem set BLD_TARGET=netware-clib |
|||
rem set BLD_TARGET=netware-libc |
|||
|
|||
|
|||
rem Default to build non-debug |
|||
set DEBUG= |
|||
|
|||
rem Uncomment to default to debug build |
|||
rem set DEBUG=debug |
|||
|
|||
|
|||
set CONFIG_OPTS= |
|||
set ARG_PROCESSED=NO |
|||
|
|||
|
|||
rem Process command line args |
|||
:opts |
|||
if "a%1" == "a" goto endopt |
|||
if "%1" == "no-asm" set NO_ASM=no-asm |
|||
if "%1" == "no-asm" set ARG_PROCESSED=YES |
|||
if "%1" == "debug" set DEBUG=debug |
|||
if "%1" == "debug" set ARG_PROCESSED=YES |
|||
if "%1" == "nw-nasm" set ASM_MODE=nw-nasm |
|||
if "%1" == "nw-nasm" set ASSEMBLER=NASM |
|||
if "%1" == "nw-nasm" set NO_ASM= |
|||
if "%1" == "nw-nasm" set ARG_PROCESSED=YES |
|||
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm |
|||
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks |
|||
if "%1" == "nw-mwasm" set NO_ASM= |
|||
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES |
|||
if "%1" == "netware-clib" set BLD_TARGET=netware-clib |
|||
if "%1" == "netware-clib" set ARG_PROCESSED=YES |
|||
if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock |
|||
if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES |
|||
if "%1" == "netware-libc" set BLD_TARGET=netware-libc |
|||
if "%1" == "netware-libc" set ARG_PROCESSED=YES |
|||
if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock |
|||
if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES |
|||
|
|||
rem If we didn't recognize the argument, consider it an option for config |
|||
if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1 |
|||
if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO |
|||
|
|||
shift |
|||
goto opts |
|||
:endopt |
|||
|
|||
rem make sure a valid BLD_TARGET was specified |
|||
if "%BLD_TARGET%" == "no_target" goto no_target |
|||
|
|||
rem build the nlm make file name which includes target and debug info |
|||
set NLM_MAKE= |
|||
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib |
|||
if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock |
|||
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc |
|||
if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock |
|||
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak |
|||
if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak |
|||
|
|||
if "%NO_ASM%" == "no-asm" set ASM_MODE= |
|||
if "%NO_ASM%" == "no-asm" set ASSEMBLER= |
|||
if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm |
|||
if "%NO_ASM%" == "no-asm" goto do_config |
|||
|
|||
|
|||
rem ================================================== |
|||
echo Generating x86 for %ASSEMBLER% assembler |
|||
|
|||
echo Bignum |
|||
cd crypto\bn\asm |
|||
rem perl x86.pl %ASM_MODE% > bn-nw.asm |
|||
perl bn-586.pl %ASM_MODE% > bn-nw.asm |
|||
perl co-586.pl %ASM_MODE% > co-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo AES |
|||
cd crypto\aes\asm |
|||
perl aes-586.pl %ASM_MODE% > a-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo DES |
|||
cd crypto\des\asm |
|||
perl des-586.pl %ASM_MODE% > d-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo "crypt(3)" |
|||
|
|||
cd crypto\des\asm |
|||
perl crypt586.pl %ASM_MODE% > y-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo Blowfish |
|||
|
|||
cd crypto\bf\asm |
|||
perl bf-586.pl %ASM_MODE% > b-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo CAST5 |
|||
cd crypto\cast\asm |
|||
perl cast-586.pl %ASM_MODE% > c-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo RC4 |
|||
cd crypto\rc4\asm |
|||
perl rc4-586.pl %ASM_MODE% > r4-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo MD5 |
|||
cd crypto\md5\asm |
|||
perl md5-586.pl %ASM_MODE% > m5-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo SHA1 |
|||
cd crypto\sha\asm |
|||
perl sha1-586.pl %ASM_MODE% > s1-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo RIPEMD160 |
|||
cd crypto\ripemd\asm |
|||
perl rmd-586.pl %ASM_MODE% > rm-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo RC5\32 |
|||
cd crypto\rc5\asm |
|||
perl rc5-586.pl %ASM_MODE% > r5-nw.asm |
|||
cd ..\..\.. |
|||
|
|||
echo CPUID |
|||
cd crypto |
|||
perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm |
|||
cd ..\ |
|||
|
|||
rem =============================================================== |
|||
rem |
|||
:do_config |
|||
|
|||
echo . |
|||
echo configure options: %CONFIG_OPTS% %BLD_TARGET% |
|||
echo . |
|||
perl configure %CONFIG_OPTS% %BLD_TARGET% |
|||
|
|||
perl util\mkfiles.pl >MINFO |
|||
|
|||
echo . |
|||
echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% |
|||
echo . |
|||
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE% |
|||
|
|||
make -f %NLM_MAKE% vclean |
|||
echo . |
|||
echo The makefile "%NLM_MAKE%" has been created use your maketool to |
|||
echo build (ex: make -f %NLM_MAKE%) |
|||
goto end |
|||
|
|||
rem =============================================================== |
|||
rem |
|||
:no_target |
|||
echo . |
|||
echo . No build target specified!!! |
|||
echo . |
|||
echo . usage: build [target] [debug opts] [assembly opts] [configure opts] |
|||
echo . |
|||
echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets) |
|||
echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets) |
|||
echo . - "netware-libc" - LibC NetWare build (WinSock Sockets) |
|||
echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets) |
|||
echo . |
|||
echo . debug opts - "debug" - build debug |
|||
echo . |
|||
echo . assembly opts - "nw-mwasm" - use Metrowerks assembler |
|||
echo . "nw-nasm" - use NASM assembler |
|||
echo . "no-asm" - don't use assembly |
|||
echo . |
|||
echo . configure opts- all unrecognized arguments are passed to the |
|||
echo . perl configure script |
|||
echo . |
|||
echo . If no debug or assembly opts are specified the default is to build |
|||
echo . non-debug without assembly |
|||
echo . |
|||
|
|||
|
|||
:end |
@ -0,0 +1,113 @@ |
|||
@echo off |
|||
|
|||
rem Batch file to copy OpenSSL stuff to a NetWare server for testing |
|||
|
|||
rem This batch file will create an "opensssl" directory at the root of the |
|||
rem specified NetWare drive and copy the required files to run the tests. |
|||
rem It should be run from inside the "openssl\netware" subdirectory. |
|||
|
|||
rem Usage: |
|||
rem cpy_tests.bat <test subdirectory> <NetWare drive> |
|||
rem <test subdirectory> - out_nw.dbg | out_nw |
|||
rem <NetWare drive> - any mapped drive letter |
|||
rem |
|||
rem example ( copy from debug build to m: dirve ): |
|||
rem cpy_tests.bat out_nw.dbg m: |
|||
rem |
|||
rem CAUTION: If a directory named OpenSSL exists on the target drive |
|||
rem it will be deleted first. |
|||
|
|||
|
|||
if "%1" == "" goto usage |
|||
if "%2" == "" goto usage |
|||
|
|||
rem Assume running in \openssl directory unless cpy_tests.bat exists then |
|||
rem it must be the \openssl\netware directory |
|||
set loc=. |
|||
if exist cpy_tests.bat set loc=.. |
|||
|
|||
rem make sure the local build subdirectory specified is valid |
|||
if not exist %loc%\%1\NUL goto invalid_dir |
|||
|
|||
rem make sure target drive is valid |
|||
if not exist %2\NUL goto invalid_drive |
|||
|
|||
rem If an OpenSSL directory exists on the target drive, remove it |
|||
if exist %2\openssl\NUL goto remove_openssl |
|||
goto do_copy |
|||
|
|||
:remove_openssl |
|||
echo . |
|||
echo OpenSSL directory exists on %2 - it will be removed! |
|||
pause |
|||
rmdir %2\openssl /s /q |
|||
|
|||
:do_copy |
|||
rem make an "openssl" directory and others at the root of the NetWare drive |
|||
mkdir %2\openssl |
|||
mkdir %2\openssl\test_out |
|||
mkdir %2\openssl\apps |
|||
mkdir %2\openssl\certs |
|||
mkdir %2\openssl\test |
|||
|
|||
|
|||
rem copy the test nlms |
|||
copy %loc%\%1\*.nlm %2\openssl\ |
|||
|
|||
rem copy the test perl script |
|||
copy %loc%\netware\do_tests.pl %2\openssl\ |
|||
|
|||
rem copy the certs directory stuff |
|||
xcopy %loc%\certs\*.* %2\openssl\certs\ /s |
|||
|
|||
rem copy the test directory stuff |
|||
copy %loc%\test\CAss.cnf %2\openssl\test\ |
|||
copy %loc%\test\Uss.cnf %2\openssl\test\ |
|||
copy %loc%\test\pkcs7.pem %2\openssl\test\ |
|||
copy %loc%\test\pkcs7-1.pem %2\openssl\test\ |
|||
copy %loc%\test\testcrl.pem %2\openssl\test\ |
|||
copy %loc%\test\testp7.pem %2\openssl\test\ |
|||
copy %loc%\test\testreq2.pem %2\openssl\test\ |
|||
copy %loc%\test\testrsa.pem %2\openssl\test\ |
|||
copy %loc%\test\testsid.pem %2\openssl\test\ |
|||
copy %loc%\test\testx509.pem %2\openssl\test\ |
|||
copy %loc%\test\v3-cert1.pem %2\openssl\test\ |
|||
copy %loc%\test\v3-cert2.pem %2\openssl\test\ |
|||
copy %loc%\crypto\evp\evptests.txt %2\openssl\test\ |
|||
|
|||
rem copy the apps directory stuff |
|||
copy %loc%\apps\client.pem %2\openssl\apps\ |
|||
copy %loc%\apps\server.pem %2\openssl\apps\ |
|||
copy %loc%\apps\openssl.cnf %2\openssl\apps\ |
|||
|
|||
echo . |
|||
echo Tests copied |
|||
echo Run the test script at the console by typing: |
|||
echo "Perl \openssl\do_tests.pl" |
|||
echo . |
|||
echo Make sure the Search path includes the OpenSSL subdirectory |
|||
|
|||
goto end |
|||
|
|||
:invalid_dir |
|||
echo. |
|||
echo Invalid build directory specified: %1 |
|||
echo. |
|||
goto usage |
|||
|
|||
:invalid_drive |
|||
echo. |
|||
echo Invalid drive: %2 |
|||
echo. |
|||
goto usage |
|||
|
|||
:usage |
|||
echo. |
|||
echo usage: cpy_tests.bat [test subdirectory] [NetWare drive] |
|||
echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. |
|||
echo [NetWare drive] - any mapped drive letter |
|||
echo. |
|||
echo example: cpy_test out_nw_clib.dbg M: |
|||
echo (copy from clib debug build area to M: drive) |
|||
|
|||
:end |
@ -0,0 +1,624 @@ |
|||
# perl script to run OpenSSL tests |
|||
|
|||
|
|||
my $base_path = "\\openssl"; |
|||
|
|||
my $output_path = "$base_path\\test_out"; |
|||
my $cert_path = "$base_path\\certs"; |
|||
my $test_path = "$base_path\\test"; |
|||
my $app_path = "$base_path\\apps"; |
|||
|
|||
my $tmp_cert = "$output_path\\cert.tmp"; |
|||
my $OpenSSL_config = "$app_path\\openssl.cnf"; |
|||
my $log_file = "$output_path\\tests.log"; |
|||
|
|||
my $pause = 0; |
|||
|
|||
|
|||
# process the command line args to see if they wanted us to pause |
|||
# between executing each command |
|||
foreach $i (@ARGV) |
|||
{ |
|||
if ($i =~ /^-p$/) |
|||
{ $pause=1; } |
|||
} |
|||
|
|||
|
|||
|
|||
main(); |
|||
|
|||
|
|||
############################################################################ |
|||
sub main() |
|||
{ |
|||
# delete all the output files in the output directory |
|||
unlink <$output_path\\*.*>; |
|||
|
|||
# open the main log file |
|||
open(OUT, ">$log_file") || die "unable to open $log_file\n"; |
|||
|
|||
print( OUT "========================================================\n"); |
|||
my $outFile = "$output_path\\version.out"; |
|||
system("openssl2 version (CLIB_OPT)/>$outFile"); |
|||
log_output("CHECKING FOR OPENSSL VERSION:", $outFile); |
|||
|
|||
algorithm_tests(); |
|||
encryption_tests(); |
|||
evp_tests(); |
|||
pem_tests(); |
|||
verify_tests(); |
|||
ca_tests(); |
|||
ssl_tests(); |
|||
|
|||
close(OUT); |
|||
|
|||
print("\nCompleted running tests.\n\n"); |
|||
print("Check log file for errors: $log_file\n"); |
|||
} |
|||
|
|||
############################################################################ |
|||
sub algorithm_tests |
|||
{ |
|||
my $i; |
|||
my $outFile; |
|||
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test, |
|||
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test, |
|||
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest, |
|||
ecdsatest, ectest, exptest, casttest, hmactest ); |
|||
|
|||
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); |
|||
|
|||
foreach $i (@tests) |
|||
{ |
|||
if (-e "$base_path\\$i.nlm") |
|||
{ |
|||
$outFile = "$output_path\\$i.out"; |
|||
system("$i (CLIB_OPT)/>$outFile"); |
|||
log_desc("Test: $i\.nlm:"); |
|||
log_output("", $outFile ); |
|||
} |
|||
else |
|||
{ |
|||
log_desc("Test: $i\.nlm: file not found"); |
|||
} |
|||
} |
|||
} |
|||
|
|||
############################################################################ |
|||
sub encryption_tests |
|||
{ |
|||
my $i; |
|||
my $outFile; |
|||
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", |
|||
"des-ofb", "des-ede-ofb", "des-ede3-ofb", |
|||
"des-ecb", "des-ede", "des-ede3", "des-cbc", |
|||
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", |
|||
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", |
|||
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", |
|||
"bf-ofb", "bf-cbc" ); |
|||
|
|||
my $input = "$base_path\\do_tests.pl"; |
|||
my $cipher = "$output_path\\cipher.out"; |
|||
my $clear = "$output_path\\clear.out"; |
|||
|
|||
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); |
|||
|
|||
foreach $i (@enc_tests) |
|||
{ |
|||
log_desc("Testing: $i"); |
|||
|
|||
# do encryption |
|||
$outFile = "$output_path\\enc.out"; |
|||
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" ); |
|||
log_output("Encrypting: $input --> $cipher", $outFile); |
|||
|
|||
# do decryption |
|||
$outFile = "$output_path\\dec.out"; |
|||
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile"); |
|||
log_output("Decrypting: $cipher --> $clear", $outFile); |
|||
|
|||
# compare files |
|||
$x = compare_files( $input, $clear, 1); |
|||
if ( $x == 0 ) |
|||
{ |
|||
print( "\rSUCCESS - files match: $input, $clear\n"); |
|||
print( OUT "SUCCESS - files match: $input, $clear\n"); |
|||
} |
|||
else |
|||
{ |
|||
print( "\rERROR: files don't match\n"); |
|||
print( OUT "ERROR: files don't match\n"); |
|||
} |
|||
|
|||
do_wait(); |
|||
|
|||
# Now do the same encryption but use Base64 |
|||
|
|||
# do encryption B64 |
|||
$outFile = "$output_path\\B64enc.out"; |
|||
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile"); |
|||
log_output("Encrypting(B64): $cipher --> $clear", $outFile); |
|||
|
|||
# do decryption B64 |
|||
$outFile = "$output_path\\B64dec.out"; |
|||
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile"); |
|||
log_output("Decrypting(B64): $cipher --> $clear", $outFile); |
|||
|
|||
# compare files |
|||
$x = compare_files( $input, $clear, 1); |
|||
if ( $x == 0 ) |
|||
{ |
|||
print( "\rSUCCESS - files match: $input, $clear\n"); |
|||
print( OUT "SUCCESS - files match: $input, $clear\n"); |
|||
} |
|||
else |
|||
{ |
|||
print( "\rERROR: files don't match\n"); |
|||
print( OUT "ERROR: files don't match\n"); |
|||
} |
|||
|
|||
do_wait(); |
|||
|
|||
} # end foreach |
|||
|
|||
# delete the temporary files |
|||
unlink($cipher); |
|||
unlink($clear); |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub pem_tests |
|||
{ |
|||
my $i; |
|||
my $tmp_out; |
|||
my $outFile = "$output_path\\pem.out"; |
|||
|
|||
my %pem_tests = ( |
|||
"crl" => "testcrl.pem", |
|||
"pkcs7" => "testp7.pem", |
|||
"req" => "testreq2.pem", |
|||
"rsa" => "testrsa.pem", |
|||
"x509" => "testx509.pem", |
|||
"x509" => "v3-cert1.pem", |
|||
"sess_id" => "testsid.pem" ); |
|||
|
|||
|
|||
print( "\nRUNNING PEM TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "PEM TESTS:\n\n"); |
|||
|
|||
foreach $i (keys(%pem_tests)) |
|||
{ |
|||
log_desc( "Testing: $i"); |
|||
|
|||
my $input = "$test_path\\$pem_tests{$i}"; |
|||
|
|||
$tmp_out = "$output_path\\$pem_tests{$i}"; |
|||
|
|||
if ($i ne "req" ) |
|||
{ |
|||
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile"); |
|||
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); |
|||
} |
|||
else |
|||
{ |
|||
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile"); |
|||
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); |
|||
} |
|||
|
|||
$x = compare_files( $input, $tmp_out); |
|||
if ( $x == 0 ) |
|||
{ |
|||
print( "\rSUCCESS - files match: $input, $tmp_out\n"); |
|||
print( OUT "SUCCESS - files match: $input, $tmp_out\n"); |
|||
} |
|||
else |
|||
{ |
|||
print( "\rERROR: files don't match\n"); |
|||
print( OUT "ERROR: files don't match\n"); |
|||
} |
|||
do_wait(); |
|||
|
|||
} # end foreach |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub verify_tests |
|||
{ |
|||
my $i; |
|||
my $outFile = "$output_path\\verify.out"; |
|||
|
|||
$cert_path =~ s/\\/\//g; |
|||
my @cert_files = <$cert_path/*.pem>; |
|||
|
|||
print( "\nRUNNING VERIFY TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "VERIFY TESTS:\n\n"); |
|||
|
|||
make_tmp_cert_file(); |
|||
|
|||
foreach $i (@cert_files) |
|||
{ |
|||
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile"); |
|||
log_desc("Verifying cert: $i"); |
|||
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); |
|||
} |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub ssl_tests |
|||
{ |
|||
my $outFile = "$output_path\\ssl_tst.out"; |
|||
my($CAcert) = "$output_path\\certCA.ss"; |
|||
my($Ukey) = "$output_path\\keyU.ss"; |
|||
my($Ucert) = "$output_path\\certU.ss"; |
|||
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert"; |
|||
|
|||
print( "\nRUNNING SSL TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "SSL TESTS:\n\n"); |
|||
|
|||
system("ssltest -ssl2 (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2:"); |
|||
log_output("ssltest -ssl2", $outFile); |
|||
|
|||
system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with server authentication:"); |
|||
log_output("$ssltest -ssl2 -server_auth", $outFile); |
|||
|
|||
system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with client authentication:"); |
|||
log_output("$ssltest -ssl2 -client_auth", $outFile); |
|||
|
|||
system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with both client and server authentication:"); |
|||
log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile); |
|||
|
|||
system("ssltest -ssl3 (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3:"); |
|||
log_output("ssltest -ssl3", $outFile); |
|||
|
|||
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with server authentication:"); |
|||
log_output("$ssltest -ssl3 -server_auth", $outFile); |
|||
|
|||
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with client authentication:"); |
|||
log_output("$ssltest -ssl3 -client_auth", $outFile); |
|||
|
|||
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with both client and server authentication:"); |
|||
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile); |
|||
|
|||
system("ssltest (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3:"); |
|||
log_output("ssltest", $outFile); |
|||
|
|||
system("$ssltest -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with server authentication:"); |
|||
log_output("$ssltest -server_auth", $outFile); |
|||
|
|||
system("$ssltest -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with client authentication:"); |
|||
log_output("$ssltest -client_auth ", $outFile); |
|||
|
|||
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with both client and server authentication:"); |
|||
log_output("$ssltest -server_auth -client_auth", $outFile); |
|||
|
|||
system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 via BIO pair:"); |
|||
log_output("ssltest -bio_pair -ssl2", $outFile); |
|||
|
|||
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); |
|||
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with client authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile); |
|||
|
|||
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 via BIO pair:"); |
|||
log_output("ssltest -bio_pair -ssl3", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with client authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile); |
|||
|
|||
system("ssltest -bio_pair (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 via BIO pair:"); |
|||
log_output("ssltest -bio_pair", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -server_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -client_auth", $outFile); |
|||
|
|||
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile"); |
|||
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); |
|||
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile); |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub ca_tests |
|||
{ |
|||
my $outFile = "$output_path\\ca_tst.out"; |
|||
|
|||
my($CAkey) = "$output_path\\keyCA.ss"; |
|||
my($CAcert) = "$output_path\\certCA.ss"; |
|||
my($CAserial) = "$output_path\\certCA.srl"; |
|||
my($CAreq) = "$output_path\\reqCA.ss"; |
|||
my($CAreq2) = "$output_path\\req2CA.ss"; |
|||
|
|||
my($CAconf) = "$test_path\\CAss.cnf"; |
|||
|
|||
my($Uconf) = "$test_path\\Uss.cnf"; |
|||
|
|||
my($Ukey) = "$output_path\\keyU.ss"; |
|||
my($Ureq) = "$output_path\\reqU.ss"; |
|||
my($Ucert) = "$output_path\\certU.ss"; |
|||
|
|||
print( "\nRUNNING CA TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "CA TESTS:\n"); |
|||
|
|||
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile"); |
|||
log_desc("Make a certificate request using req:"); |
|||
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); |
|||
|
|||
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile"); |
|||
log_desc("Convert the certificate request into a self signed certificate using x509:"); |
|||
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); |
|||
|
|||
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile"); |
|||
log_desc("Convert a certificate into a certificate request using 'x509':"); |
|||
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); |
|||
|
|||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile"); |
|||
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); |
|||
|
|||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile"); |
|||
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); |
|||
|
|||
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile"); |
|||
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); |
|||
|
|||
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile"); |
|||
log_desc("Make another certificate request using req:"); |
|||
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); |
|||
|
|||
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile"); |
|||
log_desc("Sign certificate request with the just created CA via x509:"); |
|||
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); |
|||
|
|||
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile"); |
|||
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); |
|||
|
|||
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile"); |
|||
log_desc("Certificate details"); |
|||
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); |
|||
|
|||
print(OUT "--\n"); |
|||
print(OUT "The generated CA certificate is $CAcert\n"); |
|||
print(OUT "The generated CA private key is $CAkey\n"); |
|||
print(OUT "The current CA signing serial number is in $CAserial\n"); |
|||
|
|||
print(OUT "The generated user certificate is $Ucert\n"); |
|||
print(OUT "The generated user private key is $Ukey\n"); |
|||
print(OUT "--\n"); |
|||
} |
|||
|
|||
############################################################################ |
|||
sub evp_tests |
|||
{ |
|||
my $i = 'evp_test'; |
|||
|
|||
print( "\nRUNNING EVP TESTS:\n\n"); |
|||
|
|||
print( OUT "\n========================================================\n"); |
|||
print( OUT "EVP TESTS:\n\n"); |
|||
|
|||
if (-e "$base_path\\$i.nlm") |
|||
{ |
|||
my $outFile = "$output_path\\$i.out"; |
|||
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile"); |
|||
log_desc("Test: $i\.nlm:"); |
|||
log_output("", $outFile ); |
|||
} |
|||
else |
|||
{ |
|||
log_desc("Test: $i\.nlm: file not found"); |
|||
} |
|||
} |
|||
|
|||
############################################################################ |
|||
sub log_output( $ $ ) |
|||
{ |
|||
my( $desc, $file ) = @_; |
|||
my($error) = 0; |
|||
my($key); |
|||
my($msg); |
|||
|
|||
if ($desc) |
|||
{ |
|||
print("\r$desc\n"); |
|||
print(OUT "$desc\n"); |
|||
} |
|||
|
|||
# loop waiting for test program to complete |
|||
while ( stat($file) == 0) |
|||
{ print(". "); sleep(1); } |
|||
|
|||
|
|||
# copy test output to log file |
|||
open(IN, "<$file"); |
|||
while (<IN>) |
|||
{ |
|||
print(OUT $_); |
|||
if ( $_ =~ /ERROR/ ) |
|||
{ |
|||
$error = 1; |
|||
} |
|||
} |
|||
# close and delete the temporary test output file |
|||
close(IN); |
|||
unlink($file); |
|||
|
|||
if ( $error == 0 ) |
|||
{ |
|||
$msg = "Test Succeeded"; |
|||
} |
|||
else |
|||
{ |
|||
$msg = "Test Failed"; |
|||
} |
|||
|
|||
print(OUT "$msg\n"); |
|||
|
|||
if ($pause) |
|||
{ |
|||
print("$msg - press ENTER to continue..."); |
|||
$key = getc; |
|||
print("\n"); |
|||
} |
|||
|
|||
# Several of the testing scripts run a loop loading the |
|||
# same NLM with different options. |
|||
# On slow NetWare machines there appears to be some delay in the |
|||
# OS actually unloading the test nlms and the OS complains about. |
|||
# the NLM already being loaded. This additional pause is to |
|||
# to help provide a little more time for unloading before trying to |
|||
# load again. |
|||
sleep(1); |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub log_desc( $ ) |
|||
{ |
|||
my( $desc ) = @_; |
|||
|
|||
print("\n"); |
|||
print("$desc\n"); |
|||
|
|||
print(OUT "\n"); |
|||
print(OUT "$desc\n"); |
|||
print(OUT "======================================\n"); |
|||
} |
|||
|
|||
############################################################################ |
|||
sub compare_files( $ $ $ ) |
|||
{ |
|||
my( $file1, $file2, $binary ) = @_; |
|||
my( $n1, $n2, $b1, $b2 ); |
|||
my($ret) = 1; |
|||
|
|||
open(IN0, $file1) || die "\nunable to open $file1\n"; |
|||
open(IN1, $file2) || die "\nunable to open $file2\n"; |
|||
|
|||
if ($binary) |
|||
{ |
|||
binmode IN0; |
|||
binmode IN1; |
|||
} |
|||
|
|||
for (;;) |
|||
{ |
|||
$n1 = read(IN0, $b1, 512); |
|||
$n2 = read(IN1, $b2, 512); |
|||
|
|||
if ($n1 != $n2) {last;} |
|||
if ($b1 != $b2) {last;} |
|||
|
|||
if ($n1 == 0) |
|||
{ |
|||
$ret = 0; |
|||
last; |
|||
} |
|||
} |
|||
close(IN0); |
|||
close(IN1); |
|||
return($ret); |
|||
} |
|||
|
|||
############################################################################ |
|||
sub do_wait() |
|||
{ |
|||
my($key); |
|||
|
|||
if ($pause) |
|||
{ |
|||
print("Press ENTER to continue..."); |
|||
$key = getc; |
|||
print("\n"); |
|||
} |
|||
} |
|||
|
|||
|
|||
############################################################################ |
|||
sub make_tmp_cert_file() |
|||
{ |
|||
my @cert_files = <$cert_path/*.pem>; |
|||
|
|||
# delete the file if it already exists |
|||
unlink($tmp_cert); |
|||
|
|||
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; |
|||
|
|||
print("building temporary cert file\n"); |
|||
|
|||
# create a temporary cert file that contains all the certs |
|||
foreach $i (@cert_files) |
|||
{ |
|||
open( IN_CERT, $i ) || die "\nunable to open $i\n"; |
|||
|
|||
for(;;) |
|||
{ |
|||
$n = sysread(IN_CERT, $data, 1024); |
|||
|
|||
if ($n == 0) |
|||
{ |
|||
close(IN_CERT); |
|||
last; |
|||
}; |
|||
|
|||
syswrite(TMP_CERT, $data, $n); |
|||
} |
|||
} |
|||
|
|||
close( TMP_CERT ); |
|||
} |
@ -0,0 +1,254 @@ |
|||
An initial review of the OpenSSL code was done to determine how many |
|||
global variables where present. The idea was to determine the amount of |
|||
work required to pull the globals into an instance data structure in |
|||
order to build a Library NLM for NetWare. This file contains the results |
|||
of the review. Each file is listed along with the globals in the file. |
|||
The initial review was done very quickly so this list is probably |
|||
not a comprehensive list. |
|||
|
|||
|
|||
cryptlib.c |
|||
=========================================== |
|||
|
|||
static STACK *app_locks=NULL; |
|||
|
|||
static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; |
|||
|
|||
static void (MS_FAR *locking_callback)(int mode,int type, |
|||
const char *file,int line)=NULL; |
|||
static int (MS_FAR *add_lock_callback)(int *pointer,int amount, |
|||
int type,const char *file,int line)=NULL; |
|||
static unsigned long (MS_FAR *id_callback)(void)=NULL; |
|||
static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) |
|||
(const char *file,int line)=NULL; |
|||
static void (MS_FAR *dynlock_lock_callback)(int mode, |
|||
struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; |
|||
static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, |
|||
const char *file,int line)=NULL; |
|||
|
|||
|
|||
mem.c |
|||
=========================================== |
|||
static int allow_customize = 1; /* we provide flexible functions for */ |
|||
static int allow_customize_debug = 1;/* exchanging memory-related functions at |
|||
|
|||
/* may be changed as long as `allow_customize' is set */ |
|||
static void *(*malloc_locked_func)(size_t) = malloc; |
|||
static void (*free_locked_func)(void *) = free; |
|||
static void *(*malloc_func)(size_t) = malloc; |
|||
static void *(*realloc_func)(void *, size_t)= realloc; |
|||
static void (*free_func)(void *) = free; |
|||
|
|||
/* use default functions from mem_dbg.c */ |
|||
static void (*malloc_debug_func)(void *,int,const char *,int,int) |
|||
= CRYPTO_dbg_malloc; |
|||
static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) |
|||
= CRYPTO_dbg_realloc; |
|||
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; |
|||
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; |
|||
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; |
|||
|
|||
|
|||
mem_dbg.c |
|||
=========================================== |
|||
static int mh_mode=CRYPTO_MEM_CHECK_OFF; |
|||
static unsigned long order = 0; /* number of memory requests */ |
|||
static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ |
|||
|
|||
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */ |
|||
static long options = /* extra information to be recorded */ |
|||
static unsigned long disabling_thread = 0; |
|||
|
|||
|
|||
err.c |
|||
=========================================== |
|||
static LHASH *error_hash=NULL; |
|||
static LHASH *thread_hash=NULL; |
|||
|
|||
several files have routines with static "init" to track if error strings |
|||
have been loaded ( may not want seperate error strings for each process ) |
|||
The "init" variable can't be left "global" because the error has is a ptr |
|||
that is malloc'ed. The malloc'ed error has is dependant on the "init" |
|||
vars. |
|||
|
|||
files: |
|||
pem_err.c |
|||
cpt_err.c |
|||
pk12err.c |
|||
asn1_err.c |
|||
bio_err.c |
|||
bn_err.c |
|||
buf_err.c |
|||
comp_err.c |
|||
conf_err.c |
|||
cpt_err.c |
|||
dh_err.c |
|||
dsa_err.c |
|||
dso_err.c |
|||
evp_err.c |
|||
obj_err.c |
|||
pkcs7err.c |
|||
rand_err.c |
|||
rsa_err.c |
|||
rsar_err.c |
|||
ssl_err.c |
|||
x509_err.c |
|||
v3err.c |
|||
err.c |
|||
|
|||
These file have similar "init" globals but they are for other stuff not |
|||
error strings: |
|||
|
|||
bn_lib.c |
|||
ecc_enc.c |
|||
s23_clnt.c |
|||
s23_meth.c |
|||
s23_srvr.c |
|||
s2_clnt.c |
|||
s2_lib.c |
|||
s2_meth.c |
|||
s2_srvr.c |
|||
s3_clnt.c |
|||
s3_lib.c |
|||
s3_srvr.c |
|||
t1_clnt.c |
|||
t1_meth.c |
|||
t1_srvr.c |
|||
|
|||
rand_lib.c |
|||
=========================================== |
|||
static RAND_METHOD *rand_meth= &rand_ssleay_meth; |
|||
|
|||
md_rand.c |
|||
=========================================== |
|||
static int state_num=0,state_index=0; |
|||
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; |
|||
static unsigned char md[MD_DIGEST_LENGTH]; |
|||
static long md_count[2]={0,0}; |
|||
static double entropy=0; |
|||
static int initialized=0; |
|||
|
|||
/* This should be set to 1 only when ssleay_rand_add() is called inside |
|||
an already locked state, so it doesn't try to lock and thereby cause |
|||
a hang. And it should always be reset back to 0 before unlocking. */ |
|||
static int add_do_not_lock=0; |
|||
|
|||
obj_dat.c |
|||
============================================ |
|||
static int new_nid=NUM_NID; |
|||
static LHASH *added=NULL; |
|||
|
|||
b_sock.c |
|||
=========================================== |
|||
static unsigned long BIO_ghbn_hits=0L; |
|||
static unsigned long BIO_ghbn_miss=0L; |
|||
static struct ghbn_cache_st |
|||
{ |
|||
char name[129]; |
|||
struct hostent *ent; |
|||
unsigned long order; |
|||
} ghbn_cache[GHBN_NUM]; |
|||
|
|||
static int wsa_init_done=0; |
|||
|
|||
|
|||
bio_lib.c |
|||
=========================================== |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; |
|||
static int bio_meth_num=0; |
|||
|
|||
|
|||
bn_lib.c |
|||
======================================== |
|||
static int bn_limit_bits=0; |
|||
static int bn_limit_num=8; /* (1<<bn_limit_bits) */ |
|||
static int bn_limit_bits_low=0; |
|||
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ |
|||
static int bn_limit_bits_high=0; |
|||
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ |
|||
static int bn_limit_bits_mont=0; |
|||
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ |
|||
|
|||
conf_lib.c |
|||
======================================== |
|||
static CONF_METHOD *default_CONF_method=NULL; |
|||
|
|||
dh_lib.c |
|||
======================================== |
|||
static DH_METHOD *default_DH_method; |
|||
static int dh_meth_num = 0; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; |
|||
|
|||
dsa_lib.c |
|||
======================================== |
|||
static DSA_METHOD *default_DSA_method; |
|||
static int dsa_meth_num = 0; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; |
|||
|
|||
dso_lib.c |
|||
======================================== |
|||
static DSO_METHOD *default_DSO_meth = NULL; |
|||
|
|||
rsa_lib.c |
|||
======================================== |
|||
static RSA_METHOD *default_RSA_meth=NULL; |
|||
static int rsa_meth_num=0; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; |
|||
|
|||
x509_trs.c |
|||
======================================= |
|||
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; |
|||
static STACK_OF(X509_TRUST) *trtable = NULL; |
|||
|
|||
x509_req.c |
|||
======================================= |
|||
static int *ext_nids = ext_nid_list; |
|||
|
|||
o_names.c |
|||
====================================== |
|||
static LHASH *names_lh=NULL; |
|||
static STACK_OF(NAME_FUNCS) *name_funcs_stack; |
|||
static int free_type; |
|||
static int names_type_num=OBJ_NAME_TYPE_NUM; |
|||
|
|||
|
|||
th-lock.c - NEED to add support for locking for NetWare |
|||
============================================== |
|||
static long *lock_count; |
|||
(other platform specific globals) |
|||
|
|||
x_x509.c |
|||
============================================== |
|||
static int x509_meth_num = 0; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL; |
|||
|
|||
|
|||
evp_pbe.c |
|||
============================================ |
|||
static STACK *pbe_algs; |
|||
|
|||
evp_key.c |
|||
============================================ |
|||
static char prompt_string[80]; |
|||
|
|||
ssl_ciph.c |
|||
============================================ |
|||
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; |
|||
|
|||
ssl_lib.c |
|||
============================================= |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL; |
|||
static int ssl_meth_num=0; |
|||
static int ssl_ctx_meth_num=0; |
|||
|
|||
ssl_sess.c |
|||
============================================= |
|||
static int ssl_session_num=0; |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL; |
|||
|
|||
x509_vfy.c |
|||
============================================ |
|||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL; |
|||
static int x509_store_ctx_num=0; |
|||
|
@ -0,0 +1,19 @@ |
|||
|
|||
Contents of the openssl\netware directory |
|||
========================================== |
|||
|
|||
Regular files: |
|||
|
|||
readme.txt - this file |
|||
do_tests.pl - perl script used to run the OpenSSL tests on NetWare |
|||
cpy_tests.bat - batch to to copy test stuff to NetWare server |
|||
build.bat - batch file to help with builds |
|||
set_env.bat - batch file to help setup build environments |
|||
globals.txt - results of initial code review to identify OpenSSL global variables |
|||
|
|||
|
|||
The following files are generated by the various scripts. They are |
|||
recreated each time and it is okay to delete them. |
|||
|
|||
*.def - command files used by Metrowerks linker |
|||
*.mak - make files generated by mk1mf.pl |
@ -0,0 +1,112 @@ |
|||
@echo off |
|||
|
|||
rem ======================================================================== |
|||
rem Batch file to assist in setting up the necessary enviroment for |
|||
rem building OpenSSL for NetWare. |
|||
rem |
|||
rem usage: |
|||
rem set_env [target] |
|||
rem |
|||
rem target - "netware-clib" - Clib build |
|||
rem - "netware-libc" - LibC build |
|||
rem |
|||
rem |
|||
|
|||
if "a%1" == "a" goto usage |
|||
|
|||
set LIBC_BUILD= |
|||
set CLIB_BUILD= |
|||
set GNUC= |
|||
|
|||
if "%1" == "netware-clib" set CLIB_BUILD=Y |
|||
if "%1" == "netware-clib" set LIBC_BUILD= |
|||
|
|||
if "%1" == "netware-libc" set LIBC_BUILD=Y |
|||
if "%1" == "netware-libc" set CLIB_BUILD= |
|||
|
|||
if "%2" == "gnuc" set GNUC=Y |
|||
if "%2" == "codewarrior" set GNUC= |
|||
|
|||
rem Location of tools (compiler, linker, etc) |
|||
if "%NDKBASE%" == "" set NDKBASE=c:\Novell |
|||
|
|||
rem If Perl for Win32 is not already in your path, add it here |
|||
set PERL_PATH= |
|||
|
|||
rem Define path to the Metrowerks command line tools |
|||
rem or GNU Crosscompiler gcc / nlmconv |
|||
rem ( compiler, assembler, linker) |
|||
if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin |
|||
if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40 |
|||
|
|||
rem If using gnu make define path to utility |
|||
rem set GNU_MAKE_PATH=%NDKBASE%\gnu |
|||
set GNU_MAKE_PATH=c:\prg\tools |
|||
|
|||
rem If using ms nmake define path to nmake |
|||
rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin |
|||
|
|||
rem If using NASM assembler define path |
|||
rem set NASM_PATH=%NDKBASE%\nasm |
|||
set NASM_PATH=c:\prg\tools |
|||
|
|||
rem Update path to include tool paths |
|||
set path=%path%;%COMPILER_PATH% |
|||
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH% |
|||
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH% |
|||
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH% |
|||
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH% |
|||
|
|||
rem Set INCLUDES to location of Novell NDK includes |
|||
if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock |
|||
if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include |
|||
|
|||
rem Set Imports to location of Novell NDK import files |
|||
if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports |
|||
if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports |
|||
|
|||
rem Set PRELUDE to the absolute path of the prelude object to link with in |
|||
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is |
|||
rem recommended, for LibC NKS builds libcpre.o must be used |
|||
if "%GNUC%" == "Y" goto gnuc |
|||
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o |
|||
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o |
|||
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o |
|||
echo using MetroWerks CodeWarrior |
|||
goto info |
|||
|
|||
:gnuc |
|||
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o |
|||
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o |
|||
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o |
|||
echo using GNU GCC Compiler |
|||
|
|||
:info |
|||
echo. |
|||
|
|||
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build |
|||
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." |
|||
|
|||
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build |
|||
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." |
|||
|
|||
goto end |
|||
|
|||
:usage |
|||
rem =============================================================== |
|||
echo. |
|||
echo No target build specified! |
|||
echo. |
|||
echo usage: set_env [target] [compiler] |
|||
echo. |
|||
echo target - "netware-clib" - Clib build |
|||
echo - "netware-libc" - LibC build |
|||
echo. |
|||
echo compiler - "gnuc" - GNU GCC Compiler |
|||
echo - "codewarrior" - MetroWerks CodeWarrior (default) |
|||
echo. |
|||
|
|||
:end |
|||
echo. |
|||
|
|||
|
@ -0,0 +1,197 @@ |
|||
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X. |
|||
|
|||
|
|||
NOTE: The problem described here only applies when OpenSSL isn't built |
|||
with shared library support (i.e. without the "shared" configuration |
|||
option). If you build with shared library support, you will have no |
|||
problems as long as you set up DYLD_LIBRARY_PATH properly at all times. |
|||
|
|||
|
|||
This is really a misfeature in ld, which seems to look for .dylib libraries |
|||
along the whole library path before it bothers looking for .a libraries. This |
|||
means that -L switches won't matter unless OpenSSL is built with shared |
|||
library support. |
|||
|
|||
The workaround may be to change the following lines in apps/Makefile and |
|||
test/Makefile: |
|||
|
|||
LIBCRYPTO=-L.. -lcrypto |
|||
LIBSSL=-L.. -lssl |
|||
|
|||
to: |
|||
|
|||
LIBCRYPTO=../libcrypto.a |
|||
LIBSSL=../libssl.a |
|||
|
|||
It's possible that something similar is needed for shared library support |
|||
as well. That hasn't been well tested yet. |
|||
|
|||
|
|||
Another solution that many seem to recommend is to move the libraries |
|||
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different |
|||
directory, build and install OpenSSL and anything that depends on your |
|||
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their |
|||
original places. Note that the version numbers on those two libraries |
|||
may differ on your machine. |
|||
|
|||
|
|||
As long as Apple doesn't fix the problem with ld, this problem building |
|||
OpenSSL will remain as is. |
|||
|
|||
|
|||
* Parallell make leads to errors |
|||
|
|||
While running tests, running a parallell make is a bad idea. Many test |
|||
scripts use the same name for output and input files, which means different |
|||
will interfere with each other and lead to test failure. |
|||
|
|||
The solution is simple for now: don't run parallell make when testing. |
|||
|
|||
|
|||
* Bugs in gcc triggered |
|||
|
|||
- According to a problem report, there are bugs in gcc 3.0 that are |
|||
triggered by some of the code in OpenSSL, more specifically in |
|||
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following: |
|||
|
|||
header+=11; |
|||
if (*header != '4') return(0); header++; |
|||
if (*header != ',') return(0); header++; |
|||
|
|||
What happens is that gcc might optimize a little too agressively, and |
|||
you end up with an extra incrementation when *header != '4'. |
|||
|
|||
We recommend that you upgrade gcc to as high a 3.x version as you can. |
|||
|
|||
- According to multiple problem reports, some of our message digest |
|||
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64 |
|||
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while |
|||
latter - SHA one. |
|||
|
|||
The recomendation is to upgrade your compiler. This naturally applies to |
|||
other similar cases. |
|||
|
|||
- There is a subtle Solaris x86-specific gcc run-time environment bug, which |
|||
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug |
|||
manifests itself as Segmentation Fault upon early application start-up. |
|||
The problem can be worked around by patching the environment according to |
|||
http://www.openssl.org/~appro/values.c. |
|||
|
|||
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler. |
|||
|
|||
As subject suggests SHA-1 might perform poorly (4 times slower) |
|||
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for |
|||
this seems to be the fact that compiler emits multiplication to |
|||
perform shift operations:-( To work the problem around configure |
|||
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'. |
|||
|
|||
* Problems with hp-parisc2-cc target when used with "no-asm" flag |
|||
|
|||
When using the hp-parisc2-cc target, wrong bignum code is generated. |
|||
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3 |
|||
aggressive optimization. |
|||
The problem manifests itself by the BN_kronecker test hanging in an |
|||
endless loop. Reason: the BN_kronecker test calls BN_generate_prime() |
|||
which itself hangs. The reason could be tracked down to the bn_mul_comba8() |
|||
function in bn_asm.c. At some occasions the higher 32bit value of r[7] |
|||
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed, |
|||
as no debugger support possible at +O3 and additional fprintf()'s |
|||
introduced fixed the bug, therefore it is most likely a bug in the |
|||
optimizer. |
|||
The bug was found in the BN_kronecker test but may also lead to |
|||
failures in other parts of the code. |
|||
(See Ticket #426.) |
|||
|
|||
Workaround: modify the target to +O2 when building with no-asm. |
|||
|
|||
* Problems building shared libraries on SCO OpenServer Release 5.0.6 |
|||
with gcc 2.95.3 |
|||
|
|||
The symptoms appear when running the test suite, more specifically |
|||
test/ectest, with the following result: |
|||
|
|||
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest |
|||
ectest.c:186: ABORT |
|||
|
|||
The cause of the problem seems to be that isxdigit(), called from |
|||
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further |
|||
investigation shows that any of the isxxx() macros return 0 on any |
|||
input. A direct look in the information array that the isxxx() use, |
|||
called __ctype, shows that it contains all zeroes... |
|||
|
|||
Taking a look at the newly created libcrypto.so with nm, one can see |
|||
that the variable __ctype is defined in libcrypto's .bss (which |
|||
explains why it is filled with zeroes): |
|||
|
|||
$ nm -Pg libcrypto.so | grep __ctype |
|||
__ctype B 0011659c |
|||
__ctype2 U |
|||
|
|||
Curiously, __ctype2 is undefined, in spite of being declared in |
|||
/usr/include/ctype.h in exactly the same way as __ctype. |
|||
|
|||
Any information helping to solve this issue would be deeply |
|||
appreciated. |
|||
|
|||
NOTE: building non-shared doesn't come with this problem. |
|||
|
|||
* ULTRIX build fails with shell errors, such as "bad substitution" |
|||
and "test: argument expected" |
|||
|
|||
The problem is caused by ULTRIX /bin/sh supporting only original |
|||
Bourne shell syntax/semantics, and the trouble is that the vast |
|||
majority is so accustomed to more modern syntax, that very few |
|||
people [if any] would recognize the ancient syntax even as valid. |
|||
This inevitably results in non-trivial scripts breaking on ULTRIX, |
|||
and OpenSSL isn't an exclusion. Fortunately there is workaround, |
|||
hire /bin/ksh to do the job /bin/sh fails to do. |
|||
|
|||
1. Trick make(1) to use /bin/ksh by setting up following environ- |
|||
ment variables *prior* you execute ./Configure and make: |
|||
|
|||
PROG_ENV=POSIX |
|||
MAKESHELL=/bin/ksh |
|||
export PROG_ENV MAKESHELL |
|||
|
|||
or if your shell is csh-compatible: |
|||
|
|||
setenv PROG_ENV POSIX |
|||
setenv MAKESHELL /bin/ksh |
|||
|
|||
2. Trick /bin/sh to use alternative expression evaluator. Create |
|||
following 'test' script for example in /tmp: |
|||
|
|||
#!/bin/ksh |
|||
${0##*/} "$@" |
|||
|
|||
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend* |
|||
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter- |
|||
natively just replace system /bin/test and /bin/[ with the |
|||
above script. |
|||
|
|||
* hpux64-ia64-cc fails blowfish test. |
|||
|
|||
Compiler bug, presumably at particular patch level. It should be noted |
|||
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc |
|||
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o. |
|||
|
|||
* no-engines generates errors. |
|||
|
|||
Unfortunately, the 'no-engines' configuration option currently doesn't |
|||
work properly. Use 'no-hw' and you'll will at least get no hardware |
|||
support. We'll see how we fix that on OpenSSL versions past 0.9.8. |
|||
|
|||
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV] |
|||
if elder GNU binutils were deployed to link shared libcrypto.so. |
|||
|
|||
As subject suggests the failure is caused by a bug in elder binutils, |
|||
either as or ld, and was observed on FreeBSD and Linux. There are two |
|||
options. First is naturally to upgrade binutils, the second one - to |
|||
reconfigure with additional no-sse2 [or 386] option passed to ./config. |
|||
|
|||
* If configured with ./config no-dso, toolkit still gets linked with -ldl, |
|||
which most notably poses a problem when linking with dietlibc. |
|||
|
|||
We don't have framework to associate -ldl with no-dso, therefore the only |
|||
way is to edit Makefile right after ./config no-dso and remove -ldl from |
|||
EX_LIBS line. |
@ -0,0 +1,218 @@ |
|||
|
|||
OpenSSL 0.9.8o 1 Jun 2010 |
|||
|
|||
Copyright (c) 1998-2009 The OpenSSL Project |
|||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
|||
All rights reserved. |
|||
|
|||
DESCRIPTION |
|||
----------- |
|||
|
|||
The OpenSSL Project is a collaborative effort to develop a robust, |
|||
commercial-grade, fully featured, and Open Source toolkit implementing the |
|||
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) |
|||
protocols as well as a full-strength general purpose cryptography library. |
|||
The project is managed by a worldwide community of volunteers that use the |
|||
Internet to communicate, plan, and develop the OpenSSL toolkit and its |
|||
related documentation. |
|||
|
|||
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young |
|||
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the |
|||
OpenSSL license plus the SSLeay license) situation, which basically means |
|||
that you are free to get and use it for commercial and non-commercial |
|||
purposes as long as you fulfill the conditions of both licenses. |
|||
|
|||
OVERVIEW |
|||
-------- |
|||
|
|||
The OpenSSL toolkit includes: |
|||
|
|||
libssl.a: |
|||
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support |
|||
both SSLv2, SSLv3 and TLSv1 in the one server and client. |
|||
|
|||
libcrypto.a: |
|||
General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not |
|||
actually logically part of it. It includes routines for the following: |
|||
|
|||
Ciphers |
|||
libdes - EAY's libdes DES encryption package which was floating |
|||
around the net for a few years, and was then relicensed by |
|||
him as part of SSLeay. It includes 15 'modes/variations' |
|||
of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; |
|||
pcbc and a more general form of cfb and ofb) including desx |
|||
in cbc mode, a fast crypt(3), and routines to read |
|||
passwords from the keyboard. |
|||
RC4 encryption, |
|||
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. |
|||
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. |
|||
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. |
|||
|
|||
Digests |
|||
MD5 and MD2 message digest algorithms, fast implementations, |
|||
SHA (SHA-0) and SHA-1 message digest algorithms, |
|||
MDC2 message digest. A DES based hash that is popular on smart cards. |
|||
|
|||
Public Key |
|||
RSA encryption/decryption/generation. |
|||
There is no limit on the number of bits. |
|||
DSA encryption/decryption/generation. |
|||
There is no limit on the number of bits. |
|||
Diffie-Hellman key-exchange/key generation. |
|||
There is no limit on the number of bits. |
|||
|
|||
X.509v3 certificates |
|||
X509 encoding/decoding into/from binary ASN1 and a PEM |
|||
based ASCII-binary encoding which supports encryption with a |
|||
private key. Program to generate RSA and DSA certificate |
|||
requests and to generate RSA and DSA certificates. |
|||
|
|||
Systems |
|||
The normal digital envelope routines and base64 encoding. Higher |
|||
level access to ciphers and digests by name. New ciphers can be |
|||
loaded at run time. The BIO io system which is a simple non-blocking |
|||
IO abstraction. Current methods supported are file descriptors, |
|||
sockets, socket accept, socket connect, memory buffer, buffering, SSL |
|||
client/server, file pointer, encryption, digest, non-blocking testing |
|||
and null. |
|||
|
|||
Data structures |
|||
A dynamically growing hashing system |
|||
A simple stack. |
|||
A Configuration loader that uses a format similar to MS .ini files. |
|||
|
|||
openssl: |
|||
A command line tool that can be used for: |
|||
Creation of RSA, DH and DSA key parameters |
|||
Creation of X.509 certificates, CSRs and CRLs |
|||
Calculation of Message Digests |
|||
Encryption and Decryption with Ciphers |
|||
SSL/TLS Client and Server Tests |
|||
Handling of S/MIME signed or encrypted mail |
|||
|
|||
|
|||
PATENTS |
|||
------- |
|||
|
|||
Various companies hold various patents for various algorithms in various |
|||
locations around the world. _YOU_ are responsible for ensuring that your use |
|||
of any algorithms is legal by checking if there are any patents in your |
|||
country. The file contains some of the patents that we know about or are |
|||
rumored to exist. This is not a definitive list. |
|||
|
|||
RSA Security holds software patents on the RC5 algorithm. If you |
|||
intend to use this cipher, you must contact RSA Security for |
|||
licensing conditions. Their web page is http://www.rsasecurity.com/. |
|||
|
|||
RC4 is a trademark of RSA Security, so use of this label should perhaps |
|||
only be used with RSA Security's permission. |
|||
|
|||
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, |
|||
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They |
|||
should be contacted if that algorithm is to be used; their web page is |
|||
http://www.ascom.ch/. |
|||
|
|||
NTT and Mitsubishi have patents and pending patents on the Camellia |
|||
algorithm, but allow use at no charge without requiring an explicit |
|||
licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html |
|||
|
|||
INSTALLATION |
|||
------------ |
|||
|
|||
To install this package under a Unix derivative, read the INSTALL file. For |
|||
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read |
|||
INSTALL.VMS. |
|||
|
|||
Read the documentation in the doc/ directory. It is quite rough, but it |
|||
lists the functions; you will probably have to look at the code to work out |
|||
how to use them. Look at the example programs. |
|||
|
|||
PROBLEMS |
|||
-------- |
|||
|
|||
For some platforms, there are some known problems that may affect the user |
|||
or application author. We try to collect those in doc/PROBLEMS, with current |
|||
thoughts on how they should be solved in a future of OpenSSL. |
|||
|
|||
SUPPORT |
|||
------- |
|||
|
|||
See the OpenSSL website www.openssl.org for details of how to obtain |
|||
commercial technical support. |
|||
|
|||
If you have any problems with OpenSSL then please take the following steps |
|||
first: |
|||
|
|||
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/ |
|||
to see if the problem has already been addressed |
|||
- Remove ASM versions of libraries |
|||
- Remove compiler optimisation flags |
|||
|
|||
If you wish to report a bug then please include the following information in |
|||
any bug report: |
|||
|
|||
- On Unix systems: |
|||
Self-test report generated by 'make report' |
|||
- On other systems: |
|||
OpenSSL version: output of 'openssl version -a' |
|||
OS Name, Version, Hardware platform |
|||
Compiler Details (name, version) |
|||
- Application Details (name, version) |
|||
- Problem Description (steps that will reproduce the problem, if known) |
|||
- Stack Traceback (if the application dumps core) |
|||
|
|||
Report the bug to the OpenSSL project via the Request Tracker |
|||
(http://www.openssl.org/support/rt.html) by mail to: |
|||
|
|||
openssl-bugs@openssl.org |
|||
|
|||
Note that the request tracker should NOT be used for general assistance |
|||
or support queries. Just because something doesn't work the way you expect |
|||
does not mean it is necessarily a bug in OpenSSL. |
|||
|
|||
Note that mail to openssl-bugs@openssl.org is recorded in the publicly |
|||
readable request tracker database and is forwarded to a public |
|||
mailing list. Confidential mail may be sent to openssl-security@openssl.org |
|||
(PGP key available from the key servers). |
|||
|
|||
HOW TO CONTRIBUTE TO OpenSSL |
|||
---------------------------- |
|||
|
|||
Development is coordinated on the openssl-dev mailing list (see |
|||
http://www.openssl.org for information on subscribing). If you |
|||
would like to submit a patch, send it to openssl-bugs@openssl.org with |
|||
the string "[PATCH]" in the subject. Please be sure to include a |
|||
textual explanation of what your patch does. |
|||
|
|||
If you are unsure as to whether a feature will be useful for the general |
|||
OpenSSL community please discuss it on the openssl-dev mailing list first. |
|||
Someone may be already working on the same thing or there may be a good |
|||
reason as to why that feature isn't implemented. |
|||
|
|||
Patches should be as up to date as possible, preferably relative to the |
|||
current CVS or the last snapshot. They should follow the coding style of |
|||
OpenSSL and compile without warnings. Some of the core team developer targets |
|||
can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL |
|||
compiles on many varied platforms: try to ensure you only use portable |
|||
features. |
|||
|
|||
Note: For legal reasons, contributions from the US can be accepted only |
|||
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov |
|||
(formerly BXA) with a copy to the ENC Encryption Request Coordinator; |
|||
please take some time to look at |
|||
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] |
|||
and |
|||
http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) |
|||
for the details. If "your encryption source code is too large to serve as |
|||
an email attachment", they are glad to receive it by fax instead; hope you |
|||
have a cheap long-distance plan. |
|||
|
|||
Our preferred format for changes is "diff -u" output. You might |
|||
generate it like this: |
|||
|
|||
# cd openssl-work |
|||
# [your changes] |
|||
# ./Configure dist; make clean |
|||
# cd .. |
|||
# diff -ur openssl-orig openssl-work > mydiffs.patch |
|||
|
@ -0,0 +1,187 @@ |
|||
|
|||
OpenSSL ASN1 Revision |
|||
===================== |
|||
|
|||
This document describes some of the issues relating to the new ASN1 code. |
|||
|
|||
Previous OpenSSL ASN1 problems |
|||
============================= |
|||
|
|||
OK why did the OpenSSL ASN1 code need revising in the first place? Well |
|||
there are lots of reasons some of which are included below... |
|||
|
|||
1. The code is difficult to read and write. For every single ASN1 structure |
|||
(e.g. SEQUENCE) four functions need to be written for new, free, encode and |
|||
decode operations. This is a very painful and error prone operation. Very few |
|||
people have ever written any OpenSSL ASN1 and those that have usually wish |
|||
they hadn't. |
|||
|
|||
2. Partly because of 1. the code is bloated and takes up a disproportionate |
|||
amount of space. The SEQUENCE encoder is particularly bad: it essentially |
|||
contains two copies of the same operation, one to compute the SEQUENCE length |
|||
and the other to encode it. |
|||
|
|||
3. The code is memory based: that is it expects to be able to read the whole |
|||
structure from memory. This is fine for small structures but if you have a |
|||
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea... |
|||
|
|||
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily |
|||
changing the tag to the expected one, attempting to read it, then changing it |
|||
back again. This means that decode buffers have to be writable even though they |
|||
are ultimately unchanged. This gets in the way of constification. |
|||
|
|||
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into |
|||
the decoder and encoder for every EXPLICIT tag. |
|||
|
|||
6. APPLICATION and PRIVATE tags aren't even supported at all. |
|||
|
|||
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged |
|||
types that are not OPTIONAL. |
|||
|
|||
8. Much of the code assumes that a tag will fit in a single octet. This is |
|||
only true if the tag is 30 or less (mercifully tags over 30 are rare). |
|||
|
|||
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any |
|||
macros that properly support it. |
|||
|
|||
10. Encoders have no concept of OPTIONAL and have no error checking. If the |
|||
passed structure contains a NULL in a mandatory field it will not be encoded, |
|||
resulting in an invalid structure. |
|||
|
|||
11. It is tricky to add ASN1 encoders and decoders to external applications. |
|||
|
|||
Template model |
|||
============== |
|||
|
|||
One of the major problems with revision is the sheer volume of the ASN1 code. |
|||
Attempts to change (for example) the IMPLICIT behaviour would result in a |
|||
modification of *every* single decode function. |
|||
|
|||
I decided to adopt a template based approach. I'm using the term 'template' |
|||
in a manner similar to SNACC templates: it has nothing to do with C++ |
|||
templates. |
|||
|
|||
A template is a description of an ASN1 module as several constant C structures. |
|||
It describes in a machine readable way exactly how the ASN1 structure should |
|||
behave. If this template contains enough detail then it is possible to write |
|||
versions of new, free, encode, decode (and possibly others operations) that |
|||
operate on templates. |
|||
|
|||
Instead of having to write code to handle each operation only a single |
|||
template needs to be written. If new operations are needed (such as a 'print' |
|||
operation) only a single new template based function needs to be written |
|||
which will then automatically handle all existing templates. |
|||
|
|||
Plans for revision |
|||
================== |
|||
|
|||
The revision will consist of the following steps. Other than the first two |
|||
these can be handled in any order. |
|||
|
|||
o Design and write template new, free, encode and decode operations, initially |
|||
memory based. *DONE* |
|||
|
|||
o Convert existing ASN1 code to template form. *IN PROGRESS* |
|||
|
|||
o Convert an existing ASN1 compiler (probably SNACC) to output templates |
|||
in OpenSSL form. |
|||
|
|||
o Add support for BIO based ASN1 encoders and decoders to handle large |
|||
structures, initially blocking I/O. |
|||
|
|||
o Add support for non blocking I/O: this is quite a bit harder than blocking |
|||
I/O. |
|||
|
|||
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute |
|||
certificates etc etc. |
|||
|
|||
Description of major changes |
|||
============================ |
|||
|
|||
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is |
|||
absent. The meaning of absent depends on the context. If for example the |
|||
boolean type is DEFAULT FALSE (as in the case of the critical flag for |
|||
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE. |
|||
Usually the value will only ever be read via an API which will hide this from |
|||
an application. |
|||
|
|||
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with |
|||
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The |
|||
old code would omit the structure if the STACK was NULL (which is fine) or if |
|||
it had zero elements (which is NOT OK). This causes problems because an empty |
|||
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when |
|||
it is encoded it will be omitted resulting in different encodings. The new code |
|||
only omits the encoding if the STACK is NULL, if it contains zero elements it |
|||
is encoded and empty. There is an additional problem though: because an empty |
|||
STACK was omitted, sometimes the corresponding *_new() function would |
|||
initialize the STACK to empty so an application could immediately use it, if |
|||
this is done with the new code (i.e. a NULL) it wont work. Therefore a new |
|||
STACK should be allocated first. One instance of this is the X509_CRL list of |
|||
revoked certificates: a helper function X509_CRL_add0_revoked() has been added |
|||
for this purpose. |
|||
|
|||
The X509_ATTRIBUTE structure used to have an element called 'set' which took |
|||
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due |
|||
to the behaviour of CHOICE in the new code this has been changed to a field |
|||
called 'single' which is 0 for a SET OF and 1 for single. The old field has |
|||
been deleted to deliberately break source compatibility. Since this structure |
|||
is normally accessed via higher level functions this shouldn't break too much. |
|||
|
|||
The X509_REQ_INFO certificate request info structure no longer has a field |
|||
called 'req_kludge'. This used to be set to 1 if the attributes field was |
|||
(incorrectly) omitted. You can check to see if the field is omitted now by |
|||
checking if the attributes field is NULL. Similarly if you need to omit |
|||
the field then free attributes and set it to NULL. |
|||
|
|||
The top level 'detached' field in the PKCS7 structure is no longer set when |
|||
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead. |
|||
The behaviour of PKCS7_get_detached() is unaffected. |
|||
|
|||
The values of 'type' in the GENERAL_NAME structure have changed. This is |
|||
because the old code use the ASN1 initial octet as the selector. The new |
|||
code uses the index in the ASN1_CHOICE template. |
|||
|
|||
The DIST_POINT_NAME structure has changed to be a true CHOICE type. |
|||
|
|||
typedef struct DIST_POINT_NAME_st { |
|||
int type; |
|||
union { |
|||
STACK_OF(GENERAL_NAME) *fullname; |
|||
STACK_OF(X509_NAME_ENTRY) *relativename; |
|||
} name; |
|||
} DIST_POINT_NAME; |
|||
|
|||
This means that name.fullname or name.relativename should be set |
|||
and type reflects the option. That is if name.fullname is set then |
|||
type is 0 and if name.relativename is set type is 1. |
|||
|
|||
With the old code using the i2d functions would typically involve: |
|||
|
|||
unsigned char *buf, *p; |
|||
int len; |
|||
/* Find length of encoding */ |
|||
len = i2d_SOMETHING(x, NULL); |
|||
/* Allocate buffer */ |
|||
buf = OPENSSL_malloc(len); |
|||
if(buf == NULL) { |
|||
/* Malloc error */ |
|||
} |
|||
/* Use temp variable because &p gets updated to point to end of |
|||
* encoding. |
|||
*/ |
|||
p = buf; |
|||
i2d_SOMETHING(x, &p); |
|||
|
|||
|
|||
Using the new i2d you can also do: |
|||
|
|||
unsigned char *buf = NULL; |
|||
int len; |
|||
len = i2d_SOMETHING(x, &buf); |
|||
if(len < 0) { |
|||
/* Malloc error */ |
|||
} |
|||
|
|||
and it will automatically allocate and populate a buffer with the |
|||
encoding. After this call 'buf' will point to the start of the |
|||
encoding which is len bytes long. |
@ -0,0 +1,289 @@ |
|||
ENGINE |
|||
====== |
|||
|
|||
With OpenSSL 0.9.6, a new component was added to support alternative |
|||
cryptography implementations, most commonly for interfacing with external |
|||
crypto devices (eg. accelerator cards). This component is called ENGINE, |
|||
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) |
|||
caused a little confusion as 0.9.6** releases were rolled in two |
|||
versions, a "standard" and an "engine" version. In development for 0.9.7, |
|||
the ENGINE code has been merged into the main branch and will be present |
|||
in the standard releases from 0.9.7 forwards. |
|||
|
|||
There are currently built-in ENGINE implementations for the following |
|||
crypto devices: |
|||
|
|||
o CryptoSwift |
|||
o Compaq Atalla |
|||
o nCipher CHIL |
|||
o Nuron |
|||
o Broadcom uBSec |
|||
|
|||
In addition, dynamic binding to external ENGINE implementations is now |
|||
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE" |
|||
section below for details. |
|||
|
|||
At this stage, a number of things are still needed and are being worked on: |
|||
|
|||
1 Integration of EVP support. |
|||
2 Configuration support. |
|||
3 Documentation! |
|||
|
|||
1 With respect to EVP, this relates to support for ciphers and digests in |
|||
the ENGINE model so that alternative implementations of existing |
|||
algorithms/modes (or previously unimplemented ones) can be provided by |
|||
ENGINE implementations. |
|||
|
|||
2 Configuration support currently exists in the ENGINE API itself, in the |
|||
form of "control commands". These allow an application to expose to the |
|||
user/admin the set of commands and parameter types a given ENGINE |
|||
implementation supports, and for an application to directly feed string |
|||
based input to those ENGINEs, in the form of name-value pairs. This is an |
|||
extensible way for ENGINEs to define their own "configuration" mechanisms |
|||
that are specific to a given ENGINE (eg. for a particular hardware |
|||
device) but that should be consistent across *all* OpenSSL-based |
|||
applications when they use that ENGINE. Work is in progress (or at least |
|||
in planning) for supporting these control commands from the CONF (or |
|||
NCONF) code so that applications using OpenSSL's existing configuration |
|||
file format can have ENGINE settings specified in much the same way. |
|||
Presently however, applications must use the ENGINE API itself to provide |
|||
such functionality. To see first hand the types of commands available |
|||
with the various compiled-in ENGINEs (see further down for dynamic |
|||
ENGINEs), use the "engine" openssl utility with full verbosity, ie; |
|||
openssl engine -vvvv |
|||
|
|||
3 Documentation? Volunteers welcome! The source code is reasonably well |
|||
self-documenting, but some summaries and usage instructions are needed - |
|||
moreover, they are needed in the same POD format the existing OpenSSL |
|||
documentation is provided in. Any complete or incomplete contributions |
|||
would help make this happen. |
|||
|
|||
STABILITY & BUG-REPORTS |
|||
======================= |
|||
|
|||
What already exists is fairly stable as far as it has been tested, but |
|||
the test base has been a bit small most of the time. For the most part, |
|||
the vendors of the devices these ENGINEs support have contributed to the |
|||
development and/or testing of the implementations, and *usually* (with no |
|||
guarantees) have experience in using the ENGINE support to drive their |
|||
devices from common OpenSSL-based applications. Bugs and/or inexplicable |
|||
behaviour in using a specific ENGINE implementation should be sent to the |
|||
author of that implementation (if it is mentioned in the corresponding C |
|||
file), and in the case of implementations for commercial hardware |
|||
devices, also through whatever vendor support channels are available. If |
|||
none of this is possible, or the problem seems to be something about the |
|||
ENGINE API itself (ie. not necessarily specific to a particular ENGINE |
|||
implementation) then you should mail complete details to the relevant |
|||
OpenSSL mailing list. For a definition of "complete details", refer to |
|||
the OpenSSL "README" file. As for which list to send it to; |
|||
|
|||
openssl-users: if you are *using* the ENGINE abstraction, either in an |
|||
pre-compiled application or in your own application code. |
|||
|
|||
openssl-dev: if you are discussing problems with OpenSSL source code. |
|||
|
|||
USAGE |
|||
===== |
|||
|
|||
The default "openssl" ENGINE is always chosen when performing crypto |
|||
operations unless you specify otherwise. You must actively tell the |
|||
openssl utility commands to use anything else through a new command line |
|||
switch called "-engine". Also, if you want to use the ENGINE support in |
|||
your own code to do something similar, you must likewise explicitly |
|||
select the ENGINE implementation you want. |
|||
|
|||
Depending on the type of hardware, system, and configuration, "settings" |
|||
may need to be applied to an ENGINE for it to function as expected/hoped. |
|||
The recommended way of doing this is for the application to support |
|||
ENGINE "control commands" so that each ENGINE implementation can provide |
|||
whatever configuration primitives it might require and the application |
|||
can allow the user/admin (and thus the hardware vendor's support desk |
|||
also) to provide any such input directly to the ENGINE implementation. |
|||
This way, applications do not need to know anything specific to any |
|||
device, they only need to provide the means to carry such user/admin |
|||
input through to the ENGINE in question. Ie. this connects *you* (and |
|||
your helpdesk) to the specific ENGINE implementation (and device), and |
|||
allows application authors to not get buried in hassle supporting |
|||
arbitrary devices they know (and care) nothing about. |
|||
|
|||
A new "openssl" utility, "openssl engine", has been added in that allows |
|||
for testing and examination of ENGINE implementations. Basic usage |
|||
instructions are available by specifying the "-?" command line switch. |
|||
|
|||
DYNAMIC ENGINES |
|||
=============== |
|||
|
|||
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE |
|||
implementations that aren't pre-compiled and linked into OpenSSL-based |
|||
applications. This could be because existing compiled-in implementations |
|||
have known problems and you wish to use a newer version with an existing |
|||
application. It could equally be because the application (or OpenSSL |
|||
library) you are using simply doesn't have support for the ENGINE you |
|||
wish to use, and the ENGINE provider (eg. hardware vendor) is providing |
|||
you with a self-contained implementation in the form of a shared-library. |
|||
The other use-case for "dynamic" is with applications that wish to |
|||
maintain the smallest foot-print possible and so do not link in various |
|||
ENGINE implementations from OpenSSL, but instead leaves you to provide |
|||
them, if you want them, in the form of "dynamic"-loadable |
|||
shared-libraries. It should be possible for hardware vendors to provide |
|||
their own shared-libraries to support arbitrary hardware to work with |
|||
applications based on OpenSSL 0.9.7 or later. If you're using an |
|||
application based on 0.9.7 (or later) and the support you desire is only |
|||
announced for versions later than the one you need, ask the vendor to |
|||
backport their ENGINE to the version you need. |
|||
|
|||
How does "dynamic" work? |
|||
------------------------ |
|||
The dynamic ENGINE has a special flag in its implementation such that |
|||
every time application code asks for the 'dynamic' ENGINE, it in fact |
|||
gets its own copy of it. As such, multi-threaded code (or code that |
|||
multiplexes multiple uses of 'dynamic' in a single application in any |
|||
way at all) does not get confused by 'dynamic' being used to do many |
|||
independent things. Other ENGINEs typically don't do this so there is |
|||
only ever 1 ENGINE structure of its type (and reference counts are used |
|||
to keep order). The dynamic ENGINE itself provides absolutely no |
|||
cryptographic functionality, and any attempt to "initialise" the ENGINE |
|||
automatically fails. All it does provide are a few "control commands" |
|||
that can be used to control how it will load an external ENGINE |
|||
implementation from a shared-library. To see these control commands, |
|||
use the command-line; |
|||
|
|||
openssl engine -vvvv dynamic |
|||
|
|||
The "SO_PATH" control command should be used to identify the |
|||
shared-library that contains the ENGINE implementation, and "NO_VCHECK" |
|||
might possibly be useful if there is a minor version conflict and you |
|||
(or a vendor helpdesk) is convinced you can safely ignore it. |
|||
"ID" is probably only needed if a shared-library implements |
|||
multiple ENGINEs, but if you know the engine id you expect to be using, |
|||
it doesn't hurt to specify it (and this provides a sanity check if |
|||
nothing else). "LIST_ADD" is only required if you actually wish the |
|||
loaded ENGINE to be discoverable by application code later on using the |
|||
ENGINE's "id". For most applications, this isn't necessary - but some |
|||
application authors may have nifty reasons for using it. The "LOAD" |
|||
command is the only one that takes no parameters and is the command |
|||
that uses the settings from any previous commands to actually *load* |
|||
the shared-library ENGINE implementation. If this command succeeds, the |
|||
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE |
|||
that has been loaded from the shared-library. As such, any control |
|||
commands supported by the loaded ENGINE could then be executed as per |
|||
normal. Eg. if ENGINE "foo" is implemented in the shared-library |
|||
"libfoo.so" and it supports some special control command "CMD_FOO", the |
|||
following code would load and use it (NB: obviously this code has no |
|||
error checking); |
|||
|
|||
ENGINE *e = ENGINE_by_id("dynamic"); |
|||
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0); |
|||
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0); |
|||
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0); |
|||
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0); |
|||
|
|||
For testing, the "openssl engine" utility can be useful for this sort |
|||
of thing. For example the above code excerpt would achieve much the |
|||
same result as; |
|||
|
|||
openssl engine dynamic \ |
|||
-pre SO_PATH:/lib/libfoo.so \ |
|||
-pre ID:foo \ |
|||
-pre LOAD \ |
|||
-pre "CMD_FOO:some input data" |
|||
|
|||
Or to simply see the list of commands supported by the "foo" ENGINE; |
|||
|
|||
openssl engine -vvvv dynamic \ |
|||
-pre SO_PATH:/lib/libfoo.so \ |
|||
-pre ID:foo \ |
|||
-pre LOAD |
|||
|
|||
Applications that support the ENGINE API and more specifically, the |
|||
"control commands" mechanism, will provide some way for you to pass |
|||
such commands through to ENGINEs. As such, you would select "dynamic" |
|||
as the ENGINE to use, and the parameters/commands you pass would |
|||
control the *actual* ENGINE used. Each command is actually a name-value |
|||
pair and the value can sometimes be omitted (eg. the "LOAD" command). |
|||
Whilst the syntax demonstrated in "openssl engine" uses a colon to |
|||
separate the command name from the value, applications may provide |
|||
their own syntax for making that separation (eg. a win32 registry |
|||
key-value pair may be used by some applications). The reason for the |
|||
"-pre" syntax in the "openssl engine" utility is that some commands |
|||
might be issued to an ENGINE *after* it has been initialised for use. |
|||
Eg. if an ENGINE implementation requires a smart-card to be inserted |
|||
during initialisation (or a PIN to be typed, or whatever), there may be |
|||
a control command you can issue afterwards to "forget" the smart-card |
|||
so that additional initialisation is no longer possible. In |
|||
applications such as web-servers, where potentially volatile code may |
|||
run on the same host system, this may provide some arguable security |
|||
value. In such a case, the command would be passed to the ENGINE after |
|||
it has been initialised for use, and so the "-post" switch would be |
|||
used instead. Applications may provide a different syntax for |
|||
supporting this distinction, and some may simply not provide it at all |
|||
("-pre" is almost always what you're after, in reality). |
|||
|
|||
How do I build a "dynamic" ENGINE? |
|||
---------------------------------- |
|||
This question is trickier - currently OpenSSL bundles various ENGINE |
|||
implementations that are statically built in, and any application that |
|||
calls the "ENGINE_load_builtin_engines()" function will automatically |
|||
have all such ENGINEs available (and occupying memory). Applications |
|||
that don't call that function have no ENGINEs available like that and |
|||
would have to use "dynamic" to load any such ENGINE - but on the other |
|||
hand such applications would only have the memory footprint of any |
|||
ENGINEs explicitly loaded using user/admin provided control commands. |
|||
The main advantage of not statically linking ENGINEs and only using |
|||
"dynamic" for hardware support is that any installation using no |
|||
"external" ENGINE suffers no unnecessary memory footprint from unused |
|||
ENGINEs. Likewise, installations that do require an ENGINE incur the |
|||
overheads from only *that* ENGINE once it has been loaded. |
|||
|
|||
Sounds good? Maybe, but currently building an ENGINE implementation as |
|||
a shared-library that can be loaded by "dynamic" isn't automated in |
|||
OpenSSL's build process. It can be done manually quite easily however. |
|||
Such a shared-library can either be built with any OpenSSL code it |
|||
needs statically linked in, or it can link dynamically against OpenSSL |
|||
if OpenSSL itself is built as a shared library. The instructions are |
|||
the same in each case, but in the former (statically linked any |
|||
dependencies on OpenSSL) you must ensure OpenSSL is built with |
|||
position-independent code ("PIC"). The default OpenSSL compilation may |
|||
already specify the relevant flags to do this, but you should consult |
|||
with your compiler documentation if you are in any doubt. |
|||
|
|||
This example will show building the "atalla" ENGINE in the |
|||
crypto/engine/ directory as a shared-library for use via the "dynamic" |
|||
ENGINE. |
|||
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL |
|||
source tree. |
|||
2) Recompile at least one source file so you can see all the compiler |
|||
flags (and syntax) being used to build normally. Eg; |
|||
touch hw_atalla.c ; make |
|||
will rebuild "hw_atalla.o" using all such flags. |
|||
3) Manually enter the same compilation line to compile the |
|||
"hw_atalla.c" file but with the following two changes; |
|||
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches, |
|||
(b) change the output file from "hw_atalla.o" to something new, |
|||
eg. "tmp_atalla.o" |
|||
4) Link "tmp_atalla.o" into a shared-library using the top-level |
|||
OpenSSL libraries to resolve any dependencies. The syntax for doing |
|||
this depends heavily on your system/compiler and is a nightmare |
|||
known well to anyone who has worked with shared-library portability |
|||
before. 'gcc' on Linux, for example, would use the following syntax; |
|||
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto |
|||
5) Test your shared library using "openssl engine" as explained in the |
|||
previous section. Eg. from the top-level directory, you might try; |
|||
apps/openssl engine -vvvv dynamic \ |
|||
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD |
|||
If the shared-library loads successfully, you will see both "-pre" |
|||
commands marked as "SUCCESS" and the list of control commands |
|||
displayed (because of "-vvvv") will be the control commands for the |
|||
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add |
|||
the "-t" switch to the utility if you want it to try and initialise |
|||
the atalla ENGINE for use to test any possible hardware/driver |
|||
issues. |
|||
|
|||
PROBLEMS |
|||
======== |
|||
|
|||
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32. |
|||
A quick test done right before the release showed that trying "openssl speed |
|||
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made |
|||
to write at memory address 0x00000002. |
|||
|
@ -0,0 +1,18 @@ |
|||
TODO: |
|||
===== |
|||
|
|||
There are a few things that need to be worked out in the VMS version of |
|||
OpenSSL, still: |
|||
|
|||
- Description files. ("Makefile's" :-)) |
|||
- Script code to link an already compiled build tree. |
|||
- A VMSINSTALlable version (way in the future, unless someone else hacks). |
|||
- shareable images (DLL for you Windows folks). |
|||
|
|||
There may be other things that I have missed and that may be desirable. |
|||
Please send mail to <openssl-users@openssl.org> or to me directly if you |
|||
have any ideas. |
|||
|
|||
-- |
|||
Richard Levitte <richard@levitte.org> |
|||
1999-05-24 |
@ -0,0 +1,34 @@ |
|||
#! /usr/bin/perl |
|||
|
|||
use strict; |
|||
use warnings; |
|||
|
|||
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" ); |
|||
my @file_vars = ( "database", "certificate", "serial", "crlnumber", |
|||
"crl", "private_key", "RANDFILE" ); |
|||
while(<STDIN>) { |
|||
chomp; |
|||
foreach my $d (@directory_vars) { |
|||
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) { |
|||
$_ = "$1sys\\\$disk:\[.$2$3"; |
|||
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) { |
|||
$_ = "$1sys\\\$disk:\[.$2$3"; |
|||
} |
|||
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/; |
|||
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) { |
|||
$_ = "$1.$3]$4"; |
|||
} |
|||
} |
|||
foreach my $f (@file_vars) { |
|||
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/; |
|||
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) { |
|||
$_ = "$1.$3$4"; |
|||
} |
|||
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) { |
|||
$_ = "$1]$3.$4"; |
|||
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) { |
|||
$_ = "$1]$3$4"; |
|||
} |
|||
} |
|||
print $_,"\n"; |
|||
} |
@ -0,0 +1,4 @@ |
|||
* Have the building procedure contain a LINK-only possibility. |
|||
Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au> |
|||
|
|||
One way to enable that is also to go over to DESCRIP.MMS files. |
@ -0,0 +1,79 @@ |
|||
$! INSTALL.COM -- Installs the files in a given directory tree |
|||
$! |
|||
$! Author: Richard Levitte <richard@levitte.org> |
|||
$! Time of creation: 23-MAY-1998 19:22 |
|||
$! |
|||
$! P1 root of the directory tree |
|||
$! |
|||
$ IF P1 .EQS. "" |
|||
$ THEN |
|||
$ WRITE SYS$OUTPUT "First argument missing." |
|||
$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." |
|||
$ EXIT |
|||
$ ENDIF |
|||
$ |
|||
$ IF (F$GETSYI("CPU").LT.128) |
|||
$ THEN |
|||
$ ARCH := VAX |
|||
$ ELSE |
|||
$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") |
|||
$ IF (ARCH .EQS. "") THEN ARCH = "UNK" |
|||
$ ENDIF |
|||
$ |
|||
$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" |
|||
$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") |
|||
$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - |
|||
- "[000000." - "][" - "[" - "]" |
|||
$ ROOT = ROOT_DEV + "[" + ROOT_DIR |
|||
$ |
|||
$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC |
|||
$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] |
|||
$ |
|||
$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - |
|||
CREATE/DIR/LOG WRK_SSLROOT:[000000] |
|||
$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - |
|||
CREATE/DIR/LOG WRK_SSLINCLUDE: |
|||
$ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - |
|||
CREATE/DIR/LOG WRK_SSLROOT:[VMS] |
|||
$ |
|||
$ IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN - |
|||
DELETE WRK_SSLINCLUDE:vms_idhacks.h;* |
|||
$ |
|||
$ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM |
|||
$ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created." |
|||
$ WRITE SF "$! Startup file for Openssl" |
|||
$ WRITE SF "$!" |
|||
$ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation." |
|||
$ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM" |
|||
$ WRITE SF "$!" |
|||
$ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names" |
|||
$ WRITE SF "$! defined in the system logical name table." |
|||
$ WRITE SF "$!" |
|||
$ WRITE SF "$ IF (F$GETSYI(""CPU"").LT.128)" |
|||
$ WRITE SF "$ THEN" |
|||
$ WRITE SF "$ ARCH := VAX" |
|||
$ WRITE SF "$ ELSE" |
|||
$ WRITE SF "$ ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")" |
|||
$ WRITE SF "$ IF (ARCH .EQS. """") THEN ARCH = ""UNK""" |
|||
$ WRITE SF "$ ENDIF" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLEXE SSLROOT:['ARCH'_EXE]" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLCERTS SSLROOT:[CERTS]" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 SSLPRIVATE SSLROOT:[PRIVATE]" |
|||
$ WRITE SF "$" |
|||
$ WRITE SF "$! This is program can include <openssl/{foo}.h>" |
|||
$ WRITE SF "$ DEFINE/NOLOG'P1 OPENSSL SSLINCLUDE:" |
|||
$ WRITE SF "$" |
|||
$ WRITE SF "$ IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -" |
|||
$ WRITE SF " @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM" |
|||
$ WRITE SF "$" |
|||
$ WRITE SF "$ EXIT" |
|||
$ CLOSE SF |
|||
$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM |
|||
$ |
|||
$ COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG |
|||
$ SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM |
|||
$ |
|||
$ EXIT |
@ -0,0 +1,371 @@ |
|||
$! MKSHARED.COM -- script to created shareable images on VMS |
|||
$! |
|||
$! No command line parameters. This should be run at the start of the source |
|||
$! tree (the same directory where one finds INSTALL.VMS). |
|||
$! |
|||
$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB |
|||
$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB |
|||
$! Output: [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE |
|||
$! [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE |
|||
$! |
|||
$! So far, tests have only been made on VMS for Alpha. VAX will come in time. |
|||
$! =========================================================================== |
|||
$ |
|||
$! ----- Prepare info for processing: version number and file info |
|||
$ gosub read_version_info |
|||
$ if libver .eqs. "" |
|||
$ then |
|||
$ write sys$error "ERROR: Couldn't find any library version info..." |
|||
$ exit |
|||
$ endif |
|||
$ |
|||
$ if (f$getsyi("cpu").lt.128) |
|||
$ then |
|||
$ arch := VAX |
|||
$ else |
|||
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") |
|||
$ if (arch .eqs. "") then arch = "UNK" |
|||
$ endif |
|||
$ |
|||
$ if arch .nes. "VAX" |
|||
$ then |
|||
$ arch_vax = 0 |
|||
$ libid = "Crypto" |
|||
$ libnum = "[.UTIL]LIBEAY.NUM" |
|||
$ libdir = "[.''ARCH'.EXE.CRYPTO]" |
|||
$ libolb = "''libdir'LIBCRYPTO.OLB" |
|||
$ libopt = "''libdir'LIBCRYPTO.OPT" |
|||
$ libmap = "''libdir'LIBCRYPTO.MAP" |
|||
$ libgoal= "''libdir'LIBCRYPTO.EXE" |
|||
$ libref = "" |
|||
$ gosub create_nonvax_shr |
|||
$ libid = "SSL" |
|||
$ libnum = "[.UTIL]SSLEAY.NUM" |
|||
$ libdir = "[.''ARCH'.EXE.SSL]" |
|||
$ libolb = "''libdir'LIBSSL.OLB" |
|||
$ libopt = "''libdir'LIBSSL.OPT" |
|||
$ libmap = "''libdir'LIBSSL.MAP" |
|||
$ libgoal= "''libdir'LIBSSL.EXE" |
|||
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" |
|||
$ gosub create_nonvax_shr |
|||
$ else |
|||
$ arch_vax = 1 |
|||
$ libtit = "CRYPTO_TRANSFER_VECTOR" |
|||
$ libid = "Crypto" |
|||
$ libnum = "[.UTIL]LIBEAY.NUM" |
|||
$ libdir = "[.''ARCH'.EXE.CRYPTO]" |
|||
$ libmar = "''libdir'LIBCRYPTO.MAR" |
|||
$ libolb = "''libdir'LIBCRYPTO.OLB" |
|||
$ libopt = "''libdir'LIBCRYPTO.OPT" |
|||
$ libobj = "''libdir'LIBCRYPTO.OBJ" |
|||
$ libmap = "''libdir'LIBCRYPTO.MAP" |
|||
$ libgoal= "''libdir'LIBCRYPTO.EXE" |
|||
$ libref = "" |
|||
$ libvec = "LIBCRYPTO" |
|||
$ gosub create_vax_shr |
|||
$ libtit = "SSL_TRANSFER_VECTOR" |
|||
$ libid = "SSL" |
|||
$ libnum = "[.UTIL]SSLEAY.NUM" |
|||
$ libdir = "[.''ARCH'.EXE.SSL]" |
|||
$ libmar = "''libdir'LIBSSL.MAR" |
|||
$ libolb = "''libdir'LIBSSL.OLB" |
|||
$ libopt = "''libdir'LIBSSL.OPT" |
|||
$ libobj = "''libdir'LIBSSL.OBJ" |
|||
$ libmap = "''libdir'LIBSSL.MAP" |
|||
$ libgoal= "''libdir'LIBSSL.EXE" |
|||
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" |
|||
$ libvec = "LIBSSL" |
|||
$ gosub create_vax_shr |
|||
$ endif |
|||
$ exit |
|||
$ |
|||
$! ----- Soubroutines to build the shareable libraries |
|||
$! For each supported architecture, there's a main shareable library |
|||
$! creator, which is called from the main code above. |
|||
$! The creator will define a number of variables to tell the next levels of |
|||
$! subroutines what routines to use to write to the option files, call the |
|||
$! main processor, read_func_num, and when that is done, it will write version |
|||
$! data at the end of the .opt file, close it, and link the library. |
|||
$! |
|||
$! read_func_num reads through a .num file and calls the writer routine for |
|||
$! each line. It's also responsible for checking that order is properly kept |
|||
$! in the .num file, check that each line applies to VMS and the architecture, |
|||
$! and to fill in "holes" with dummy entries. |
|||
$! |
|||
$! The creator routines depend on the following variables: |
|||
$! libnum The name of the .num file to use as input |
|||
$! libolb The name of the object library to build from |
|||
$! libid The identification string of the shareable library |
|||
$! libopt The name of the .opt file to write |
|||
$! libtit The title of the assembler transfer vector file (VAX only) |
|||
$! libmar The name of the assembler transfer vector file (VAX only) |
|||
$! libmap The name of the map file to write |
|||
$! libgoal The name of the shareable library to write |
|||
$! libref The name of a shareable library to link in |
|||
$! |
|||
$! read_func_num depends on the following variables from the creator: |
|||
$! libwriter The name of the writer routine to call for each .num file line |
|||
$! ----- |
|||
$ |
|||
$! ----- Subroutines for non-VAX |
|||
$! ----- |
|||
$! The creator routine |
|||
$ create_nonvax_shr: |
|||
$ open/write opt 'libopt' |
|||
$ write opt "identification=""",libid," ",libverstr,"""" |
|||
$ write opt libolb,"/lib" |
|||
$ if libref .nes. "" then write opt libref,"/SHARE" |
|||
$ write opt "SYMBOL_VECTOR=(-" |
|||
$ libfirstentry := true |
|||
$ libwrch := opt |
|||
$ libwriter := write_nonvax_transfer_entry |
|||
$ textcount = 0 |
|||
$ gosub read_func_num |
|||
$ write opt ")" |
|||
$ write opt "GSMATCH=",libvmatch,",",libver |
|||
$ close opt |
|||
$ link/map='libmap'/full/share='libgoal' 'libopt'/option |
|||
$ return |
|||
$ |
|||
$! The record writer routine |
|||
$ write_nonvax_transfer_entry: |
|||
$ if libentry .eqs. ".dummy" then return |
|||
$ if info_kind .eqs. "VARIABLE" |
|||
$ then |
|||
$ pr:=DATA |
|||
$ else |
|||
$ pr:=PROCEDURE |
|||
$ endif |
|||
$ textcount_this = f$length(pr) + f$length(libentry) + 5 |
|||
$ if textcount + textcount_this .gt. 1024 |
|||
$ then |
|||
$ write opt ")" |
|||
$ write opt "SYMBOL_VECTOR=(-" |
|||
$ textcount = 16 |
|||
$ libfirstentry := true |
|||
$ endif |
|||
$ if libfirstentry |
|||
$ then |
|||
$ write 'libwrch' " ",libentry,"=",pr," -" |
|||
$ else |
|||
$ write 'libwrch' " ,",libentry,"=",pr," -" |
|||
$ endif |
|||
$ libfirstentry := false |
|||
$ textcount = textcount + textcount_this |
|||
$ return |
|||
$ |
|||
$! ----- Subroutines for VAX |
|||
$! ----- |
|||
$! The creator routine |
|||
$ create_vax_shr: |
|||
$ open/write mar 'libmar' |
|||
$ type sys$input:/out=mar: |
|||
; |
|||
; Transfer vector for VAX shareable image |
|||
; |
|||
$ write mar " .TITLE ",libtit |
|||
$ write mar " .IDENT /",libid,"/" |
|||
$ type sys$input:/out=mar: |
|||
; |
|||
; Define macro to assist in building transfer vector entries. Each entry |
|||
; should take no more than 8 bytes. |
|||
; |
|||
.MACRO FTRANSFER_ENTRY routine |
|||
.ALIGN QUAD |
|||
.TRANSFER routine |
|||
.MASK routine |
|||
JMP routine+2 |
|||
.ENDM FTRANSFER_ENTRY |
|||
; |
|||
; Place entries in own program section. |
|||
; |
|||
$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT" |
|||
$ write mar libvec,"_xfer:" |
|||
$ libwrch := mar |
|||
$ libwriter := write_vax_ftransfer_entry |
|||
$ gosub read_func_num |
|||
$ type sys$input:/out=mar: |
|||
; |
|||
; Allocate extra storage at end of vector to allow for expansion. |
|||
; |
|||
$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total." |
|||
$! libwriter := write_vax_vtransfer_entry |
|||
$! gosub read_func_num |
|||
$ write mar " .END" |
|||
$ close mar |
|||
$ open/write opt 'libopt' |
|||
$ write opt "identification=""",libid," ",libverstr,"""" |
|||
$ write opt libobj |
|||
$ write opt libolb,"/lib" |
|||
$ if libref .nes. "" then write opt libref,"/SHARE" |
|||
$ type sys$input:/out=opt: |
|||
! |
|||
! Ensure transfer vector is at beginning of image |
|||
! |
|||
CLUSTER=FIRST |
|||
$ write opt "COLLECT=FIRST,$$",libvec |
|||
$ write opt "GSMATCH=",libvmatch,",",libver |
|||
$ type sys$input:/out=opt: |
|||
! |
|||
! make psects nonshareable so image can be installed. |
|||
! |
|||
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT |
|||
$ libwrch := opt |
|||
$ libwriter := write_vax_psect_attr |
|||
$ gosub read_func_num |
|||
$ close opt |
|||
$ macro/obj='libobj' 'libmar' |
|||
$ link/map='libmap'/full/share='libgoal' 'libopt'/option |
|||
$ return |
|||
$ |
|||
$! The record writer routine for VAX functions |
|||
$ write_vax_ftransfer_entry: |
|||
$ if info_kind .nes. "FUNCTION" then return |
|||
$ if libentry .eqs ".dummy" |
|||
$ then |
|||
$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes... |
|||
$ else |
|||
$ write 'libwrch' " FTRANSFER_ENTRY ",libentry |
|||
$ endif |
|||
$ return |
|||
$! The record writer routine for VAX variables (should never happen!) |
|||
$ write_vax_psect_attr: |
|||
$ if info_kind .nes. "VARIABLE" then return |
|||
$ if libentry .eqs ".dummy" then return |
|||
$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR" |
|||
$ return |
|||
$ |
|||
$! ----- Common subroutines |
|||
$! ----- |
|||
$! The .num file reader. This one has great responsability. |
|||
$ read_func_num: |
|||
$ open libnum 'libnum' |
|||
$ goto read_nums |
|||
$ |
|||
$ read_nums: |
|||
$ libentrynum=0 |
|||
$ liblastentry:=false |
|||
$ entrycount=0 |
|||
$ loop: |
|||
$ read/end=loop_end/err=loop_end libnum line |
|||
$ entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM"))) |
|||
$ entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM")) |
|||
$ curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM")) |
|||
$ info_exist=f$element(0,":",entryinfo) |
|||
$ info_platforms=","+f$element(1,":",entryinfo)+"," |
|||
$ info_kind=f$element(2,":",entryinfo) |
|||
$ info_algorithms=","+f$element(3,":",entryinfo)+"," |
|||
$ if info_exist .eqs. "NOEXIST" then goto loop |
|||
$ truesum = 0 |
|||
$ falsesum = 0 |
|||
$ negatives = 1 |
|||
$ plat_i = 0 |
|||
$ loop1: |
|||
$ plat_entry = f$element(plat_i,",",info_platforms) |
|||
$ plat_i = plat_i + 1 |
|||
$ if plat_entry .eqs. "" then goto loop1 |
|||
$ if plat_entry .nes. "," |
|||
$ then |
|||
$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0 |
|||
$ if f$getsyi("CPU") .lt. 128 |
|||
$ then |
|||
$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then - |
|||
$ truesum = truesum + 1 |
|||
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then - |
|||
$ falsesum = falsesum + 1 |
|||
$ endif |
|||
$! |
|||
$ if ((plat_entry .eqs. "VMS") .or. - |
|||
(arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then - |
|||
truesum = truesum + 1 |
|||
$! |
|||
$ if ((plat_entry .eqs. "!VMS") .or. - |
|||
(arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then - |
|||
falsesum = falsesum + 1 |
|||
$! |
|||
$ goto loop1 |
|||
$ endif |
|||
$ endloop1: |
|||
$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms |
|||
$!DEBUG!$ then |
|||
$!DEBUG!$ write sys$output line |
|||
$!DEBUG!$ write sys$output " truesum = ",truesum,- |
|||
$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum |
|||
$!DEBUG!$ endif |
|||
$ if falsesum .ne. 0 then goto loop |
|||
$ if truesum+negatives .eq. 0 then goto loop |
|||
$ alg_i = 0 |
|||
$ loop2: |
|||
$ alg_entry = f$element(alg_i,",",info_algorithms) |
|||
$ alg_i = alg_i + 1 |
|||
$ if alg_entry .eqs. "" then goto loop2 |
|||
$ if alg_entry .nes. "," |
|||
$ then |
|||
$ if alg_entry .eqs. "KRB5" then goto loop ! Special for now |
|||
$ if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now |
|||
$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop |
|||
$ goto loop2 |
|||
$ endif |
|||
$ endloop2: |
|||
$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms |
|||
$ then |
|||
$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo |
|||
$ endif |
|||
$ redo: |
|||
$ next:=loop |
|||
$ tolibentry=curentry |
|||
$ if libentrynum .ne. entrynum |
|||
$ then |
|||
$ entrycount=entrycount+1 |
|||
$ if entrycount .lt. entrynum |
|||
$ then |
|||
$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0" |
|||
$ tolibentry=".dummy" |
|||
$ next:=redo |
|||
$ endif |
|||
$ if entrycount .gt. entrynum |
|||
$ then |
|||
$ write sys$error "Decreasing library entry numbers! Can't continue" |
|||
$ write sys$error """",line,"""" |
|||
$ close libnum |
|||
$ return |
|||
$ endif |
|||
$ libentry=tolibentry |
|||
$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo |
|||
$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter' |
|||
$ else |
|||
$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..." |
|||
$ endif |
|||
$ libentrynum=entrycount |
|||
$ goto 'next' |
|||
$ loop_end: |
|||
$ close libnum |
|||
$ return |
|||
$ |
|||
$! The version number reader |
|||
$ read_version_info: |
|||
$ libver = "" |
|||
$ open/read vf [.CRYPTO]OPENSSLV.H |
|||
$ loop_rvi: |
|||
$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line |
|||
$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then - |
|||
goto loop_rvi |
|||
$ libverstr = f$element(1,"""",rvi_line) |
|||
$ libvmajor = f$element(0,".",libverstr) |
|||
$ libvminor = f$element(1,".",libverstr) |
|||
$ libvedit = f$element(2,".",libverstr) |
|||
$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@") |
|||
$ libvedit = f$extract(0,1,libvedit) |
|||
$ libver = f$string(f$int(libvmajor)*100)+","+- |
|||
f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch)) |
|||
$ if libvmajor .eqs. "0" |
|||
$ then |
|||
$ libvmatch = "EQUAL" |
|||
$ else |
|||
$ ! Starting with the 1.0 release, backward compatibility should be |
|||
$ ! kept, so switch over to the following |
|||
$ libvmatch = "LEQUAL" |
|||
$ endif |
|||
$ endloop_rvi: |
|||
$ close vf |
|||
$ return |
@ -0,0 +1 @@ |
|||
multinet:multinet_socket_library.exe/share |
@ -0,0 +1,46 @@ |
|||
$! |
|||
$! APPS.COM |
|||
$! Written By: Robert Byer |
|||
$! Vice-President |
|||
$! A-Com Computing, Inc. |
|||
$! byer@mail.all-net.net |
|||
$! |
|||
$! |
|||
$! Slightly modified by Richard Levitte <richard@levitte.org> |
|||
$! |
|||
$! |
|||
$! Always define OPENSSL. Others are optional (non-null P1). |
|||
$! |
|||
$ OPENSSL :== $SSLEXE:OPENSSL |
|||
$ |
|||
$ IF (P1 .NES. "") |
|||
$ THEN |
|||
$ VERIFY :== $SSLEXE:OPENSSL VERIFY |
|||
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS |
|||
$! REQ could conflict with REQUEST. |
|||
$ OREQ :== $SSLEXE:OPENSSL REQ |
|||
$ DGST :== $SSLEXE:OPENSSL DGST |
|||
$ DH :== $SSLEXE:OPENSSL DH |
|||
$ ENC :== $SSLEXE:OPENSSL ENC |
|||
$ GENDH :== $SSLEXE:OPENSSL GENDH |
|||
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR |
|||
$ CA :== $SSLEXE:OPENSSL CA |
|||
$ CRL :== $SSLEXE:OPENSSL CRL |
|||
$ RSA :== $SSLEXE:OPENSSL RSA |
|||
$ DSA :== $SSLEXE:OPENSSL DSA |
|||
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM |
|||
$ X509 :== $SSLEXE:OPENSSL X509 |
|||
$ GENRSA :== $SSLEXE:OPENSSL GENRSA |
|||
$ GENDSA :== $SSLEXE:OPENSSL GENDSA |
|||
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER |
|||
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT |
|||
$ SPEED :== $SSLEXE:OPENSSL SPEED |
|||
$ S_TIME :== $SSLEXE:OPENSSL S_TIME |
|||
$ VERSION :== $SSLEXE:OPENSSL VERSION |
|||
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7 |
|||
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7 |
|||
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID |
|||
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS |
|||
$ NSEQ :== $SSLEXE:OPENSSL NSEQ |
|||
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12 |
|||
$ ENDIF |
@ -0,0 +1 @@ |
|||
socketshr/share |
@ -0,0 +1 @@ |
|||
sys$share:tcpip$ipc_shr.exe/share |
@ -0,0 +1,28 @@ |
|||
$! Quick script to check how well including individual header files works |
|||
$! on VMS, even when the VMS macro isn't defined. |
|||
$ |
|||
$ sav_def = f$env("DEFAULT") |
|||
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0" |
|||
$ set default 'here' |
|||
$ set default [-.include.openssl] |
|||
$ define openssl 'f$env("DEFAULT")' |
|||
$ set default [--] |
|||
$ |
|||
$ loop: |
|||
$ f = f$search("openssl:*.h") |
|||
$ if f .eqs. "" then goto loop_end |
|||
$ write sys$output "Checking ",f |
|||
$ open/write foo foo.c |
|||
$ write foo "#undef VMS" |
|||
$ write foo "#include <stdio.h>" |
|||
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>" |
|||
$ write foo "main()" |
|||
$ write foo "{printf(""foo\n"");}" |
|||
$ close foo |
|||
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c |
|||
$ delete foo.c; |
|||
$ goto loop |
|||
$ loop_end: |
|||
$ set default 'save_def' |
|||
$ exit |
|||
|
@ -0,0 +1 @@ |
|||
sys$share:ucx$ipc_shr.exe/share |
@ -0,0 +1 @@ |
|||
ucx$ipc_shr/share |
@ -0,0 +1 @@ |
|||
sys$library:ucx$ipc.olb/library |
@ -0,0 +1,220 @@ |
|||
$! CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
$! some setup stuff to be done before you can use it and this makes |
|||
$! things easier between now and when Eric is convinced to fix it :-) |
|||
$! |
|||
$! CA -newca ... will setup the right stuff |
|||
$! CA -newreq ... will generate a certificate request |
|||
$! CA -sign ... will sign the generated request and output |
|||
$! |
|||
$! At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
$! and the other the certificate) and cat them together and that is what |
|||
$! you want/need ... I'll make even this a little cleaner later. |
|||
$! |
|||
$! |
|||
$! 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
$! converts a certificate to a request and then signs it. |
|||
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
$! environment variable so this can be driven from |
|||
$! a script. |
|||
$! 25-Jul-96 eay Cleaned up filenames some more. |
|||
$! 11-Jun-96 eay Fixed a few filename missmatches. |
|||
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'. |
|||
$! 18-Apr-96 tjh Original hacking |
|||
$! |
|||
$! Tim Hudson |
|||
$! tjh@cryptsoft.com |
|||
$! |
|||
$! |
|||
$! default ssleay.cnf file has setup as per the following |
|||
$! demoCA ... where everything is stored |
|||
$ |
|||
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF |
|||
$ |
|||
$ DAYS = "-days 365" |
|||
$ REQ = openssl + " req " + SSLEAY_CONFIG |
|||
$ CA = openssl + " ca " + SSLEAY_CONFIG |
|||
$ VERIFY = openssl + " verify" |
|||
$ X509 = openssl + " x509" |
|||
$ PKCS12 = openssl + " pkcs12" |
|||
$ echo = "write sys$Output" |
|||
$! |
|||
$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;" |
|||
$ CATOP := 's'.demoCA |
|||
$ CAKEY := ]cakey.pem |
|||
$ CACERT := ]cacert.pem |
|||
$ |
|||
$ __INPUT := SYS$COMMAND |
|||
$ RET = 1 |
|||
$! |
|||
$ i = 1 |
|||
$opt_loop: |
|||
$ if i .gt. 8 then goto opt_loop_end |
|||
$ |
|||
$ prog_opt = F$EDIT(P'i',"lowercase") |
|||
$ |
|||
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") |
|||
$ THEN |
|||
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" |
|||
$ exit |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-input") |
|||
$ THEN |
|||
$ ! Get input from somewhere other than SYS$COMMAND |
|||
$ i = i + 1 |
|||
$ __INPUT = P'i' |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newcert") |
|||
$ THEN |
|||
$ ! Create a certificate. |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' |
|||
$ RET=$STATUS |
|||
$ echo "Certificate (and private key) is in newreq.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newreq") |
|||
$ THEN |
|||
$ ! Create a certificate request |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' |
|||
$ RET=$STATUS |
|||
$ echo "Request (and private key) is in newreq.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-newca") |
|||
$ THEN |
|||
$ ! If explicitly asked for or it doesn't exist then setup the directory |
|||
$ ! structure that Eric likes to manage things. |
|||
$ IF F$SEARCH(CATOP+"]serial.") .EQS. "" |
|||
$ THEN |
|||
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'] |
|||
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs] |
|||
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl] |
|||
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts] |
|||
$ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private] |
|||
$ |
|||
$ OPEN /WRITE ser_file 'CATOP']serial. |
|||
$ WRITE ser_file "01" |
|||
$ CLOSE ser_file |
|||
$ APPEND/NEW NL: 'CATOP']index.txt |
|||
$ |
|||
$ ! The following is to make sure access() doesn't get confused. It |
|||
$ ! really needs one file in the directory to give correct answers... |
|||
$ COPY NLA0: 'CATOP'.certs].; |
|||
$ COPY NLA0: 'CATOP'.crl].; |
|||
$ COPY NLA0: 'CATOP'.newcerts].; |
|||
$ COPY NLA0: 'CATOP'.private].; |
|||
$ ENDIF |
|||
$! |
|||
$ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" |
|||
$ THEN |
|||
$ READ '__INPUT' FILE - |
|||
/PROMPT="CA certificate filename (or enter to create): " |
|||
$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") |
|||
$ THEN |
|||
$ COPY 'FILE' 'CATOP'.private'CAKEY' |
|||
$ RET=$STATUS |
|||
$ ELSE |
|||
$ echo "Making CA certificate ..." |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' - |
|||
-out 'CATOP''CACERT' 'DAYS' |
|||
$ RET=$STATUS |
|||
$ ENDIF |
|||
$ ENDIF |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-pkcs12") |
|||
$ THEN |
|||
$ i = i + 1 |
|||
$ cname = P'i' |
|||
$ IF cname .EQS. "" THEN cname = "My certificate" |
|||
$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT - |
|||
-out newcert.p12 -export -name "''cname'" |
|||
$ RET=$STATUS |
|||
$ exit RET |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-xsign") |
|||
$ THEN |
|||
$! |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -infiles newreq.pem |
|||
$ RET=$STATUS |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) |
|||
$ THEN |
|||
$! |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
|||
$ RET=$STATUS |
|||
$ type newcert.pem |
|||
$ echo "Signed certificate is in newcert.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-signcert") |
|||
$ THEN |
|||
$! |
|||
$ echo "Cert passphrase will be requested twice - bug?" |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
|||
y |
|||
y |
|||
$ type newcert.pem |
|||
$ echo "Signed certificate is in newcert.pem" |
|||
$ GOTO opt_loop_continue |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .EQS. "-verify") |
|||
$ THEN |
|||
$! |
|||
$ i = i + 1 |
|||
$ IF (p'i' .EQS. "") |
|||
$ THEN |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem |
|||
$ ELSE |
|||
$ j = i |
|||
$ verify_opt_loop: |
|||
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end |
|||
$ IF p'j' .NES. "" |
|||
$ THEN |
|||
$ DEFINE/USER SYS$INPUT '__INPUT' |
|||
$ __tmp = p'j' |
|||
$ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp' |
|||
$ tmp=$STATUS |
|||
$ IF tmp .NE. 0 THEN RET=tmp |
|||
$ ENDIF |
|||
$ j = j + 1 |
|||
$ GOTO verify_opt_loop |
|||
$ verify_opt_loop_end: |
|||
$ ENDIF |
|||
$ |
|||
$ GOTO opt_loop_end |
|||
$ ENDIF |
|||
$! |
|||
$ IF (prog_opt .NES. "") |
|||
$ THEN |
|||
$! |
|||
$ echo "Unknown argument ''prog_opt'" |
|||
$ |
|||
$ EXIT 3 |
|||
$ ENDIF |
|||
$ |
|||
$opt_loop_continue: |
|||
$ i = i + 1 |
|||
$ GOTO opt_loop |
|||
$ |
|||
$opt_loop_end: |
|||
$ EXIT 'RET' |
@ -0,0 +1,189 @@ |
|||
#!/usr/bin/perl |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq[-nodes] ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# 27-Apr-98 snh Translation into perl, fix existing CA bug. |
|||
# |
|||
# |
|||
# Steve Henson |
|||
# shenson@bigfoot.com |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
|
|||
my $openssl; |
|||
if(defined $ENV{OPENSSL}) { |
|||
$openssl = $ENV{OPENSSL}; |
|||
} else { |
|||
$openssl = "openssl"; |
|||
$ENV{OPENSSL} = $openssl; |
|||
} |
|||
|
|||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; |
|||
$DAYS="-days 365"; # 1 year |
|||
$CADAYS="-days 1095"; # 3 years |
|||
$REQ="$openssl req $SSLEAY_CONFIG"; |
|||
$CA="$openssl ca $SSLEAY_CONFIG"; |
|||
$VERIFY="$openssl verify"; |
|||
$X509="$openssl x509"; |
|||
$PKCS12="$openssl pkcs12"; |
|||
|
|||
$CATOP="./demoCA"; |
|||
$CAKEY="cakey.pem"; |
|||
$CAREQ="careq.pem"; |
|||
$CACERT="cacert.pem"; |
|||
|
|||
$DIRMODE = 0777; |
|||
|
|||
$RET = 0; |
|||
|
|||
foreach (@ARGV) { |
|||
if ( /^(-\?|-h|-help)$/ ) { |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 0; |
|||
} elsif (/^-newcert$/) { |
|||
# create a certificate |
|||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Certificate is in newcert.pem, private key is in newkey.pem\n" |
|||
} elsif (/^-newreq$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newreq-nodes$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newca$/) { |
|||
# if explicitly asked for or it doesn't exist then setup the |
|||
# directory structure that Eric likes to manage things |
|||
$NEW="1"; |
|||
if ( "$NEW" || ! -f "${CATOP}/serial" ) { |
|||
# create the directory hierarchy |
|||
mkdir $CATOP, $DIRMODE; |
|||
mkdir "${CATOP}/certs", $DIRMODE; |
|||
mkdir "${CATOP}/crl", $DIRMODE ; |
|||
mkdir "${CATOP}/newcerts", $DIRMODE; |
|||
mkdir "${CATOP}/private", $DIRMODE; |
|||
open OUT, ">${CATOP}/index.txt"; |
|||
close OUT; |
|||
open OUT, ">${CATOP}/crlnumber"; |
|||
print OUT "01\n"; |
|||
close OUT; |
|||
} |
|||
if ( ! -f "${CATOP}/private/$CAKEY" ) { |
|||
print "CA certificate filename (or enter to create)\n"; |
|||
$FILE = <STDIN>; |
|||
|
|||
chop $FILE; |
|||
|
|||
# ask user for existing CA certificate |
|||
if ($FILE) { |
|||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); |
|||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); |
|||
$RET=$?; |
|||
} else { |
|||
print "Making CA certificate ...\n"; |
|||
system ("$REQ -new -keyout " . |
|||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); |
|||
system ("$CA -create_serial " . |
|||
"-out ${CATOP}/$CACERT $CADAYS -batch " . |
|||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " . |
|||
"-extensions v3_ca " . |
|||
"-infiles ${CATOP}/$CAREQ "); |
|||
$RET=$?; |
|||
} |
|||
} |
|||
} elsif (/^-pkcs12$/) { |
|||
my $cname = $ARGV[1]; |
|||
$cname = "My Certificate" unless defined $cname; |
|||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . |
|||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " . |
|||
"-export -name \"$cname\""); |
|||
$RET=$?; |
|||
print "PKCS #12 file is in newcert.p12\n"; |
|||
exit $RET; |
|||
} elsif (/^-xsign$/) { |
|||
system ("$CA -policy policy_anything -infiles newreq.pem"); |
|||
$RET=$?; |
|||
} elsif (/^(-sign|-signreq)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^(-signCA)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-extensions v3_ca -infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed CA certificate is in newcert.pem\n"; |
|||
} elsif (/^-signcert$/) { |
|||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . |
|||
"-out tmp.pem"); |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles tmp.pem"); |
|||
$RET = $?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^-verify$/) { |
|||
if (shift) { |
|||
foreach $j (@ARGV) { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT $j"); |
|||
$RET=$? if ($? != 0); |
|||
} |
|||
exit $RET; |
|||
} else { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); |
|||
$RET=$?; |
|||
exit 0; |
|||
} |
|||
} else { |
|||
print STDERR "Unknown arg $_\n"; |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 1; |
|||
} |
|||
} |
|||
|
|||
exit $RET; |
|||
|
|||
sub cp_pem { |
|||
my ($infile, $outfile, $bound) = @_; |
|||
open IN, $infile; |
|||
open OUT, ">$outfile"; |
|||
my $flag = 0; |
|||
while (<IN>) { |
|||
$flag = 1 if (/^-----BEGIN.*$bound/) ; |
|||
print OUT $_ if ($flag); |
|||
if (/^-----END.*$bound/) { |
|||
close IN; |
|||
close OUT; |
|||
return; |
|||
} |
|||
} |
|||
} |
|||
|
@ -0,0 +1,189 @@ |
|||
#!/usr/local/bin/perl |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq[-nodes] ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# 27-Apr-98 snh Translation into perl, fix existing CA bug. |
|||
# |
|||
# |
|||
# Steve Henson |
|||
# shenson@bigfoot.com |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
|
|||
my $openssl; |
|||
if(defined $ENV{OPENSSL}) { |
|||
$openssl = $ENV{OPENSSL}; |
|||
} else { |
|||
$openssl = "openssl"; |
|||
$ENV{OPENSSL} = $openssl; |
|||
} |
|||
|
|||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; |
|||
$DAYS="-days 365"; # 1 year |
|||
$CADAYS="-days 1095"; # 3 years |
|||
$REQ="$openssl req $SSLEAY_CONFIG"; |
|||
$CA="$openssl ca $SSLEAY_CONFIG"; |
|||
$VERIFY="$openssl verify"; |
|||
$X509="$openssl x509"; |
|||
$PKCS12="$openssl pkcs12"; |
|||
|
|||
$CATOP="./demoCA"; |
|||
$CAKEY="cakey.pem"; |
|||
$CAREQ="careq.pem"; |
|||
$CACERT="cacert.pem"; |
|||
|
|||
$DIRMODE = 0777; |
|||
|
|||
$RET = 0; |
|||
|
|||
foreach (@ARGV) { |
|||
if ( /^(-\?|-h|-help)$/ ) { |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 0; |
|||
} elsif (/^-newcert$/) { |
|||
# create a certificate |
|||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Certificate is in newcert.pem, private key is in newkey.pem\n" |
|||
} elsif (/^-newreq$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newreq-nodes$/) { |
|||
# create a certificate request |
|||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); |
|||
$RET=$?; |
|||
print "Request is in newreq.pem, private key is in newkey.pem\n"; |
|||
} elsif (/^-newca$/) { |
|||
# if explicitly asked for or it doesn't exist then setup the |
|||
# directory structure that Eric likes to manage things |
|||
$NEW="1"; |
|||
if ( "$NEW" || ! -f "${CATOP}/serial" ) { |
|||
# create the directory hierarchy |
|||
mkdir $CATOP, $DIRMODE; |
|||
mkdir "${CATOP}/certs", $DIRMODE; |
|||
mkdir "${CATOP}/crl", $DIRMODE ; |
|||
mkdir "${CATOP}/newcerts", $DIRMODE; |
|||
mkdir "${CATOP}/private", $DIRMODE; |
|||
open OUT, ">${CATOP}/index.txt"; |
|||
close OUT; |
|||
open OUT, ">${CATOP}/crlnumber"; |
|||
print OUT "01\n"; |
|||
close OUT; |
|||
} |
|||
if ( ! -f "${CATOP}/private/$CAKEY" ) { |
|||
print "CA certificate filename (or enter to create)\n"; |
|||
$FILE = <STDIN>; |
|||
|
|||
chop $FILE; |
|||
|
|||
# ask user for existing CA certificate |
|||
if ($FILE) { |
|||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); |
|||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); |
|||
$RET=$?; |
|||
} else { |
|||
print "Making CA certificate ...\n"; |
|||
system ("$REQ -new -keyout " . |
|||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); |
|||
system ("$CA -create_serial " . |
|||
"-out ${CATOP}/$CACERT $CADAYS -batch " . |
|||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " . |
|||
"-extensions v3_ca " . |
|||
"-infiles ${CATOP}/$CAREQ "); |
|||
$RET=$?; |
|||
} |
|||
} |
|||
} elsif (/^-pkcs12$/) { |
|||
my $cname = $ARGV[1]; |
|||
$cname = "My Certificate" unless defined $cname; |
|||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . |
|||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " . |
|||
"-export -name \"$cname\""); |
|||
$RET=$?; |
|||
print "PKCS #12 file is in newcert.p12\n"; |
|||
exit $RET; |
|||
} elsif (/^-xsign$/) { |
|||
system ("$CA -policy policy_anything -infiles newreq.pem"); |
|||
$RET=$?; |
|||
} elsif (/^(-sign|-signreq)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^(-signCA)$/) { |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-extensions v3_ca -infiles newreq.pem"); |
|||
$RET=$?; |
|||
print "Signed CA certificate is in newcert.pem\n"; |
|||
} elsif (/^-signcert$/) { |
|||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . |
|||
"-out tmp.pem"); |
|||
system ("$CA -policy policy_anything -out newcert.pem " . |
|||
"-infiles tmp.pem"); |
|||
$RET = $?; |
|||
print "Signed certificate is in newcert.pem\n"; |
|||
} elsif (/^-verify$/) { |
|||
if (shift) { |
|||
foreach $j (@ARGV) { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT $j"); |
|||
$RET=$? if ($? != 0); |
|||
} |
|||
exit $RET; |
|||
} else { |
|||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); |
|||
$RET=$?; |
|||
exit 0; |
|||
} |
|||
} else { |
|||
print STDERR "Unknown arg $_\n"; |
|||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; |
|||
exit 1; |
|||
} |
|||
} |
|||
|
|||
exit $RET; |
|||
|
|||
sub cp_pem { |
|||
my ($infile, $outfile, $bound) = @_; |
|||
open IN, $infile; |
|||
open OUT, ">$outfile"; |
|||
my $flag = 0; |
|||
while (<IN>) { |
|||
$flag = 1 if (/^-----BEGIN.*$bound/) ; |
|||
print OUT $_ if ($flag); |
|||
if (/^-----END.*$bound/) { |
|||
close IN; |
|||
close OUT; |
|||
return; |
|||
} |
|||
} |
|||
} |
|||
|
@ -0,0 +1,198 @@ |
|||
#!/bin/sh |
|||
# |
|||
# CA - wrapper around ca to make it easier to use ... basically ca requires |
|||
# some setup stuff to be done before you can use it and this makes |
|||
# things easier between now and when Eric is convinced to fix it :-) |
|||
# |
|||
# CA -newca ... will setup the right stuff |
|||
# CA -newreq ... will generate a certificate request |
|||
# CA -sign ... will sign the generated request and output |
|||
# |
|||
# At the end of that grab newreq.pem and newcert.pem (one has the key |
|||
# and the other the certificate) and cat them together and that is what |
|||
# you want/need ... I'll make even this a little cleaner later. |
|||
# |
|||
# |
|||
# 12-Jan-96 tjh Added more things ... including CA -signcert which |
|||
# converts a certificate to a request and then signs it. |
|||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG |
|||
# environment variable so this can be driven from |
|||
# a script. |
|||
# 25-Jul-96 eay Cleaned up filenames some more. |
|||
# 11-Jun-96 eay Fixed a few filename missmatches. |
|||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. |
|||
# 18-Apr-96 tjh Original hacking |
|||
# |
|||
# Tim Hudson |
|||
# tjh@cryptsoft.com |
|||
# |
|||
|
|||
# default openssl.cnf file has setup as per the following |
|||
# demoCA ... where everything is stored |
|||
cp_pem() { |
|||
infile=$1 |
|||
outfile=$2 |
|||
bound=$3 |
|||
flag=0 |
|||
exec <$infile; |
|||
while read line; do |
|||
if [ $flag -eq 1 ]; then |
|||
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null |
|||
if [ $? -eq 0 ] ; then |
|||
echo $line >>$outfile |
|||
break |
|||
else |
|||
echo $line >>$outfile |
|||
fi |
|||
fi |
|||
|
|||
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null |
|||
if [ $? -eq 0 ]; then |
|||
echo $line >$outfile |
|||
flag=1 |
|||
fi |
|||
done |
|||
} |
|||
|
|||
usage() { |
|||
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2 |
|||
} |
|||
|
|||
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi |
|||
|
|||
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year |
|||
CADAYS="-days 1095" # 3 years |
|||
REQ="$OPENSSL req $SSLEAY_CONFIG" |
|||
CA="$OPENSSL ca $SSLEAY_CONFIG" |
|||
VERIFY="$OPENSSL verify" |
|||
X509="$OPENSSL x509" |
|||
PKCS12="openssl pkcs12" |
|||
|
|||
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi |
|||
CAKEY=./cakey.pem |
|||
CAREQ=./careq.pem |
|||
CACERT=./cacert.pem |
|||
|
|||
RET=0 |
|||
|
|||
while [ "$1" != "" ] ; do |
|||
case $1 in |
|||
-\?|-h|-help) |
|||
usage |
|||
exit 0 |
|||
;; |
|||
-newcert) |
|||
# create a certificate |
|||
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS |
|||
RET=$? |
|||
echo "Certificate is in newcert.pem, private key is in newkey.pem" |
|||
;; |
|||
-newreq) |
|||
# create a certificate request |
|||
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS |
|||
RET=$? |
|||
echo "Request is in newreq.pem, private key is in newkey.pem" |
|||
;; |
|||
-newreq-nodes) |
|||
# create a certificate request |
|||
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS |
|||
RET=$? |
|||
echo "Request (and private key) is in newreq.pem" |
|||
;; |
|||
-newca) |
|||
# if explicitly asked for or it doesn't exist then setup the directory |
|||
# structure that Eric likes to manage things |
|||
NEW="1" |
|||
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then |
|||
# create the directory hierarchy |
|||
mkdir -p ${CATOP} |
|||
mkdir -p ${CATOP}/certs |
|||
mkdir -p ${CATOP}/crl |
|||
mkdir -p ${CATOP}/newcerts |
|||
mkdir -p ${CATOP}/private |
|||
touch ${CATOP}/index.txt |
|||
fi |
|||
if [ ! -f ${CATOP}/private/$CAKEY ]; then |
|||
echo "CA certificate filename (or enter to create)" |
|||
read FILE |
|||
|
|||
# ask user for existing CA certificate |
|||
if [ "$FILE" ]; then |
|||
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE |
|||
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE |
|||
RET=$? |
|||
if [ ! -f "${CATOP}/serial" ]; then |
|||
$X509 -in ${CATOP}/$CACERT -noout -next_serial \ |
|||
-out ${CATOP}/serial |
|||
fi |
|||
else |
|||
echo "Making CA certificate ..." |
|||
$REQ -new -keyout ${CATOP}/private/$CAKEY \ |
|||
-out ${CATOP}/$CAREQ |
|||
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \ |
|||
-keyfile ${CATOP}/private/$CAKEY -selfsign \ |
|||
-extensions v3_ca \ |
|||
-infiles ${CATOP}/$CAREQ |
|||
RET=$? |
|||
fi |
|||
fi |
|||
;; |
|||
-xsign) |
|||
$CA -policy policy_anything -infiles newreq.pem |
|||
RET=$? |
|||
;; |
|||
-pkcs12) |
|||
if [ -z "$2" ] ; then |
|||
CNAME="My Certificate" |
|||
else |
|||
CNAME="$2" |
|||
fi |
|||
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \ |
|||
-out newcert.p12 -export -name "$CNAME" |
|||
RET=$? |
|||
exit $RET |
|||
;; |
|||
-sign|-signreq) |
|||
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
|||
RET=$? |
|||
cat newcert.pem |
|||
echo "Signed certificate is in newcert.pem" |
|||
;; |
|||
-signCA) |
|||
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem |
|||
RET=$? |
|||
echo "Signed CA certificate is in newcert.pem" |
|||
;; |
|||
-signcert) |
|||
echo "Cert passphrase will be requested twice - bug?" |
|||
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
|||
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
|||
RET=$? |
|||
cat newcert.pem |
|||
echo "Signed certificate is in newcert.pem" |
|||
;; |
|||
-verify) |
|||
shift |
|||
if [ -z "$1" ]; then |
|||
$VERIFY -CAfile $CATOP/$CACERT newcert.pem |
|||
RET=$? |
|||
else |
|||
for j |
|||
do |
|||
$VERIFY -CAfile $CATOP/$CACERT $j |
|||
if [ $? != 0 ]; then |
|||
RET=$? |
|||
fi |
|||
done |
|||
fi |
|||
exit $RET |
|||
;; |
|||
*) |
|||
echo "Unknown arg $i" >&2 |
|||
usage |
|||
exit 1 |
|||
;; |
|||
esac |
|||
shift |
|||
done |
|||
exit $RET |
@ -0,0 +1,985 @@ |
|||
#
|
|||
# apps/Makefile
|
|||
#
|
|||
|
|||
DIR= apps |
|||
TOP= .. |
|||
CC= cc |
|||
INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) |
|||
CFLAG= -g -static |
|||
MAKEFILE= Makefile |
|||
PERL= perl |
|||
RM= rm -f |
|||
# KRB5 stuff
|
|||
KRB5_INCLUDES= |
|||
LIBKRB5= |
|||
|
|||
PEX_LIBS= |
|||
EX_LIBS= |
|||
EXE_EXT= |
|||
|
|||
SHLIB_TARGET= |
|||
|
|||
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG) |
|||
|
|||
GENERAL=Makefile makeapps.com install.com |
|||
|
|||
DLIBCRYPTO=../libcrypto.a |
|||
DLIBSSL=../libssl.a |
|||
LIBCRYPTO=-L.. -lcrypto |
|||
LIBSSL=-L.. -lssl |
|||
|
|||
PROGRAM= openssl |
|||
|
|||
SCRIPTS=CA.sh CA.pl |
|||
|
|||
EXE= $(PROGRAM)$(EXE_EXT) |
|||
|
|||
E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
|
|||
ca crl rsa rsautl dsa dsaparam ec ecparam \
|
|||
x509 genrsa gendsa s_server s_client speed \
|
|||
s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
|
|||
pkcs8 spkac smime rand engine ocsp prime |
|||
|
|||
PROGS= $(PROGRAM).c |
|||
|
|||
A_OBJ=apps.o |
|||
A_SRC=apps.c |
|||
S_OBJ= s_cb.o s_socket.o |
|||
S_SRC= s_cb.c s_socket.c |
|||
RAND_OBJ=app_rand.o |
|||
RAND_SRC=app_rand.c |
|||
|
|||
E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
|
|||
ca.o pkcs7.o crl2p7.o crl.o \
|
|||
rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
|
|||
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
|
|||
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
|
|||
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
|
|||
ocsp.o prime.o cms.o |
|||
|
|||
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
|
|||
pkcs7.c crl2p7.c crl.c \
|
|||
rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
|
|||
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
|
|||
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
|
|||
ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
|
|||
ocsp.c prime.c cms.c |
|||
|
|||
SRC=$(E_SRC) |
|||
|
|||
EXHEADER= |
|||
HEADER= apps.h progs.h s_apps.h \
|
|||
testdsa.h testrsa.h \
|
|||
$(EXHEADER) |
|||
|
|||
ALL= $(GENERAL) $(SRC) $(HEADER) |
|||
|
|||
top: |
|||
@(cd ..; $(MAKE) DIRS=$(DIR) all) |
|||
|
|||
all: exe |
|||
|
|||
exe: $(EXE) |
|||
|
|||
req: sreq.o $(A_OBJ) $(DLIBCRYPTO) |
|||
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
|
|||
shlib_target="$(SHLIB_TARGET)"; \
|
|||
fi; \
|
|||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
|||
APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
|
|||
LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
|
|||
link_app.$${shlib_target} |
|||
|
|||
sreq.o: req.c |
|||
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c |
|||
|
|||
files: |
|||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
|||
|
|||
install: |
|||
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... |
|||
@set -e; for i in $(EXE); \
|
|||
do \
|
|||
(echo installing $$i; \
|
|||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
|||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
|
|||
done; |
|||
@set -e; for i in $(SCRIPTS); \
|
|||
do \
|
|||
(echo installing $$i; \
|
|||
cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
|
|||
chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
|
|||
done |
|||
@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
|
|||
chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
|
|||
mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf |
|||
|
|||
tags: |
|||
ctags $(SRC) |
|||
|
|||
tests: |
|||
|
|||
links: |
|||
|
|||
lint: |
|||
lint -DLINT $(INCLUDES) $(SRC)>fluff |
|||
|
|||
depend: |
|||
@if [ -z "$(THIS)" ]; then \
|
|||
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
|
|||
else \
|
|||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
|||
fi |
|||
|
|||
dclean: |
|||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new |
|||
mv -f Makefile.new $(MAKEFILE) |
|||
|
|||
clean: |
|||
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) |
|||
rm -f req |
|||
|
|||
$(DLIBSSL): |
|||
(cd ..; $(MAKE) DIRS=ssl all) |
|||
|
|||
$(DLIBCRYPTO): |
|||
(cd ..; $(MAKE) DIRS=crypto all) |
|||
|
|||
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) |
|||
$(RM) $(EXE) |
|||
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
|
|||
shlib_target="$(SHLIB_TARGET)"; \
|
|||
elif [ -n "$(FIPSCANLIB)" ]; then \
|
|||
FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
|
|||
fi; \
|
|||
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
|
|||
[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
|
|||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
|||
CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
|
|||
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
|
|||
link_app.$${shlib_target} |
|||
@if [ -z "$(CROSS_COMPILE)" ]; then \
|
|||
(cd ..; \
|
|||
OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
|
|||
$(PERL) tools/c_rehash certs) \
|
|||
fi |
|||
|
|||
progs.h: progs.pl |
|||
$(PERL) progs.pl $(E_EXE) >progs.h |
|||
$(RM) $(PROGRAM).o |
|||
|
|||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
|||
|
|||
app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h |
|||
app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h |
|||
app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h |
|||
apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
apps.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
apps.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h |
|||
apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h |
|||
apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h |
|||
apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
apps.o: ../include/openssl/x509v3.h apps.c apps.h |
|||
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c |
|||
ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
ca.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
ca.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c |
|||
ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c |
|||
cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
cms.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h |
|||
cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c |
|||
crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
crl.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
crl.o: ../include/openssl/x509v3.h apps.h crl.c |
|||
crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c |
|||
dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
dgst.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h |
|||
dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c |
|||
dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h |
|||
dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
dh.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
dh.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
dh.o: ../include/openssl/x509v3.h apps.h dh.c |
|||
dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h |
|||
dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
dsa.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
dsa.o: ../include/openssl/x509v3.h apps.h dsa.c |
|||
dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h |
|||
dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h |
|||
dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h |
|||
dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h |
|||
dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
dsaparam.o: dsaparam.c |
|||
ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
ec.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
ec.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
ec.o: ../include/openssl/x509v3.h apps.h ec.c |
|||
ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
ecparam.o: ecparam.c |
|||
enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
enc.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h |
|||
enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c |
|||
engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
engine.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
engine.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
engine.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
engine.o: ../include/openssl/x509v3.h apps.h engine.c |
|||
errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
errstr.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
errstr.o: ../include/openssl/x509v3.h apps.h errstr.c |
|||
gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h |
|||
gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
gendh.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h |
|||
gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
gendh.o: ../include/openssl/stack.h ../include/openssl/store.h |
|||
gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h |
|||
gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
gendh.o: gendh.c |
|||
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h |
|||
gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c |
|||
genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h |
|||
genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h |
|||
genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h |
|||
genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h |
|||
genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
genrsa.o: genrsa.c |
|||
nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
nseq.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
nseq.o: ../include/openssl/x509v3.h apps.h nseq.c |
|||
ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c |
|||
openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
openssl.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h |
|||
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h |
|||
passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h |
|||
passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
passwd.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h |
|||
passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h |
|||
passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h |
|||
passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h |
|||
passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
passwd.o: ../include/openssl/x509v3.h apps.h passwd.c |
|||
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h |
|||
pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
pkcs12.o: pkcs12.c |
|||
pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c |
|||
pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h |
|||
pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
pkcs8.o: pkcs8.c |
|||
prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
prime.o: ../include/openssl/engine.h ../include/openssl/evp.h |
|||
prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
prime.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
prime.o: ../include/openssl/x509v3.h apps.h prime.c |
|||
rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
rand.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h |
|||
rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c |
|||
req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
req.o: ../include/openssl/dh.h ../include/openssl/dsa.h |
|||
req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
req.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
req.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
req.o: ../include/openssl/rand.h ../include/openssl/rsa.h |
|||
req.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
req.o: ../include/openssl/stack.h ../include/openssl/store.h |
|||
req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
req.o: ../include/openssl/ui.h ../include/openssl/x509.h |
|||
req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c |
|||
rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
rsa.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h |
|||
rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
rsa.o: ../include/openssl/x509v3.h apps.h rsa.c |
|||
rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h |
|||
rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
rsautl.o: rsautl.c |
|||
s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h |
|||
s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h |
|||
s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h |
|||
s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h |
|||
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h |
|||
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
s_cb.o: s_apps.h s_cb.c |
|||
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
s_client.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h |
|||
s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h |
|||
s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h |
|||
s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h |
|||
s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h |
|||
s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
s_client.o: s_apps.h s_client.c timeouts.h |
|||
s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h |
|||
s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h |
|||
s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
s_server.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h |
|||
s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
s_server.o: ../include/openssl/stack.h ../include/openssl/store.h |
|||
s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h |
|||
s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h |
|||
s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h |
|||
s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h |
|||
s_socket.o: ../include/openssl/bio.h ../include/openssl/bn.h |
|||
s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h |
|||
s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h |
|||
s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
s_socket.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c |
|||
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
s_time.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c |
|||
sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h |
|||
sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h |
|||
sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h |
|||
sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h |
|||
sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h |
|||
sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h |
|||
sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h |
|||
sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h |
|||
sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h |
|||
sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h |
|||
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c |
|||
smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
smime.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
smime.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
smime.o: ../include/openssl/x509v3.h apps.h smime.c |
|||
speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h |
|||
speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h |
|||
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
speed.o: ../include/openssl/cast.h ../include/openssl/conf.h |
|||
speed.o: ../include/openssl/crypto.h ../include/openssl/des.h |
|||
speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h |
|||
speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h |
|||
speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h |
|||
speed.o: ../include/openssl/engine.h ../include/openssl/err.h |
|||
speed.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h |
|||
speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h |
|||
speed.o: ../include/openssl/md4.h ../include/openssl/md5.h |
|||
speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h |
|||
speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h |
|||
speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h |
|||
speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h |
|||
speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h |
|||
speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h |
|||
speed.o: speed.c testdsa.h testrsa.h |
|||
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
spkac.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
spkac.o: ../include/openssl/x509v3.h apps.h spkac.c |
|||
verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h |
|||
verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
verify.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h |
|||
verify.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
verify.o: ../include/openssl/x509v3.h apps.h verify.c |
|||
version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h |
|||
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h |
|||
version.o: ../include/openssl/crypto.h ../include/openssl/des.h |
|||
version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h |
|||
version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
version.o: ../include/openssl/evp.h ../include/openssl/fips.h |
|||
version.o: ../include/openssl/idea.h ../include/openssl/lhash.h |
|||
version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h |
|||
version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h |
|||
version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h |
|||
version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h |
|||
version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h |
|||
version.o: ../include/openssl/sha.h ../include/openssl/stack.h |
|||
version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h |
|||
version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h |
|||
version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h |
|||
version.o: ../include/openssl/x509v3.h apps.h version.c |
|||
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h |
|||
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h |
|||
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h |
|||
x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h |
|||
x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h |
|||
x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h |
|||
x509.o: ../include/openssl/err.h ../include/openssl/evp.h |
|||
x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h |
|||
x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h |
|||
x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h |
|||
x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h |
|||
x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h |
|||
x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h |
|||
x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h |
|||
x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h |
|||
x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h |
|||
x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c |
@ -0,0 +1,218 @@ |
|||
/* apps/app_rand.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#define NON_MAIN |
|||
#include "apps.h" |
|||
#undef NON_MAIN |
|||
#include <openssl/bio.h> |
|||
#include <openssl/rand.h> |
|||
|
|||
|
|||
static int seeded = 0; |
|||
static int egdsocket = 0; |
|||
|
|||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) |
|||
{ |
|||
int consider_randfile = (file == NULL); |
|||
char buffer[200]; |
|||
|
|||
#ifdef OPENSSL_SYS_WINDOWS |
|||
BIO_printf(bio_e,"Loading 'screen' into random state -"); |
|||
BIO_flush(bio_e); |
|||
RAND_screen(); |
|||
BIO_printf(bio_e," done\n"); |
|||
#endif |
|||
|
|||
if (file == NULL) |
|||
file = RAND_file_name(buffer, sizeof buffer); |
|||
else if (RAND_egd(file) > 0) |
|||
{ |
|||
/* we try if the given filename is an EGD socket.
|
|||
if it is, we don't write anything back to the file. */ |
|||
egdsocket = 1; |
|||
return 1; |
|||
} |
|||
if (file == NULL || !RAND_load_file(file, -1)) |
|||
{ |
|||
if (RAND_status() == 0) |
|||
{ |
|||
if (!dont_warn) |
|||
{ |
|||
BIO_printf(bio_e,"unable to load 'random state'\n"); |
|||
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); |
|||
BIO_printf(bio_e,"with much random data.\n"); |
|||
if (consider_randfile) /* explanation does not apply when a file is explicitly named */ |
|||
{ |
|||
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); |
|||
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); |
|||
} |
|||
} |
|||
return 0; |
|||
} |
|||
} |
|||
seeded = 1; |
|||
return 1; |
|||
} |
|||
|
|||
long app_RAND_load_files(char *name) |
|||
{ |
|||
char *p,*n; |
|||
int last; |
|||
long tot=0; |
|||
int egd; |
|||
|
|||
for (;;) |
|||
{ |
|||
last=0; |
|||
for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); |
|||
if (*p == '\0') last=1; |
|||
*p='\0'; |
|||
n=name; |
|||
name=p+1; |
|||
if (*n == '\0') break; |
|||
|
|||
egd=RAND_egd(n); |
|||
if (egd > 0) |
|||
tot+=egd; |
|||
else |
|||
tot+=RAND_load_file(n,-1); |
|||
if (last) break; |
|||
} |
|||
if (tot > 512) |
|||
app_RAND_allow_write_file(); |
|||
return(tot); |
|||
} |
|||
|
|||
int app_RAND_write_file(const char *file, BIO *bio_e) |
|||
{ |
|||
char buffer[200]; |
|||
|
|||
if (egdsocket || !seeded) |
|||
/* If we did not manage to read the seed file,
|
|||
* we should not write a low-entropy seed file back -- |
|||
* it would suppress a crucial warning the next time |
|||
* we want to use it. */ |
|||
return 0; |
|||
|
|||
if (file == NULL) |
|||
file = RAND_file_name(buffer, sizeof buffer); |
|||
if (file == NULL || !RAND_write_file(file)) |
|||
{ |
|||
BIO_printf(bio_e,"unable to write 'random state'\n"); |
|||
return 0; |
|||
} |
|||
return 1; |
|||
} |
|||
|
|||
void app_RAND_allow_write_file(void) |
|||
{ |
|||
seeded = 1; |
|||
} |
File diff suppressed because it is too large
@ -0,0 +1,367 @@ |
|||
/* apps/apps.h */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#ifndef HEADER_APPS_H |
|||
#define HEADER_APPS_H |
|||
|
|||
#include "e_os.h" |
|||
|
|||
#include <openssl/bio.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/lhash.h> |
|||
#include <openssl/conf.h> |
|||
#include <openssl/txt_db.h> |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
#include <openssl/engine.h> |
|||
#endif |
|||
#ifndef OPENSSL_NO_OCSP |
|||
#include <openssl/ocsp.h> |
|||
#endif |
|||
#include <openssl/ossl_typ.h> |
|||
|
|||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); |
|||
int app_RAND_write_file(const char *file, BIO *bio_e); |
|||
/* When `file' is NULL, use defaults.
|
|||
* `bio_e' is for error messages. */ |
|||
void app_RAND_allow_write_file(void); |
|||
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
|
|||
* separated by LIST_SEPARATOR_CHAR |
|||
* (see e_os.h). The string is |
|||
* destroyed! */ |
|||
|
|||
#ifdef OPENSSL_SYS_WIN32 |
|||
#define rename(from,to) WIN32_rename((from),(to)) |
|||
int WIN32_rename(const char *oldname,const char *newname); |
|||
#endif |
|||
|
|||
#ifndef MONOLITH |
|||
|
|||
#define MAIN(a,v) main(a,v) |
|||
|
|||
#ifndef NON_MAIN |
|||
CONF *config=NULL; |
|||
BIO *bio_err=NULL; |
|||
int in_FIPS_mode=0; |
|||
#else |
|||
extern CONF *config; |
|||
extern BIO *bio_err; |
|||
extern int in_FIPS_mode; |
|||
#endif |
|||
|
|||
#else |
|||
|
|||
#define MAIN(a,v) PROG(a,v) |
|||
extern CONF *config; |
|||
extern char *default_config_file; |
|||
extern BIO *bio_err; |
|||
extern int in_FIPS_mode; |
|||
|
|||
#endif |
|||
|
|||
#ifndef OPENSSL_SYS_NETWARE |
|||
#include <signal.h> |
|||
#endif |
|||
|
|||
#ifdef SIGPIPE |
|||
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) |
|||
#else |
|||
#define do_pipe_sig() |
|||
#endif |
|||
|
|||
#if defined(MONOLITH) && !defined(OPENSSL_C) |
|||
# define apps_startup() \ |
|||
do_pipe_sig() |
|||
# define apps_shutdown() |
|||
#else |
|||
# ifndef OPENSSL_NO_ENGINE |
|||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ |
|||
defined(OPENSSL_SYS_WIN32) |
|||
# ifdef _O_BINARY |
|||
# define apps_startup() \ |
|||
do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) |
|||
# else |
|||
# define apps_startup() \ |
|||
do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) |
|||
# endif |
|||
# else |
|||
# define apps_startup() \ |
|||
do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ |
|||
ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ |
|||
setup_ui_method(); } while(0) |
|||
# endif |
|||
# define apps_shutdown() \ |
|||
do { CONF_modules_unload(1); destroy_ui_method(); \ |
|||
EVP_cleanup(); ENGINE_cleanup(); \ |
|||
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ |
|||
ERR_free_strings(); } while(0) |
|||
# else |
|||
# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ |
|||
defined(OPENSSL_SYS_WIN32) |
|||
# ifdef _O_BINARY |
|||
# define apps_startup() \ |
|||
do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
setup_ui_method(); } while(0) |
|||
# else |
|||
# define apps_startup() \ |
|||
do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ |
|||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ |
|||
setup_ui_method(); } while(0) |
|||
# endif |
|||
# else |
|||
# define apps_startup() \ |
|||
do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ |
|||
ERR_load_crypto_strings(); \ |
|||
setup_ui_method(); } while(0) |
|||
# endif |
|||
# define apps_shutdown() \ |
|||
do { CONF_modules_unload(1); destroy_ui_method(); \ |
|||
EVP_cleanup(); \ |
|||
CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ |
|||
ERR_free_strings(); } while(0) |
|||
# endif |
|||
#endif |
|||
|
|||
#ifdef OPENSSL_SYSNAME_WIN32 |
|||
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b) |
|||
#else |
|||
# define openssl_fdset(a,b) FD_SET(a, b) |
|||
#endif |
|||
|
|||
typedef struct args_st |
|||
{ |
|||
char **data; |
|||
int count; |
|||
} ARGS; |
|||
|
|||
#define PW_MIN_LENGTH 4 |
|||
typedef struct pw_cb_data |
|||
{ |
|||
const void *password; |
|||
const char *prompt_info; |
|||
} PW_CB_DATA; |
|||
|
|||
int password_callback(char *buf, int bufsiz, int verify, |
|||
PW_CB_DATA *cb_data); |
|||
|
|||
int setup_ui_method(void); |
|||
void destroy_ui_method(void); |
|||
|
|||
int should_retry(int i); |
|||
int args_from_file(char *file, int *argc, char **argv[]); |
|||
int str2fmt(char *s); |
|||
void program_name(char *in,char *out,int size); |
|||
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); |
|||
#ifdef HEADER_X509_H |
|||
int dump_cert_text(BIO *out, X509 *x); |
|||
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); |
|||
#endif |
|||
int set_cert_ex(unsigned long *flags, const char *arg); |
|||
int set_name_ex(unsigned long *flags, const char *arg); |
|||
int set_ext_copy(int *copy_type, const char *arg); |
|||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type); |
|||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); |
|||
int add_oid_section(BIO *err, CONF *conf); |
|||
X509 *load_cert(BIO *err, const char *file, int format, |
|||
const char *pass, ENGINE *e, const char *cert_descrip); |
|||
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, |
|||
const char *pass, ENGINE *e, const char *key_descrip); |
|||
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, |
|||
const char *pass, ENGINE *e, const char *key_descrip); |
|||
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, |
|||
const char *pass, ENGINE *e, const char *cert_descrip); |
|||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
ENGINE *setup_engine(BIO *err, const char *engine, int debug); |
|||
#endif |
|||
|
|||
#ifndef OPENSSL_NO_OCSP |
|||
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, |
|||
char *host, char *path, char *port, int use_ssl, |
|||
int req_timeout); |
|||
#endif |
|||
|
|||
int load_config(BIO *err, CONF *cnf); |
|||
char *make_config_name(void); |
|||
|
|||
/* Functions defined in ca.c and also used in ocsp.c */ |
|||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, |
|||
ASN1_GENERALIZEDTIME **pinvtm, const char *str); |
|||
|
|||
#define DB_type 0 |
|||
#define DB_exp_date 1 |
|||
#define DB_rev_date 2 |
|||
#define DB_serial 3 /* index - unique */ |
|||
#define DB_file 4 |
|||
#define DB_name 5 /* index - unique when active and not disabled */ |
|||
#define DB_NUMBER 6 |
|||
|
|||
#define DB_TYPE_REV 'R' |
|||
#define DB_TYPE_EXP 'E' |
|||
#define DB_TYPE_VAL 'V' |
|||
|
|||
typedef struct db_attr_st |
|||
{ |
|||
int unique_subject; |
|||
} DB_ATTR; |
|||
typedef struct ca_db_st |
|||
{ |
|||
DB_ATTR attributes; |
|||
TXT_DB *db; |
|||
} CA_DB; |
|||
|
|||
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); |
|||
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); |
|||
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); |
|||
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); |
|||
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); |
|||
int index_index(CA_DB *db); |
|||
int save_index(const char *dbfile, const char *suffix, CA_DB *db); |
|||
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); |
|||
void free_index(CA_DB *db); |
|||
int index_name_cmp(const char **a, const char **b); |
|||
int parse_yesno(const char *str, int def); |
|||
|
|||
X509_NAME *parse_name(char *str, long chtype, int multirdn); |
|||
int args_verify(char ***pargs, int *pargc, |
|||
int *badarg, BIO *err, X509_VERIFY_PARAM **pm); |
|||
void policies_print(BIO *out, X509_STORE_CTX *ctx); |
|||
#ifndef OPENSSL_NO_JPAKE |
|||
void jpake_client_auth(BIO *out, BIO *conn, const char *secret); |
|||
void jpake_server_auth(BIO *out, BIO *conn, const char *secret); |
|||
#endif |
|||
|
|||
#define FORMAT_UNDEF 0 |
|||
#define FORMAT_ASN1 1 |
|||
#define FORMAT_TEXT 2 |
|||
#define FORMAT_PEM 3 |
|||
#define FORMAT_NETSCAPE 4 |
|||
#define FORMAT_PKCS12 5 |
|||
#define FORMAT_SMIME 6 |
|||
#define FORMAT_ENGINE 7 |
|||
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid |
|||
* adding yet another param to load_*key() */ |
|||
|
|||
#define EXT_COPY_NONE 0 |
|||
#define EXT_COPY_ADD 1 |
|||
#define EXT_COPY_ALL 2 |
|||
|
|||
#define NETSCAPE_CERT_HDR "certificate" |
|||
|
|||
#define APP_PASS_LEN 1024 |
|||
|
|||
#define SERIAL_RAND_BITS 64 |
|||
|
|||
#endif |
@ -0,0 +1,444 @@ |
|||
/* apps/asn1pars.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
|
|||
* add the -strparse option which parses nested binary structures |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -in arg - input file - default stdin |
|||
* -i - indent the details by depth |
|||
* -offset - where in the file to start |
|||
* -length - how many bytes to use |
|||
* -oid file - extra oid description file |
|||
*/ |
|||
|
|||
#undef PROG |
|||
#define PROG asn1parse_main |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i,badops=0,offset=0,ret=1,j; |
|||
unsigned int length=0; |
|||
long num,tmplen; |
|||
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; |
|||
int informat,indent=0, noout = 0, dump = 0; |
|||
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; |
|||
char *genstr=NULL, *genconf=NULL; |
|||
unsigned char *tmpbuf; |
|||
const unsigned char *ctmpbuf; |
|||
BUF_MEM *buf=NULL; |
|||
STACK *osk=NULL; |
|||
ASN1_TYPE *at=NULL; |
|||
|
|||
informat=FORMAT_PEM; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
if ((osk=sk_new_null()) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"Memory allocation failure\n"); |
|||
goto end; |
|||
} |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
derfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-i") == 0) |
|||
{ |
|||
indent=1; |
|||
} |
|||
else if (strcmp(*argv,"-noout") == 0) noout = 1; |
|||
else if (strcmp(*argv,"-oid") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
oidfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-offset") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
offset= atoi(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-length") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
length= atoi(*(++argv)); |
|||
if (length == 0) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-dump") == 0) |
|||
{ |
|||
dump= -1; |
|||
} |
|||
else if (strcmp(*argv,"-dlimit") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
dump= atoi(*(++argv)); |
|||
if (dump <= 0) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-strparse") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
sk_push(osk,*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-genstr") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
genstr= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-genconf") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
genconf= *(++argv); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file (output format is always DER\n"); |
|||
BIO_printf(bio_err," -noout arg don't produce any output\n"); |
|||
BIO_printf(bio_err," -offset arg offset into file\n"); |
|||
BIO_printf(bio_err," -length arg length of section in file\n"); |
|||
BIO_printf(bio_err," -i indent entries\n"); |
|||
BIO_printf(bio_err," -dump dump unknown data in hex form\n"); |
|||
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); |
|||
BIO_printf(bio_err," -oid file file of extra oid definitions\n"); |
|||
BIO_printf(bio_err," -strparse offset\n"); |
|||
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); |
|||
BIO_printf(bio_err," ASN1 blob wrappings\n"); |
|||
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); |
|||
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
|
|||
if (oidfile != NULL) |
|||
{ |
|||
if (BIO_read_filename(in,oidfile) <= 0) |
|||
{ |
|||
BIO_printf(bio_err,"problems opening %s\n",oidfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
OBJ_create_objects(in); |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (derfile) { |
|||
if(!(derout = BIO_new_file(derfile, "wb"))) { |
|||
BIO_printf(bio_err,"problems opening %s\n",derfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if ((buf=BUF_MEM_new()) == NULL) goto end; |
|||
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ |
|||
|
|||
if (genstr || genconf) |
|||
{ |
|||
num = do_generate(bio_err, genstr, genconf, buf); |
|||
if (num < 0) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
else |
|||
{ |
|||
|
|||
if (informat == FORMAT_PEM) |
|||
{ |
|||
BIO *tmp; |
|||
|
|||
if ((b64=BIO_new(BIO_f_base64())) == NULL) |
|||
goto end; |
|||
BIO_push(b64,in); |
|||
tmp=in; |
|||
in=b64; |
|||
b64=tmp; |
|||
} |
|||
|
|||
num=0; |
|||
for (;;) |
|||
{ |
|||
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; |
|||
i=BIO_read(in,&(buf->data[num]),BUFSIZ); |
|||
if (i <= 0) break; |
|||
num+=i; |
|||
} |
|||
} |
|||
str=buf->data; |
|||
|
|||
/* If any structs to parse go through in sequence */ |
|||
|
|||
if (sk_num(osk)) |
|||
{ |
|||
tmpbuf=(unsigned char *)str; |
|||
tmplen=num; |
|||
for (i=0; i<sk_num(osk); i++) |
|||
{ |
|||
ASN1_TYPE *atmp; |
|||
int typ; |
|||
j=atoi(sk_value(osk,i)); |
|||
if (j == 0) |
|||
{ |
|||
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i)); |
|||
continue; |
|||
} |
|||
tmpbuf+=j; |
|||
tmplen-=j; |
|||
atmp = at; |
|||
ctmpbuf = tmpbuf; |
|||
at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); |
|||
ASN1_TYPE_free(atmp); |
|||
if(!at) |
|||
{ |
|||
BIO_printf(bio_err,"Error parsing structure\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
typ = ASN1_TYPE_get(at); |
|||
if ((typ == V_ASN1_OBJECT) |
|||
|| (typ == V_ASN1_NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "Can't parse %s type\n", |
|||
typ == V_ASN1_NULL ? "NULL" : "OBJECT"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
/* hmm... this is a little evil but it works */ |
|||
tmpbuf=at->value.asn1_string->data; |
|||
tmplen=at->value.asn1_string->length; |
|||
} |
|||
str=(char *)tmpbuf; |
|||
num=tmplen; |
|||
} |
|||
|
|||
if (offset >= num) |
|||
{ |
|||
BIO_printf(bio_err, "Error: offset too large\n"); |
|||
goto end; |
|||
} |
|||
|
|||
num -= offset; |
|||
|
|||
if ((length == 0) || ((long)length > num)) length=(unsigned int)num; |
|||
if(derout) { |
|||
if(BIO_write(derout, str + offset, length) != (int)length) { |
|||
BIO_printf(bio_err, "Error writing output\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
if (!noout && |
|||
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length, |
|||
indent,dump)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret=0; |
|||
end: |
|||
BIO_free(derout); |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (b64 != NULL) BIO_free(b64); |
|||
if (ret != 0) |
|||
ERR_print_errors(bio_err); |
|||
if (buf != NULL) BUF_MEM_free(buf); |
|||
if (at != NULL) ASN1_TYPE_free(at); |
|||
if (osk != NULL) sk_free(osk); |
|||
OBJ_cleanup(); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) |
|||
{ |
|||
CONF *cnf = NULL; |
|||
int len; |
|||
long errline; |
|||
unsigned char *p; |
|||
ASN1_TYPE *atyp = NULL; |
|||
|
|||
if (genconf) |
|||
{ |
|||
cnf = NCONF_new(NULL); |
|||
if (!NCONF_load(cnf, genconf, &errline)) |
|||
goto conferr; |
|||
if (!genstr) |
|||
genstr = NCONF_get_string(cnf, "default", "asn1"); |
|||
if (!genstr) |
|||
{ |
|||
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); |
|||
goto err; |
|||
} |
|||
} |
|||
|
|||
atyp = ASN1_generate_nconf(genstr, cnf); |
|||
NCONF_free(cnf); |
|||
|
|||
if (!atyp) |
|||
return -1; |
|||
|
|||
len = i2d_ASN1_TYPE(atyp, NULL); |
|||
|
|||
if (len <= 0) |
|||
goto err; |
|||
|
|||
if (!BUF_MEM_grow(buf,len)) |
|||
goto err; |
|||
|
|||
p=(unsigned char *)buf->data; |
|||
|
|||
i2d_ASN1_TYPE(atyp, &p); |
|||
|
|||
ASN1_TYPE_free(atyp); |
|||
return len; |
|||
|
|||
conferr: |
|||
|
|||
if (errline > 0) |
|||
BIO_printf(bio, "Error on line %ld of config file '%s'\n", |
|||
errline, genconf); |
|||
else |
|||
BIO_printf(bio, "Error loading config file '%s'\n", genconf); |
|||
|
|||
err: |
|||
NCONF_free(cnf); |
|||
ASN1_TYPE_free(atyp); |
|||
|
|||
return -1; |
|||
|
|||
} |
@ -0,0 +1 @@ |
|||
07 |
@ -0,0 +1,15 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 |
|||
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd |
|||
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB |
|||
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 |
|||
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 |
|||
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs |
|||
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL |
|||
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s |
|||
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz |
|||
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa |
|||
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb |
|||
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 |
|||
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx |
|||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx |
|||
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy |
|||
bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d |
|||
FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe |
|||
cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 |
|||
cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR |
|||
5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW |
|||
kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= |
|||
-----END CERTIFICATE REQUEST----- |
File diff suppressed because it is too large
@ -0,0 +1,11 @@ |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV |
|||
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD |
|||
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa |
|||
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 |
|||
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT |
|||
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7 |
|||
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q |
|||
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO |
|||
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3 |
|||
-----END CERTIFICATE----- |
@ -0,0 +1,208 @@ |
|||
/* apps/ciphers.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#ifdef OPENSSL_NO_STDIO |
|||
#define APPS_WIN16 |
|||
#endif |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/ssl.h> |
|||
|
|||
#undef PROG |
|||
#define PROG ciphers_main |
|||
|
|||
static const char *ciphers_usage[]={ |
|||
"usage: ciphers args\n", |
|||
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", |
|||
" -ssl2 - SSL2 mode\n", |
|||
" -ssl3 - SSL3 mode\n", |
|||
" -tls1 - TLS1 mode\n", |
|||
NULL |
|||
}; |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int ret=1,i; |
|||
int verbose=0; |
|||
const char **pp; |
|||
const char *p; |
|||
int badops=0; |
|||
SSL_CTX *ctx=NULL; |
|||
SSL *ssl=NULL; |
|||
char *ciphers=NULL; |
|||
SSL_METHOD *meth=NULL; |
|||
STACK_OF(SSL_CIPHER) *sk; |
|||
char buf[512]; |
|||
BIO *STDout=NULL; |
|||
|
|||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
|||
meth=SSLv23_server_method(); |
|||
#elif !defined(OPENSSL_NO_SSL3) |
|||
meth=SSLv3_server_method(); |
|||
#elif !defined(OPENSSL_NO_SSL2) |
|||
meth=SSLv2_server_method(); |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); |
|||
STDout=BIO_new_fp(stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
STDout = BIO_push(tmpbio, STDout); |
|||
} |
|||
#endif |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-v") == 0) |
|||
verbose=1; |
|||
#ifndef OPENSSL_NO_SSL2 |
|||
else if (strcmp(*argv,"-ssl2") == 0) |
|||
meth=SSLv2_client_method(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SSL3 |
|||
else if (strcmp(*argv,"-ssl3") == 0) |
|||
meth=SSLv3_client_method(); |
|||
#endif |
|||
#ifndef OPENSSL_NO_TLS1 |
|||
else if (strcmp(*argv,"-tls1") == 0) |
|||
meth=TLSv1_client_method(); |
|||
#endif |
|||
else if ((strncmp(*argv,"-h",2) == 0) || |
|||
(strcmp(*argv,"-?") == 0)) |
|||
{ |
|||
badops=1; |
|||
break; |
|||
} |
|||
else |
|||
{ |
|||
ciphers= *argv; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
for (pp=ciphers_usage; (*pp != NULL); pp++) |
|||
BIO_printf(bio_err,"%s",*pp); |
|||
goto end; |
|||
} |
|||
|
|||
OpenSSL_add_ssl_algorithms(); |
|||
|
|||
ctx=SSL_CTX_new(meth); |
|||
if (ctx == NULL) goto err; |
|||
if (ciphers != NULL) { |
|||
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { |
|||
BIO_printf(bio_err, "Error in cipher list\n"); |
|||
goto err; |
|||
} |
|||
} |
|||
ssl=SSL_new(ctx); |
|||
if (ssl == NULL) goto err; |
|||
|
|||
|
|||
if (!verbose) |
|||
{ |
|||
for (i=0; ; i++) |
|||
{ |
|||
p=SSL_get_cipher_list(ssl,i); |
|||
if (p == NULL) break; |
|||
if (i != 0) BIO_printf(STDout,":"); |
|||
BIO_printf(STDout,"%s",p); |
|||
} |
|||
BIO_printf(STDout,"\n"); |
|||
} |
|||
else |
|||
{ |
|||
sk=SSL_get_ciphers(ssl); |
|||
|
|||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
|||
{ |
|||
BIO_puts(STDout,SSL_CIPHER_description( |
|||
sk_SSL_CIPHER_value(sk,i), |
|||
buf,sizeof buf)); |
|||
} |
|||
} |
|||
|
|||
ret=0; |
|||
if (0) |
|||
{ |
|||
err: |
|||
SSL_load_error_strings(); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
end: |
|||
if (ctx != NULL) SSL_CTX_free(ctx); |
|||
if (ssl != NULL) SSL_free(ssl); |
|||
if (STDout != NULL) BIO_free_all(STDout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
@ -0,0 +1,24 @@ |
|||
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) |
|||
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit) |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV |
|||
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD |
|||
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5 |
|||
MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG |
|||
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl |
|||
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw |
|||
Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt |
|||
XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5 |
|||
NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3 |
|||
UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE |
|||
9TKwhS4GlwbtCfxSKQ== |
|||
-----END CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm |
|||
q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko |
|||
/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1 |
|||
HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0 |
|||
ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/ |
|||
nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw |
|||
ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg== |
|||
-----END RSA PRIVATE KEY----- |
File diff suppressed because it is too large
@ -0,0 +1,446 @@ |
|||
/* apps/crl.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/x509v3.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG crl_main |
|||
|
|||
#undef POSTFIX |
|||
#define POSTFIX ".rvk" |
|||
|
|||
static const char *crl_usage[]={ |
|||
"usage: crl args\n", |
|||
"\n", |
|||
" -inform arg - input format - default PEM (DER or PEM)\n", |
|||
" -outform arg - output format - default PEM\n", |
|||
" -text - print out a text format version\n", |
|||
" -in arg - input file - default stdin\n", |
|||
" -out arg - output file - default stdout\n", |
|||
" -hash - print hash value\n", |
|||
" -fingerprint - print the crl fingerprint\n", |
|||
" -issuer - print issuer DN\n", |
|||
" -lastupdate - lastUpdate field\n", |
|||
" -nextupdate - nextUpdate field\n", |
|||
" -crlnumber - print CRL number\n", |
|||
" -noout - no CRL output\n", |
|||
" -CAfile name - verify CRL using certificates in file \"name\"\n", |
|||
" -CApath dir - verify CRL using certificates in \"dir\"\n", |
|||
" -nameopt arg - various certificate name options\n", |
|||
NULL |
|||
}; |
|||
|
|||
static X509_CRL *load_crl(char *file, int format); |
|||
static BIO *bio_out=NULL; |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
unsigned long nmflag = 0; |
|||
X509_CRL *x=NULL; |
|||
char *CAfile = NULL, *CApath = NULL; |
|||
int ret=1,i,num,badops=0; |
|||
BIO *out=NULL; |
|||
int informat,outformat; |
|||
char *infile=NULL,*outfile=NULL; |
|||
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; |
|||
int fingerprint = 0, crlnumber = 0; |
|||
const char **pp; |
|||
X509_STORE *store = NULL; |
|||
X509_STORE_CTX ctx; |
|||
X509_LOOKUP *lookup = NULL; |
|||
X509_OBJECT xobj; |
|||
EVP_PKEY *pkey; |
|||
int do_ver = 0; |
|||
const EVP_MD *md_alg,*digest=EVP_sha1(); |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
if (bio_out == NULL) |
|||
if ((bio_out=BIO_new(BIO_s_file())) != NULL) |
|||
{ |
|||
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
bio_out = BIO_push(tmpbio, bio_out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
argc--; |
|||
argv++; |
|||
num=0; |
|||
while (argc >= 1) |
|||
{ |
|||
#ifdef undef |
|||
if (strcmp(*argv,"-p") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ |
|||
} |
|||
#endif |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-CApath") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
CApath = *(++argv); |
|||
do_ver = 1; |
|||
} |
|||
else if (strcmp(*argv,"-CAfile") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
CAfile = *(++argv); |
|||
do_ver = 1; |
|||
} |
|||
else if (strcmp(*argv,"-verify") == 0) |
|||
do_ver = 1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text = 1; |
|||
else if (strcmp(*argv,"-hash") == 0) |
|||
hash= ++num; |
|||
else if (strcmp(*argv,"-nameopt") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if (!set_name_ex(&nmflag, *(++argv))) goto bad; |
|||
} |
|||
else if (strcmp(*argv,"-issuer") == 0) |
|||
issuer= ++num; |
|||
else if (strcmp(*argv,"-lastupdate") == 0) |
|||
lastupdate= ++num; |
|||
else if (strcmp(*argv,"-nextupdate") == 0) |
|||
nextupdate= ++num; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout= ++num; |
|||
else if (strcmp(*argv,"-fingerprint") == 0) |
|||
fingerprint= ++num; |
|||
else if (strcmp(*argv,"-crlnumber") == 0) |
|||
crlnumber= ++num; |
|||
else if ((md_alg=EVP_get_digestbyname(*argv + 1))) |
|||
{ |
|||
/* ok */ |
|||
digest=md_alg; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
for (pp=crl_usage; (*pp != NULL); pp++) |
|||
BIO_printf(bio_err,"%s",*pp); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
x=load_crl(infile,informat); |
|||
if (x == NULL) { goto end; } |
|||
|
|||
if(do_ver) { |
|||
store = X509_STORE_new(); |
|||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); |
|||
if (lookup == NULL) goto end; |
|||
if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) |
|||
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); |
|||
|
|||
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); |
|||
if (lookup == NULL) goto end; |
|||
if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) |
|||
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); |
|||
ERR_clear_error(); |
|||
|
|||
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { |
|||
BIO_printf(bio_err, |
|||
"Error initialising X509 store\n"); |
|||
goto end; |
|||
} |
|||
|
|||
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, |
|||
X509_CRL_get_issuer(x), &xobj); |
|||
if(i <= 0) { |
|||
BIO_printf(bio_err, |
|||
"Error getting CRL issuer certificate\n"); |
|||
goto end; |
|||
} |
|||
pkey = X509_get_pubkey(xobj.data.x509); |
|||
X509_OBJECT_free_contents(&xobj); |
|||
if(!pkey) { |
|||
BIO_printf(bio_err, |
|||
"Error getting CRL issuer public key\n"); |
|||
goto end; |
|||
} |
|||
i = X509_CRL_verify(x, pkey); |
|||
EVP_PKEY_free(pkey); |
|||
if(i < 0) goto end; |
|||
if(i == 0) BIO_printf(bio_err, "verify failure\n"); |
|||
else BIO_printf(bio_err, "verify OK\n"); |
|||
} |
|||
|
|||
if (num) |
|||
{ |
|||
for (i=1; i<=num; i++) |
|||
{ |
|||
if (issuer == i) |
|||
{ |
|||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); |
|||
} |
|||
if (crlnumber == i) |
|||
{ |
|||
ASN1_INTEGER *crlnum; |
|||
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, |
|||
NULL, NULL); |
|||
BIO_printf(bio_out,"crlNumber="); |
|||
if (crlnum) |
|||
{ |
|||
i2a_ASN1_INTEGER(bio_out, crlnum); |
|||
ASN1_INTEGER_free(crlnum); |
|||
} |
|||
else |
|||
BIO_puts(bio_out, "<NONE>"); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (hash == i) |
|||
{ |
|||
BIO_printf(bio_out,"%08lx\n", |
|||
X509_NAME_hash(X509_CRL_get_issuer(x))); |
|||
} |
|||
if (lastupdate == i) |
|||
{ |
|||
BIO_printf(bio_out,"lastUpdate="); |
|||
ASN1_TIME_print(bio_out, |
|||
X509_CRL_get_lastUpdate(x)); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (nextupdate == i) |
|||
{ |
|||
BIO_printf(bio_out,"nextUpdate="); |
|||
if (X509_CRL_get_nextUpdate(x)) |
|||
ASN1_TIME_print(bio_out, |
|||
X509_CRL_get_nextUpdate(x)); |
|||
else |
|||
BIO_printf(bio_out,"NONE"); |
|||
BIO_printf(bio_out,"\n"); |
|||
} |
|||
if (fingerprint == i) |
|||
{ |
|||
int j; |
|||
unsigned int n; |
|||
unsigned char md[EVP_MAX_MD_SIZE]; |
|||
|
|||
if (!X509_CRL_digest(x,digest,md,&n)) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
goto end; |
|||
} |
|||
BIO_printf(bio_out,"%s Fingerprint=", |
|||
OBJ_nid2sn(EVP_MD_type(digest))); |
|||
for (j=0; j<(int)n; j++) |
|||
{ |
|||
BIO_printf(bio_out,"%02X%c",md[j], |
|||
(j+1 == (int)n) |
|||
?'\n':':'); |
|||
} |
|||
} |
|||
} |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (text) X509_CRL_print(out, x); |
|||
|
|||
if (noout) |
|||
{ |
|||
ret = 0; |
|||
goto end; |
|||
} |
|||
|
|||
if (outformat == FORMAT_ASN1) |
|||
i=(int)i2d_X509_CRL_bio(out,x); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_X509_CRL(out,x); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } |
|||
ret=0; |
|||
end: |
|||
BIO_free_all(out); |
|||
BIO_free_all(bio_out); |
|||
bio_out=NULL; |
|||
X509_CRL_free(x); |
|||
if(store) { |
|||
X509_STORE_CTX_cleanup(&ctx); |
|||
X509_STORE_free(store); |
|||
} |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
static X509_CRL *load_crl(char *infile, int format) |
|||
{ |
|||
X509_CRL *x=NULL; |
|||
BIO *in=NULL; |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if (in == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (format == FORMAT_ASN1) |
|||
x=d2i_X509_CRL_bio(in,NULL); |
|||
else if (format == FORMAT_PEM) |
|||
x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
|||
else { |
|||
BIO_printf(bio_err,"bad input format specified for input crl\n"); |
|||
goto end; |
|||
} |
|||
if (x == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load CRL\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
end: |
|||
BIO_free(in); |
|||
return(x); |
|||
} |
|||
|
@ -0,0 +1,345 @@ |
|||
/* apps/crl2p7.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
|
|||
* and donated 'to the cause' along with lots and lots of other fixes to |
|||
* the library. */ |
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <sys/types.h> |
|||
#include <sys/stat.h> |
|||
#include "apps.h" |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pkcs7.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/objects.h> |
|||
|
|||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); |
|||
#undef PROG |
|||
#define PROG crl2pkcs7_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
int i,badops=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat; |
|||
char *infile,*outfile,*prog,*certfile; |
|||
PKCS7 *p7 = NULL; |
|||
PKCS7_SIGNED *p7s = NULL; |
|||
X509_CRL *crl=NULL; |
|||
STACK *certflst=NULL; |
|||
STACK_OF(X509_CRL) *crl_stack=NULL; |
|||
STACK_OF(X509) *cert_stack=NULL; |
|||
int ret=1,nocrl=0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-nocrl") == 0) |
|||
{ |
|||
nocrl=1; |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-certfile") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
if(!certflst) certflst = sk_new_null(); |
|||
sk_push(certflst,*(++argv)); |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); |
|||
BIO_printf(bio_err," (can be used more than once)\n"); |
|||
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); |
|||
ret = 1; |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (!nocrl) |
|||
{ |
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
crl=d2i_X509_CRL_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
|||
else { |
|||
BIO_printf(bio_err,"bad input format specified for input crl\n"); |
|||
goto end; |
|||
} |
|||
if (crl == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load CRL\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if ((p7=PKCS7_new()) == NULL) goto end; |
|||
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; |
|||
p7->type=OBJ_nid2obj(NID_pkcs7_signed); |
|||
p7->d.sign=p7s; |
|||
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); |
|||
|
|||
if (!ASN1_INTEGER_set(p7s->version,1)) goto end; |
|||
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; |
|||
p7s->crl=crl_stack; |
|||
if (crl != NULL) |
|||
{ |
|||
sk_X509_CRL_push(crl_stack,crl); |
|||
crl=NULL; /* now part of p7 for OPENSSL_freeing */ |
|||
} |
|||
|
|||
if ((cert_stack=sk_X509_new_null()) == NULL) goto end; |
|||
p7s->cert=cert_stack; |
|||
|
|||
if(certflst) for(i = 0; i < sk_num(certflst); i++) { |
|||
certfile = sk_value(certflst, i); |
|||
if (add_certs_from_file(cert_stack,certfile) < 0) |
|||
{ |
|||
BIO_printf(bio_err, "error loading certificates\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
sk_free(certflst); |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_PKCS7_bio(out,p7); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_PKCS7(out,p7); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write pkcs7 object\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (p7 != NULL) PKCS7_free(p7); |
|||
if (crl != NULL) X509_CRL_free(crl); |
|||
|
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
/*
|
|||
*---------------------------------------------------------------------- |
|||
* int add_certs_from_file |
|||
* |
|||
* Read a list of certificates to be checked from a file. |
|||
* |
|||
* Results: |
|||
* number of certs added if successful, -1 if not. |
|||
*---------------------------------------------------------------------- |
|||
*/ |
|||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) |
|||
{ |
|||
struct stat st; |
|||
BIO *in=NULL; |
|||
int count=0; |
|||
int ret= -1; |
|||
STACK_OF(X509_INFO) *sk=NULL; |
|||
X509_INFO *xi; |
|||
|
|||
if ((stat(certfile,&st) != 0)) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load the file, %s\n",certfile); |
|||
goto end; |
|||
} |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) |
|||
{ |
|||
BIO_printf(bio_err,"error opening the file, %s\n",certfile); |
|||
goto end; |
|||
} |
|||
|
|||
/* This loads from a file, a stack of x509/crl/pkey sets */ |
|||
sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); |
|||
if (sk == NULL) { |
|||
BIO_printf(bio_err,"error reading the file, %s\n",certfile); |
|||
goto end; |
|||
} |
|||
|
|||
/* scan over it and pull out the CRL's */ |
|||
while (sk_X509_INFO_num(sk)) |
|||
{ |
|||
xi=sk_X509_INFO_shift(sk); |
|||
if (xi->x509 != NULL) |
|||
{ |
|||
sk_X509_push(stack,xi->x509); |
|||
xi->x509=NULL; |
|||
count++; |
|||
} |
|||
X509_INFO_free(xi); |
|||
} |
|||
|
|||
ret=count; |
|||
end: |
|||
/* never need to OPENSSL_free x */ |
|||
if (in != NULL) BIO_free(in); |
|||
if (sk != NULL) sk_X509_INFO_free(sk); |
|||
return(ret); |
|||
} |
|||
|
@ -0,0 +1,14 @@ |
|||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server |
|||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA |
|||
-----BEGIN X509 CERTIFICATE----- |
|||
|
|||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV |
|||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz |
|||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM |
|||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV |
|||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 |
|||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb |
|||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 |
|||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn |
|||
IMs6ZOZB |
|||
-----END X509 CERTIFICATE----- |
@ -0,0 +1,39 @@ |
|||
R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young |
|||
E 951009233205Z 02 certs/00000002 /CN=Duncan Young |
|||
R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson |
|||
V 980705233205Z 04 certs/00000004 /CN=Eric Young4 |
|||
V 980705233205Z 05 certs/00000004 /CN=Eric Young5 |
|||
V 980705233205Z 06 certs/00000004 /CN=Eric Young6 |
|||
V 980705233205Z 07 certs/00000004 /CN=Eric Young7 |
|||
V 980705233205Z 08 certs/00000004 /CN=Eric Young8 |
|||
V 980705233205Z 09 certs/00000004 /CN=Eric Young9 |
|||
V 980705233205Z 0A certs/00000004 /CN=Eric YoungA |
|||
V 980705233205Z 0B certs/00000004 /CN=Eric YoungB |
|||
V 980705233205Z 0C certs/00000004 /CN=Eric YoungC |
|||
V 980705233205Z 0D certs/00000004 /CN=Eric YoungD |
|||
V 980705233205Z 0E certs/00000004 /CN=Eric YoungE |
|||
V 980705233205Z 0F certs/00000004 /CN=Eric YoungF |
|||
V 980705233205Z 10 certs/00000004 /CN=Eric Young10 |
|||
V 980705233205Z 11 certs/00000004 /CN=Eric Young11 |
|||
V 980705233205Z 12 certs/00000004 /CN=Eric Young12 |
|||
V 980705233205Z 13 certs/00000004 /CN=Eric Young13 |
|||
V 980705233205Z 14 certs/00000004 /CN=Eric Young14 |
|||
V 980705233205Z 15 certs/00000004 /CN=Eric Young15 |
|||
V 980705233205Z 16 certs/00000004 /CN=Eric Young16 |
|||
V 980705233205Z 17 certs/00000004 /CN=Eric Young17 |
|||
V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au |
|||
V 970322075152Z 010F unknown /CN=Eric Young |
|||
V 970322075906Z 0110 unknown /CN=Eric Youngg |
|||
V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young |
|||
V 970324221931Z 0112 unknown /CN=Fred |
|||
V 970324224934Z 0113 unknown /C=AU/CN=eay |
|||
V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test |
|||
V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 |
|||
V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test |
|||
V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test |
|||
V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 |
|||
V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 |
|||
V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr |
|||
V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk |
@ -0,0 +1,24 @@ |
|||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA |
|||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server |
|||
-----BEGIN X509 CERTIFICATE----- |
|||
|
|||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV |
|||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz |
|||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM |
|||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV |
|||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 |
|||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb |
|||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 |
|||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn |
|||
IMs6ZOZB |
|||
-----END X509 CERTIFICATE----- |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
|
|||
MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe |
|||
Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ |
|||
hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG |
|||
sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw |
|||
tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq |
|||
agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA |
|||
g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= |
|||
-----END RSA PRIVATE KEY----- |
@ -0,0 +1 @@ |
|||
011E |
@ -0,0 +1,552 @@ |
|||
/* apps/dgst.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <stdio.h> |
|||
#include <string.h> |
|||
#include <stdlib.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/objects.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/hmac.h> |
|||
|
|||
#undef BUFSIZE |
|||
#define BUFSIZE 1024*8 |
|||
|
|||
#undef PROG |
|||
#define PROG dgst_main |
|||
|
|||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
|||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, |
|||
const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
unsigned char *buf=NULL; |
|||
int i,err=1; |
|||
const EVP_MD *md=NULL,*m; |
|||
BIO *in=NULL,*inp; |
|||
BIO *bmd=NULL; |
|||
BIO *out = NULL; |
|||
const char *name; |
|||
#define PROG_NAME_SIZE 39 |
|||
char pname[PROG_NAME_SIZE+1]; |
|||
int separator=0; |
|||
int debug=0; |
|||
int keyform=FORMAT_PEM; |
|||
const char *outfile = NULL, *keyfile = NULL; |
|||
const char *sigfile = NULL, *randfile = NULL; |
|||
int out_bin = -1, want_pub = 0, do_verify = 0; |
|||
EVP_PKEY *sigkey = NULL; |
|||
unsigned char *sigbuf = NULL; |
|||
int siglen = 0; |
|||
unsigned int sig_flags = 0; |
|||
char *passargin = NULL, *passin = NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
char *hmac_key=NULL; |
|||
int non_fips_allow = 0; |
|||
|
|||
apps_startup(); |
|||
ERR_load_crypto_strings(); |
|||
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"out of memory\n"); |
|||
goto end; |
|||
} |
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
/* first check the program name */ |
|||
program_name(argv[0],pname,sizeof pname); |
|||
|
|||
md=EVP_get_digestbyname(pname); |
|||
|
|||
argc--; |
|||
argv++; |
|||
while (argc > 0) |
|||
{ |
|||
if ((*argv)[0] != '-') break; |
|||
if (strcmp(*argv,"-c") == 0) |
|||
separator=1; |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
randfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
outfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-sign") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
} |
|||
else if (!strcmp(*argv,"-passin")) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
passargin=*++argv; |
|||
} |
|||
else if (strcmp(*argv,"-verify") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
want_pub = 1; |
|||
do_verify = 1; |
|||
} |
|||
else if (strcmp(*argv,"-prverify") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyfile=*(++argv); |
|||
do_verify = 1; |
|||
} |
|||
else if (strcmp(*argv,"-x931") == 0) |
|||
sig_flags = EVP_MD_CTX_FLAG_PAD_X931; |
|||
else if (strcmp(*argv,"-pss_saltlen") == 0) |
|||
{ |
|||
int saltlen; |
|||
if (--argc < 1) break; |
|||
saltlen=atoi(*(++argv)); |
|||
if (saltlen == -1) |
|||
sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; |
|||
else if (saltlen == -2) |
|||
sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; |
|||
else if (saltlen < -2 || saltlen >= 0xFFFE) |
|||
{ |
|||
BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen); |
|||
goto end; |
|||
} |
|||
else |
|||
sig_flags = saltlen; |
|||
sig_flags <<= 16; |
|||
sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; |
|||
} |
|||
else if (strcmp(*argv,"-signature") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
sigfile=*(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-keyform") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
keyform=str2fmt(*(++argv)); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) break; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-hex") == 0) |
|||
out_bin = 0; |
|||
else if (strcmp(*argv,"-binary") == 0) |
|||
out_bin = 1; |
|||
else if (strcmp(*argv,"-d") == 0) |
|||
debug=1; |
|||
else if (strcmp(*argv,"-non-fips-allow") == 0) |
|||
non_fips_allow=1; |
|||
else if (!strcmp(*argv,"-fips-fingerprint")) |
|||
hmac_key = "etaonrishdlcupfm"; |
|||
else if (!strcmp(*argv,"-hmac")) |
|||
{ |
|||
if (--argc < 1) |
|||
break; |
|||
hmac_key=*++argv; |
|||
} |
|||
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) |
|||
md=m; |
|||
else |
|||
break; |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (md == NULL) |
|||
md=EVP_md5(); |
|||
|
|||
if(do_verify && !sigfile) { |
|||
BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); |
|||
err = 1; |
|||
goto end; |
|||
} |
|||
|
|||
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ |
|||
{ |
|||
BIO_printf(bio_err,"unknown option '%s'\n",*argv); |
|||
BIO_printf(bio_err,"options are\n"); |
|||
BIO_printf(bio_err,"-c to output the digest with separating colons\n"); |
|||
BIO_printf(bio_err,"-d to output debug info\n"); |
|||
BIO_printf(bio_err,"-hex output as hex dump\n"); |
|||
BIO_printf(bio_err,"-binary output in binary form\n"); |
|||
BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); |
|||
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); |
|||
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); |
|||
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); |
|||
BIO_printf(bio_err,"-signature file signature to verify\n"); |
|||
BIO_printf(bio_err,"-binary output in binary form\n"); |
|||
BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
|
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", |
|||
LN_md5,LN_md5); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_md4,LN_md4); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_md2,LN_md2); |
|||
#ifndef OPENSSL_NO_SHA |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha1,LN_sha1); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha,LN_sha); |
|||
#ifndef OPENSSL_NO_SHA256 |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha224,LN_sha224); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha256,LN_sha256); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SHA512 |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha384,LN_sha384); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_sha512,LN_sha512); |
|||
#endif |
|||
#endif |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_mdc2,LN_mdc2); |
|||
BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
|||
LN_ripemd160,LN_ripemd160); |
|||
err=1; |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
bmd=BIO_new(BIO_f_md()); |
|||
if (debug) |
|||
{ |
|||
BIO_set_callback(in,BIO_debug_callback); |
|||
/* needed for windows 3.1 */ |
|||
BIO_set_callback_arg(in,(char *)bio_err); |
|||
} |
|||
|
|||
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
|||
{ |
|||
BIO_printf(bio_err, "Error getting password\n"); |
|||
goto end; |
|||
} |
|||
|
|||
if ((in == NULL) || (bmd == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if(out_bin == -1) { |
|||
if(keyfile) out_bin = 1; |
|||
else out_bin = 0; |
|||
} |
|||
|
|||
if(randfile) |
|||
app_RAND_load_file(randfile, bio_err, 0); |
|||
|
|||
if(outfile) { |
|||
if(out_bin) |
|||
out = BIO_new_file(outfile, "wb"); |
|||
else out = BIO_new_file(outfile, "w"); |
|||
} else { |
|||
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
|
|||
if(!out) { |
|||
BIO_printf(bio_err, "Error opening output file %s\n", |
|||
outfile ? outfile : "(stdout)"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if(keyfile) |
|||
{ |
|||
if (want_pub) |
|||
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, |
|||
e, "key file"); |
|||
else |
|||
sigkey = load_key(bio_err, keyfile, keyform, 0, passin, |
|||
e, "key file"); |
|||
if (!sigkey) |
|||
{ |
|||
/* load_[pub]key() has already printed an appropriate
|
|||
message */ |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if(sigfile && sigkey) { |
|||
BIO *sigbio; |
|||
sigbio = BIO_new_file(sigfile, "rb"); |
|||
siglen = EVP_PKEY_size(sigkey); |
|||
sigbuf = OPENSSL_malloc(siglen); |
|||
if(!sigbio) { |
|||
BIO_printf(bio_err, "Error opening signature file %s\n", |
|||
sigfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
siglen = BIO_read(sigbio, sigbuf, siglen); |
|||
BIO_free(sigbio); |
|||
if(siglen <= 0) { |
|||
BIO_printf(bio_err, "Error reading signature file %s\n", |
|||
sigfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (non_fips_allow) |
|||
{ |
|||
EVP_MD_CTX *md_ctx; |
|||
BIO_get_md_ctx(bmd,&md_ctx); |
|||
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|||
} |
|||
|
|||
if (sig_flags) |
|||
{ |
|||
EVP_MD_CTX *md_ctx; |
|||
BIO_get_md_ctx(bmd,&md_ctx); |
|||
EVP_MD_CTX_set_flags(md_ctx, sig_flags); |
|||
} |
|||
|
|||
/* we use md as a filter, reading from 'in' */ |
|||
if (!BIO_set_md(bmd,md)) |
|||
{ |
|||
BIO_printf(bio_err, "Error setting digest %s\n", pname); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
inp=BIO_push(bmd,in); |
|||
|
|||
if (argc == 0) |
|||
{ |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
|||
siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); |
|||
} |
|||
else |
|||
{ |
|||
name=OBJ_nid2sn(md->type); |
|||
err = 0; |
|||
for (i=0; i<argc; i++) |
|||
{ |
|||
char *tmp,*tofree=NULL; |
|||
int r; |
|||
|
|||
if (BIO_read_filename(in,argv[i]) <= 0) |
|||
{ |
|||
perror(argv[i]); |
|||
err++; |
|||
continue; |
|||
} |
|||
if(!out_bin) |
|||
{ |
|||
size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5; |
|||
tmp=tofree=OPENSSL_malloc(len); |
|||
BIO_snprintf(tmp,len,"%s%s(%s)= ", |
|||
hmac_key ? "HMAC-" : "",name,argv[i]); |
|||
} |
|||
else |
|||
tmp=""; |
|||
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, |
|||
siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); |
|||
if(r) |
|||
err=r; |
|||
if(tofree) |
|||
OPENSSL_free(tofree); |
|||
(void)BIO_reset(bmd); |
|||
} |
|||
} |
|||
end: |
|||
if (buf != NULL) |
|||
{ |
|||
OPENSSL_cleanse(buf,BUFSIZE); |
|||
OPENSSL_free(buf); |
|||
} |
|||
if (in != NULL) BIO_free(in); |
|||
if (passin) |
|||
OPENSSL_free(passin); |
|||
BIO_free_all(out); |
|||
EVP_PKEY_free(sigkey); |
|||
if(sigbuf) OPENSSL_free(sigbuf); |
|||
if (bmd != NULL) BIO_free(bmd); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(err); |
|||
} |
|||
|
|||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
|||
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, |
|||
const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow) |
|||
{ |
|||
unsigned int len; |
|||
int i; |
|||
EVP_MD_CTX *md_ctx; |
|||
HMAC_CTX hmac_ctx; |
|||
|
|||
if (hmac_key) |
|||
{ |
|||
EVP_MD *md; |
|||
|
|||
BIO_get_md(bmd,&md); |
|||
HMAC_CTX_init(&hmac_ctx); |
|||
HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); |
|||
BIO_get_md_ctx(bmd,&md_ctx); |
|||
BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); |
|||
} |
|||
for (;;) |
|||
{ |
|||
i=BIO_read(bp,(char *)buf,BUFSIZE); |
|||
if(i < 0) |
|||
{ |
|||
BIO_printf(bio_err, "Read Error in %s\n",file); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
if (i == 0) break; |
|||
} |
|||
if(sigin) |
|||
{ |
|||
EVP_MD_CTX *ctx; |
|||
BIO_get_md_ctx(bp, &ctx); |
|||
i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); |
|||
if(i > 0) |
|||
BIO_printf(out, "Verified OK\n"); |
|||
else if(i == 0) |
|||
{ |
|||
BIO_printf(out, "Verification Failure\n"); |
|||
return 1; |
|||
} |
|||
else |
|||
{ |
|||
BIO_printf(bio_err, "Error Verifying Data\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
return 0; |
|||
} |
|||
if(key) |
|||
{ |
|||
EVP_MD_CTX *ctx; |
|||
BIO_get_md_ctx(bp, &ctx); |
|||
if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) |
|||
{ |
|||
BIO_printf(bio_err, "Error Signing Data\n"); |
|||
ERR_print_errors(bio_err); |
|||
return 1; |
|||
} |
|||
} |
|||
else if(hmac_key) |
|||
{ |
|||
HMAC_Final(&hmac_ctx,buf,&len); |
|||
HMAC_CTX_cleanup(&hmac_ctx); |
|||
} |
|||
else |
|||
len=BIO_gets(bp,(char *)buf,BUFSIZE); |
|||
|
|||
if(binout) BIO_write(out, buf, len); |
|||
else |
|||
{ |
|||
BIO_write(out,title,strlen(title)); |
|||
for (i=0; i<(int)len; i++) |
|||
{ |
|||
if (sep && (i != 0)) |
|||
BIO_printf(out, ":"); |
|||
BIO_printf(out, "%02x",buf[i]); |
|||
} |
|||
BIO_printf(out, "\n"); |
|||
} |
|||
if (hmac_key) |
|||
{ |
|||
BIO_set_md_ctx(bmd,md_ctx); |
|||
} |
|||
return 0; |
|||
} |
|||
|
@ -0,0 +1,352 @@ |
|||
/* apps/dh.c */ |
|||
/* obsoleted by dhparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ |
|||
#ifndef OPENSSL_NO_DH |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dh.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#undef PROG |
|||
#define PROG dh_main |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -check - check the parameters are ok |
|||
* -noout |
|||
* -text |
|||
* -C |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
ENGINE *e = NULL; |
|||
#endif |
|||
DH *dh=NULL; |
|||
int i,badops=0,text=0; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,check=0,noout=0,C=0,ret=1; |
|||
char *infile,*outfile,*prog; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine; |
|||
#endif |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
engine=NULL; |
|||
#endif |
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C=1; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -check check the DH parameters\n"); |
|||
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); |
|||
BIO_printf(bio_err," -C Output C code\n"); |
|||
BIO_printf(bio_err," -noout no output\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
out=BIO_new(BIO_s_file()); |
|||
if ((in == NULL) || (out == NULL)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
dh=d2i_DHparams_bio(in,NULL); |
|||
else if (informat == FORMAT_PEM) |
|||
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); |
|||
else |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
if (dh == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
|
|||
|
|||
if (text) |
|||
{ |
|||
DHparams_print(out,dh); |
|||
#ifdef undef |
|||
printf("p="); |
|||
BN_print(stdout,dh->p); |
|||
printf("\ng="); |
|||
BN_print(stdout,dh->g); |
|||
printf("\n"); |
|||
if (dh->length != 0) |
|||
printf("recommended private length=%ld\n",dh->length); |
|||
#endif |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
if (!DH_check(dh,&i)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (i & DH_CHECK_P_NOT_PRIME) |
|||
printf("p value is not prime\n"); |
|||
if (i & DH_CHECK_P_NOT_SAFE_PRIME) |
|||
printf("p value is not a safe prime\n"); |
|||
if (i & DH_UNABLE_TO_CHECK_GENERATOR) |
|||
printf("unable to check the generator value\n"); |
|||
if (i & DH_NOT_SUITABLE_GENERATOR) |
|||
printf("the g value is not a generator\n"); |
|||
if (i == 0) |
|||
printf("DH parameters appear to be ok.\n"); |
|||
} |
|||
if (C) |
|||
{ |
|||
unsigned char *data; |
|||
int len,l,bits; |
|||
|
|||
len=BN_num_bytes(dh->p); |
|||
bits=BN_num_bits(dh->p); |
|||
data=(unsigned char *)OPENSSL_malloc(len); |
|||
if (data == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
l=BN_bn2bin(dh->p,data); |
|||
printf("static unsigned char dh%d_p[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n"); |
|||
|
|||
l=BN_bn2bin(dh->g,data); |
|||
printf("static unsigned char dh%d_g[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t};\n\n"); |
|||
|
|||
printf("DH *get_dh%d()\n\t{\n",bits); |
|||
printf("\tDH *dh;\n\n"); |
|||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); |
|||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", |
|||
bits,bits); |
|||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", |
|||
bits,bits); |
|||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); |
|||
printf("\t\treturn(NULL);\n"); |
|||
printf("\treturn(dh);\n\t}\n"); |
|||
OPENSSL_free(data); |
|||
} |
|||
|
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DHparams_bio(out,dh); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DHparams(out,dh); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dh != NULL) DH_free(dh); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#endif |
@ -0,0 +1,10 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY |
|||
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6 |
|||
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,12 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV |
|||
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 |
|||
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb |
|||
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX |
|||
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT |
|||
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg== |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
@ -0,0 +1,18 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ |
|||
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt |
|||
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS |
|||
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98 |
|||
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc |
|||
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM |
|||
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9 |
|||
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte |
|||
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH |
|||
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL |
|||
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI= |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,9 @@ |
|||
-----BEGIN DH PARAMETERS----- |
|||
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak |
|||
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC |
|||
-----END DH PARAMETERS----- |
|||
|
|||
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" |
|||
(http://www.skip-vpn.org/spec/numbers.html). |
|||
See there for how they were generated. |
|||
Note that g is not a generator, but this is not a problem since p is a safe prime. |
@ -0,0 +1,557 @@ |
|||
/* apps/dhparam.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
/* ====================================================================
|
|||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* |
|||
* 1. Redistributions of source code must retain the above copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in |
|||
* the documentation and/or other materials provided with the |
|||
* distribution. |
|||
* |
|||
* 3. All advertising materials mentioning features or use of this |
|||
* software must display the following acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|||
* |
|||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|||
* endorse or promote products derived from this software without |
|||
* prior written permission. For written permission, please contact |
|||
* openssl-core@openssl.org. |
|||
* |
|||
* 5. Products derived from this software may not be called "OpenSSL" |
|||
* nor may "OpenSSL" appear in their names without prior written |
|||
* permission of the OpenSSL Project. |
|||
* |
|||
* 6. Redistributions of any form whatsoever must retain the following |
|||
* acknowledgment: |
|||
* "This product includes software developed by the OpenSSL Project |
|||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|||
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|||
* ==================================================================== |
|||
* |
|||
* This product includes cryptographic software written by Eric Young |
|||
* (eay@cryptsoft.com). This product includes software written by Tim |
|||
* Hudson (tjh@cryptsoft.com). |
|||
* |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ |
|||
#ifndef OPENSSL_NO_DH |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <time.h> |
|||
#include <string.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dh.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <openssl/dsa.h> |
|||
#endif |
|||
|
|||
#undef PROG |
|||
#define PROG dhparam_main |
|||
|
|||
#define DEFBITS 512 |
|||
|
|||
/* -inform arg - input format - default PEM (DER or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -dsaparam - read or generate DSA parameters, convert to DH |
|||
* -check - check the parameters are ok |
|||
* -noout |
|||
* -text |
|||
* -C |
|||
*/ |
|||
|
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
ENGINE *e = NULL; |
|||
#endif |
|||
DH *dh=NULL; |
|||
int i,badops=0,text=0; |
|||
#ifndef OPENSSL_NO_DSA |
|||
int dsaparam=0; |
|||
#endif |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,check=0,noout=0,C=0,ret=1; |
|||
char *infile,*outfile,*prog; |
|||
char *inrand=NULL; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine=NULL; |
|||
#endif |
|||
int num = 0, g = 0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-check") == 0) |
|||
check=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
#ifndef OPENSSL_NO_DSA |
|||
else if (strcmp(*argv,"-dsaparam") == 0) |
|||
dsaparam=1; |
|||
#endif |
|||
else if (strcmp(*argv,"-C") == 0) |
|||
C=1; |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-2") == 0) |
|||
g=2; |
|||
else if (strcmp(*argv,"-5") == 0) |
|||
g=5; |
|||
else if (strcmp(*argv,"-rand") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
inrand= *(++argv); |
|||
} |
|||
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0))) |
|||
goto bad; |
|||
argv++; |
|||
argc--; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] [numbits]\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
#ifndef OPENSSL_NO_DSA |
|||
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -check check the DH parameters\n"); |
|||
BIO_printf(bio_err," -text print a text form of the DH parameters\n"); |
|||
BIO_printf(bio_err," -C Output C code\n"); |
|||
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); |
|||
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); |
|||
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
|||
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); |
|||
BIO_printf(bio_err," the random number generator\n"); |
|||
BIO_printf(bio_err," -noout no output\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if (g && !num) |
|||
num = DEFBITS; |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
if (g) |
|||
{ |
|||
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
/* DH parameters */ |
|||
if (num && !g) |
|||
g = 2; |
|||
} |
|||
|
|||
if(num) { |
|||
|
|||
BN_GENCB cb; |
|||
BN_GENCB_set(&cb, dh_cb, bio_err); |
|||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
|||
} |
|||
if (inrand != NULL) |
|||
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
|||
app_RAND_load_files(inrand)); |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
DSA *dsa = DSA_new(); |
|||
|
|||
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); |
|||
if(!dsa || !DSA_generate_parameters_ex(dsa, num, |
|||
NULL, 0, NULL, NULL, &cb)) |
|||
{ |
|||
if(dsa) DSA_free(dsa); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
dh = DSA_dup_DH(dsa); |
|||
DSA_free(dsa); |
|||
if (dh == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
dh = DH_new(); |
|||
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); |
|||
BIO_printf(bio_err,"This is going to take a long time\n"); |
|||
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) |
|||
{ |
|||
if(dh) DH_free(dh); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
app_RAND_write_file(NULL, bio_err); |
|||
} else { |
|||
|
|||
in=BIO_new(BIO_s_file()); |
|||
if (in == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (infile == NULL) |
|||
BIO_set_fp(in,stdin,BIO_NOCLOSE); |
|||
else |
|||
{ |
|||
if (BIO_read_filename(in,infile) <= 0) |
|||
{ |
|||
perror(infile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) |
|||
{ |
|||
BIO_printf(bio_err,"bad input format specified\n"); |
|||
goto end; |
|||
} |
|||
|
|||
#ifndef OPENSSL_NO_DSA |
|||
if (dsaparam) |
|||
{ |
|||
DSA *dsa; |
|||
|
|||
if (informat == FORMAT_ASN1) |
|||
dsa=d2i_DSAparams_bio(in,NULL); |
|||
else /* informat == FORMAT_PEM */ |
|||
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); |
|||
|
|||
if (dsa == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DSA parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
dh = DSA_dup_DH(dsa); |
|||
DSA_free(dsa); |
|||
if (dh == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
else |
|||
#endif |
|||
{ |
|||
if (informat == FORMAT_ASN1) |
|||
dh=d2i_DHparams_bio(in,NULL); |
|||
else /* informat == FORMAT_PEM */ |
|||
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); |
|||
|
|||
if (dh == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
/* dh != NULL */ |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
|
|||
if (text) |
|||
{ |
|||
DHparams_print(out,dh); |
|||
} |
|||
|
|||
if (check) |
|||
{ |
|||
if (!DH_check(dh,&i)) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
if (i & DH_CHECK_P_NOT_PRIME) |
|||
printf("p value is not prime\n"); |
|||
if (i & DH_CHECK_P_NOT_SAFE_PRIME) |
|||
printf("p value is not a safe prime\n"); |
|||
if (i & DH_UNABLE_TO_CHECK_GENERATOR) |
|||
printf("unable to check the generator value\n"); |
|||
if (i & DH_NOT_SUITABLE_GENERATOR) |
|||
printf("the g value is not a generator\n"); |
|||
if (i == 0) |
|||
printf("DH parameters appear to be ok.\n"); |
|||
} |
|||
if (C) |
|||
{ |
|||
unsigned char *data; |
|||
int len,l,bits; |
|||
|
|||
len=BN_num_bytes(dh->p); |
|||
bits=BN_num_bits(dh->p); |
|||
data=(unsigned char *)OPENSSL_malloc(len); |
|||
if (data == NULL) |
|||
{ |
|||
perror("OPENSSL_malloc"); |
|||
goto end; |
|||
} |
|||
printf("#ifndef HEADER_DH_H\n" |
|||
"#include <openssl/dh.h>\n" |
|||
"#endif\n"); |
|||
printf("DH *get_dh%d()\n\t{\n",bits); |
|||
|
|||
l=BN_bn2bin(dh->p,data); |
|||
printf("\tstatic unsigned char dh%d_p[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t\t};\n"); |
|||
|
|||
l=BN_bn2bin(dh->g,data); |
|||
printf("\tstatic unsigned char dh%d_g[]={",bits); |
|||
for (i=0; i<l; i++) |
|||
{ |
|||
if ((i%12) == 0) printf("\n\t\t"); |
|||
printf("0x%02X,",data[i]); |
|||
} |
|||
printf("\n\t\t};\n"); |
|||
|
|||
printf("\tDH *dh;\n\n"); |
|||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); |
|||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", |
|||
bits,bits); |
|||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", |
|||
bits,bits); |
|||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); |
|||
printf("\t\t{ DH_free(dh); return(NULL); }\n"); |
|||
if (dh->length) |
|||
printf("\tdh->length = %ld;\n", dh->length); |
|||
printf("\treturn(dh);\n\t}\n"); |
|||
OPENSSL_free(data); |
|||
} |
|||
|
|||
|
|||
if (!noout) |
|||
{ |
|||
if (outformat == FORMAT_ASN1) |
|||
i=i2d_DHparams_bio(out,dh); |
|||
else if (outformat == FORMAT_PEM) |
|||
i=PEM_write_bio_DHparams(out,dh); |
|||
else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write DH parameters\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
} |
|||
ret=0; |
|||
end: |
|||
if (in != NULL) BIO_free(in); |
|||
if (out != NULL) BIO_free_all(out); |
|||
if (dh != NULL) DH_free(dh); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
|
|||
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */ |
|||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) |
|||
{ |
|||
char c='*'; |
|||
|
|||
if (p == 0) c='.'; |
|||
if (p == 1) c='+'; |
|||
if (p == 2) c='*'; |
|||
if (p == 3) c='\n'; |
|||
BIO_write(cb->arg,&c,1); |
|||
(void)BIO_flush(cb->arg); |
|||
#ifdef LINT |
|||
p=n; |
|||
#endif |
|||
return 1; |
|||
} |
|||
|
|||
#endif |
@ -0,0 +1,40 @@ |
|||
-----BEGIN DSA PRIVATE KEY----- |
|||
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ |
|||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel |
|||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH |
|||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso |
|||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu |
|||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y |
|||
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4 |
|||
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T |
|||
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77 |
|||
J6zsFbSEHaQGUmfSeoM= |
|||
-----END DSA PRIVATE KEY----- |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx |
|||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew |
|||
ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW |
|||
sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m |
|||
rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk |
|||
cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo |
|||
bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR |
|||
CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB |
|||
F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH |
|||
vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq |
|||
AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u |
|||
3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v |
|||
AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== |
|||
-----END CERTIFICATE REQUEST----- |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK |
|||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww |
|||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw |
|||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu |
|||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE |
|||
AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi |
|||
ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh |
|||
MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD |
|||
MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa |
|||
C1Q= |
|||
-----END CERTIFICATE----- |
|||
|
@ -0,0 +1,46 @@ |
|||
-----BEGIN DSA PRIVATE KEY----- |
|||
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ |
|||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel |
|||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH |
|||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso |
|||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu |
|||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y |
|||
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk |
|||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A |
|||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz |
|||
6TicfImU7UFRn9h00j0lJQ== |
|||
-----END DSA PRIVATE KEY----- |
|||
-----BEGIN CERTIFICATE REQUEST----- |
|||
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx |
|||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB |
|||
MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G |
|||
lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O |
|||
Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR |
|||
5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl |
|||
aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 |
|||
kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als |
|||
QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe |
|||
6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ |
|||
yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 |
|||
z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB |
|||
nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== |
|||
-----END CERTIFICATE REQUEST----- |
|||
-----BEGIN CERTIFICATE----- |
|||
MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK |
|||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww |
|||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw |
|||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu |
|||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww |
|||
ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ |
|||
R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 |
|||
JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps |
|||
BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze |
|||
mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO |
|||
VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C |
|||
uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk |
|||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A |
|||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D |
|||
AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n |
|||
5rKUjNBhSg== |
|||
-----END CERTIFICATE----- |
|||
|
@ -0,0 +1,333 @@ |
|||
/* apps/dsa.c */ |
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|||
* All rights reserved. |
|||
* |
|||
* This package is an SSL implementation written |
|||
* by Eric Young (eay@cryptsoft.com). |
|||
* The implementation was written so as to conform with Netscapes SSL. |
|||
* |
|||
* This library is free for commercial and non-commercial use as long as |
|||
* the following conditions are aheared to. The following conditions |
|||
* apply to all code found in this distribution, be it the RC4, RSA, |
|||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
|||
* included with this distribution is covered by the same copyright terms |
|||
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
|||
* |
|||
* Copyright remains Eric Young's, and as such any Copyright notices in |
|||
* the code are not to be removed. |
|||
* If this package is used in a product, Eric Young should be given attribution |
|||
* as the author of the parts of the library used. |
|||
* This can be in the form of a textual message at program startup or |
|||
* in documentation (online or textual) provided with the package. |
|||
* |
|||
* Redistribution and use in source and binary forms, with or without |
|||
* modification, are permitted provided that the following conditions |
|||
* are met: |
|||
* 1. Redistributions of source code must retain the copyright |
|||
* notice, this list of conditions and the following disclaimer. |
|||
* 2. Redistributions in binary form must reproduce the above copyright |
|||
* notice, this list of conditions and the following disclaimer in the |
|||
* documentation and/or other materials provided with the distribution. |
|||
* 3. All advertising materials mentioning features or use of this software |
|||
* must display the following acknowledgement: |
|||
* "This product includes cryptographic software written by |
|||
* Eric Young (eay@cryptsoft.com)" |
|||
* The word 'cryptographic' can be left out if the rouines from the library |
|||
* being used are not cryptographic related :-). |
|||
* 4. If you include any Windows specific code (or a derivative thereof) from |
|||
* the apps directory (application code) you must include an acknowledgement: |
|||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|||
* |
|||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|||
* SUCH DAMAGE. |
|||
* |
|||
* The licence and distribution terms for any publically available version or |
|||
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|||
* copied and put under another distribution licence |
|||
* [including the GNU Public Licence.] |
|||
*/ |
|||
|
|||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ |
|||
#ifndef OPENSSL_NO_DSA |
|||
#include <stdio.h> |
|||
#include <stdlib.h> |
|||
#include <string.h> |
|||
#include <time.h> |
|||
#include "apps.h" |
|||
#include <openssl/bio.h> |
|||
#include <openssl/err.h> |
|||
#include <openssl/evp.h> |
|||
#include <openssl/x509.h> |
|||
#include <openssl/pem.h> |
|||
#include <openssl/bn.h> |
|||
#include <openssl/dsa.h> |
|||
|
|||
#undef PROG |
|||
#define PROG dsa_main |
|||
|
|||
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
|
|||
* -outform arg - output format - default PEM |
|||
* -in arg - input file - default stdin |
|||
* -out arg - output file - default stdout |
|||
* -des - encrypt output if PEM format with DES in cbc mode |
|||
* -des3 - encrypt output if PEM format |
|||
* -idea - encrypt output if PEM format |
|||
* -aes128 - encrypt output if PEM format |
|||
* -aes192 - encrypt output if PEM format |
|||
* -aes256 - encrypt output if PEM format |
|||
* -camellia128 - encrypt output if PEM format |
|||
* -camellia192 - encrypt output if PEM format |
|||
* -camellia256 - encrypt output if PEM format |
|||
* -seed - encrypt output if PEM format |
|||
* -text - print a text version |
|||
* -modulus - print the DSA public key |
|||
*/ |
|||
|
|||
int MAIN(int, char **); |
|||
|
|||
int MAIN(int argc, char **argv) |
|||
{ |
|||
ENGINE *e = NULL; |
|||
int ret=1; |
|||
DSA *dsa=NULL; |
|||
int i,badops=0; |
|||
const EVP_CIPHER *enc=NULL; |
|||
BIO *in=NULL,*out=NULL; |
|||
int informat,outformat,text=0,noout=0; |
|||
int pubin = 0, pubout = 0; |
|||
char *infile,*outfile,*prog; |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
char *engine; |
|||
#endif |
|||
char *passargin = NULL, *passargout = NULL; |
|||
char *passin = NULL, *passout = NULL; |
|||
int modulus=0; |
|||
|
|||
apps_startup(); |
|||
|
|||
if (bio_err == NULL) |
|||
if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
|||
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
|||
|
|||
if (!load_config(bio_err, NULL)) |
|||
goto end; |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
engine=NULL; |
|||
#endif |
|||
infile=NULL; |
|||
outfile=NULL; |
|||
informat=FORMAT_PEM; |
|||
outformat=FORMAT_PEM; |
|||
|
|||
prog=argv[0]; |
|||
argc--; |
|||
argv++; |
|||
while (argc >= 1) |
|||
{ |
|||
if (strcmp(*argv,"-inform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
informat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-outform") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outformat=str2fmt(*(++argv)); |
|||
} |
|||
else if (strcmp(*argv,"-in") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
infile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-out") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
outfile= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passin") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargin= *(++argv); |
|||
} |
|||
else if (strcmp(*argv,"-passout") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
passargout= *(++argv); |
|||
} |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
else if (strcmp(*argv,"-engine") == 0) |
|||
{ |
|||
if (--argc < 1) goto bad; |
|||
engine= *(++argv); |
|||
} |
|||
#endif |
|||
else if (strcmp(*argv,"-noout") == 0) |
|||
noout=1; |
|||
else if (strcmp(*argv,"-text") == 0) |
|||
text=1; |
|||
else if (strcmp(*argv,"-modulus") == 0) |
|||
modulus=1; |
|||
else if (strcmp(*argv,"-pubin") == 0) |
|||
pubin=1; |
|||
else if (strcmp(*argv,"-pubout") == 0) |
|||
pubout=1; |
|||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unknown option %s\n",*argv); |
|||
badops=1; |
|||
break; |
|||
} |
|||
argc--; |
|||
argv++; |
|||
} |
|||
|
|||
if (badops) |
|||
{ |
|||
bad: |
|||
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); |
|||
BIO_printf(bio_err,"where options are\n"); |
|||
BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); |
|||
BIO_printf(bio_err," -in arg input file\n"); |
|||
BIO_printf(bio_err," -passin arg input file pass phrase source\n"); |
|||
BIO_printf(bio_err," -out arg output file\n"); |
|||
BIO_printf(bio_err," -passout arg output file pass phrase source\n"); |
|||
#ifndef OPENSSL_NO_ENGINE |
|||
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); |
|||
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); |
|||
#ifndef OPENSSL_NO_IDEA |
|||
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_AES |
|||
BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_CAMELLIA |
|||
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); |
|||
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); |
|||
#endif |
|||
#ifndef OPENSSL_NO_SEED |
|||
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); |
|||
#endif |
|||
BIO_printf(bio_err," -text print the key in text\n"); |
|||
BIO_printf(bio_err," -noout don't print key out\n"); |
|||
BIO_printf(bio_err," -modulus print the DSA public value\n"); |
|||
goto end; |
|||
} |
|||
|
|||
ERR_load_crypto_strings(); |
|||
|
|||
#ifndef OPENSSL_NO_ENGINE |
|||
e = setup_engine(bio_err, engine, 0); |
|||
#endif |
|||
|
|||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { |
|||
BIO_printf(bio_err, "Error getting passwords\n"); |
|||
goto end; |
|||
} |
|||
|
|||
out=BIO_new(BIO_s_file()); |
|||
if (out == NULL) |
|||
{ |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
BIO_printf(bio_err,"read DSA key\n"); |
|||
{ |
|||
EVP_PKEY *pkey; |
|||
if (pubin) |
|||
pkey = load_pubkey(bio_err, infile, informat, 1, |
|||
passin, e, "Public Key"); |
|||
else |
|||
pkey = load_key(bio_err, infile, informat, 1, |
|||
passin, e, "Private Key"); |
|||
|
|||
if (pkey != NULL) |
|||
dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey); |
|||
EVP_PKEY_free(pkey); |
|||
} |
|||
if (dsa == NULL) |
|||
{ |
|||
BIO_printf(bio_err,"unable to load Key\n"); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (outfile == NULL) |
|||
{ |
|||
BIO_set_fp(out,stdout,BIO_NOCLOSE); |
|||
#ifdef OPENSSL_SYS_VMS |
|||
{ |
|||
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|||
out = BIO_push(tmpbio, out); |
|||
} |
|||
#endif |
|||
} |
|||
else |
|||
{ |
|||
if (BIO_write_filename(out,outfile) <= 0) |
|||
{ |
|||
perror(outfile); |
|||
goto end; |
|||
} |
|||
} |
|||
|
|||
if (text) |
|||
if (!DSA_print(out,dsa,0)) |
|||
{ |
|||
perror(outfile); |
|||
ERR_print_errors(bio_err); |
|||
goto end; |
|||
} |
|||
|
|||
if (modulus) |
|||
{ |
|||
fprintf(stdout,"Public Key="); |
|||
BN_print(out,dsa->pub_key); |
|||
fprintf(stdout,"\n"); |
|||
} |
|||
|
|||
if (noout) goto end; |
|||
BIO_printf(bio_err,"writing DSA key\n"); |
|||
if (outformat == FORMAT_ASN1) { |
|||
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa); |
|||
else i=i2d_DSAPrivateKey_bio(out,dsa); |
|||
} else if (outformat == FORMAT_PEM) { |
|||
if(pubin || pubout) |
|||
i=PEM_write_bio_DSA_PUBKEY(out,dsa); |
|||
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, |
|||
NULL,0,NULL, passout); |
|||
} else { |
|||
BIO_printf(bio_err,"bad output format specified for outfile\n"); |
|||
goto end; |
|||
} |
|||
if (!i) |
|||
{ |
|||
BIO_printf(bio_err,"unable to write private key\n"); |
|||
ERR_print_errors(bio_err); |
|||
} |
|||
else |
|||
ret=0; |
|||
end: |
|||
if(in != NULL) BIO_free(in); |
|||
if(out != NULL) BIO_free_all(out); |
|||
if(dsa != NULL) DSA_free(dsa); |
|||
if(passin) OPENSSL_free(passin); |
|||
if(passout) OPENSSL_free(passout); |
|||
apps_shutdown(); |
|||
OPENSSL_EXIT(ret); |
|||
} |
|||
#endif |
@ -0,0 +1,9 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx |
|||
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us |
|||
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36 |
|||
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8 |
|||
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH |
|||
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O |
|||
Arg= |
|||
-----END DSA PARAMETERS----- |
@ -0,0 +1,6 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97 |
|||
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA |
|||
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO |
|||
L8wka5B33qJoplISogOdIA== |
|||
-----END DSA PARAMETERS----- |
@ -0,0 +1,6 @@ |
|||
-----BEGIN DSA PARAMETERS----- |
|||
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya |
|||
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2 |
|||
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD |
|||
ADiRffvSdhrNw5dkqdql |
|||
-----END DSA PARAMETERS----- |
Some files were not shown because too many files changed in this diff
Loading…
Reference in new issue