ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.0.2q
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:xz-5.2.2
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

1 Commits
openssl-1. ... xz-5.2.2

Author SHA1 Message Date
Zachary Ware
60cae1c5a1 Import xz 5.2.2 (as of svn r86089) 2017-05-22 16:21:28 -05:00
2949 changed files with 147205 additions and 948526 deletions
Expand all files Collapse all files

1327
ABOUT-NLS Normal file
View File

File diff suppressed because it is too large Load Diff

2
ACKNOWLEDGMENTS
View File

@@ -1,2 +0,0 @@
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

27
AUTHORS Normal file
View File

@@ -0,0 +1,27 @@
Authors of XZ Utils
===================
XZ Utils is developed and maintained by Lasse Collin
<lasse.collin@tukaani.org>.
Major parts of liblzma are based on code written by Igor Pavlov,
specifically the LZMA SDK <http://7-zip.org/sdk.html>. Without
this code, XZ Utils wouldn't exist.
The SHA-256 implementation in liblzma is based on the code found from
7-Zip <http://7-zip.org/>, which has a modified version of the SHA-256
code found from Crypto++ <http://www.cryptopp.com/>. The SHA-256 code
in Crypto++ was written by Kevin Springle and Wei Dai.
Some scripts have been adapted from gzip. The original versions
were written by Jean-loup Gailly, Charles Levert, and Paul Eggert.
Andrew Dudman helped adapting the scripts and their man pages for
XZ Utils.
The GNU Autotools-based build system contains files from many authors,
which I'm not trying to list here.
Several people have contributed fixes or reported bugs. Most of them
are mentioned in the file THANKS.

11639
CHANGES
View File

File diff suppressed because it is too large Load Diff

968
CHANGES.SSLeay
View File

@@ -1,968 +0,0 @@
This file contains the changes for the SSLeay library up to version
0.9.0b. For later changes, see the file "CHANGES".
SSLeay CHANGES
______________
Changes between 0.8.x and 0.9.0b
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a few errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.
Changes between 0.8.0 and 0.8.1
*) Mostly bug fixes.
There is an Ephemeral DH cipher problem which is fixed.
SSLeay 0.8.0
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
Changes between 0.7.x and 0.8.0
*) There have been lots of changes, mostly the addition of SSLv3.
There have been many additions from people and amongst
others, C2Net has assisted greatly.
Changes between 0.7.x and 0.7.x
*) Internal development version only
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
SSLeay 0.6.5
After quite some time (3 months), the new release. I have been very busy
for the last few months and so this is mostly bug fixes and improvments.
The main additions are
- assember for x86 DES. For all those gcc based systems, this is a big
improvement. From 117,000 DES operation a second on a pentium 100,
I now get 191,000. I have also reworked the C version so it
now gives 148,000 DESs per second.
- As mentioned above, the inner DES macros now have some more variant that
sometimes help, sometimes hinder performance. There are now 3 options
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
and DES_RISC (a more register intensive version of the inner macro).
The crypto/des/des_opts.c program, when compiled and run, will give
an indication of the correct options to use.
- The BIO stuff has been improved. Read doc/bio.doc. There are now
modules for encryption and base64 encoding and a BIO_printf() function.
- The CA program will accept simple one line X509v3 extensions in the
ssleay.cnf file. Have a look at the example. Currently this just
puts the text into the certificate as an OCTET_STRING so currently
the more advanced X509v3 data types are not handled but this is enough
for the netscape extensions.
- There is the start of a nicer higher level interface to the X509
strucutre.
- Quite a lot of bug fixes.
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
to define the malloc(), free() and realloc() routines to use
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
using DLLs and mixing CRT libraries.
In general, read the 'VERSION' file for changes and be aware that some of
the new stuff may not have been tested quite enough yet, so don't just plonk
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
SSLeay 0.6.4 30/08/96 eay
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
The main changes in this release
- Thread safe. have a read of doc/threads.doc and play in the mt directory.
For anyone using 0.6.3 with threads, I found 2 major errors so consider
moving to 0.6.4. I have a test program that builds under NT and
solaris.
- The get session-id callback has changed. Have a read of doc/callback.doc.
- The X509_cert_verify callback (the SSL_verify callback) now
has another argument. Have a read of doc/callback.doc
- 'ca -preserve', sign without re-ordering the DN. Not tested much.
- VMS support.
- Compile time memory leak detection can now be built into SSLeay.
Read doc/memory.doc
- CONF routines now understand '\', '\n', '\r' etc. What this means is that
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
- RC2 key setup is now compatable with Netscape.
- Modifed server side of SSL implementation, big performance difference when
using session-id reuse.
0.6.3
Bug fixes and the addition of some nice stuff to the 'ca' program.
Have a read of doc/ns-ca.doc for how hit has been modified so
it can be driven from a CGI script. The CGI script is not provided,
but that is just being left as an excersize for the reader :-).
0.6.2
This is most bug fixes and functionality improvements.
Additions are
- More thread debugging patches, the thread stuff is still being
tested, but for those keep to play with stuff, have a look in
crypto/cryptlib.c. The application needs to define 1 (or optionaly
a second) callback that is used to implement locking. Compiling
with LOCK_DEBUG spits out lots of locking crud :-).
This is what I'm currently working on.
- SSL_CTX_set_default_passwd_cb() can be used to define the callback
function used in the SSL*_file() functions used to load keys. I was
always of the opinion that people should call
PEM_read_RSAPrivateKey() and pass the callback they want to use, but
it appears they just want to use the SSL_*_file() function() :-(.
- 'enc' now has a -kfile so a key can be read from a file. This is
mostly used so that the passwd does not appear when using 'ps',
which appears imposible to stop under solaris.
- X509v3 certificates now work correctly. I even have more examples
in my tests :-). There is now a X509_EXTENSION type that is used in
X509v3 certificates and CRLv2.
- Fixed that signature type error :-(
- Fixed quite a few potential memory leaks and problems when reusing
X509, CRL and REQ structures.
- EVP_set_pw_prompt() now sets the library wide default password
prompt.
- The 'pkcs7' command will now, given the -print_certs flag, output in
pem format, all certificates and CRL contained within. This is more
of a pre-emtive thing for the new verisign distribution method. I
should also note, that this also gives and example in code, of how
to do this :-), or for that matter, what is involved in going the
other way (list of certs and crl -> pkcs7).
- Added RSA's DESX to the DES library. It is also available via the
EVP_desx_cbc() method and via 'enc desx'.
SSLeay 0.6.1
The main functional changes since 0.6.0 are as follows
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
that from now on, I'll keep the .def numbers the same so they will be.
- RSA private key operations are about 2 times faster that 0.6.0
- The SSL_CTX now has more fields so default values can be put against
it. When an SSL structure is created, these default values are used
but can be overwritten. There are defaults for cipher, certificate,
private key, verify mode and callback. This means SSL session
creation can now be
ssl=SSL_new()
SSL_set_fd(ssl,sock);
SSL_accept(ssl)
....
All the other uglyness with having to keep a global copy of the
private key and certificate/verify mode in the server is now gone.
- ssl/ssltest.c - one process talking SSL to its self for testing.
- Storage of Session-id's can be controled via a session_cache_mode
flag. There is also now an automatic default flushing of
old session-id's.
- The X509_cert_verify() function now has another parameter, this
should not effect most people but it now means that the reason for
the failure to verify is now available via SSL_get_verify_result(ssl).
You don't have to use a global variable.
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
application data against the SSL structure. It is upto the application
to free the data. I don't use it, but it is available.
- SSL_CTX_set_cert_verify_callback() can be used to specify a
verify callback function that completly replaces my certificate
verification code. Xcert should be able to use this :-).
The callback is of the form int app_verify_callback(arg,ssl,cert).
This needs to be documented more.
- I have started playing with shared library builds, have a look in
the shlib directory. It is very simple. If you need a numbered
list of functions, have a look at misc/crypto.num and misc/ssl.num.
- There is some stuff to do locking to make the library thread safe.
I have only started this stuff and have not finished. If anyone is
keen to do so, please send me the patches when finished.
So I have finally made most of the additions to the SSL interface that
I thought were needed.
There will probably be a pause before I make any non-bug/documentation
related changes to SSLeay since I'm feeling like a bit of a break.
eric - 12 Jul 1996
I saw recently a comment by some-one that we now seem to be entering
the age of perpetual Beta software.
Pioneered by packages like linux but refined to an art form by
netscape.
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
There are quite a large number of sections that are 'works in
progress' in this package. I will also list the major changes and
what files you should read.
BIO - this is the new IO structure being used everywhere in SSLeay. I
started out developing this because of microsoft, I wanted a mechanism
to callback to the application for all IO, so Windows 3.1 DLL
perversion could be hidden from me and the 15 different ways to write
to a file under NT would also not be dictated by me at library build
time. What the 'package' is is an API for a data structure containing
functions. IO interfaces can be written to conform to the
specification. This in not intended to hide the underlying data type
from the application, but to hide it from SSLeay :-).
I have only really finished testing the FILE * and socket/fd modules.
There are also 'filter' BIO's. Currently I have only implemented
message digests, and it is in use in the dgst application. This
functionality will allow base64/encrypto/buffering modules to be
'push' into a BIO without it affecting the semantics. I'm also
working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
from an event loop which uses the interface.
It is also possible to 'attach' callbacks to a BIO so they get called
before and after each operation, alowing extensive debug output
to be generated (try running dgst with -d).
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
functions that used to take FILE *, now take BIO *.
The wrappers are easy to write
function_fp(fp,x)
FILE *fp;
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=function_bio(b,x);
BIO_free(b);
return(ret);
}
Remember, there are no functions that take FILE * in SSLeay when
compiled for Windows 3.1 DLL's.
--
I have added a general EVP_PKEY type that can hold a public/private
key. This is now what is used by the EVP_ functions and is passed
around internally. I still have not done the PKCS#8 stuff, but
X509_PKEY is defined and waiting :-)
--
For a full function name listings, have a look at ms/crypt32.def and
ms/ssl32.def. These are auto-generated but are complete.
Things like ASN1_INTEGER_get() have been added and are in here if you
look. I have renamed a few things, again, have a look through the
function list and you will probably find what you are after. I intend
to at least put a one line descrition for each one.....
--
Microsoft - thats what this release is about, read the MICROSOFT file.
--
Multi-threading support. I have started hunting through the code and
flaging where things need to be done. In a state of work but high on
the list.
--
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
be be you random data device, otherwise 'RFILE' in e_os.h
will be used, in your home directory. It will be updated
periodically. The environment variable RANDFILE will override this
choice and read/write to that file instead. DEVRANDOM is used in
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
number generator, pick on one of these files.
--
The list of things to read and do
dgst -d
s_client -state (this uses a callback placed in the SSL state loop and
will be used else-where to help debug/monitor what
is happening.)
doc/why.doc
doc/bio.doc <- hmmm, needs lots of work.
doc/bss_file.doc <- one that is working :-)
doc/session.doc <- it has changed
doc/speed.doc
also play with ssleay version -a. I have now added a SSLeay()
function that returns a version number, eg 0600 for this release
which is primarily to be used to check DLL version against the
application.
util/* Quite a few will not interest people, but some may, like
mk1mf.pl, mkdef.pl,
util/do_ms.sh
try
cc -Iinclude -Icrypto -c crypto/crypto.c
cc -Iinclude -Issl -c ssl/ssl.c
You have just built the SSLeay libraries as 2 object files :-)
Have a general rummage around in the bin stall directory and look at
what is in there, like CA.sh and c_rehash
There are lots more things but it is 12:30am on a Friday night and I'm
heading home :-).
eric 22-Jun-1996
This version has quite a few major bug fixes and improvements. It DOES NOT
do SSLv3 yet.
The main things changed
- A Few days ago I added the s_mult application to ssleay which is
a demo of an SSL server running in an event loop type thing.
It supports non-blocking IO, I have finally gotten it right, SSL_accept()
can operate in non-blocking IO mode, look at the code to see how :-).
Have a read of doc/s_mult as well. This program leaks memory and
file descriptors everywhere but I have not cleaned it up yet.
This is a demo of how to do non-blocking IO.
- The SSL session management has been 'worked over' and there is now
quite an expansive set of functions to manipulate them. Have a read of
doc/session.doc for some-things I quickly whipped up about how it now works.
This assume you know the SSLv2 protocol :-)
- I can now read/write the netscape certificate format, use the
-inform/-outform 'net' options to the x509 command. I have not put support
for this type in the other demo programs, but it would be easy to add.
- asn1parse and 'enc' have been modified so that when reading base64
encoded files (pem format), they do not require '-----BEGIN' header lines.
The 'enc' program had a buffering bug fixed, it can be used as a general
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
into a form of 'cat'.
- The 'x509' and 'req' programs have been fixed and modified a little so
that they generate self-signed certificates correctly. The test
script actually generates a 'CA' certificate and then 'signs' a
'user' certificate. Have a look at this shell script (test/sstest)
to see how things work, it tests most possible combinations of what can
be done.
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
of SSL_set_cipher_list() is now the correct API (stops confusion :-).
If this function is used in the client, only the specified ciphers can
be used, with preference given to the order the ciphers were listed.
For the server, if this is used, only the specified ciphers will be used
to accept connections. If this 'option' is not used, a default set of
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
list for all ciphers started against the SSL_CTX. So the order is
SSL cipher_list, if not present, SSL_CTX cipher list, if not
present, then the library default.
What this means is that normally ciphers like
NULL-MD5 will never be used. The only way this cipher can be used
for both ends to specify to use it.
To enable or disable ciphers in the library at build time, modify the
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
This file also contains the 'pref_cipher' list which is the default
cipher preference order.
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
options work. They should, and they enable loading and writing the
netscape rsa private key format. I will be re-working this section of
SSLeay for the next version. What is currently in place is a quick and
dirty hack.
- I've re-written parts of the bignum library. This gives speedups
for all platforms. I now provide assembler for use under Windows NT.
I have not tested the Windows 3.1 assembler but it is quite simple code.
This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
Basically the times available under linux/solaris x86 can be achieve under
Windows NT. I still don't know how these times compare to RSA's BSAFE
library but I have been emailing with people and with their help, I should
be able to get my library's quite a bit faster still (more algorithm changes).
The object file crypto/bn/asm/x86-32.obj should be used when linking
under NT.
- 'make makefile.one' in the top directory will generate a single makefile
called 'makefile.one' This makefile contains no perl references and
will build the SSLeay library into the 'tmp' and 'out' directories.
util/mk1mf.pl >makefile.one is how this makefile is
generated. The mk1mf.pl command take several option to generate the
makefile for use with cc, gcc, Visual C++ and Borland C++. This is
still under development. I have only build .lib's for NT and MSDOS
I will be working on this more. I still need to play with the
correct compiler setups for these compilers and add some more stuff but
basically if you just want to compile the library
on a 'non-unix' platform, this is a very very good file to start with :-).
Have a look in the 'microsoft' directory for my current makefiles.
I have not yet modified things to link with sockets under Windows NT.
You guys should be able to do this since this is actually outside of the
SSLeay scope :-). I will be doing it for myself soon.
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
to build without RC2/RC4, to require RSAref for linking, and to
build with no socket code.
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
that was posted to sci.crypt has been added to the library and SSL.
I take the view that if RC2 is going to be included in a standard,
I'll include the cipher to make my package complete.
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
at compile time. I have not tested this recently but it should all work
and if you are in the USA and don't want RSA threatening to sue you,
you could probably remove the RC4/RC2 code inside these sections.
I may in the future include a perl script that does this code
removal automatically for those in the USA :-).
- I have removed all references to sed in the makefiles. So basically,
the development environment requires perl and sh. The build environment
does not (use the makefile.one makefile).
The Configure script still requires perl, this will probably stay that way
since I have perl for Windows NT :-).
eric (03-May-1996)
PS Have a look in the VERSION file for more details on the changes and
bug fixes.
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
things up. This version will be quite stable, mostly because I'm on
holidays until 10-March-1996. For any problems in the interum, send email
to Tim Hudson <tjh@mincom.oz.au>.
SSLeay 0.5.0
12-12-95
This is going out before it should really be released.
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
this for 11 weeks or get things out. It is still going to change a
lot in the next week so if you do grab this version, please test and
give me feed back ASAP, inculuding questions on how to do things with
the library. This will prompt me to write documentation so I don't
have to answer the same question again :-).
This 'pre' release version is for people who are interested in the
library. The applications will have to be changed to use
the new version of the SSL interface. I intend to finish more
documentation before I leave but until then, look at the programs in
the apps directory. As far as code goes, it is much much nicer than
the old version.
The current library works, has no memory leaks (as far as I can tell)
and is far more bug free that 0.4.5d. There are no global variable of
consequence (I believe) and I will produce some documentation that
tell where to look for those people that do want to do multi-threaded
stuff.
There should be more documentation. Have a look in the
doc directory. I'll be adding more before I leave, it is a start
by mostly documents the crypto library. Tim Hudson will update
the web page ASAP. The spelling and grammar are crap but
it is better than nothing :-)
Reasons to start playing with version 0.5.0
- All the programs in the apps directory build into one ssleay binary.
- There is a new version of the 'req' program that generates certificate
requests, there is even documentation for this one :-)
- There is a demo certification authorithy program. Currently it will
look at the simple database and update it. It will generate CRL from
the data base. You need to edit the database by hand to revoke a
certificate, it is my aim to use perl5/Tk but I don't have time to do
this right now. It will generate the certificates but the management
scripts still need to be written. This is not a hard task.
- Things have been cleaned up alot.
- Have a look at the enc and dgst programs in the apps directory.
- It supports v3 of x509 certiticates.
Major things missing.
- I have been working on (and thinging about) the distributed x509
hierachy problem. I have not had time to put my solution in place.
It will have to wait until I come back.
- I have not put in CRL checking in the certificate verification but
it would not be hard to do. I was waiting until I could generate my
own CRL (which has only been in the last week) and I don't have time
to put it in correctly.
- Montgomery multiplication need to be implemented. I know the
algorithm, just ran out of time.
- PKCS#7. I can load and write the DER version. I need to re-work
things to support BER (if that means nothing, read the ASN1 spec :-).
- Testing of the higher level digital envelope routines. I have not
played with the *_seal() and *_open() type functions. They are
written but need testing. The *_sign() and *_verify() functions are
rock solid.
- PEM. Doing this and PKCS#7 have been dependant on the distributed
x509 heirachy problem. I started implementing my ideas, got
distracted writing a CA program and then ran out of time. I provide
the functionality of RSAref at least.
- Re work the asm. code for the x86. I've changed by low level bignum
interface again, so I really need to tweak the x86 stuff. gcc is
good enough for the other boxes.

54
CONTRIBUTING
View File

@@ -1,54 +0,0 @@
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is done on GitHub, https://github.com/openssl/openssl.
To request new features or report bugs, please open an issue on GitHub
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc for
examples of our style.

65
COPYING Normal file
View File

@@ -0,0 +1,65 @@
XZ Utils Licensing
==================
Different licenses apply to different files in this package. Here
is a rough summary of which licenses apply to which parts of this
package (but check the individual files to be sure!):
- liblzma is in the public domain.
- xz, xzdec, and lzmadec command line tools are in the public
domain unless GNU getopt_long had to be compiled and linked
in from the lib directory. The getopt_long code is under
GNU LGPLv2.1+.
- The scripts to grep, diff, and view compressed files have been
adapted from gzip. These scripts and their documentation are
under GNU GPLv2+.
- All the documentation in the doc directory and most of the
XZ Utils specific documentation files in other directories
are in the public domain.
- Translated messages are in the public domain.
- The build system contains public domain files, and files that
are under GNU GPLv2+ or GNU GPLv3+. None of these files end up
in the binaries being built.
- Test files and test code in the tests directory, and debugging
utilities in the debug directory are in the public domain.
- The extra directory may contain public domain files, and files
that are under various free software licenses.
You can do whatever you want with the files that have been put into
the public domain. If you find public domain legally problematic,
take the previous sentence as a license grant. If you still find
the lack of copyright legally problematic, you have too many
lawyers.
As usual, this software is provided "as is", without any warranty.
If you copy significant amounts of public domain code from XZ Utils
into your project, acknowledging this somewhere in your software is
polite (especially if it is proprietary, non-free software), but
naturally it is not legally required. Here is an example of a good
notice to put into "about box" or into documentation:
This software includes code from XZ Utils <http://tukaani.org/xz/>.
The following license texts are included in the following files:
- COPYING.LGPLv2.1: GNU Lesser General Public License version 2.1
- COPYING.GPLv2: GNU General Public License version 2
- COPYING.GPLv3: GNU General Public License version 3
Note that the toolchain (compiler, linker etc.) may add some code
pieces that are copyrighted. Thus, it is possible that e.g. liblzma
binary wouldn't actually be in the public domain in its entirety
even though it contains no copyrighted code from the XZ Utils source
package.
If you have questions, don't hesitate to ask the author(s) for more
information.

339
COPYING.GPLv2 Normal file
View File

@@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

674
COPYING.GPLv3 Normal file
View File

@@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

502
COPYING.LGPLv2.1 Normal file
View File

@@ -0,0 +1,502 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of the
ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the library's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
<signature of Ty Coon>, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!

14953
ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

2326
Configure
View File

File diff suppressed because it is too large Load Diff

1234
Doxyfile.in Normal file
View File

File diff suppressed because it is too large Load Diff

2
FAQ
View File

@@ -1,2 +0,0 @@
The FAQ is now maintained on the web:
https://www.openssl.org/docs/faq.html

8
GitConfigure
View File

@@ -1,8 +0,0 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
./Configure $@ no-symlinks
make files
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
make -f makefile.$BRANCH init

5
GitMake
View File

@@ -1,5 +0,0 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
make -f makefile.$BRANCH $@

749
INSTALL
View File

@@ -1,365 +1,554 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
XZ Utils Installation
=====================
[Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
INSTALL.MacOS and INSTALL.NW.
This document describes installation on operating systems in the Unix
family.]
To install OpenSSL, you will need:
* make
* Perl 5
* an ANSI C compiler
* a development environment in form of development libraries and C
header files
* a supported Unix operating system
Quick Start
-----------
If you want to just get on with it, do:
$ ./config
$ make
$ make test
$ make install
[If any of these steps fails, see section Installation in Detail below.]
0. Preface
1. Supported platforms
1.1. Compilers
1.2. Platform-specific notes
1.2.1. AIX
1.2.2. IRIX
1.2.3. MINIX 3
1.2.4. OpenVMS
1.2.5. Solaris, OpenSolaris, and derivatives
1.2.6. Tru64
1.2.7. Windows
1.2.8. DOS
1.3. Adding support for new platforms
2. configure options
2.1. Static vs. dynamic linking of liblzma
2.2. Optimizing xzdec and lzmadec
3. xzgrep and other scripts
3.1. Dependencies
3.2. PATH
4. Troubleshooting
4.1. "No C99 compiler was found."
4.2. "No POSIX conforming shell (sh) was found."
4.3. configure works but build fails at crc32_x86.S
4.4. Lots of warnings about symbol visibility
4.5. "make check" fails
4.6. liblzma.so (or similar) not found when running xz
This will build and install OpenSSL in the default location, which is (for
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
run config like this:
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
0. Preface
----------
If you aren't familiar with building packages that use GNU Autotools,
see the file INSTALL.generic for generic instructions before reading
further.
Configuration Options
---------------------
If you are going to build a package for distribution, see also the
file PACKAGERS. It contains information that should help making the
binary packages as good as possible, but the information isn't very
interesting to those making local builds for private use or for use
in special situations like embedded systems.
There are several options to ./config (or ./Configure) to customize
the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
or the directory specified by --openssldir.
1. Supported platforms
----------------------
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
XZ Utils are developed on GNU/Linux, but they should work on many
POSIX-like operating systems like *BSDs and Solaris, and even on
a few non-POSIX operating systems.
no-threads Don't try to build with support for multi-threaded
applications.
threads Build with support for multi-threaded applications.
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
1.1. Compilers
no-zlib Don't try to build with support for zlib compression and
decompression.
A C99 compiler is required to compile XZ Utils. If you use GCC, you
need at least version 3.x.x. GCC version 2.xx.x doesn't support some
C99 features used in XZ Utils source code, thus GCC 2 won't compile
XZ Utils.
zlib Build with support for zlib compression/decompression.
XZ Utils takes advantage of some GNU C extensions when building
with GCC. Because these extensions are used only when building
with GCC, it should be possible to use any C99 compiler.
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
when needed. This is only supported on systems where loading
of shared libraries is supported. This is the default choice.
no-shared Don't try to create shared libraries.
1.2. Platform-specific notes
shared In addition to the usual static libraries, create shared
libraries on platforms where it's supported. See "Note on
shared libraries" below.
1.2.1. AIX
no-asm Do not use assembler code.
If you use IBM XL C compiler, pass CC=xlc_r to configure. If
you use CC=xlc instead, you must disable threading support
with --disable-threads (usually not recommended).
386 In 32-bit x86 builds, when generating assembly modules,
use the 80386 instruction set only (the default x86 code
is more efficient, but requires at least a 486). Note:
This doesn't affect code generated by compiler, you're
likely to complement configuration command line with
suitable compiler-specific option.
no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules.
Normally SSE2 extension is detected at run-time, but the
decision whether or not the machine code will be executed
is taken solely on CPU capability vector. This means that
if you happen to run OS kernel which does not support SSE2
extension on Intel P4 processor, then your application
might be exposed to "illegal instruction" exception.
There might be a way to enable support in kernel, e.g.
FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
there is a way to disengage SSE2 code paths upon application
start-up, but if you aim for wider "audience" running
such kernel, consider no-sse2. Both the 386 and
no-asm options imply no-sse2.
1.2.2. IRIX
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
MIPSpro 7.4.4m has been reported to produce broken code if using
the -O2 optimization flag ("make check" fails). Using -O1 should
work.
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options. It might be
worth noting that some compilers generate code specifically
for processor the compiler currently executes on. This is
not necessarily what you might have in mind, since it might
be unsuitable for execution on other, typically older,
processor. Consult your compiler documentation.
A problem has been reported when using shared liblzma. Passing
--disable-shared to configure works around this. Alternatively,
putting "-64" to CFLAGS to build a 64-bit version might help too.
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
BSD. Useful if you are running ocf-linux or something
similar. Once enabled you can also enable the use of
cryptodev digests, which is usually slower unless you have
large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
it.
Installation in Detail
----------------------
1.2.3. MINIX 3
1a. Configure OpenSSL for your operation system automatically:
The default install of MINIX 3 includes Amsterdam Compiler Kit (ACK),
which doesn't support C99. Install GCC to compile XZ Utils.
$ ./config [options]
MINIX 3.1.8 and older have bugs in /usr/include/stdint.h, which has
to be patched before XZ Utils can be compiled correctly. See
<http://gforge.cs.vu.nl/gf/project/minix/tracker/?action=TrackerItemEdit&tracker_item_id=537>.
This guesses at your operating system (and compiler, if necessary) and
configures OpenSSL based on this guess. Run ./config -t to see
if it guessed correctly. If you want to use a different compiler, you
are cross-compiling for another platform, or the ./config guess was
wrong for other reasons, go to step 1b. Otherwise go to step 2.
MINIX 3.2.0 and later use a different libc and aren't affected by
the above bug.
On some systems, you can include debugging information as follows:
XZ Utils doesn't have code to detect the amount of physical RAM and
number of CPU cores on MINIX 3.
$ ./config -d [options]
See section 4.4 in this file about symbol visibility warnings (you
may want to pass gl_cv_cc_visibility=no to configure).
1b. Configure OpenSSL for your operating system manually
OpenSSL knows about a range of different operating system, hardware and
compiler combinations. To see the ones it knows about, run
1.2.4. OpenVMS
$ ./Configure
XZ Utils can be built for OpenVMS, but the build system files
are not included in the XZ Utils source package. The required
OpenVMS-specific files are maintained by Jouk Jansen and can be
downloaded here:
Pick a suitable name from the list that matches your system. For most
operating systems there is a choice between using "cc" or "gcc". When
you have identified your system (and if necessary compiler) use this name
as the argument to ./Configure. For example, a "linux-elf" user would
run:
http://nchrem.tnw.tudelft.nl/openvms/software2.html#xzutils
$ ./Configure linux-elf [options]
If your system is not available, you will have to edit the Configure
program and add the correct configuration for your system. The
generic configurations "cc" or "gcc" should usually work on 32 bit
systems.
1.2.5. Solaris, OpenSolaris, and derivatives
Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
The following linker error has been reported on some x86 systems:
2. Build OpenSSL by running:
ld: fatal: relocation error: R_386_GOTOFF: ...
$ make
This can be worked around by passing gl_cv_cc_visibility=no
as an argument to the configure script.
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
test_scripts.sh in "make check" may fail if good enough tools are
missing from PATH (/usr/xpg4/bin or /usr/xpg6/bin). See sections
4.5 and 3.2 for more information.
If the build fails, look at the output. There may be reasons
for the failure that aren't problems in OpenSSL itself (like
missing standard headers). If you are having problems you can
get help by sending an email to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If
it is a bug with OpenSSL itself, please open an issue on GitHub, at
https://github.com/openssl/openssl/issues. Please review the existing
ones first; maybe the bug was already reported or has already been
fixed.
(If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.)
1.2.6. Tru64
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
If you try to use the native C compiler on Tru64 (passing CC=cc to
configure), you may need the workaround mention in section 4.1 in
this file (pass also ac_cv_prog_cc_c99= to configure).
3. After a successful build, the libraries should be tested. Run:
$ make test
1.2.7. Windows
If a test fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". To report a bug please open an
issue on GitHub, at https://github.com/openssl/openssl/issues.
Building XZ Utils on Windows is supported under the following
environments:
4. If everything tests ok, install OpenSSL with
- MinGW-w64 + MSYS (32-bit and 64-bit x86): This is used
for building the official binary packages for Windows.
There is windows/build.bash to ease packaging XZ Utils with
MinGW(-w64) + MSYS into a redistributable .zip or .7z file.
See windows/INSTALL-MinGW.txt for more information.
$ make install
- MinGW + MSYS (32-bit x86): I haven't recently tested this.
This will create the installation directory (if it does not exist) and
then the following subdirectories:
- Cygwin 1.7.35 and later: NOTE that using XZ Utils >= 5.2.0
under Cygwin older than 1.7.35 can lead to DATA LOSS! If
you must use an old Cygwin version, stick to XZ Utils 5.0.x
which is safe under older Cygwin versions. You can check
the Cygwin version with the command "cygcheck -V".
certs Initially empty, this is the default location
for certificate files.
man/man1 Manual pages for the 'openssl' command line tool
man/man3 Manual pages for the libraries (very incomplete)
misc Various scripts.
private Initially empty, this is the default location
for private key files.
- Microsoft Visual Studio 2013 update 2 or later (MSVC for short):
See windows/INSTALL-MSVC.txt for more information.
If you didn't choose a different installation prefix, the
following additional subdirectories will be created:
It may be possible to build liblzma with other toolchains too, but
that will probably require writing a separate makefile. Building
the command line tools with non-GNU toolchains will be harder than
building only liblzma.
bin Contains the openssl binary and a few other
utility programs.
include/openssl Contains the header files needed if you want to
compile programs with libcrypto or libssl.
lib Contains the OpenSSL library files themselves.
Even if liblzma is built with MinGW(-w64), the resulting DLL can
be used by other compilers and linkers, including MSVC. See
windows/README-Windows.txt for details.
Use "make install_sw" to install the software without documentation,
and "install_docs_html" to install HTML renditions of the manual
pages.
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
it can easily be packaged, can use
1.2.8. DOS
$ make INSTALL_PREFIX=/tmp/package-root install
There is an experimental Makefile in the "dos" directory to build
XZ Utils on DOS using DJGPP. Support for long file names (LFN) is
needed. See dos/README for more information.
(or specify "--install_prefix=/tmp/package-root" as a configure
option). The specified prefix will be prepended to all
installation target filenames.
GNU Autotools based build hasn't been tried on DOS. If you try, I
would like to hear if it worked.
NOTE: The header files used to reside directly in the include
directory, but have now been moved to include/openssl so that
OpenSSL can co-exist with other libraries which use some of the
same filenames. This means that applications that use OpenSSL
should now use C preprocessor directives of the form
1.3. Adding support for new platforms
#include <openssl/ssl.h>
If you have written patches to make XZ Utils to work on previously
unsupported platform, please send the patches to me! I will consider
including them to the official version. It's nice to minimize the
need of third-party patching.
instead of "#include <ssl.h>", which was used with library versions
up to OpenSSL 0.9.2b.
One exception: Don't request or send patches to change the whole
source package to C89. I find C99 substantially nicer to write and
maintain. However, the public library headers must be in C89 to
avoid frustrating those who maintain programs, which are strictly
in C89 or C++.
If you install a new version of OpenSSL over an old library version,
you should delete the old header files in the include directory.
Compatibility issues:
2. configure options
--------------------
* COMPILING existing applications
In most cases, the defaults are what you want. Many of the options
below are useful only when building a size-optimized version of
liblzma or command line tools.
To compile an application that uses old filenames -- e.g.
"#include <ssl.h>" --, it will usually be enough to find
the CFLAGS definition in the application's Makefile and
add a C option such as
--enable-encoders=LIST
--disable-encoders
Specify a comma-separated LIST of filter encoders to
build. See "./configure --help" for exact list of
available filter encoders. The default is to build all
supported encoders.
-I/usr/local/ssl/include/openssl
If LIST is empty or --disable-encoders is used, no filter
encoders will be built and also the code shared between
encoders will be omitted.
to it.
Disabling encoders will remove some symbols from the
liblzma ABI, so this option should be used only when it
is known to not cause problems.
But don't delete the existing -I option that points to
the ..../include directory! Otherwise, OpenSSL header files
could not #include each other.
--enable-decoders=LIST
--disable-decoders
This is like --enable-encoders but for decoders. The
default is to build all supported decoders.
* WRITING applications
--enable-match-finders=LIST
liblzma includes two categories of match finders:
hash chains and binary trees. Hash chains (hc3 and hc4)
are quite fast but they don't provide the best compression
ratio. Binary trees (bt2, bt3 and bt4) give excellent
compression ratio, but they are slower and need more
memory than hash chains.
You need to enable at least one match finder to build the
LZMA1 or LZMA2 filter encoders. Usually hash chains are
used only in the fast mode, while binary trees are used to
when the best compression ratio is wanted.
The default is to build all the match finders if LZMA1
or LZMA2 filter encoders are being built.
--enable-checks=LIST
liblzma support multiple integrity checks. CRC32 is
mandatory, and cannot be omitted. See "./configure --help"
for exact list of available integrity check types.
liblzma and the command line tools can decompress files
which use unsupported integrity check type, but naturally
the file integrity cannot be verified in that case.
Disabling integrity checks may remove some symbols from
the liblzma ABI, so this option should be used only when
it is known to not cause problems.
--disable-xz
--disable-xzdec
--disable-lzmadec
--disable-lzmainfo
Don't build and install the command line tool mentioned
in the option name.
NOTE: Disabling xz will skip some tests in "make check".
NOTE: If xzdec is disabled and lzmadec is left enabled,
a dangling man page symlink lzmadec.1 -> xzdec.1 is
created.
--disable-lzma-links
Don't create symlinks for LZMA Utils compatibility.
This includes lzma, unlzma, and lzcat. If scripts are
installed, also lzdiff, lzcmp, lzgrep, lzegrep, lzfgrep,
lzmore, and lzless will be omitted if this option is used.
--disable-scripts
Don't install the scripts xzdiff, xzgrep, xzmore, xzless,
and their symlinks.
--disable-doc
Don't install the documentation files to $docdir
(often /usr/doc/xz or /usr/local/doc/xz). Man pages
will still be installed. The $docdir can be changed
with --docdir=DIR.
--disable-assembler
liblzma includes some assembler optimizations. Currently
there is only assembler code for CRC32 and CRC64 for
32-bit x86.
All the assembler code in liblzma is position-independent
code, which is suitable for use in shared libraries and
position-independent executables. So far only i386
instructions are used, but the code is optimized for i686
class CPUs. If you are compiling liblzma exclusively for
pre-i686 systems, you may want to disable the assembler
code.
--enable-unaligned-access
Allow liblzma to use unaligned memory access for 16-bit
and 32-bit loads and stores. This should be enabled only
when the hardware supports this, i.e. when unaligned
access is fast. Some operating system kernels emulate
unaligned access, which is extremely slow. This option
shouldn't be used on systems that rely on such emulation.
Unaligned access is enabled by default on x86, x86-64,
and big endian PowerPC.
--enable-small
Reduce the size of liblzma by selecting smaller but
semantically equivalent version of some functions, and
omit precomputed lookup tables. This option tends to
make liblzma slightly slower.
Note that while omitting the precomputed tables makes
liblzma smaller on disk, the tables are still needed at
run time, and need to be computed at startup. This also
means that the RAM holding the tables won't be shared
between applications linked against shared liblzma.
This option doesn't modify CFLAGS to tell the compiler
to optimize for size. You need to add -Os or equivalent
flag(s) to CFLAGS manually.
--enable-assume-ram=SIZE
On the most common operating systems, XZ Utils is able to
detect the amount of physical memory on the system. This
information is used by the options --memlimit-compress,
--memlimit-decompress, and --memlimit when setting the
limit to a percentage of total RAM.
On some systems, there is no code to detect the amount of
RAM though. Using --enable-assume-ram one can set how much
memory to assume on these systems. SIZE is given as MiB.
The default is 128 MiB.
Feel free to send patches to add support for detecting
the amount of RAM on the operating system you use. See
src/common/tuklib_physmem.c for details.
--enable-threads=METHOD
Threading support is enabled by default so normally there
is no need to specify this option.
Supported values for METHOD:
yes Autodetect the threading method. If none
is found, configure will give an error.
posix Use POSIX pthreads. This is the default
except on Windows outside Cygwin.
win95 Use Windows 95 compatible threads. This
is compatible with Windows XP and later
too. This is the default for 32-bit x86
Windows builds. The `win95' threading is
incompatible with --enable-small.
vista Use Windows Vista compatible threads. The
resulting binaries won't run on Windows XP
or older. This is the default for Windows
excluding 32-bit x86 builds (that is, on
x86-64 the default is `vista').
no Disable threading support. This is the
same as using --disable-threads.
NOTE: If combined with --enable-small, the
resulting liblzma won't be thread safe,
that is, if a multi-threaded application
calls any liblzma functions from more than
one thread, something bad may happen.
--enable-symbol-versions
Use symbol versioning for liblzma. This is enabled by
default on GNU/Linux, other GNU-based systems, and
FreeBSD.
To write an application that is able to handle both the new
and the old directory layout, so that it can still be compiled
with library versions up to OpenSSL 0.9.2b without bothering
the user, you can proceed as follows:
--enable-debug
This enables the assert() macro and possibly some other
run-time consistency checks. It makes the code slower, so
you normally don't want to have this enabled.
--enable-werror
If building with GCC, make all compiler warnings an error,
that abort the compilation. This may help catching bugs,
and should work on most systems. This has no effect on the
resulting binaries.
- Always use the new filename of OpenSSL header files,
e.g. #include <openssl/ssl.h>.
- Create a directory "incl" that contains only a symbolic
link named "openssl", which points to the "include" directory
of OpenSSL.
For example, your application's Makefile might contain the
following rule, if OPENSSLDIR is a pathname (absolute or
relative) of the directory where OpenSSL resides:
2.1. Static vs. dynamic linking of liblzma
incl/openssl:
-mkdir incl
cd $(OPENSSLDIR) # Check whether the directory really exists
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
On 32-bit x86, linking against static liblzma can give a minor
speed improvement. Static libraries on x86 are usually compiled as
position-dependent code (non-PIC) and shared libraries are built as
position-independent code (PIC). PIC wastes one register, which can
make the code slightly slower compared to a non-PIC version. (Note
that this doesn't apply to x86-64.)
You will have to add "incl/openssl" to the dependencies
of those C files that include some OpenSSL header file.
If you want to link xz against static liblzma, the simplest way
is to pass --disable-shared to configure. If you want also shared
liblzma, run configure again and run "make install" only for
src/liblzma.
- Add "-Iincl" to your CFLAGS.
With these additions, the OpenSSL header files will be available
under both name variants if an old library version is used:
Your application can reach them under names like <openssl/foo.h>,
while the header files still are able to #include each other
with names of the form <foo.h>.
2.2. Optimizing xzdec and lzmadec
xzdec and lzmadec are intended to be relatively small instead of
optimizing for the best speed. Thus, it is a good idea to build
xzdec and lzmadec separately:
Note on multi-threading
-----------------------
- To link the tools against static liblzma, pass --disable-shared
to configure.
For some systems, the OpenSSL Configure script knows what compiler options
are needed to generate a library that is suitable for multi-threaded
applications. On these systems, support for multi-threading is enabled
by default; use the "no-threads" option to disable (this should never be
necessary).
- To select somewhat size-optimized variant of some things in
liblzma, pass --enable-small to configure.
On other systems, to enable support for multi-threading, you will have
to specify at least two options: "threads", and a system-dependent option.
(The latter is "-D_REENTRANT" on various systems.) The default in this
case, obviously, is not to include support for multi-threading (but
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
- Tell the compiler to optimize for size instead of speed.
E.g. with GCC, put -Os into CFLAGS.
- xzdec and lzmadec will never use multithreading capabilities of
liblzma. You can avoid dependency on libpthread by passing
--disable-threads to configure.
Note on shared libraries
------------------------
- There are and will be no translated messages for xzdec and
lzmadec, so it is fine to pass also --disable-nls to configure.
Shared libraries have certain caveats. Binary backward compatibility
can't be guaranteed before OpenSSL version 1.0. The only reason to
use them would be to conserve memory on systems where several programs
are using OpenSSL.
- Only decoder code is needed, so you can speed up the build
slightly by passing --disable-encoders to configure. This
shouldn't affect the final size of the executables though,
because the linker is able to omit the encoder code anyway.
For some systems, the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems,
the shared libraries are currently not created by default, but giving
the option "shared" will get them created. This method supports Makefile
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
If you have no use for xzdec or lzmadec, you can disable them with
--disable-xzdec and --disable-lzmadec.
Note on random number generation
--------------------------------
Availability of cryptographically secure random numbers is required for
secret key generation. OpenSSL provides several options to seed the
internal PRNG. If not properly seeded, the internal PRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
On systems without /dev/urandom (or similar) device, it may be necessary
to install additional support software to obtain random seed.
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.
3. xzgrep and other scripts
---------------------------
Note on support for multiple builds
-----------------------------------
3.1. Dependencies
POSIX shell (sh) and bunch of other standard POSIX tools are required
to run the scripts. The configure script tries to find a POSIX
compliant sh, but if it fails, you can force the shell by passing
gl_cv_posix_shell=/path/to/posix-sh as an argument to the configure
script.
xzdiff (xzcmp/lzdiff/lzcmp) may use mktemp if it is available. As
a fallback xzdiff will use mkdir to securely create a temporary
directory. Having mktemp available is still recommended since the
mkdir fallback method isn't as robust as mktemp is. The original
mktemp can be found from <http://www.mktemp.org/>. On GNU, most will
use the mktemp program from GNU coreutils instead of the original
implementation. Both mktemp versions are fine.
In addition to using xz to decompress .xz files, xzgrep and xzdiff
use gzip, bzip2, and lzop to support .gz, bz2, and .lzo files.
3.2. PATH
The scripts assume that the required tools (standard POSIX utilities,
mktemp, and xz) are in PATH; the scripts don't set the PATH themselves.
Some people like this while some think this is a bug. Those in the
latter group can easily patch the scripts before running the configure
script by taking advantage of a placeholder line in the scripts.
For example, to make the scripts prefix /usr/bin:/bin to PATH:
perl -pi -e 's|^#SET_PATH.*$|PATH=/usr/bin:/bin:\$PATH|' \
src/scripts/xz*.in
4. Troubleshooting
------------------
4.1. "No C99 compiler was found."
You need a C99 compiler to build XZ Utils. If the configure script
cannot find a C99 compiler and you think you have such a compiler
installed, set the compiler command by passing CC=/path/to/c99 as
an argument to the configure script.
If you get this error even when you think your compiler supports C99,
you can override the test by passing ac_cv_prog_cc_c99= as an argument
to the configure script. The test for C99 compiler is not perfect (and
it is not as easy to make it perfect as it sounds), so sometimes this
may be needed. You will get a compile error if your compiler doesn't
support enough C99.
4.2. "No POSIX conforming shell (sh) was found."
xzgrep and other scripts need a shell that (roughly) conforms
to POSIX. The configure script tries to find such a shell. If
it fails, you can force the shell to be used by passing
gl_cv_posix_shell=/path/to/posix-sh as an argument to the configure
script. Alternatively you can omit the installation of scripts and
this error by passing --disable-scripts to configure.
4.3. configure works but build fails at crc32_x86.S
The easy fix is to pass --disable-assembler to the configure script.
The configure script determines if assembler code can be used by
looking at the configure triplet; there is currently no check if
the assembler code can actually actually be built. The x86 assembler
code should work on x86 GNU/Linux, *BSDs, Solaris, Darwin, MinGW,
Cygwin, and DJGPP. On other x86 systems, there may be problems and
the assembler code may need to be disabled with the configure option.
If you get this error when building for x86-64, you have specified or
the configure script has misguessed your architecture. Pass the
correct configure triplet using the --build=CPU-COMPANY-SYSTEM option
(see INSTALL.generic).
4.4. Lots of warnings about symbol visibility
On some systems where symbol visibility isn't supported, GCC may
still accept the visibility options and attributes, which will make
configure think that visibility is supported. This will result in
many compiler warnings. You can avoid the warnings by forcing the
visibility support off by passing gl_cv_cc_visibility=no as an
argument to the configure script. This has no effect on the
resulting binaries, but fewer warnings looks nicer and may allow
using --enable-werror.
4.5. "make check" fails
If the other tests pass but test_scripts.sh fails, then the problem
is in the scripts in src/scripts. Comparing the contents of
tests/xzgrep_test_output to tests/xzgrep_expected_output might
give a good idea about problems in xzgrep. One possibility is that
some tools are missing from the current PATH or the tools lack
support for some POSIX features. This can happen at least on
Solaris where the tools in /bin may be ancient but good enough
tools are available in /usr/xpg4/bin or /usr/xpg6/bin. One fix
for this problem is described in section 3.2 of this file.
If tests other than test_scripts.sh fail, a likely reason is that
libtool links the test programs against an installed version of
liblzma instead of the version that was just built. This is
obviously a bug which seems to happen on some platforms.
A workaround is to uninstall the old liblzma versions first.
If the problem isn't any of those described above, then it's likely
a bug in XZ Utils or in the compiler. See the platform-specific
notes in this file for possible known problems. Please report
a bug if you cannot solve the problem. See README for contact
information.
4.6. liblzma.so (or similar) not found when running xz
If you installed the package with "make install" and get an error
about liblzma.so (or a similarly named file) being missing, try
running "ldconfig" to update the run-time linker cache (if your
operating system has such a command).
OpenSSL is usually built in its source tree. Unfortunately, this doesn't
support building for multiple platforms from the same source tree very well.
It is however possible to build in a separate tree through the use of lots
of symbolic links, which should be prepared like this:
mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
cd objtree/"`uname -s`-`uname -r`-`uname -m`"
(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
mkdir -p `dirname $F`
rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
echo $F '->' $OPENSSL_SOURCE/$F
done
make -f Makefile.org clean
OPENSSL_SOURCE is an environment variable that contains the absolute (this
is important!) path to the OpenSSL source tree.
Also, operations like 'make update' should still be made in the source tree.

47
INSTALL.DJGPP
View File

@@ -1,47 +0,0 @@
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
environment for 16-bit DOS, but only with long filename support.
If you wish to compile on native DOS with 8+3 filenames, you will
have to tweak the installation yourself, including renaming files
with illegal or duplicate names.
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and BC also be installed.
All of these can be obtained from the usual DJGPP mirror sites or
directly at "http://www.delorie.com/pub/djgpp". For help on which
files to download, see the DJGPP "ZIP PICKER" page at
"http://www.delorie.com/djgpp/zip-picker.html". You also need to have
the WATT-32 networking package installed before you try to compile
OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
The Makefile assumes that the WATT-32 code is in the directory
specified by the environment variable WATT_ROOT. If you have watt-32
in directory "watt32" under your main DJGPP directory, specify
WATT_ROOT="/dev/env/DJDIR/watt32".
To compile OpenSSL, start your BASH shell, then configure for DJGPP by
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
RUN-TIME CAVEAT LECTOR
--------------
Quoting FAQ:
"Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
device" (/dev/urandom or /dev/random) that serves this purpose."
As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
party "randomness" DOS driver. One such driver, NOISE.SYS, can be
obtained from "http://www.rahul.net/dkaufman/index.html".

72
INSTALL.MacOS
View File

@@ -1,72 +0,0 @@
OpenSSL - Port To The Macintosh OS 9 or Earlier
===============================================
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
in a window. We don't even build the test applications so that we can't
guarantee that all algorithms are operational.
Required software:
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
- Scriptable Finder;
- CodeWarrior Pro 5;
Installation procedure:
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
did, huh?)
- unpack the .tar.gz file:
- if you have StuffIt Expander then just drag it over it;
- otherwise uncompress it with MacGzip and then unpack with SUNtar;
- locate MacOS folder in OpenSSL source tree and open it;
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
"in-place", i.e. unpacked files should end-up in the very same folder;
- execute mklinks.as;
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
- that's it for now;
(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
to 42, change appropriately.
(**) If you use SUNtar, then it might have already unbinhexed the files
in question.
(***) The project file was saved with CW Pro 5.3. If you have an earlier
version and it refuses to open it, then download
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
overwriting the original OpenSSL.mcp.
(****) Other targets are works in progress. If you feel like giving 'em a
shot, then you should know that OpenSSL* and Lib* targets are
supposed to be built with the GUSI, MacOS library which mimics
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as the openssl source tree,
i.e., in the parent directory to the one where this very file,
namely INSTALL.MacOS, resides. For more information about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)
"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
hack, but it works for what I'm doing. If you don't like the way I've done
it, then feel free to change what I've done. I freely admit that I've done
some less-than-ideal things in my port, and if you don't like the way I've
done something, then feel free to change it-- I won't be offended!
... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
library I wrote. My MacSocket library is a wrapper around OpenTransport,
handling stuff like endpoint creation, reading, writing, etc. It is not
designed as a high-performance package such as you'd use in a webserver,
but is fine for lots of other applications. MacSocket also uses some other
code libraries I've written to deal with string manipulations and error
handling. Feel free to use these things in your own code, but give me
credit and/or send me free stuff in appreciation! :-)
...
If you have any questions, feel free to email me as the following:
roy@centricsystems.ca
-Roy Wood"

454
INSTALL.NW
View File

@@ -1,454 +0,0 @@
INSTALLATION ON THE NETWARE PLATFORM
------------------------------------
Notes about building OpenSSL for NetWare.
BUILD PLATFORM:
---------------
The build scripts (batch files, perl scripts, etc) have been developed and
tested on W2K. The scripts should run fine on other Windows platforms
(NT, Win9x, WinXP) but they have not been tested. They may require some
modifications.
Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
-------------------------------------------------------
OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x,
are only supported if OpenSSL is build for CLIB and BSD sockets;
WinSock builds only support NetWare 5 and up.
On NetWare there are two c-runtime libraries. There is the legacy CLIB
interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the
functionality in CLIB and LIBC is similar but the LIBC interfaces are built
using Novell Kernal Services (NKS) which is designed to leverage
multi-processor environments.
The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC
build was developed and tested using the NetWare 6.0 FCS.
The necessary LIBC functionality ships with NetWare 6. However, earlier
NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
build (NetWare 5.1 SP8 is known to work).
As of June 2005, the LIBC build can be configured to use BSD sockets instead
of WinSock sockets. Call Configure (usually through netware\build.bat) using
a target of "netware-libc-bsdsock" instead of "netware-libc".
As of June 2007, support for CLIB and BSD sockets is also now available
using a target of "netware-clib-bsdsock" instead of "netware-clib";
also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).
REQUIRED TOOLS:
---------------
Based upon the configuration and build options used, some or all of the
following tools may be required:
* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
Used to run the various perl scripts on the build platform.
* Perl 5.8.0 for NetWare v3.20 (or later) - required
(http://developer.novell.com) Used to run the test script on NetWare
after building.
* Compiler / Linker - required:
Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
Provides command line tools used for building.
Tools:
mwccnlm.exe - C/C++ Compiler for NetWare
mwldnlm.exe - Linker for NetWare
mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
http://forge.novell.com/modules/xfmod/project/?aunixnw
* Assemblers - optional:
If you intend to build using the assembly options you will need an
assembler. Work has been completed to support two assemblers, Metrowerks
and NASM. However, during development, a bug was found in the Metrowerks
assembler which generates incorrect code. Until this problem is fixed,
the Metrowerks assembler cannot be used.
mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
(version 2.2 Built Aug 23, 1999 - not useable due to code
generation bug)
nasmw.exe - Netwide Assembler NASM
version 0.98 was used in development and testing
* Make Tool - required:
In order to build you will need a make tool. Two make tools are
supported, GNU make (gmake.exe) or Microsoft nmake.exe.
make.exe - GNU make for Windows (version 3.75 used for development)
http://gnuwin32.sourceforge.net/packages/make.htm
nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
http://support.microsoft.com/kb/132084/EN-US/
* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
CLIB - BUILDS:
WinSock2 Developer Components for NetWare:
For initial development, the October 27, 2000 version was used.
However, future versions should also work.
NOTE: The WinSock2 components include headers & import files for
NetWare, but you will also need the winsock2.h and supporting
headers (pshpack4.h, poppack.h, qos.h) delivered in the
Microsoft SDK. Note: The winsock2.h support headers may change
with various versions of winsock2.h. Check the dependencies
section on the NDK WinSock2 download page for the latest
information on dependencies. These components are unsupported by
Novell. They are provided as a courtesy, but it is strongly
suggested that all development be done using LIBC, not CLIB.
As of June 2005, the WinSock2 components are available at:
http://forgeftp.novell.com//ws2comp/
NLM and NetWare libraries for C (including CLIB and XPlat):
If you are going to build a CLIB version of OpenSSL, you will
need the CLIB headers and imports. The March, 2001 NDK release or
later is recommended.
Earlier versions should work but haven't been tested. In recent
versions the import files have been consolidated and function
names moved. This means you may run into link problems
(undefined symbols) when using earlier versions. The functions
are available in earlier versions, but you will have to modifiy
the make files to include additional import files (see
openssl\util\pl\netware.pl).
LIBC - BUILDS:
Libraries for C (LIBC) - LIBC headers and import files
If you are going to build a LIBC version of OpenSSL, you will
need the LIBC headers and imports. The March 14, 2002 NDK release or
later is required.
NOTE: The LIBC SDK includes the necessary WinSock2 support.
It is not necessary to download the WinSock2 NDK when building for
LIBC. The LIBC SDK also includes the appropriate BSD socket support
if configuring to use BSD sockets.
BUILDING:
---------
Before building, you will need to set a few environment variables. You can
set them manually or you can modify the "netware\set_env.bat" file.
The set_env.bat file is a template you can use to set up the path
and environment variables you will need to build. Modify the
various lines to point to YOUR tools and run set_env.bat.
netware\set_env.bat <target> [compiler]
target - "netware-clib" - CLIB NetWare build
- "netware-libc" - LIBC NetWare build
compiler - "gnuc" - GNU GCC Compiler
- "codewarrior" - MetroWerks CodeWarrior (default)
If you don't use set_env.bat, you will need to set up the following
environment variables:
PATH - Set PATH to point to the tools you will use.
INCLUDE - The location of the NDK include files.
CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
LIBC ex: set INCLUDE=c:\ndk\libc\include
PRELUDE - The absolute path of the prelude object to link with. For
a CLIB build it is recommended you use the "clibpre.o" files shipped
with the Metrowerks PDK for NetWare. For a LIBC build you should
use the "libcpre.o" file delivered with the LIBC NDK components.
CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
IMPORTS - The locaton of the NDK import files.
CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
LIBC ex: set IMPORTS=c:\ndk\libc\imports
In order to build, you need to run the Perl scripts to configure the build
process and generate a make file. There is a batch file,
"netware\build.bat", to automate the process.
Build.bat runs the build configuration scripts and generates a make file.
If an assembly option is specified, it also runs the scripts to generate
the assembly code. Always run build.bat from the "openssl" directory.
netware\build [target] [debug opts] [assembly opts] [configure opts]
target - "netware-clib" - CLIB NetWare build (WinSock Sockets)
- "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
- "netware-libc" - LIBC NetWare build (WinSock Sockets)
- "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
debug opts - "debug" - build debug
assembly opts - "nw-mwasm" - use Metrowerks assembler
"nw-nasm" - use NASM assembler
"no-asm" - don't use assembly
configure opts- all unrecognized arguments are passed to the
perl 'configure' script. See that script for
internal documentation regarding options that
are available.
examples:
CLIB build, debug, without assembly:
netware\build.bat netware-clib debug no-asm
LIBC build, non-debug, using NASM assembly, add mdc2 support:
netware\build.bat netware-libc nw-nasm enable-mdc2
LIBC build, BSD sockets, non-debug, without assembly:
netware\build.bat netware-libc-bsdsock no-asm
Running build.bat generates a make file to be processed by your make
tool (gmake or nmake):
CLIB ex: gmake -f netware\nlm_clib_dbg.mak
LIBC ex: gmake -f netware\nlm_libc.mak
LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak
You can also run the build scripts manually if you do not want to use the
build.bat file. Run the following scripts in the "\openssl"
subdirectory (in the order listed below):
perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
configures no assembly build for specified netware environment
(CLIB or LIBC).
perl util\mkfiles.pl >MINFO
generates a listing of source files (used by mk1mf)
perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
generates the makefile for NetWare
gmake -f netware\nlm.mak
build with the make tool (nmake.exe also works)
NOTE: If you are building using the assembly option, you must also run the
various Perl scripts to generate the assembly files. See build.bat
for an example of running the various assembly scripts. You must use the
"no-asm" option to build without assembly. The configure and mk1mf scripts
also have various other options. See the scripts for more information.
The output from the build is placed in the following directories:
CLIB Debug build:
out_nw_clib.dbg - static libs & test nlm(s)
tmp_nw_clib.dbg - temporary build files
outinc_nw_clib - necessary include files
CLIB Non-debug build:
out_nw_clib - static libs & test nlm(s)
tmp_nw_clib - temporary build files
outinc_nw_clib - necesary include files
LIBC Debug build:
out_nw_libc.dbg - static libs & test nlm(s)
tmp_nw_libc.dbg - temporary build files
outinc_nw_libc - necessary include files
LIBC Non-debug build:
out_nw_libc - static libs & test nlm(s)
tmp_nw_libc - temporary build files
outinc_nw_libc - necesary include files
TESTING:
--------
The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
rsaglue.lib ) and several test programs. You should copy the test programs
to your NetWare server and run the tests.
The batch file "netware\cpy_tests.bat" will copy all the necessary files
to your server for testing. In order to run the batch file, you need a
drive mapped to your target server. It will create an "OpenSSL" directory
on the drive and copy the test files to it. CAUTION: If a directory with the
name of "OpenSSL" already exists, it will be deleted.
To run cpy_tests.bat:
netware\cpy_tests [output directory] [NetWare drive]
output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
NetWare drive - drive letter of mapped drive
CLIB ex: netware\cpy_tests out_nw_clib m:
LIBC ex: netware\cpy_tests out_nw_libc m:
The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
should be used to execute the tests. Before running the script, make sure
your SEARCH PATH includes the "OpenSSL" directory. For example, if you
copied the files to the "sys:" volume you use the command:
SEARCH ADD SYS:\OPENSSL
To run do_tests.pl type (at the console prompt):
perl \openssl\do_tests.pl [options]
options:
-p - pause after executing each test
The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
which should be reviewed for errors. Any errors will be denoted by the word
"ERROR" in the log.
DEVELOPING WITH THE OPENSSL SDK:
--------------------------------
Now that everything is built and tested, you are ready to use the OpenSSL
libraries in your development.
There is no real installation procedure, just copy the static libs and
headers to your build location. The libs (crypto.lib & ssl.lib) are
located in the appropriate "out_nw_XXXX" directory
(out_nw_clib, out_nw_libc, etc).
The headers are located in the appropriate "outinc_nw_XXX" directory
(outinc_nw_clib, outinc_nw_libc).
One suggestion is to create the following directory
structure for the OpenSSL SDK:
\openssl
|- bin
| |- openssl.nlm
| |- (other tests you want)
|
|- lib
| | - crypto.lib
| | - ssl.lib
|
|- include
| | - openssl
| | | - (all the headers in "outinc_nw\openssl")
The program "openssl.nlm" can be very useful. It has dozens of
options and you may want to keep it handy for debugging, testing, etc.
When building your apps using OpenSSL, define "NETWARE". It is needed by
some of the OpenSSL headers. One way to do this is with a compile option,
for example "-DNETWARE".
NOTES:
------
Resource leaks in Tests
------------------------
Some OpenSSL tests do not clean up resources and NetWare reports
the resource leaks when the tests unload. If this really bugs you,
you can stop the messages by setting the developer option off at the console
prompt (set developer option = off). Or better yet, fix the tests to
clean up the resources!
Multi-threaded Development
---------------------------
The NetWare version of OpenSSL is thread-safe, however multi-threaded
applications must provide the necessary locking function callbacks. This
is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c"
is a multi-threaded test program and demonstrates the locking functions.
What is openssl2.nlm?
---------------------
The openssl program has numerous options and can be used for many different
things. Many of the options operate in an interactive mode requiring the
user to enter data. Because of this, a default screen is created for the
program. However, when running the test script it is not desirable to
have a seperate screen. Therefore, the build also creates openssl2.nlm.
Openssl2.nlm is functionally identical but uses the console screen.
Openssl2 can be used when a non-interactive mode is desired.
NOTE: There are may other possibilities (command line options, etc)
which could have been used to address the screen issue. The openssl2.nlm
option was chosen because it impacted only the build not the code.
Why only static libraries?
--------------------------
Globals, globals, and more globals. The OpenSSL code uses many global
variables that are allocated and initialized when used for the first time.
On NetWare, most applications (at least historically) run in the kernel.
When running in the kernel, there is one instance of global variables.
For regular application type NLM(s) this isn't a problem because they are
the only ones using the globals. However, for a library NLM (an NLM which
exposes functions and has no threads of execution), the globals cause
problems. Applications could inadvertently step on each other if they
change some globals. Even worse, the first application that triggers a
global to be allocated and initialized has the allocated memory charged to
itself. Now when that application unloads, NetWare will clean up all the
applicaton's memory. The global pointer variables inside OpenSSL now
point to freed memory. An abend waiting to happen!
To work correctly in the kernel, library NLM(s) that use globals need to
provide a set of globals (instance data) for each application. Another
option is to require the library only be loaded in a protected address
space along with the application using it.
Modifying the OpenSSL code to provide a set of globals (instance data) for
each application isn't technically difficult, but due to the large number
globals it would require substantial code changes and it wasn't done. Hence,
the build currently only builds static libraries which are then linked
into each application.
NOTE: If you are building a library NLM that uses the OpenSSL static
libraries, you will still have to deal with the global variable issue.
This is because when you link in the OpenSSL code you bring in all the
globals. One possible solution for the global pointer variables is to
register memory functions with OpenSSL which allocate memory and charge it
to your library NLM (see the function CRYPTO_set_mem_functions). However,
be aware that now all memory allocated by OpenSSL is charged to your NLM.
CodeWarrior Tools and W2K
---------------------------
There have been problems reported with the CodeWarrior Linker
(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The
problems cause the link step to fail. The only work around is to obtain an
updated linker from Metrowerks. It is expected Metrowerks will release
PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
will fix these problems.
Makefile "vclean"
------------------
The generated makefile has a "vclean" target which cleans up the build
directories. If you have been building successfully and suddenly
experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
"Undefined Symbol" Linker errors
--------------------------------
There have been linker errors reported when doing a CLIB build. The problems
occur because some versions of the CLIB SDK import files inadvertently
left out some symbols. One symbol in particular is "_lrotl". The missing
functions are actually delivered in the binaries, but they were left out of
the import files. The issues should be fixed in the September 2001 release
of the NDK. If you experience the problems you can temporarily
work around it by manually adding the missing symbols to your version of
"clib.imp".

31
INSTALL.OS2
View File

@@ -1,31 +0,0 @@
Installation on OS/2
--------------------
You need to have the following tools installed:
* EMX GCC
* PERL
* GNU make
To build the makefile, run
> os2\os2-emx
This will configure OpenSSL and create OS2-EMX.mak which you then use to
build the OpenSSL libraries & programs by running
> make -f os2-emx.mak
If that finishes successfully you will find the libraries and programs in the
"out" directory.
Alternatively, you can make a dynamic build that puts the library code into
crypto.dll and ssl.dll by running
> make -f os2-emx-dll.mak
This will build the above mentioned dlls and a matching pair of import
libraries in the "out_dll" directory along with the set of test programs
and the openssl application.

293
INSTALL.VMS
View File

@@ -1,293 +0,0 @@
VMS Installation instructions
written by Richard Levitte
<richard@levitte.org>
Intro:
======
This file is divided in the following parts:
Requirements - Mandatory reading.
Checking the distribution - Mandatory reading.
Compilation - Mandatory reading.
Logical names - Mandatory reading.
Test - Mandatory reading.
Installation - Mandatory reading.
Backward portability - Read if it's an issue.
Possible bugs or quirks - A few warnings on things that
may go wrong or may surprise you.
TODO - Things that are to come.
Requirements:
=============
To build and install OpenSSL, you will need:
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
[Note: OpenSSL has only been tested with DEC C. Compiling with
a different ANSI C compiler may require some work]
Checking the distribution:
==========================
There have been reports of places where the distribution didn't quite get
through, for example if you've copied the tree from a NFS-mounted Unix
mount point.
The easiest way to check if everything got through as it should is to check
for one of the following files:
[.CRYPTO]OPENSSLCONF.H_IN
[.CRYPTO]OPENSSLCONF_H.IN
They should never exist both at once, but one of them should (preferably
the first variant). If you can't find any of those two, something went
wrong.
The best way to get a correct distribution is to download the gzipped tar
file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
use VMSTAR to unpack the resulting tar file.
GUNZIP is available in many places on the net. One of the distribution
points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
VMSTAR is also available in many places on the net. The recommended place
to find information about it is http://www.free.lp.se/vmstar/ .
Compilation:
============
I've used the very good command procedures written by Robert Byer
<byer@mail.all-net.net>, and just slightly modified them, making
them slightly more general and easier to maintain.
You can actually compile in almost any directory separately. Look
for a command procedure name xxx-LIB.COM (in the library directories)
or MAKExxx.COM (in the program directories) and read the comments at
the top to understand how to use them. However, if you want to
compile all you can get, the simplest is to use MAKEVMS.COM in the top
directory. The syntax is the following:
@MAKEVMS <option> <bits> <debug-p> [<compiler>]
<option> must be one of the following:
ALL Just build "everything".
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
SOFTLINKS Just copies some files, to simulate Unix soft links.
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
<bits> must be one of the following:
"" compile using default pointer size
32 compile using 32 bit pointer size
64 compile using 64 bit pointer size
<debug-p> must be one of the following:
DEBUG compile with debugging info (will not optimize)
NODEBUG compile without debugging info (will optimize)
<compiler> must be one of the following:
DECC For DEC C.
GNUC For GNU C.
You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
on how it was built. You will find the SSL library in [.xxx.EXE.SSL],
named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
useful programs in [.xxx.EXE.APPS]. However, these shouldn't be used
right off unless it's just to test them. For production use, make sure
you install first, see Installation below.
Note 1: Some programs in this package require a TCP/IP library.
Note 2: if you want to compile the crypto library only, please make sure
you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
Logical names:
==============
There are a few things that can't currently be given through the command
line. Instead, logical names are used.
Currently, the logical names supported are:
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
not be used. Instead, plain C implementations are
used. This is good to try if something doesn't work.
OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
will not be implemented. Supported algorithms to
do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
SSL2. So, for example, having the logical name
OPENSSL_NO_RSA with the value YES means that the
LIBCRYPTO.OLB library will not contain an RSA
implementation.
Test:
=====
Testing is very simple, just do the following:
@[.TEST]TESTS
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
it's an ugly hack!) and rebuild. Please send a bug report to
<openssl-bugs@openssl.org>, including the output of "openssl version -a"
and of the failed test.
Installation:
=============
Installation is easy, just do the following:
@INSTALL <root> <bits>
<root> is the directory in which everything will be installed,
subdirectories, libraries, header files, programs and startup command
procedures.
<bits> works the same way as for MAKEVMS.COM
N.B.: INSTALL.COM builds a new directory structure, different from
the directory tree where you have now build OpenSSL.
In the [.VMS] subdirectory of the installation, you will find the
following command procedures:
OPENSSL_STARTUP.COM
defines all needed logical names. Takes one argument that
tells it in what logical name table to insert the logical
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
call should look like this:
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
OPENSSL_UTILS.COM
sets up the symbols to the applications. Should be called
from for example SYS$MANAGER:SYLOGIN.COM
OPENSSL_UNDO.COM
deassigns the logical names created with OPENSSL_STARTUP.COM.
The logical names that are set up are the following:
SSLROOT a dotted concealed logical name pointing at the
root directory.
SSLCERTS Initially an empty directory, this is the default
location for certificate files.
SSLPRIVATE Initially an empty directory, this is the default
location for private key files.
SSLEXE Contains the openssl binary and a few other utility
programs.
SSLINCLUDE Contains the header files needed if you want to
compile programs with libcrypto or libssl.
SSLLIB Contains the OpenSSL library files themselves:
- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
OPENSSL Same as SSLINCLUDE. This is because the standard
way to include OpenSSL header files from version
0.9.3 and on is:
#include <openssl/header.h>
For more info on this issue, see the INSTALL. file
(the NOTE in section 4 of "Installation in Detail").
You don't need to "deleting old header files"!!!
Backward portability:
=====================
One great problem when you build a library is making sure it will work
on as many versions of VMS as possible. Especially, code compiled on
OpenVMS version 7.x and above tend to be unusable in version 6.x or
lower, because some C library routines have changed names internally
(the C programmer won't usually see it, because the old name is
maintained through C macros). One obvious solution is to make sure
you have a development machine with an old enough version of OpenVMS.
However, if you are stuck with a bunch of Alphas running OpenVMS version
7.1, you seem to be out of luck. Fortunately, the DEC C header files
are cluttered with conditionals that make some declarations and definitions
dependent on the OpenVMS version or the C library version, *and* you
can use those macros to simulate older OpenVMS or C library versions,
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
correct values. In the compilation scripts, I've provided the possibility
for the user to influence the creation of such macros, through a bunch of
symbols, all having names starting with USER_. Here's the list of them:
USER_CCFLAGS - Used to give additional qualifiers to the
compiler. It can't be used to define macros
since the scripts will do such things as well.
To do such things, use USER_CCDEFS.
USER_CCDEFS - Used to define macros on the command line. The
value of this symbol will be inserted inside a
/DEFINE=(...).
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
inserted inside a /DISABLE=WARNING=(...).
So, to maintain backward compatibility with older VMS versions, do the
following before you start compiling:
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
$ USER_CCDISABLEWARNINGS := PREOPTW
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
that those macros have been changed.
Note: Currently, this is only useful for library compilation. The
programs will still be linked with the current version of the
C library shareable image, and will thus complain if they are
faced with an older version of the same C library shareable image.
This will probably be fixed in a future revision of OpenSSL.
Possible bugs or quirks:
========================
I'm not perfectly sure all the programs will use the SSLCERTS:
directory by default, it may very well be that you have to give them
extra arguments. Please experiment.
TODO:
=====
There are a few things that need to be worked out in the VMS version of
OpenSSL, still:
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
There may be other things that I have missed and that may be desirable.
Please send mail to <openssl-users@openssl.org> or to me directly if you
have any ideas.
--
Richard Levitte <richard@levitte.org>
2000-02-27, 2011-03-18

325
INSTALL.W32
View File

@@ -1,325 +0,0 @@
INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
[Instructions for building for Windows CE can be found in INSTALL.WCE]
[Instructions for building for Win64 can be found in INSTALL.W64]
Here are a few comments about building OpenSSL for Win32 environments,
such as Windows NT and Windows 9x. It should be noted though that
Windows 9x are not ordinarily tested. Its mention merely means that we
attempt to maintain certain programming discipline and pay attention
to backward compatibility issues, in other words it's kind of expected
to work on Windows 9x, but no regression tests are actually performed.
On additional note newer OpenSSL versions are compiled and linked with
Winsock 2. This means that minimum OS requirement was elevated to NT 4
and Windows 98 [there is Winsock 2 update for Windows 95 though].
- you need Perl for Win32. Unless you will build on Cygwin, you will need
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- one of the following C compilers:
* Visual C++
* Borland C
* GNU C (Cygwin or MinGW)
- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
is required if you intend to utilize assembler modules. Note that NASM
is now the only supported assembler.
If you are compiling from a tarball or a Git snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
Visual C++
----------
If you want to compile in the assembly language routines with Visual
C++, then you will need already mentioned Netwide Assembler binary,
nasmw.exe or nasm.exe, to be available on your %PATH%.
Firstly you should run Configure with platform VC-WIN32:
> perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
Where the prefix argument specifies where OpenSSL will be installed to.
Next you need to build the Makefiles and optionally the assembly
language files:
- If you are using NASM then run:
> ms\do_nasm
- If you don't want to use the assembly language files at all then run:
> perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section: you probably won't be able to compile it as it
stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\ntdll.mak
If all is well it should compile and you will have some DLLs and
executables in out32dll. If you want to try the tests then do:
> nmake -f ms\ntdll.mak test
To install OpenSSL to the specified location do:
> nmake -f ms\ntdll.mak install
Tweaks:
There are various changes you can make to the Win32 compile
environment. By default the library is not compiled with debugging
symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
then debugging symbols will be compiled in.
By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
separate shared librariesy. If you specify the "enable-static-engine"
option on the command line to Configure the shared library build
(ms\ntdll.mak) will compile the engines into libeay32.dll instead.
The default Win32 environment is to leave out any Windows NT specific
features.
If you want to enable the NT specific features of OpenSSL (currently
only the logging BIO) follow the instructions above but call the batch
file do_nt.bat instead of do_ms.bat.
You can also build a static version of the library using the Makefile
ms\nt.mak
Borland C++ builder 5
---------------------
* Configure for building with Borland Builder:
> perl Configure BC-32
* Create the appropriate makefile
> ms\do_nasm
* Build
> make -f ms\bcb.mak
Borland C++ builder 3 and 4
---------------------------
* Setup PATH. First must be GNU make then bcb4/bin
* Run ms\bcb4.bat
* Run make:
> make -f bcb.mak
GNU C (Cygwin)
--------------
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
Win32 subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to
Unix procedure. It is also possible to create Win32 binaries that only
use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
MinGW. MinGW can be used in the Cygwin development environment or in a
standalone setup as described in the following section.
To build OpenSSL using Cygwin:
* Install Cygwin (see http://cygwin.com/)
* Install Perl and ensure it is in the path. Both Cygwin perl
(5.6.1-2 or newer) and ActivePerl work.
* Run the Cygwin bash shell
* $ tar zxvf openssl-x.x.x.tar.gz
$ cd openssl-x.x.x
To build the Cygwin version of OpenSSL:
$ ./config
[...]
$ make
[...]
$ make test
$ make install
This will create a default install in /usr/local/ssl.
To build the MinGW version (native Windows) in Cygwin:
$ ./Configure mingw
[...]
$ make
[...]
$ make test
$ make install
Cygwin Notes:
"make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
"bc" is not provided in older Cygwin distribution. This causes a
non-fatal error in "make test" but is otherwise harmless. If
desired and needed, GNU bc can be built with Cygwin without change.
GNU C (MinGW/MSYS)
-------------
* Compiler and shell environment installation:
MinGW and MSYS are available from http://www.mingw.org/, both are
required. Run the installers and do whatever magic they say it takes
to start MSYS bash shell with GNU tools on its PATH.
N.B. Since source tar-ball can contain symbolic links, it's essential
that you use accompanying MSYS tar to unpack the source. It will
either handle them in one way or another or fail to extract them,
which does the trick too. Latter means that you may safely ignore all
"cannot create symlink" messages, as they will be "re-created" at
configure stage by copying corresponding files. Alternative programs
were observed to create empty files instead, which results in build
failure.
* Compile OpenSSL:
$ ./config
[...]
$ make
[...]
$ make test
This will create the library and binaries in root source directory
and openssl.exe application in apps directory.
It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
link with libeay32.a and libssl32.a instead.
See troubleshooting if you get error messages about functions not
having a number assigned.
Installation
------------
If you used the Cygwin procedure above, you have already installed and
can skip this section. For all other procedures, there's currently no real
installation procedure for Win32. There are, however, some suggestions:
- do nothing. The include files are found in the inc32/ subdirectory,
all binaries are found in out32dll/ or out32/ depending if you built
dynamic or static libraries.
- do as is written in INSTALL.Win32 that comes with modssl:
$ md c:\openssl
$ md c:\openssl\bin
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\openssl\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
Troubleshooting
---------------
Since the Win32 build is only occasionally tested it may not always compile
cleanly. If you get an error about functions not having numbers assigned
when you run ms\do_ms then this means the Win32 ordinal files are not up to
date. You can do:
> perl util\mkdef.pl crypto ssl update
then ms\do_XXX should not give a warning any more. However the numbers that
get assigned by this technique may not match those that eventually get
assigned in the Git tree: so anything linked against this version of the
library may need to be recompiled.
If you get errors about unresolved symbols there are several possible
causes.
If this happens when the DLL is being linked and you have disabled some
ciphers then it is possible the DEF file generator hasn't removed all
the disabled symbols: the easiest solution is to edit the DEF files manually
to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
Another cause is if you missed or ignored the errors about missing numbers
mentioned above.
If you get warnings in the code then the compilation will halt.
The default Makefile for Win32 halts whenever any warnings occur. Since VC++
has its own ideas about warnings which don't always match up to other
environments this can happen. The best fix is to edit the file with the
warning in and fix it. Alternatively you can turn off the halt on warnings by
editing the CFLAG line in the Makefile and deleting the /WX option.
You might get compilation errors. Again you will have to fix these or report
them.
One final comment about compiling applications linked to the OpenSSL library.
If you don't use the multithreaded DLL runtime library (/MD option) your
program will almost certainly crash because malloc gets confused -- the
OpenSSL DLLs are statically linked to one version, the application must
not use a different one. You might be able to work around such problems
by adding CRYPTO_malloc_init() to your program before any calls to the
OpenSSL libraries: This tells the OpenSSL libraries to use the same
malloc(), free() and realloc() as the application. However there are many
standard library functions used by OpenSSL that call malloc() internally
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
rely on CRYPTO_malloc_init() solving your problem, and you should
consistently use the multithreaded library.
Linking your application
------------------------
If you link with static OpenSSL libraries [those built with ms/nt.mak],
then you're expected to additionally link your application with
WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
developing non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated with
interactive desktop, which is not available to service processes. The toolkit
is designed to detect in which context it's currently executed, GUI, console
app or service, and act accordingly, namely whether or not to actually make
GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
/DELAYLOAD:USER32.DLL and actually keep them off service process should
consider implementing and exporting from .exe image in question own
_OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
return sess==0;
return FALSE;
}
If you link with OpenSSL .DLLs, then you're expected to include into
your application code small "shim" snippet, which provides glue between
OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
reference page for further details.

66
INSTALL.W64
View File

@@ -1,66 +0,0 @@
INSTALLATION ON THE WIN64 PLATFORM
----------------------------------
Caveat lector
-------------
As of moment of this writing Win64 support is classified "initial"
for the following reasons.
- No assembler modules are engaged upon initial 0.9.8 release.
- API might change within 0.9.8 life-span, *but* in a manner which
doesn't break backward binary compatibility. Or in other words,
application programs compiled with initial 0.9.8 headers will
be expected to work with future minor release .DLL without need
to re-compile, even if future minor release features modified API.
- Above mentioned API modifications have everything to do with
elimination of a number of limitations, which are normally
considered inherent to 32-bit platforms. Which in turn is why they
are treated as limitations on 64-bit platform such as Win64:-)
The current list comprises [but not necessarily limited to]:
- null-terminated strings may not be longer than 2G-1 bytes,
longer strings are treated as zero-length;
- dynamically and *internally* allocated chunks can't be larger
than 2G-1 bytes;
- inability to encrypt/decrypt chunks of data larger than 4GB
[it's possibly to *hash* chunks of arbitrary size through];
Neither of these is actually big deal and hardly encountered
in real-life applications.
Compiling procedure
-------------------
You will need Perl. You can run under Cygwin or you can download
ActiveState Perl from http://www.activestate.com/ActivePerl.
You will need Microsoft Platform SDK, available for download at
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
April 2005 Platform SDK is equipped with Win64 compilers, as well
as assemblers, but it might change in the future.
To build for Win64/x64:
> perl Configure VC-WIN64A
> ms\do_win64a
> nmake -f ms\ntdll.mak
> cd out32dll
> ..\ms\test
To build for Win64/IA64:
> perl Configure VC-WIN64I
> ms\do_win64i
> nmake -f ms\ntdll.mak
> cd out32dll
> ..\ms\test
Naturally test-suite itself has to be executed on the target platform.
Installation
------------
TBD, for now see INSTALL.W32.

95
INSTALL.WCE
View File

@@ -1,95 +0,0 @@
INSTALLATION FOR THE WINDOWS CE PLATFORM
----------------------------------------
Building OpenSSL for Windows CE requires the following external tools:
* Microsoft eMbedded Visual C++ 3.0 or later
* Appropriate SDK might be required
* Perl for Win32 [commonly recommended ActiveState Perl is available
from http://www.activestate.com/Products/ActivePerl/]
* wcecompat compatibility library available at
http://www.essemer.com.au/windowsce/
* Optionally ceutils for running automated tests (same location)
_or_
* PocketConsole driver and PortSDK available at
http://www.symbolictools.de/public/pocketconsole/
* CMD command interpreter (same location)
As Windows CE support in OpenSSL relies on 3rd party compatibility
library, it's appropriate to check corresponding URL for updates. For
example if you choose wcecompat, note that as for the moment of this
writing version 1.2 is available and actually required for WCE 4.2
and newer platforms. All wcecompat issues should be directed to
www.essemer.com.au.
Why compatibility library at all? The C Runtime Library implementation
for Windows CE that is included with Microsoft eMbedded Visual C++ is
incomplete and in some places incorrect. Compatibility library plugs
the holes and tries to bring the Windows CE CRT to [more] usable level.
Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
proposed compatibility libraries solve in two different ways: wcecompat
redirects IO to active sync link, while PortSDK - to NT-like console
driver on the handheld itself.
Building
--------
Setup the eMbedded Visual C++ environment. There are batch files for doing
this installed with eVC++. For an ARM processor, for example, execute:
> "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
Next pick compatibility library according to your preferences.
1. To choose wcecompat set up WCECOMPAT environment variable pointing
at the location of wcecompat tree "root":
> set WCECOMPAT=C:\wcecompat
> set PORTSDK_LIBPATH=
2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
specific location where your portlib.lib is installed:
> set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
> set WCECOMPAT=
Note that you may not set both variables.
Next you should run Configure:
> perl Configure VC-CE
Next you need to build the Makefiles:
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section in INSTALL.W32: you probably won't be able to compile
it as it stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\cedll.mak
[note that static builds are not supported under CE]
If all is well it should compile and you will have some DLLs and executables
in out32dll*.
<<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
If you want
to try the tests then make sure the ceutils are in the path and do:
> cd out32
> ..\ms\testce
This will copy each of the test programs to the Windows CE device and execute
them, displaying the output of the tests on this computer. The output should
look similar to the output produced by running the tests for a regular Windows
build.

365
INSTALL.generic Normal file
View File

@@ -0,0 +1,365 @@
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

127
LICENSE
View File

@@ -1,127 +0,0 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

1460
MINFO
View File

File diff suppressed because it is too large Load Diff

62
MacOS/GUSI_Init.cpp
View File

@@ -1,62 +0,0 @@
/**************** BEGIN GUSI CONFIGURATION ****************************
*
* GUSI Configuration section generated by GUSI Configurator
* last modified: Wed Jan 5 20:33:51 2000
*
* This section will be overwritten by the next run of Configurator.
*/
#define GUSI_SOURCE
#include <GUSIConfig.h>
#include <sys/cdefs.h>
/* Declarations of Socket Factories */
__BEGIN_DECLS
void GUSIwithInetSockets();
void GUSIwithLocalSockets();
void GUSIwithMTInetSockets();
void GUSIwithMTTcpSockets();
void GUSIwithMTUdpSockets();
void GUSIwithOTInetSockets();
void GUSIwithOTTcpSockets();
void GUSIwithOTUdpSockets();
void GUSIwithPPCSockets();
void GUSISetupFactories();
__END_DECLS
/* Configure Socket Factories */
void GUSISetupFactories()
{
#ifdef GUSISetupFactories_BeginHook
GUSISetupFactories_BeginHook
#endif
GUSIwithInetSockets();
#ifdef GUSISetupFactories_EndHook
GUSISetupFactories_EndHook
#endif
}
/* Declarations of File Devices */
__BEGIN_DECLS
void GUSIwithDConSockets();
void GUSIwithNullSockets();
void GUSISetupDevices();
__END_DECLS
/* Configure File Devices */
void GUSISetupDevices()
{
#ifdef GUSISetupDevices_BeginHook
GUSISetupDevices_BeginHook
#endif
GUSIwithNullSockets();
#ifdef GUSISetupDevices_EndHook
GUSISetupDevices_EndHook
#endif
}
/**************** END GUSI CONFIGURATION *************************/

2753
MacOS/GetHTTPS.src/CPStringUtils.cpp
View File

File diff suppressed because it is too large Load Diff

104
MacOS/GetHTTPS.src/CPStringUtils.hpp
View File

@@ -1,104 +0,0 @@
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
long CStrLength(const char *theCString);
long PStrLength(const unsigned char *thePString);
OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
void ZeroMem(void *theMemPtr,const unsigned long numBytes);
char *FindCharInCStr(const char theChar,const char *theCString);
long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
void ConvertCStrToUpperCase(char *theSrcCStr);
int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
int CountWordsInCStr(const char *inSrcCStr);
OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
#ifdef __cplusplus
}
#endif

170
MacOS/GetHTTPS.src/ErrorHandling.cpp
View File

@@ -1,170 +0,0 @@
/* ====================================================================
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ErrorHandling.hpp"
#include "CPStringUtils.hpp"
#ifdef __EXCEPTIONS_ENABLED__
#include "CMyException.hpp"
#endif
static char gErrorMessageBuffer[512];
char *gErrorMessage = gErrorMessageBuffer;
int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
void SetErrorMessage(const char *theErrorMessage)
{
if (theErrorMessage != nil)
{
CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
{
if (theErrorMessage != nil)
{
CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
{
if (theErrorMessage != nil)
{
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
{
if (theErrorMessage != nil)
{
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
}
}
void AppendCStrToErrorMessage(const char *theErrorMessage)
{
if (theErrorMessage != nil)
{
ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
}
}
void AppendLongIntToErrorMessage(const long theLongInt)
{
ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
char *GetErrorMessage(void)
{
return gErrorMessage;
}
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
{
OSErr errCode;
errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
return(errCode);
}
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
{
OSErr errCode;
errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
return(errCode);
}
OSErr AppendErrorMessageToHandle(Handle inoutHandle)
{
OSErr errCode;
errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
return(errCode);
}
#ifdef __EXCEPTIONS_ENABLED__
void ThrowErrorMessageException(void)
{
ThrowDescriptiveException(gErrorMessage);
}
#endif

147
MacOS/GetHTTPS.src/ErrorHandling.hpp
View File

@@ -1,147 +0,0 @@
#ifdef __cplusplus
extern "C" {
#endif
#ifndef kGenericError
#define kGenericError -1
#endif
extern char *gErrorMessage;
void SetErrorMessage(const char *theErrorMessage);
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
void AppendCStrToErrorMessage(const char *theErrorMessage);
void AppendLongIntToErrorMessage(const long theLongInt);
char *GetErrorMessage(void);
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
OSErr AppendErrorMessageToHandle(Handle inoutHandle);
#ifdef __EXCEPTIONS_ENABLED__
void ThrowErrorMessageException(void);
#endif
// A bunch of evil macros that would be unnecessary if I were always using C++ !
#define SetErrorMessageAndBailIfNil(theArg,theMessage) \
{ \
if (theArg == nil) \
{ \
SetErrorMessage(theMessage); \
errCode = kGenericError; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndBail(theMessage) \
{ \
SetErrorMessage(theMessage); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \
{ \
SetErrorMessageAndCStr(theMessage,theCStr); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessage(theMessage); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \
{ \
if (theArg == nil) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = kGenericError; \
goto EXITPOINT; \
} \
}
#define BailIfError(theErrCode) \
{ \
if ((theErrCode) != noErr) \
{ \
goto EXITPOINT; \
} \
}
#define SetErrCodeAndBail(theErrCode) \
{ \
errCode = theErrCode; \
\
goto EXITPOINT; \
}
#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \
{ \
SetErrorMessage(theMessage); \
errCode = theErrCode; \
goto EXITPOINT; \
}
#define BailNow() \
{ \
errCode = kGenericError; \
goto EXITPOINT; \
}
#ifdef __cplusplus
}
#endif

209
MacOS/GetHTTPS.src/GetHTTPS.cpp
View File

@@ -1,209 +0,0 @@
/*
* An demo illustrating how to retrieve a URI from a secure HTTP server.
*
* Author: Roy Wood
* Date: September 7, 1999
* Comments: This relies heavily on my MacSockets library.
* This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
* to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example:
*
* Macintosh HD:
* Development:
* OpenSSL-0.9.4:
* (OpenSSL sources here)
* OpenSSL Example:
* (OpenSSL example junk here)
*
*
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
*/
/* modified to seed the PRNG */
/* modified to use CRandomizer for seeding */
// Include some funky libs I've developed over time
#include "CPStringUtils.hpp"
#include "ErrorHandling.hpp"
#include "MacSocket.h"
#include "Randomizer.h"
// We use the OpenSSL implementation of SSL....
// This was a lot of work to finally get going, though you wouldn't know it by the results!
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <timer.h>
// Let's try grabbing some data from here:
#define kHTTPS_DNS "www.apache-ssl.org"
#define kHTTPS_Port 443
#define kHTTPS_URI "/"
// Forward-declare this
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking.
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
{
#pragma unused(inUserRefPtr)
EventRecord theEvent;
::EventAvail(everyEvent,&theEvent);
CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
if (randomizer)
randomizer->PeriodicAction();
return(noErr);
}
// Finally!
void main(void)
{
OSErr errCode;
int theSocket = -1;
int theTimeout = 30;
SSL_CTX *ssl_ctx = nil;
SSL *ssl = nil;
char tempString[256];
UnsignedWide microTickCount;
CRandomizer randomizer;
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
BailIfError(errCode = MacSocket_Startup());
// Create a socket-like object
BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
// Set up the connect string and try to connect
CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
printf("Connecting to %s....\n",tempString);
BailIfError(errCode = MacSocket_connect(theSocket,tempString));
// Init SSL stuff
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
// Pick the SSL method
// ssl_ctx = SSL_CTX_new(SSLv2_client_method());
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
// Create an SSL thingey and try to negotiate the connection
ssl = SSL_new(ssl_ctx);
SSL_set_fd(ssl,theSocket);
errCode = SSL_connect(ssl);
if (errCode < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
}
// Request the URI from the host
CopyCStrToCStr("GET ",tempString,sizeof(tempString));
ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
errCode = SSL_write(ssl,tempString,CStrLength(tempString));
if (errCode < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
}
for (;;)
{
char tempString[256];
int bytesRead;
// Read some bytes and dump them to the console
bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
{
break;
}
else if (bytesRead < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
}
tempString[bytesRead] = '\0';
printf("%s", tempString);
}
printf("\n\n\n");
// All done!
errCode = noErr;
EXITPOINT:
// Clean up and go home
if (theSocket >= 0)
{
MacSocket_close(theSocket);
}
if (ssl != nil)
{
SSL_free(ssl);
}
if (ssl_ctx != nil)
{
SSL_CTX_free(ssl_ctx);
}
if (errCode != noErr)
{
printf("An error occurred:\n");
printf("%s",GetErrorMessage());
}
MacSocket_Shutdown();
}

1607
MacOS/GetHTTPS.src/MacSocket.cpp
View File

File diff suppressed because it is too large Load Diff

104
MacOS/GetHTTPS.src/MacSocket.h
View File

@@ -1,104 +0,0 @@
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
enum {
kMacSocket_TimeoutErr = -2
};
// Since MacSocket does busy waiting, I do a callback while waiting
typedef OSErr(*MacSocket_IdleWaitCallback) (void *);
// Call this before anything else!
OSErr MacSocket_Startup(void);
// Call this to cleanup before quitting
OSErr MacSocket_Shutdown(void);
// Call this to allocate a "socket" (reference number is returned in
// outSocketNum)
// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
// ignore it
// The inTimeoutTicks parameter is applied during reads/writes of data
// The inIdleWaitCallback parameter specifies a callback which is called
// during busy-waiting periods
// The inUserRefPtr parameter is passed back to the idle-wait callback
OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
const long inTimeoutTicks,
MacSocket_IdleWaitCallback inIdleWaitCallback,
void *inUserRefPtr);
// Call this to connect to an IP/DNS address
// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
// 10.1.1.1:123
OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort);
// Call this to listen on a port
// Since this a low-performance implementation, I allow a maximum of 1 (one!)
// incoming request when I listen
OSErr MacSocket_listen(const int inSocketNum, const int inPortNum);
// Call this to close a socket
OSErr MacSocket_close(const int inSocketNum);
// Call this to receive data on a socket
// Most parameters' purpose are obvious-- except maybe "inBlock" which
// controls whether I wait for data or return immediately
int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
const Boolean inBlock);
// Call this to send data on a socket
int MacSocket_send(const int inSocketNum, const void *inBuff,
int inBuffLength);
// If zero bytes were read in a call to MacSocket_recv(), it may be that the
// remote end has done a half-close
// This function will let you check whether that's true or not
Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
// Call this to see if the listen has completed after a call to
// MacSocket_listen()
Boolean MacSocket_ListenCompleted(const int inSocketNum);
// These really aren't very useful anymore
Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
// You may wish to change the userRefPtr for a socket callback-- use this to
// do it
void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr);
// Call these to get the socket's IP:port descriptor
void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
const int inIPAndPortLength);
void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
const int inIPAndPortLength);
// Call this to get error info from a socket
void MacSocket_GetSocketErrorInfo(const int inSocketNum,
int *outSocketErrCode,
char *outSocketErrString,
const int inSocketErrStringMaxLength);
#ifdef __cplusplus
}
#endif

4940
MacOS/OpenSSL.mcp.hqx
View File

File diff suppressed because it is too large Load Diff

476
MacOS/Randomizer.cpp
View File

@@ -1,476 +0,0 @@
/*
------- Strong random data generation on a Macintosh (pre - OS X) ------
-- GENERAL: We aim to generate unpredictable bits without explicit
user interaction. A general review of the problem may be found
in RFC 1750, "Randomness Recommendations for Security", and some
more discussion, of general and Mac-specific issues has appeared
in "Using and Creating Cryptographic- Quality Random Numbers" by
Jon Callas (www.merrymeet.com/jon/usingrandom.html).
The data and entropy estimates provided below are based on my
limited experimentation and estimates, rather than by any
rigorous study, and the entropy estimates tend to be optimistic.
They should not be considered absolute.
Some of the information being collected may be correlated in
subtle ways. That includes mouse positions, timings, and disk
size measurements. Some obvious correlations will be eliminated
by the programmer, but other, weaker ones may remain. The
reliability of the code depends on such correlations being
poorly understood, both by us and by potential interceptors.
This package has been planned to be used with OpenSSL, v. 0.9.5.
It requires the OpenSSL function RAND_add.
-- OTHER WORK: Some source code and other details have been
published elsewhere, but I haven't found any to be satisfactory
for the Mac per se:
* The Linux random number generator (by Theodore Ts'o, in
drivers/char/random.c), is a carefully designed open-source
crypto random number package. It collects data from a variety
of sources, including mouse, keyboard and other interrupts.
One nice feature is that it explicitly estimates the entropy
of the data it collects. Some of its features (e.g. interrupt
timing) cannot be reliably exported to the Mac without using
undocumented APIs.
* Truerand by Don P. Mitchell and Matt Blaze uses variations
between different timing mechanisms on the same system. This
has not been tested on the Mac, but requires preemptive
multitasking, and is hardware-dependent, and can't be relied
on to work well if only one oscillator is present.
* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
gathers a lot of information about the machine and system
environment. Unfortunately, much of it is constant from one
startup to the next. In other words, the random seed could be
the same from one day to the next. Some of the APIs are
hardware-dependent, and not all are compatible with Carbon (OS
X). Incidentally, the EGD library is based on the UNIX entropy
gathering methods in cryptlib, and isn't suitable for MacOS
either.
* Mozilla (and perhaps earlier versions of Netscape) uses the
time of day (in seconds) and an uninitialized local variable
to seed the random number generator. The time of day is known
to an outside interceptor (to within the accuracy of the
system clock). The uninitialized variable could easily be
identical between subsequent launches of an application, if it
is reached through the same path.
* OpenSSL provides the function RAND_screen(), by G. van
Oosten, which hashes the contents of the screen to generate a
seed. This is not useful for an extension or for an
application which launches at startup time, since the screen
is likely to look identical from one launch to the next. This
method is also rather slow.
* Using variations in disk drive seek times has been proposed
(Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
Jakobsson, Shriver, Hillyer and Juels,
www.bell-labs.com/user/shriver/random.html). These variations
appear to be due to air turbulence inside the disk drive
mechanism, and are very strongly unpredictable. Unfortunately
this technique is slow, and some implementations of it may be
patented (see Shriver's page above.) It of course cannot be
used with a RAM disk.
-- TIMING: On the 601 PowerPC the time base register is guaranteed
to change at least once every 10 addi instructions, i.e. 10
cycles. On a 60 MHz machine (slowest PowerPC) this translates to
a resolution of 1/6 usec. Newer machines seem to be using a 10
cycle resolution as well.
For 68K Macs, the Microseconds() call may be used. See Develop
issue 29 on the Apple developer site
(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
for information on its accuracy and resolution. The code below
has been tested only on PowerPC based machines.
The time from machine startup to the launch of an application in
the startup folder has a variance of about 1.6 msec on a new G4
machine with a defragmented and optimized disk, most extensions
off and no icons on the desktop. This can be reasonably taken as
a lower bound on the variance. Most of this variation is likely
due to disk seek time variability. The distribution of startup
times is probably not entirely even or uncorrelated. This needs
to be investigated, but I am guessing that it not a majpor
problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
machine, ~16 bits for a 450 MHz machine.
User-launched application startup times will have a variance of
a second or more relative to machine startup time. Entropy >~22
bits.
Machine startup time is available with a 1-second resolution. It
is predictable to no better a minute or two, in the case of
people who show up punctually to work at the same time and
immediately start their computer. Using the scheduled startup
feature (when available) will cause the machine to start up at
the same time every day, making the value predictable. Entropy
>~7 bits, or 0 bits with scheduled startup.
The time of day is of course known to an outsider and thus has 0
entropy if the system clock is regularly calibrated.
-- KEY TIMING: A very fast typist (120 wpm) will have a typical
inter-key timing interval of 100 msec. We can assume a variance
of no less than 2 msec -- maybe. Do good typists have a constant
rhythm, like drummers? Since what we measure is not the
key-generated interrupt but the time at which the key event was
taken off the event queue, our resolution is roughly the time
between process switches, at best 1 tick (17 msec). I therefore
consider this technique questionable and not very useful for
obtaining high entropy data on the Mac.
-- MOUSE POSITION AND TIMING: The high bits of the mouse position
are far from arbitrary, since the mouse tends to stay in a few
limited areas of the screen. I am guessing that the position of
the mouse is arbitrary within a 6 pixel square. Since the mouse
stays still for long periods of time, it should be sampled only
after it was moved, to avoid correlated data. This gives an
entropy of log2(6*6) ~= 5 bits per measurement.
The time during which the mouse stays still can vary from zero
to, say, 5 seconds (occasionally longer). If the still time is
measured by sampling the mouse during null events, and null
events are received once per tick, its resolution is 1/60th of a
second, giving an entropy of log2 (60*5) ~= 8 bits per
measurement. Since the distribution of still times is uneven,
this estimate is on the high side.
For simplicity and compatibility across system versions, the
mouse is to be sampled explicitly (e.g. in the event loop),
rather than in a time manager task.
-- STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
from one startup to the next, with 'minimal' computer use. Won't
vary at all if machine is started again immediately after
startup (unless virtual memory is on), but any application which
uses the web and caches information to disk is likely to cause
this much variation or more. The variation is probably not
random, but I don't know in what way. File sizes tend to be
divisible by 4 bytes since file format fields are often
long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-- STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
gets fragmented this could be anywhere in principle. In a
perfectly unfragmented volume this will be strongly correlated
with the total file size on the disk. With more fragmentation
comes less certainty. I took the variation in this value to be
1/8 of the total file size on the volume.
-- SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
(for Gestalt and Microseconds calls). All the calls used are
Carbon-compatible.
*/
/*------------------------------ Includes ----------------------------*/
#include "Randomizer.h"
// Mac OS API
#include <Files.h>
#include <Folders.h>
#include <Events.h>
#include <Processes.h>
#include <Gestalt.h>
#include <Resources.h>
#include <LowMem.h>
// Standard C library
#include <stdlib.h>
#include <math.h>
/*---------------------- Function declarations -----------------------*/
// declared in OpenSSL/crypto/rand/rand.h
extern "C" void RAND_add (const void *buf, int num, double entropy);
unsigned long GetPPCTimer (bool is601); // Make it global if needed
// elsewhere
/*---------------------------- Constants -----------------------------*/
#define kMouseResolution 6 // Mouse position has to differ
// from the last one by this
// much to be entered
#define kMousePositionEntropy 5.16 // log2 (kMouseResolution**2)
#define kTypicalMouseIdleTicks 300.0 // I am guessing that a typical
// amount of time between mouse
// moves is 5 seconds
#define kVolumeBytesEntropy 12.0 // about log2 (20000/4),
// assuming a variation of 20K
// in total file size and
// long-aligned file formats.
#define kApplicationUpTimeEntropy 6.0 // Variance > 1 second, uptime
// in ticks
#define kSysStartupEntropy 7.0 // Entropy for machine startup
// time
/*------------------------ Function definitions ----------------------*/
CRandomizer::CRandomizer (void)
{
long result;
mSupportsLargeVolumes =
(Gestalt(gestaltFSAttr, &result) == noErr) &&
((result & (1L << gestaltFSSupports2TBVols)) != 0);
if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
{
mIsPowerPC = false;
mIs601 = false;
}
else
{
mIs601 = (result == gestaltCPU601);
mIsPowerPC = (result >= gestaltCPU601);
}
mLastMouse.h = mLastMouse.v = -10; // First mouse will
// always be recorded
mLastPeriodicTicks = TickCount();
GetTimeBaseResolution ();
// Add initial entropy
AddTimeSinceMachineStartup ();
AddAbsoluteSystemStartupTime ();
AddStartupVolumeInfo ();
AddFiller ();
}
void CRandomizer::PeriodicAction (void)
{
AddCurrentMouse ();
AddNow (0.0); // Should have a better entropy estimate here
mLastPeriodicTicks = TickCount();
}
/*------------------------- Private Methods --------------------------*/
void CRandomizer::AddCurrentMouse (void)
{
Point mouseLoc;
unsigned long lastCheck; // Ticks since mouse was last
// sampled
#if TARGET_API_MAC_CARBON
GetGlobalMouse (&mouseLoc);
#else
mouseLoc = LMGetMouseLocation();
#endif
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
AddBytes (&mouseLoc, sizeof(mouseLoc),
kMousePositionEntropy);
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
mMouseStill ++;
else
{
double entropy;
// Mouse has moved. Add the number of measurements for
// which it's been still. If the resolution is too
// coarse, assume the entropy is 0.
lastCheck = TickCount() - mLastPeriodicTicks;
if (lastCheck <= 0)
lastCheck = 1;
entropy = log2l
(kTypicalMouseIdleTicks/(double)lastCheck);
if (entropy < 0.0)
entropy = 0.0;
AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
mMouseStill = 0;
}
mLastMouse = mouseLoc;
}
void CRandomizer::AddAbsoluteSystemStartupTime (void)
{
unsigned long now; // Time in seconds since
// 1/1/1904
GetDateTime (&now);
now -= TickCount() / 60; // Time in ticks since machine
// startup
AddBytes (&now, sizeof(now), kSysStartupEntropy);
}
void CRandomizer::AddTimeSinceMachineStartup (void)
{
AddNow (1.5); // Uncertainty in app startup
// time is > 1.5 msec (for
// automated app startup).
}
void CRandomizer::AddAppRunningTime (void)
{
ProcessSerialNumber PSN;
ProcessInfoRec ProcessInfo;
ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
ProcessInfo.processName = nil;
ProcessInfo.processAppSpec = nil;
GetCurrentProcess (&PSN);
GetProcessInformation (&PSN, &ProcessInfo);
// Now add the amount of time in ticks that the current process
// has been active
AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
kApplicationUpTimeEntropy);
}
void CRandomizer::AddStartupVolumeInfo (void)
{
short vRefNum;
long dirID;
XVolumeParam pb;
OSErr err;
if (!mSupportsLargeVolumes)
return;
FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
&vRefNum, &dirID);
pb.ioVRefNum = vRefNum;
pb.ioCompletion = 0;
pb.ioNamePtr = 0;
pb.ioVolIndex = 0;
err = PBXGetVolInfoSync (&pb);
if (err != noErr)
return;
// Base the entropy on the amount of space used on the disk and
// on the next available allocation block. A lot else might be
// unpredictable, so might as well toss the whole block in. See
// comments for entropy estimate justifications.
AddBytes (&pb, sizeof(pb),
kVolumeBytesEntropy +
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
* 4294967296.0D +
(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
/ pb.ioVAlBlkSiz - 3.0));
}
/*
On a typical startup CRandomizer will come up with about 60
bits of good, unpredictable data. Assuming no more input will
be available, we'll need some more lower-quality data to give
OpenSSL the 128 bits of entropy it desires. AddFiller adds some
relatively predictable data into the soup.
*/
void CRandomizer::AddFiller (void)
{
struct
{
ProcessSerialNumber psn; // Front process serial
// number
RGBColor hiliteRGBValue; // User-selected
// highlight color
long processCount; // Number of active
// processes
long cpuSpeed; // Processor speed
long totalMemory; // Total logical memory
// (incl. virtual one)
long systemVersion; // OS version
short resFile; // Current resource file
} data;
GetNextProcess ((ProcessSerialNumber*) kNoProcess);
while (GetNextProcess (&data.psn) == noErr)
data.processCount++;
GetFrontProcess (&data.psn);
LMGetHiliteRGB (&data.hiliteRGBValue);
Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
Gestalt (gestaltSystemVersion, &data.systemVersion);
data.resFile = CurResFile ();
// Here we pretend to feed the PRNG completely random data. This
// is of course false, as much of the above data is predictable
// by an outsider. At this point we don't have any more
// randomness to add, but with OpenSSL we must have a 128 bit
// seed before we can start. We just add what we can, without a
// real entropy estimate, and hope for the best.
AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
AddCurrentMouse ();
AddNow (1.0);
}
//------------------- LOW LEVEL ---------------------
void CRandomizer::AddBytes (void *data, long size, double entropy)
{
RAND_add (data, size, entropy * 0.125); // Convert entropy bits
// to bytes
}
void CRandomizer::AddNow (double millisecondUncertainty)
{
long time = SysTimer();
AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
mTimebaseTicksPerMillisec));
}
//----------------- TIMING SUPPORT ------------------
void CRandomizer::GetTimeBaseResolution (void)
{
#ifdef __powerc
long speed;
// gestaltProcClkSpeed available on System 7.5.2 and above
if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
// Only PowerPCs running pre-7.5.2 are 60-80 MHz
// machines.
mTimebaseTicksPerMillisec = 6000.0D;
// Assume 10 cycles per clock update, as in 601 spec. Seems true
// for later chips as well.
mTimebaseTicksPerMillisec = speed / 1.0e4D;
#else
// 68K VIA-based machines (see Develop Magazine no. 29)
mTimebaseTicksPerMillisec = 783.360D;
#endif
}
unsigned long CRandomizer::SysTimer (void) // returns the lower 32
// bit of the chip timer
{
#ifdef __powerc
return GetPPCTimer (mIs601);
#else
UnsignedWide usec;
Microseconds (&usec);
return usec.lo;
#endif
}
#ifdef __powerc
// The timebase is available through mfspr on 601, mftb on later chips.
// Motorola recommends that an 601 implementation map mftb to mfspr
// through an exception, but I haven't tested to see if MacOS actually
// does this. We only sample the lower 32 bits of the timer (i.e. a
// few minutes of resolution)
asm unsigned long GetPPCTimer (register bool is601)
{
cmplwi is601, 0 // Check if 601
bne _601 // if non-zero goto _601
mftb r3 // Available on 603 and later.
blr // return with result in r3
_601:
mfspr r3, spr5 // Available on 601 only.
// blr inserted automatically
}
#endif

42
MacOS/Randomizer.h
View File

@@ -1,42 +0,0 @@
// Gathers unpredictable system data to be used for generating
// random bits
#include <MacTypes.h>
class CRandomizer {
public:
CRandomizer(void);
void PeriodicAction(void);
private:
// Private calls
void AddTimeSinceMachineStartup(void);
void AddAbsoluteSystemStartupTime(void);
void AddAppRunningTime(void);
void AddStartupVolumeInfo(void);
void AddFiller(void);
void AddCurrentMouse(void);
void AddNow(double millisecondUncertainty);
void AddBytes(void *data, long size, double entropy);
void GetTimeBaseResolution(void);
unsigned long SysTimer(void);
// System Info
bool mSupportsLargeVolumes;
bool mIsPowerPC;
bool mIs601;
// Time info
double mTimebaseTicksPerMillisec;
unsigned long mLastPeriodicTicks;
// Mouse info
long mSamplePeriod;
Point mLastMouse;
long mMouseStill;
};

18
MacOS/TODO
View File

@@ -1,18 +0,0 @@
-------------------------------------------------------------------
Verify server certificate
-------------------------------------------------------------------
Currently omitted from the project:
crypto/tmdiff.c
crypto/bio/bss_conn.c
crypto/bio/b_sock.c
crypto/bio/bss_acpt.c
crypto/bio/bss_log.h
-------------------------------------------------------------------
Build libraries to link with...
-------------------------------------------------------------------
Port openssl application.
-------------------------------------------------------------------
BN optimizations (currently PPC version is compiled with BN_LLONG)
-------------------------------------------------------------------

9
MacOS/_MWERKS_GUSI_prefix.h
View File

@@ -1,9 +0,0 @@
#include <MacHeaders.h>
#define B_ENDIAN
#ifdef __POWERPC__
# pragma longlong on
#endif
#if 1
# define MAC_OS_GUSI_SOURCE
#endif
#define MONOLITH

9
MacOS/_MWERKS_prefix.h
View File

@@ -1,9 +0,0 @@
#include <MacHeaders.h>
#define B_ENDIAN
#ifdef __POWERPC__
# pragma longlong on
#endif
#if 0
# define MAC_OS_GUSI_SOURCE
#endif
#define MONOLITH

5
MacOS/buildinf.h
View File

@@ -1,5 +0,0 @@
#ifndef MK1MF_BUILD
# define CFLAGS "-DB_ENDIAN"
# define PLATFORM "macos"
# define DATE "Sun Feb 27 19:44:16 MET 2000"
#endif

820
MacOS/mklinks.as.hqx
View File

@@ -1,820 +0,0 @@
(This file must be converted with BinHex 4.0)
:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
!*4S:

126
MacOS/opensslconf.h
View File

@@ -1,126 +0,0 @@
/* MacOS/opensslconf.h */
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
# if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
# define OPENSSLDIR "/usr/local/ssl"
# endif
#endif
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
# define IDEA_INT unsigned int
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
# define MD2_INT unsigned int
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
/* I need to put in a mod for the alpha - eay */
# define RC2_INT unsigned int
#endif
#if defined(HEADER_RC4_H)
# if !defined(RC4_INT)
/*
* using int types make the structure larger but make the code faster on most
* boxes I have tested - up to %20 faster.
*/
/*-
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;
*/
# define RC4_INT unsigned char
# endif
# if !defined(RC4_CHUNK)
/*
* This enables code handling data aligned at natural CPU word
* boundary. See crypto/rc4/rc4_enc.c for further details.
*/
# define RC4_CHUNK unsigned long
# endif
#endif
#if defined(HEADER_DES_H) && !defined(DES_LONG)
/*
* If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
* speed up (longs are 8 bytes, int's are 4).
*/
# ifndef DES_LONG
# define DES_LONG unsigned long
# endif
#endif
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
# define CONFIG_HEADER_BN_H
# if __option(longlong)
# define BN_LLONG
# else
# undef BN_LLONG
# endif
/* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */
/*
* The prime number generation stuff may not work when EIGHT_BIT but I don't
* care since I've only used this mode for debuging the bignum libraries
*/
# undef SIXTY_FOUR_BIT_LONG
# undef SIXTY_FOUR_BIT
# define THIRTY_TWO_BIT
# undef SIXTEEN_BIT
# undef EIGHT_BIT
#endif
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
# define CONFIG_HEADER_RC4_LOCL_H
/*
* if this is defined data[i] is used instead of *data, this is a %20 speedup
* on x86
*/
# undef RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
# define CONFIG_HEADER_BF_LOCL_H
# define BF_PTR
#endif /* HEADER_BF_LOCL_H */
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
# define CONFIG_HEADER_DES_LOCL_H
/*
* the following is tweaked from a config script, that is why it is a
* protected undef/define
*/
# ifndef DES_PTR
# define DES_PTR
# endif
/*
* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers
*/
# ifndef DES_RISC1
# define DES_RISC1
# endif
# ifndef DES_RISC2
# undef DES_RISC2
# endif
# if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!!
# endif
/*
* Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
* CPU dependant
*/
# ifndef DES_UNROLL
# define DES_UNROLL
# endif
#endif /* HEADER_DES_LOCL_H */
#ifndef __POWERPC__
# define MD32_XARRAY
#endif

692
Makefile
View File

@@ -1,692 +0,0 @@
### Generated automatically from Makefile.org by Configure.
##
## Makefile for OpenSSL
##
VERSION=1.0.2q
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=
PLATFORM=VC-WIN32
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-idea no-jpake no-krb5 no-libunbound no-md2 no-mdc2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic
CONFIGURE_ARGS=VC-WIN32 no-idea no-mdc2
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cl
CFLAG= -DOPENSSL_THREADS -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= true
RC= windres
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ= x86cpuid.o
BN_ASM= bn-586.o co-586.o x86-mont.o x86-gf2m.o
EC_ASM=
DES_ENC= des-586.o crypt586.o
AES_ENC= aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC= bf-586.o
CAST_ENC= cast-586.o
RC4_ENC= rc4-586.o
RC5_ENC= rc5-586.o
MD5_ASM_OBJ= md5-586.o
SHA1_ASM_OBJ= sha1-586.o sha256-586.o sha512-586.o
RMD160_ASM_OBJ= rmd-586.o
WP_ASM_OBJ= wp_block.o wp-mmx.o
CMLL_ENC= cmll-x86.o
MODES_ASM_OBJ= ghash-x86.o
ENGINES_ASM_OBJ=
PERLASM_SCHEME= win32n
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=/usr/local/ssl/fips-2.0
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=0xFB00000
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md4 md5 sha hmac ripemd whrlpool \
des aes rc2 rc4 bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts srp cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

109
Makefile.am Normal file
View File

@@ -0,0 +1,109 @@
##
## Author: Lasse Collin
##
## This file has been put into the public domain.
## You can do whatever you want with this file.
##
# Use -n to prevent gzip from adding a timestamp to the .gz headers.
GZIP_ENV = -9n
DIST_SUBDIRS = lib src po tests debug
SUBDIRS =
if COND_GNULIB
SUBDIRS += lib
endif
SUBDIRS += src po tests
if COND_DOC
dist_doc_DATA = \
AUTHORS \
COPYING \
COPYING.GPLv2 \
NEWS \
README \
THANKS \
TODO \
doc/faq.txt \
doc/history.txt \
doc/xz-file-format.txt \
doc/lzma-file-format.txt
examplesdir = $(docdir)/examples
dist_examples_DATA = \
doc/examples/00_README.txt \
doc/examples/01_compress_easy.c \
doc/examples/02_decompress.c \
doc/examples/03_compress_custom.c \
doc/examples/04_compress_easy_mt.c \
doc/examples/Makefile
examplesolddir = $(docdir)/examples_old
dist_examplesold_DATA = \
doc/examples_old/xz_pipe_comp.c \
doc/examples_old/xz_pipe_decomp.c
endif
EXTRA_DIST = \
extra \
dos \
windows \
macosx \
autogen.sh \
Doxyfile.in \
COPYING.GPLv2 \
COPYING.GPLv3 \
COPYING.LGPLv2.1 \
INSTALL.generic \
PACKAGERS \
build-aux/manconv.sh \
build-aux/version.sh
ACLOCAL_AMFLAGS = -I m4
# List of man pages to conver to PDF and plain text in the dist-hook target.
manfiles = \
src/xz/xz.1 \
src/xzdec/xzdec.1 \
src/lzmainfo/lzmainfo.1 \
src/scripts/xzdiff.1 \
src/scripts/xzgrep.1 \
src/scripts/xzless.1 \
src/scripts/xzmore.1
# Create ChangeLog from output of "git log --date=iso --stat".
# Convert the man pages to PDF and plain text (ASCII only) formats.
dist-hook:
if test -d "$(srcdir)/.git" && type git > /dev/null 2>&1; then \
( cd "$(srcdir)" && git log --date=iso --stat ) \
> "$(distdir)/ChangeLog"; \
fi
if type groff > /dev/null 2>&1 && type ps2pdf > /dev/null 2>&1; then \
dest="$(distdir)/doc/man" && \
$(MKDIR_P) "$$dest/pdf-a4" "$$dest/pdf-letter" "$$dest/txt" && \
for FILE in $(manfiles); do \
BASE=`basename $$FILE .1` && \
sh "$(srcdir)/build-aux/manconv.sh" pdf a4 \
< "$(srcdir)/$$FILE" \
> "$$dest/pdf-a4/$$BASE-a4.pdf" && \
sh "$(srcdir)/build-aux/manconv.sh" pdf letter \
< "$(srcdir)/$$FILE" \
> "$$dest/pdf-letter/$$BASE-letter.pdf" && \
sh "$(srcdir)/build-aux/manconv.sh" ascii \
< "$(srcdir)/$$FILE" \
> "$$dest/txt/$$BASE.txt"; \
done; \
fi
# This works with GNU tar and gives cleaner package than normal 'make dist'.
mydist:
sh "$(srcdir)/src/liblzma/validate_map.sh"
VERSION=$(VERSION); \
if test -d "$(srcdir)/.git" && type git > /dev/null 2>&1; then \
SNAPSHOT=`cd "$(srcdir)" && git describe --abbrev=4 | cut -b2-`; \
test -n "$$SNAPSHOT" && VERSION=$$SNAPSHOT; \
fi; \
TAR_OPTIONS='--owner=0 --group=0 --numeric-owner --mode=u+rw,go+r-w' \
$(MAKE) VERSION="$$VERSION" dist-gzip

692
Makefile.bak
View File

@@ -1,692 +0,0 @@
### Generated automatically from Makefile.org by Configure.
##
## Makefile for OpenSSL
##
VERSION=1.0.2q
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=
PLATFORM=VC-WIN64A
OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-idea no-jpake no-krb5 no-libunbound no-md2 no-mdc2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic
CONFIGURE_ARGS=VC-WIN64A no-idea no-mdc2
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cl
CFLAG= -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= true
RC= windres
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ= x86_64cpuid.o
BN_ASM= bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ= md5-x86_64.o
SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
RMD160_ASM_OBJ=
WP_ASM_OBJ= wp-x86_64.o
CMLL_ENC= cmll-x86_64.o cmll_misc.o
MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o
ENGINES_ASM_OBJ=
PERLASM_SCHEME= auto
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=/usr/local/ssl/fips-2.0
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=0xFB00000
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md4 md5 sha hmac ripemd whrlpool \
des aes rc2 rc4 bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts srp cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

1079
Makefile.in Normal file
View File

File diff suppressed because it is too large Load Diff

690
Makefile.org
View File

@@ -1,690 +0,0 @@
##
## Makefile for OpenSSL
##
VERSION=
MAJOR=
MINOR=
SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cc
CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
RC= windres
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
EC_ASM=
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ=
SHA1_ASM_OBJ=
RMD160_ASM_OBJ=
WP_ASM_OBJ=
CMLL_ENC=
MODES_ASM_OBJ=
ENGINES_ASM_OBJ=
PERLASM_SCHEME=
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts jpake srp store cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

655
Makefile.shared
View File

@@ -1,655 +0,0 @@
#
# Helper makefile to link shared libraries in a portable way.
# This is much simpler than libtool, and hopefully not too error-prone.
#
# The following variables need to be set on the command line to build
# properly
# CC contains the current compiler. This one MUST be defined
CC=cc
CFLAGS=$(CFLAG)
# LDFLAGS contains flags to be used when temporary object files (when building
# shared libraries) are created, or when an application is linked.
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
LDFLAGS=
SHARED_LDFLAGS=
NM=nm
# LIBNAME contains just the name of the library, without prefix ("lib"
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
# .dll, ...). This one MUST have a value when using this makefile to
# build shared libraries.
# For example, to build libfoo.so, you need to do the following:
#LIBNAME=foo
LIBNAME=
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
# For example, to build foo, you need to do the following:
#APPNAME=foo
APPNAME=
# OBJECTS contains all the object files to link together into the application.
# This must contain at least one object file.
#OBJECTS=foo.o
OBJECTS=
# LIBEXTRAS contains extra modules to link together with the library.
# For example, if a second library, say libbar.a needs to be linked into
# libfoo.so, you need to do the following:
#LIBEXTRAS=libbar.a
# Note that this MUST be used when using the link_o targets, to hold the
# names of all object files that go into the target library.
LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
#------------------------------------------------------------------------------
# The rest is private to this makefile.
SET_X=:
#SET_X=set -x
top:
echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
LINK_SO= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
if [ -n "$$SHLIB_COMPAT" ]; then \
for x in $$SHLIB_COMPAT; do \
( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
fi
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_A_VIA_O= \
SHOBJECTS=lib$(LIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( $(SET_X); \
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
$(LINK_SO) && rm -f lib$(LIBNAME).o
LINK_SO_A_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
#do with shared libraries, for example when linking against static
#libraries. It's mostly here to avoid a lot of conditionals everywhere
#else...
link_app.:
$(LINK_APP)
link_o.gnu:
@ $(DO_GNU_SO); $(LINK_SO_O)
link_a.gnu:
@ $(DO_GNU_SO); $(LINK_SO_A)
link_app.gnu:
@ $(DO_GNU_APP); $(LINK_APP)
DO_BEOS_SO= SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SUFFIX"
link_o.beos:
@ $(DO_BEOS_SO); $(LINK_SO_O)
link_a.beos:
@ $(DO_BEOS_SO); $(LINK_SO_A)
link_o.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_O)
link_a.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_A)
link_app.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
# Originally link_o.darwin produced .so, because it was hard-coded
# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
# extension in order to allow for run-time linking with vendor-
# supplied shared libraries such as libz, so that link_o.darwin had
# to be harmonized with it. This caused minor controversy, because
# it was believed that dlopen can't be used to dynamically load
# .dylib-s, only so called bundle modules (ones linked with -bundle
# flag). The belief seems to be originating from pre-10.4 release,
# where dlfcn functionality was emulated by dlcompat add-on. In
# 10.4 dlopen was rewritten as native part of dyld and is documented
# to be capable of loading both dynamic libraries and bundles. In
# order to provide compatibility with pre-10.4 dlopen, modules are
# linked with -bundle flag, which makes .dylib extension misleading.
# It works, because dlopen is [and always was] extension-agnostic.
# Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface.
link_o.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
$(LINK_SO_O)
link_a.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
$(LINK_SO_A)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_o.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
base=-Wl,--enable-auto-image-base; \
deffile=; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
SHLIB=$(LIBNAME)eay32; base=; \
if test -f $(LIBNAME)eay32.def; then \
deffile=$(LIBNAME)eay32.def; \
fi; \
fi; \
SHLIB_SUFFIX=.dll; \
LIBVERSION="$(LIBVERSION)"; \
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \
$(LINK_SO_O)
#for mingw target if def-file is in use dll-name should match library-name
link_a.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
case $(LIBNAME) in \
crypto) SHLIB=libeay;; \
ssl) SHLIB=ssleay;; \
esac; \
SHLIB_SOVER=32; \
extras="$(LIBNAME).def"; \
$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(RC) -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
[ -f test/$$dll_name ] && rm test/$$dll_name; \
$(LINK_SO_A) || exit 1; \
rm $$extras; \
cp -p $$dll_name apps/; \
cp -p $$dll_name test/
link_app.cygwin:
@if expr "$(CFLAGS)" : '.*OPENSSL_USE_APPLINK' > /dev/null; then \
LIBDEPS="$(TOP)/crypto/applink.o $${LIBDEPS:-$(LIBDEPS)}"; \
export LIBDEPS; \
fi; \
$(LINK_APP)
link_o.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_O)
link_a.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_A)
link_app.alpha-osf1:
@if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
fi; \
$(LINK_APP)
link_o.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_O)
link_a.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_A)
link_app.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
fi; \
$(LINK_APP)
# OpenServer 5 native compilers used
link_o.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_O)
link_a.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
link_app.svr3:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
# UnixWare 7 and OpenUNIX 8 native compilers used
link_o.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_O)
link_a.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
link_app.svr5:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
link_o.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
fi; \
$(LINK_SO_O)
link_a.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
fi; \
$(LINK_SO_A)
link_app.irix:
@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
# rules imply that we can only link one level down in catalog structure,
# but that's what takes place for the moment of this writing. +cdp option
# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
# editor context only [it's simply ignored in other cases, which are all
# ELFs by the way].
#
link_o.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_a.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
fi; \
$(LINK_APP)
link_o.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
$(LINK_SO_O);
link_a.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
$(LINK_SO_A_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
$(LINK_APP)
link_o.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_O)
link_a.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_A_UNPACKED)
link_app.reliantunix:
$(LINK_APP)
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix symlink.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:
# Compatibility targets
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
link_o.bsd-shared: link_o.bsd
link_a.bsd-shared: link_a.bsd
link_app.bsd-shared: link_app.bsd
link_o.darwin-shared: link_o.darwin
link_a.darwin-shared: link_a.darwin
link_app.darwin-shared: link_app.darwin
symlink.darwin-shared: symlink.darwin
link_o.cygwin-shared: link_o.cygwin
link_a.cygwin-shared: link_a.cygwin
link_app.cygwin-shared: link_app.cygwin
symlink.cygwin-shared: symlink.cygwin
link_o.alpha-osf1-shared: link_o.alpha-osf1
link_a.alpha-osf1-shared: link_a.alpha-osf1
link_app.alpha-osf1-shared: link_app.alpha-osf1
symlink.alpha-osf1-shared: symlink.alpha-osf1
link_o.tru64-shared: link_o.tru64
link_a.tru64-shared: link_a.tru64
link_app.tru64-shared: link_app.tru64
symlink.tru64-shared: symlink.tru64
link_o.tru64-shared-rpath: link_o.tru64-rpath
link_a.tru64-shared-rpath: link_a.tru64-rpath
link_app.tru64-shared-rpath: link_app.tru64-rpath
symlink.tru64-shared-rpath: symlink.tru64-rpath
link_o.solaris-shared: link_o.solaris
link_a.solaris-shared: link_a.solaris
link_app.solaris-shared: link_app.solaris
symlink.solaris-shared: symlink.solaris
link_o.svr3-shared: link_o.svr3
link_a.svr3-shared: link_a.svr3
link_app.svr3-shared: link_app.svr3
symlink.svr3-shared: symlink.svr3
link_o.svr5-shared: link_o.svr5
link_a.svr5-shared: link_a.svr5
link_app.svr5-shared: link_app.svr5
symlink.svr5-shared: symlink.svr5
link_o.irix-shared: link_o.irix
link_a.irix-shared: link_a.irix
link_app.irix-shared: link_app.irix
symlink.irix-shared: symlink.irix
link_o.hpux-shared: link_o.hpux
link_a.hpux-shared: link_a.hpux
link_app.hpux-shared: link_app.hpux
symlink.hpux-shared: symlink.hpux
link_o.aix-shared: link_o.aix
link_a.aix-shared: link_a.aix
link_app.aix-shared: link_app.aix
symlink.aix-shared: symlink.aix
link_o.reliantunix-shared: link_o.reliantunix
link_a.reliantunix-shared: link_a.reliantunix
link_app.reliantunix-shared: link_app.reliantunix
symlink.reliantunix-shared: symlink.reliantunix
link_o.beos-shared: link_o.beos
link_a.beos-shared: link_a.beos
link_app.beos-shared: link_app.gnu
symlink.beos-shared: symlink.beos

1171
NEWS
View File

File diff suppressed because it is too large Load Diff

235
Netware/build.bat
View File

@@ -1,235 +0,0 @@
@echo off
rem ========================================================================
rem Batch file to automate building OpenSSL for NetWare.
rem
rem usage:
rem build [target] [debug opts] [assembly opts] [configure opts]
rem
rem target - "netware-clib" - CLib NetWare build (WinSock Sockets)
rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
rem - "netware-libc" - LibC NetWare build (WinSock Sockets)
rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
rem
rem debug opts - "debug" - build debug
rem
rem assembly opts - "nw-mwasm" - use Metrowerks assembler
rem - "nw-nasm" - use NASM assembler
rem - "no-asm" - don't use assembly
rem
rem configure opts- all unrecognized arguments are passed to the
rem perl configure script
rem
rem If no arguments are specified the default is to build non-debug with
rem no assembly. NOTE: there is no default BLD_TARGET.
rem
rem No assembly is the default - Uncomment section below to change
rem the assembler default
set ASM_MODE=
set ASSEMBLER=
set NO_ASM=no-asm
rem Uncomment to default to the Metrowerks assembler
rem set ASM_MODE=nw-mwasm
rem set ASSEMBLER=Metrowerks
rem set NO_ASM=
rem Uncomment to default to the NASM assembler
rem set ASM_MODE=nw-nasm
rem set ASSEMBLER=NASM
rem set NO_ASM=
rem No default Bld target
set BLD_TARGET=no_target
rem set BLD_TARGET=netware-clib
rem set BLD_TARGET=netware-libc
rem Default to build non-debug
set DEBUG=
rem Uncomment to default to debug build
rem set DEBUG=debug
set CONFIG_OPTS=
set ARG_PROCESSED=NO
rem Process command line args
:opts
if "a%1" == "a" goto endopt
if "%1" == "no-asm" set NO_ASM=no-asm
if "%1" == "no-asm" set ARG_PROCESSED=YES
if "%1" == "debug" set DEBUG=debug
if "%1" == "debug" set ARG_PROCESSED=YES
if "%1" == "nw-nasm" set ASM_MODE=nw-nasm
if "%1" == "nw-nasm" set ASSEMBLER=NASM
if "%1" == "nw-nasm" set NO_ASM=
if "%1" == "nw-nasm" set ARG_PROCESSED=YES
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
if "%1" == "nw-mwasm" set NO_ASM=
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
if "%1" == "netware-clib" set BLD_TARGET=netware-clib
if "%1" == "netware-clib" set ARG_PROCESSED=YES
if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
if "%1" == "netware-libc" set BLD_TARGET=netware-libc
if "%1" == "netware-libc" set ARG_PROCESSED=YES
if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
rem If we didn't recognize the argument, consider it an option for config
if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
shift
goto opts
:endopt
rem make sure a valid BLD_TARGET was specified
if "%BLD_TARGET%" == "no_target" goto no_target
rem build the nlm make file name which includes target and debug info
set NLM_MAKE=
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
if "%NO_ASM%" == "no-asm" set ASM_MODE=
if "%NO_ASM%" == "no-asm" set ASSEMBLER=
if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
if "%NO_ASM%" == "no-asm" goto do_config
rem ==================================================
echo Generating x86 for %ASSEMBLER% assembler
echo Bignum
cd crypto\bn\asm
rem perl x86.pl %ASM_MODE% > bn-nw.asm
perl bn-586.pl %ASM_MODE% > bn-nw.asm
perl co-586.pl %ASM_MODE% > co-nw.asm
cd ..\..\..
echo AES
cd crypto\aes\asm
perl aes-586.pl %ASM_MODE% > a-nw.asm
cd ..\..\..
echo DES
cd crypto\des\asm
perl des-586.pl %ASM_MODE% > d-nw.asm
cd ..\..\..
echo "crypt(3)"
cd crypto\des\asm
perl crypt586.pl %ASM_MODE% > y-nw.asm
cd ..\..\..
echo Blowfish
cd crypto\bf\asm
perl bf-586.pl %ASM_MODE% > b-nw.asm
cd ..\..\..
echo CAST5
cd crypto\cast\asm
perl cast-586.pl %ASM_MODE% > c-nw.asm
cd ..\..\..
echo RC4
cd crypto\rc4\asm
perl rc4-586.pl %ASM_MODE% > r4-nw.asm
cd ..\..\..
echo MD5
cd crypto\md5\asm
perl md5-586.pl %ASM_MODE% > m5-nw.asm
cd ..\..\..
echo SHA1
cd crypto\sha\asm
perl sha1-586.pl %ASM_MODE% > s1-nw.asm
perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
cd ..\..\..
echo RIPEMD160
cd crypto\ripemd\asm
perl rmd-586.pl %ASM_MODE% > rm-nw.asm
cd ..\..\..
echo RC5\32
cd crypto\rc5\asm
perl rc5-586.pl %ASM_MODE% > r5-nw.asm
cd ..\..\..
echo WHIRLPOOL
cd crypto\whrlpool\asm
perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
cd ..\..\..
echo CPUID
cd crypto
perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
cd ..\
rem ===============================================================
rem
:do_config
echo .
echo configure options: %CONFIG_OPTS% %BLD_TARGET%
echo .
perl configure %CONFIG_OPTS% %BLD_TARGET%
perl util\mkfiles.pl >MINFO
echo .
echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
echo .
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
make -f %NLM_MAKE% vclean
echo .
echo The makefile "%NLM_MAKE%" has been created use your maketool to
echo build (ex: make -f %NLM_MAKE%)
goto end
rem ===============================================================
rem
:no_target
echo .
echo . No build target specified!!!
echo .
echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
echo .
echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets)
echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
echo . - "netware-libc" - LibC NetWare build (WinSock Sockets)
echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
echo .
echo . debug opts - "debug" - build debug
echo .
echo . assembly opts - "nw-mwasm" - use Metrowerks assembler
echo . "nw-nasm" - use NASM assembler
echo . "no-asm" - don't use assembly
echo .
echo . configure opts- all unrecognized arguments are passed to the
echo . perl configure script
echo .
echo . If no debug or assembly opts are specified the default is to build
echo . non-debug without assembly
echo .
:end

113
Netware/cpy_tests.bat
View File

@@ -1,113 +0,0 @@
@echo off
rem Batch file to copy OpenSSL stuff to a NetWare server for testing
rem This batch file will create an "opensssl" directory at the root of the
rem specified NetWare drive and copy the required files to run the tests.
rem It should be run from inside the "openssl\netware" subdirectory.
rem Usage:
rem cpy_tests.bat <test subdirectory> <NetWare drive>
rem <test subdirectory> - out_nw.dbg | out_nw
rem <NetWare drive> - any mapped drive letter
rem
rem example ( copy from debug build to m: dirve ):
rem cpy_tests.bat out_nw.dbg m:
rem
rem CAUTION: If a directory named OpenSSL exists on the target drive
rem it will be deleted first.
if "%1" == "" goto usage
if "%2" == "" goto usage
rem Assume running in \openssl directory unless cpy_tests.bat exists then
rem it must be the \openssl\netware directory
set loc=.
if exist cpy_tests.bat set loc=..
rem make sure the local build subdirectory specified is valid
if not exist %loc%\%1\NUL goto invalid_dir
rem make sure target drive is valid
if not exist %2\NUL goto invalid_drive
rem If an OpenSSL directory exists on the target drive, remove it
if exist %2\openssl\NUL goto remove_openssl
goto do_copy
:remove_openssl
echo .
echo OpenSSL directory exists on %2 - it will be removed!
pause
rmdir %2\openssl /s /q
:do_copy
rem make an "openssl" directory and others at the root of the NetWare drive
mkdir %2\openssl
mkdir %2\openssl\test_out
mkdir %2\openssl\apps
mkdir %2\openssl\certs
mkdir %2\openssl\test
rem copy the test nlms
copy %loc%\%1\*.nlm %2\openssl\
rem copy the test perl script
copy %loc%\netware\do_tests.pl %2\openssl\
rem copy the certs directory stuff
xcopy %loc%\certs\*.* %2\openssl\certs\ /s
rem copy the test directory stuff
copy %loc%\test\CAss.cnf %2\openssl\test\
copy %loc%\test\Uss.cnf %2\openssl\test\
copy %loc%\test\pkcs7.pem %2\openssl\test\
copy %loc%\test\pkcs7-1.pem %2\openssl\test\
copy %loc%\test\testcrl.pem %2\openssl\test\
copy %loc%\test\testp7.pem %2\openssl\test\
copy %loc%\test\testreq2.pem %2\openssl\test\
copy %loc%\test\testrsa.pem %2\openssl\test\
copy %loc%\test\testsid.pem %2\openssl\test\
copy %loc%\test\testx509.pem %2\openssl\test\
copy %loc%\test\v3-cert1.pem %2\openssl\test\
copy %loc%\test\v3-cert2.pem %2\openssl\test\
copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
rem copy the apps directory stuff
copy %loc%\apps\client.pem %2\openssl\apps\
copy %loc%\apps\server.pem %2\openssl\apps\
copy %loc%\apps\openssl.cnf %2\openssl\apps\
echo .
echo Tests copied
echo Run the test script at the console by typing:
echo "Perl \openssl\do_tests.pl"
echo .
echo Make sure the Search path includes the OpenSSL subdirectory
goto end
:invalid_dir
echo.
echo Invalid build directory specified: %1
echo.
goto usage
:invalid_drive
echo.
echo Invalid drive: %2
echo.
goto usage
:usage
echo.
echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc.
echo [NetWare drive] - any mapped drive letter
echo.
echo example: cpy_test out_nw_clib.dbg M:
echo (copy from clib debug build area to M: drive)
:end

624
Netware/do_tests.pl
View File

@@ -1,624 +0,0 @@
# perl script to run OpenSSL tests
my $base_path = "\\openssl";
my $output_path = "$base_path\\test_out";
my $cert_path = "$base_path\\certs";
my $test_path = "$base_path\\test";
my $app_path = "$base_path\\apps";
my $tmp_cert = "$output_path\\cert.tmp";
my $OpenSSL_config = "$app_path\\openssl.cnf";
my $log_file = "$output_path\\tests.log";
my $pause = 0;
# process the command line args to see if they wanted us to pause
# between executing each command
foreach $i (@ARGV)
{
if ($i =~ /^-p$/)
{ $pause=1; }
}
main();
############################################################################
sub main()
{
# delete all the output files in the output directory
unlink <$output_path\\*.*>;
# open the main log file
open(OUT, ">$log_file") || die "unable to open $log_file\n";
print( OUT "========================================================\n");
my $outFile = "$output_path\\version.out";
system("openssl2 version (CLIB_OPT)/>$outFile");
log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
algorithm_tests();
encryption_tests();
evp_tests();
pem_tests();
verify_tests();
ca_tests();
ssl_tests();
close(OUT);
print("\nCompleted running tests.\n\n");
print("Check log file for errors: $log_file\n");
}
############################################################################
sub algorithm_tests
{
my $i;
my $outFile;
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
ecdsatest, ectest, exptest, casttest, hmactest );
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
foreach $i (@tests)
{
if (-e "$base_path\\$i.nlm")
{
$outFile = "$output_path\\$i.out";
system("$i (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
}
############################################################################
sub encryption_tests
{
my $i;
my $outFile;
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
"des-ecb", "des-ede", "des-ede3", "des-cbc",
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
"bf-ofb", "bf-cbc" );
my $input = "$base_path\\do_tests.pl";
my $cipher = "$output_path\\cipher.out";
my $clear = "$output_path\\clear.out";
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
foreach $i (@enc_tests)
{
log_desc("Testing: $i");
# do encryption
$outFile = "$output_path\\enc.out";
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
log_output("Encrypting: $input --> $cipher", $outFile);
# do decryption
$outFile = "$output_path\\dec.out";
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting: $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
# Now do the same encryption but use Base64
# do encryption B64
$outFile = "$output_path\\B64enc.out";
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
# do decryption B64
$outFile = "$output_path\\B64dec.out";
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
# delete the temporary files
unlink($cipher);
unlink($clear);
}
############################################################################
sub pem_tests
{
my $i;
my $tmp_out;
my $outFile = "$output_path\\pem.out";
my %pem_tests = (
"crl" => "testcrl.pem",
"pkcs7" => "testp7.pem",
"req" => "testreq2.pem",
"rsa" => "testrsa.pem",
"x509" => "testx509.pem",
"x509" => "v3-cert1.pem",
"sess_id" => "testsid.pem" );
print( "\nRUNNING PEM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "PEM TESTS:\n\n");
foreach $i (keys(%pem_tests))
{
log_desc( "Testing: $i");
my $input = "$test_path\\$pem_tests{$i}";
$tmp_out = "$output_path\\$pem_tests{$i}";
if ($i ne "req" )
{
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
}
else
{
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
}
$x = compare_files( $input, $tmp_out);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $tmp_out\n");
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
}
############################################################################
sub verify_tests
{
my $i;
my $outFile = "$output_path\\verify.out";
$cert_path =~ s/\\/\//g;
my @cert_files = <$cert_path/*.pem>;
print( "\nRUNNING VERIFY TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "VERIFY TESTS:\n\n");
make_tmp_cert_file();
foreach $i (@cert_files)
{
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
log_desc("Verifying cert: $i");
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
}
}
############################################################################
sub ssl_tests
{
my $outFile = "$output_path\\ssl_tst.out";
my($CAcert) = "$output_path\\certCA.ss";
my($Ukey) = "$output_path\\keyU.ss";
my($Ucert) = "$output_path\\certU.ss";
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
print( "\nRUNNING SSL TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "SSL TESTS:\n\n");
system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2:");
log_output("ssltest -ssl2", $outFile);
system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication:");
log_output("$ssltest -ssl2 -server_auth", $outFile);
system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication:");
log_output("$ssltest -ssl2 -client_auth", $outFile);
system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication:");
log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3:");
log_output("ssltest -ssl3", $outFile);
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication:");
log_output("$ssltest -ssl3 -server_auth", $outFile);
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication:");
log_output("$ssltest -ssl3 -client_auth", $outFile);
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication:");
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
system("ssltest (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3:");
log_output("ssltest", $outFile);
system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication:");
log_output("$ssltest -server_auth", $outFile);
system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication:");
log_output("$ssltest -client_auth ", $outFile);
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
log_output("$ssltest -server_auth -client_auth", $outFile);
system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 via BIO pair:");
log_output("ssltest -bio_pair -ssl2", $outFile);
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 via BIO pair:");
log_output("ssltest -bio_pair -ssl3", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 via BIO pair:");
log_output("ssltest -bio_pair", $outFile);
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth", $outFile);
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -client_auth", $outFile);
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
}
############################################################################
sub ca_tests
{
my $outFile = "$output_path\\ca_tst.out";
my($CAkey) = "$output_path\\keyCA.ss";
my($CAcert) = "$output_path\\certCA.ss";
my($CAserial) = "$output_path\\certCA.srl";
my($CAreq) = "$output_path\\reqCA.ss";
my($CAreq2) = "$output_path\\req2CA.ss";
my($CAconf) = "$test_path\\CAss.cnf";
my($Uconf) = "$test_path\\Uss.cnf";
my($Ukey) = "$output_path\\keyU.ss";
my($Ureq) = "$output_path\\reqU.ss";
my($Ucert) = "$output_path\\certU.ss";
print( "\nRUNNING CA TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CA TESTS:\n");
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
log_desc("Make a certificate request using req:");
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
log_desc("Convert the certificate request into a self signed certificate using x509:");
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
log_desc("Convert a certificate into a certificate request using 'x509':");
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
log_desc("Make another certificate request using req:");
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
log_desc("Sign certificate request with the just created CA via x509:");
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
log_desc("Certificate details");
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
print(OUT "--\n");
print(OUT "The generated CA certificate is $CAcert\n");
print(OUT "The generated CA private key is $CAkey\n");
print(OUT "The current CA signing serial number is in $CAserial\n");
print(OUT "The generated user certificate is $Ucert\n");
print(OUT "The generated user private key is $Ukey\n");
print(OUT "--\n");
}
############################################################################
sub evp_tests
{
my $i = 'evp_test';
print( "\nRUNNING EVP TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "EVP TESTS:\n\n");
if (-e "$base_path\\$i.nlm")
{
my $outFile = "$output_path\\$i.out";
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
############################################################################
sub log_output( $ $ )
{
my( $desc, $file ) = @_;
my($error) = 0;
my($key);
my($msg);
if ($desc)
{
print("\r$desc\n");
print(OUT "$desc\n");
}
# loop waiting for test program to complete
while ( stat($file) == 0)
{ print(". "); sleep(1); }
# copy test output to log file
open(IN, "<$file");
while (<IN>)
{
print(OUT $_);
if ( $_ =~ /ERROR/ )
{
$error = 1;
}
}
# close and delete the temporary test output file
close(IN);
unlink($file);
if ( $error == 0 )
{
$msg = "Test Succeeded";
}
else
{
$msg = "Test Failed";
}
print(OUT "$msg\n");
if ($pause)
{
print("$msg - press ENTER to continue...");
$key = getc;
print("\n");
}
# Several of the testing scripts run a loop loading the
# same NLM with different options.
# On slow NetWare machines there appears to be some delay in the
# OS actually unloading the test nlms and the OS complains about.
# the NLM already being loaded. This additional pause is to
# to help provide a little more time for unloading before trying to
# load again.
sleep(1);
}
############################################################################
sub log_desc( $ )
{
my( $desc ) = @_;
print("\n");
print("$desc\n");
print(OUT "\n");
print(OUT "$desc\n");
print(OUT "======================================\n");
}
############################################################################
sub compare_files( $ $ $ )
{
my( $file1, $file2, $binary ) = @_;
my( $n1, $n2, $b1, $b2 );
my($ret) = 1;
open(IN0, $file1) || die "\nunable to open $file1\n";
open(IN1, $file2) || die "\nunable to open $file2\n";
if ($binary)
{
binmode IN0;
binmode IN1;
}
for (;;)
{
$n1 = read(IN0, $b1, 512);
$n2 = read(IN1, $b2, 512);
if ($n1 != $n2) {last;}
if ($b1 != $b2) {last;}
if ($n1 == 0)
{
$ret = 0;
last;
}
}
close(IN0);
close(IN1);
return($ret);
}
############################################################################
sub do_wait()
{
my($key);
if ($pause)
{
print("Press ENTER to continue...");
$key = getc;
print("\n");
}
}
############################################################################
sub make_tmp_cert_file()
{
my @cert_files = <$cert_path/*.pem>;
# delete the file if it already exists
unlink($tmp_cert);
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
print("building temporary cert file\n");
# create a temporary cert file that contains all the certs
foreach $i (@cert_files)
{
open( IN_CERT, $i ) || die "\nunable to open $i\n";
for(;;)
{
$n = sysread(IN_CERT, $data, 1024);
if ($n == 0)
{
close(IN_CERT);
last;
};
syswrite(TMP_CERT, $data, $n);
}
}
close( TMP_CERT );
}

254
Netware/globals.txt
View File

@@ -1,254 +0,0 @@
An initial review of the OpenSSL code was done to determine how many
global variables where present. The idea was to determine the amount of
work required to pull the globals into an instance data structure in
order to build a Library NLM for NetWare. This file contains the results
of the review. Each file is listed along with the globals in the file.
The initial review was done very quickly so this list is probably
not a comprehensive list.
cryptlib.c
===========================================
static STACK *app_locks=NULL;
static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
static void (MS_FAR *locking_callback)(int mode,int type,
const char *file,int line)=NULL;
static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
int type,const char *file,int line)=NULL;
static unsigned long (MS_FAR *id_callback)(void)=NULL;
static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
(const char *file,int line)=NULL;
static void (MS_FAR *dynlock_lock_callback)(int mode,
struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
const char *file,int line)=NULL;
mem.c
===========================================
static int allow_customize = 1; /* we provide flexible functions for */
static int allow_customize_debug = 1;/* exchanging memory-related functions at
/* may be changed as long as `allow_customize' is set */
static void *(*malloc_locked_func)(size_t) = malloc;
static void (*free_locked_func)(void *) = free;
static void *(*malloc_func)(size_t) = malloc;
static void *(*realloc_func)(void *, size_t)= realloc;
static void (*free_func)(void *) = free;
/* use default functions from mem_dbg.c */
static void (*malloc_debug_func)(void *,int,const char *,int,int)
= CRYPTO_dbg_malloc;
static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
= CRYPTO_dbg_realloc;
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
mem_dbg.c
===========================================
static int mh_mode=CRYPTO_MEM_CHECK_OFF;
static unsigned long order = 0; /* number of memory requests */
static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
static long options = /* extra information to be recorded */
static unsigned long disabling_thread = 0;
err.c
===========================================
static LHASH *error_hash=NULL;
static LHASH *thread_hash=NULL;
several files have routines with static "init" to track if error strings
have been loaded ( may not want seperate error strings for each process )
The "init" variable can't be left "global" because the error has is a ptr
that is malloc'ed. The malloc'ed error has is dependant on the "init"
vars.
files:
pem_err.c
cpt_err.c
pk12err.c
asn1_err.c
bio_err.c
bn_err.c
buf_err.c
comp_err.c
conf_err.c
cpt_err.c
dh_err.c
dsa_err.c
dso_err.c
evp_err.c
obj_err.c
pkcs7err.c
rand_err.c
rsa_err.c
rsar_err.c
ssl_err.c
x509_err.c
v3err.c
err.c
These file have similar "init" globals but they are for other stuff not
error strings:
bn_lib.c
ecc_enc.c
s23_clnt.c
s23_meth.c
s23_srvr.c
s2_clnt.c
s2_lib.c
s2_meth.c
s2_srvr.c
s3_clnt.c
s3_lib.c
s3_srvr.c
t1_clnt.c
t1_meth.c
t1_srvr.c
rand_lib.c
===========================================
static RAND_METHOD *rand_meth= &rand_ssleay_meth;
md_rand.c
===========================================
static int state_num=0,state_index=0;
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
/* This should be set to 1 only when ssleay_rand_add() is called inside
an already locked state, so it doesn't try to lock and thereby cause
a hang. And it should always be reset back to 0 before unlocking. */
static int add_do_not_lock=0;
obj_dat.c
============================================
static int new_nid=NUM_NID;
static LHASH *added=NULL;
b_sock.c
===========================================
static unsigned long BIO_ghbn_hits=0L;
static unsigned long BIO_ghbn_miss=0L;
static struct ghbn_cache_st
{
char name[129];
struct hostent *ent;
unsigned long order;
} ghbn_cache[GHBN_NUM];
static int wsa_init_done=0;
bio_lib.c
===========================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
static int bio_meth_num=0;
bn_lib.c
========================================
static int bn_limit_bits=0;
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
static int bn_limit_bits_low=0;
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
static int bn_limit_bits_high=0;
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
static int bn_limit_bits_mont=0;
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
conf_lib.c
========================================
static CONF_METHOD *default_CONF_method=NULL;
dh_lib.c
========================================
static DH_METHOD *default_DH_method;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
dsa_lib.c
========================================
static DSA_METHOD *default_DSA_method;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
dso_lib.c
========================================
static DSO_METHOD *default_DSO_meth = NULL;
rsa_lib.c
========================================
static RSA_METHOD *default_RSA_meth=NULL;
static int rsa_meth_num=0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
x509_trs.c
=======================================
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
static STACK_OF(X509_TRUST) *trtable = NULL;
x509_req.c
=======================================
static int *ext_nids = ext_nid_list;
o_names.c
======================================
static LHASH *names_lh=NULL;
static STACK_OF(NAME_FUNCS) *name_funcs_stack;
static int free_type;
static int names_type_num=OBJ_NAME_TYPE_NUM;
th-lock.c - NEED to add support for locking for NetWare
==============================================
static long *lock_count;
(other platform specific globals)
x_x509.c
==============================================
static int x509_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
evp_pbe.c
============================================
static STACK *pbe_algs;
evp_key.c
============================================
static char prompt_string[80];
ssl_ciph.c
============================================
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
ssl_lib.c
=============================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
static int ssl_meth_num=0;
static int ssl_ctx_meth_num=0;
ssl_sess.c
=============================================
static int ssl_session_num=0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
x509_vfy.c
============================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
static int x509_store_ctx_num=0;

19
Netware/readme.txt
View File

@@ -1,19 +0,0 @@
Contents of the openssl\netware directory
==========================================
Regular files:
readme.txt - this file
do_tests.pl - perl script used to run the OpenSSL tests on NetWare
cpy_tests.bat - batch to to copy test stuff to NetWare server
build.bat - batch file to help with builds
set_env.bat - batch file to help setup build environments
globals.txt - results of initial code review to identify OpenSSL global variables
The following files are generated by the various scripts. They are
recreated each time and it is okay to delete them.
*.def - command files used by Metrowerks linker
*.mak - make files generated by mk1mf.pl

112
Netware/set_env.bat
View File

@@ -1,112 +0,0 @@
@echo off
rem ========================================================================
rem Batch file to assist in setting up the necessary enviroment for
rem building OpenSSL for NetWare.
rem
rem usage:
rem set_env [target]
rem
rem target - "netware-clib" - Clib build
rem - "netware-libc" - LibC build
rem
rem
if "a%1" == "a" goto usage
set LIBC_BUILD=
set CLIB_BUILD=
set GNUC=
if "%1" == "netware-clib" set CLIB_BUILD=Y
if "%1" == "netware-clib" set LIBC_BUILD=
if "%1" == "netware-libc" set LIBC_BUILD=Y
if "%1" == "netware-libc" set CLIB_BUILD=
if "%2" == "gnuc" set GNUC=Y
if "%2" == "codewarrior" set GNUC=
rem Location of tools (compiler, linker, etc)
if "%NDKBASE%" == "" set NDKBASE=c:\Novell
rem If Perl for Win32 is not already in your path, add it here
set PERL_PATH=
rem Define path to the Metrowerks command line tools
rem or GNU Crosscompiler gcc / nlmconv
rem ( compiler, assembler, linker)
if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
rem If using gnu make define path to utility
rem set GNU_MAKE_PATH=%NDKBASE%\gnu
set GNU_MAKE_PATH=c:\prg\tools
rem If using ms nmake define path to nmake
rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
rem If using NASM assembler define path
rem set NASM_PATH=%NDKBASE%\nasm
set NASM_PATH=c:\prg\tools
rem Update path to include tool paths
set path=%path%;%COMPILER_PATH%
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH%
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH%
rem Set INCLUDES to location of Novell NDK includes
if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
rem Set Imports to location of Novell NDK import files
if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
rem Set PRELUDE to the absolute path of the prelude object to link with in
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is
rem recommended, for LibC NKS builds libcpre.o must be used
if "%GNUC%" == "Y" goto gnuc
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
echo using MetroWerks CodeWarrior
goto info
:gnuc
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
echo using GNU GCC Compiler
:info
echo.
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
goto end
:usage
rem ===============================================================
echo.
echo No target build specified!
echo.
echo usage: set_env [target] [compiler]
echo.
echo target - "netware-clib" - Clib build
echo - "netware-libc" - LibC build
echo.
echo compiler - "gnuc" - GNU GCC Compiler
echo - "codewarrior" - MetroWerks CodeWarrior (default)
echo.
:end
echo.

231
PACKAGERS Normal file
View File

@@ -0,0 +1,231 @@
Information to packagers of XZ Utils
====================================
0. Preface
1. Package naming
2. Package description
3. License
4. configure options
5. Additional documentation
6. Extra files
7. Installing XZ Utils and LZMA Utils in parallel
8. Example
0. Preface
----------
This document is meant for people who create and maintain XZ Utils
packages for operating system distributions. The focus is on GNU/Linux
systems, but most things apply to other systems too.
While the standard "configure && make DESTDIR=$PKG install" should
give a pretty good package, there are some details which packagers
may want to tweak.
Packagers should also read the INSTALL file.
1. Package naming
-----------------
The preferred name for the XZ Utils package is "xz", because that's
the name of the upstream tarball. Naturally you may have good reasons
to use some other name; I won't get angry about it. ;-) It's just nice
to be able to point people to the correct package name without asking
what distro they have.
If your distro policy is to split things into small pieces, here is
one suggestion:
xz xz, xzdec, scripts (xzdiff, xzgrep, etc.), docs
xz-lzma lzma, unlzma, lzcat, lzgrep etc. symlinks and
lzmadec binary for compatibility with LZMA Utils
liblzma liblzma.so.*
liblzma-devel liblzma.so, liblzma.a, API headers
2. Package description
----------------------
Here is a suggestion which you may use as the package description.
If you can use only one-line description, pick only the first line.
Naturally, feel free to use some other description if you find it
better, and maybe send it to me too.
Library and command line tools for XZ and LZMA compressed files
XZ Utils provide a general purpose data compression library
and command line tools. The native file format is the .xz
format, but also the legacy .lzma format is supported. The .xz
format supports multiple compression algorithms, of which LZMA2
is currently the primary algorithm. With typical files, XZ Utils
create about 30 % smaller files than gzip.
If you are splitting XZ Utils into multiple packages, here are some
suggestions for package descriptions:
xz:
Command line tools for XZ and LZMA compressed files
This package includes the xz compression tool and other command
line tools from XZ Utils. xz has command line syntax similar to
that of gzip. The native file format is the .xz format, but also
the legacy .lzma format is supported. The .xz format supports
multiple compression algorithms, of which LZMA2 is currently the
primary algorithm. With typical files, XZ Utils create about 30 %
smaller files than gzip.
Note that this package doesn't include the files needed for
LZMA Utils 4.32.x compatibility. Install also the xz-lzma
package to make XZ Utils emulate LZMA Utils 4.32.x.
xz-lzma:
LZMA Utils emulation with XZ Utils
This package includes executables and symlinks to make
XZ Utils emulate lzma, unlzma, lzcat, and other command
line tools found from the legacy LZMA Utils 4.32.x package.
liblzma:
Library for XZ and LZMA compressed files
liblzma is a general purpose data compression library with
an API similar to that of zlib. liblzma supports multiple
algorithms, of which LZMA2 is currently the primary algorithm.
The native file format is .xz, but also the legacy .lzma
format and raw streams (no headers at all) are supported.
This package includes the shared library.
liblzma-devel:
Library for XZ and LZMA compressed files
This package includes the API headers, static library, and
other development files related to liblzma.
3. License
----------
If the package manager supports a license field, you probably should
put GPLv2+ there (GNU GPL v2 or later). The interesting parts of
XZ Utils are in the public domain, but some less important files
ending up into the binary package are under GPLv2+. So it is simplest
to just say GPLv2+ if you cannot specify "public domain and GPLv2+".
If you split XZ Utils into multiple packages as described earlier
in this file, liblzma and liblzma-dev packages will contain only
public domain code (from XZ Utils at least; compiler or linker may
add some third-party code, which may be copyrighted).
4. configure options
--------------------
Unless you are building a package for a distribution that is meant
only for embedded systems, don't use the following configure options:
--enable-debug
--enable-encoders (*)
--enable-decoders
--enable-match-finders
--enable-checks
--enable-small (*)
--disable-threads (*)
(*) These are OK when building xzdec and lzmadec as described
in INSTALL.
xzdec and lzmadec don't provide any functionality that isn't already
available in the xz tool. Shipping xzdec and lzmadec without size
optimization and statically-linked liblzma isn't very useful. Doing
that would give users the xzdec man page, which may make it easier
for people to find out that such tools exists, but the executables
wouldn't have any advantage over the full-featured xz.
5. Additional documentation
---------------------------
"make install" copies some additional documentation to $docdir
(--docdir in configure). There is a copy of the GNU GPL v2, which
can be replaced with a symlink if your distro ships with shared
copies of the common license texts.
liblzma API is currently only documented using Doxygen tags in the
API headers. It hasn't been tested much how good results Doxygen
is able to make from the tags (e.g. Doxyfile might need tweaking,
the tagging may need to be improved etc.), so it might be simpler
to just let people read docs directly from the .h files for now,
and also save quite a bit in package size at the same time.
6. Extra files
--------------
The "extra" directory contains some small extra tools or other files.
The exact set of extra files can vary between XZ Utils releases. The
extra files have only limited use or they are too dangerous to be
put directly to $bindir (7z2lzma.sh is a good example, since it can
silently create corrupt output if certain conditions are not met).
If you feel like it, you may copy the extra directory under the doc
directory (e.g. /usr/share/doc/xz/extra). Maybe some people will find
them useful. However, most people needing these tools probably are
able to find them from the source package too.
The "debug" directory contains some tools that are useful only when
hacking on XZ Utils. Don't package these tools.
7. Installing XZ Utils and LZMA Utils in parallel
-------------------------------------------------
XZ Utils and LZMA Utils 4.32.x can be installed in parallel by
omitting the compatibility symlinks (lzma, unlzma, lzcat, lzgrep etc.)
from the XZ Utils package. It's probably a good idea to still package
the symlinks into a separate package so that users may choose if they
want to use XZ Utils or LZMA Utils for handling .lzma files.
8. Example
----------
Here is an example for i686 GNU/Linux that
- links xz and lzmainfo against shared liblzma;
- links size-optimized xzdec and lzmadec against static liblzma
while avoiding libpthread dependency;
- includes only shared liblzma in the final package; and
- copies also the "extra" directory to the package.
PKG=/tmp/xz-pkg
tar xf xz-x.y.z.tar.gz
cd xz-x.y.z
./configure \
--prefix=/usr \
--disable-static \
--disable-xzdec \
--disable-lzmadec \
CFLAGS='-march=i686 -mtune=generic -O2'
make
make DESTDIR=$PKG install-strip
make clean
./configure \
--prefix=/usr \
--disable-shared \
--disable-nls \
--disable-encoders \
--enable-small \
--disable-threads \
CFLAGS='-march=i686 -mtune=generic -Os'
make -C src/liblzma
make -C src/xzdec
make -C src/xzdec DESTDIR=$PKG install-strip
cp -a extra $PKG/usr/share/doc/xz

213
PROBLEMS
View File

@@ -1,213 +0,0 @@
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
NOTE: The problem described here only applies when OpenSSL isn't built
with shared library support (i.e. without the "shared" configuration
option). If you build with shared library support, you will have no
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
This is really a misfeature in ld, which seems to look for .dylib libraries
along the whole library path before it bothers looking for .a libraries. This
means that -L switches won't matter unless OpenSSL is built with shared
library support.
The workaround may be to change the following lines in apps/Makefile and
test/Makefile:
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
to:
LIBCRYPTO=../libcrypto.a
LIBSSL=../libssl.a
It's possible that something similar is needed for shared library support
as well. That hasn't been well tested yet.
Another solution that many seem to recommend is to move the libraries
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
directory, build and install OpenSSL and anything that depends on your
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
original places. Note that the version numbers on those two libraries
may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
passing -Wl,-search_paths_first, but it's unknown if the flag was
supported from the initial MacOS X release.
* Parallell make leads to errors
While running tests, running a parallell make is a bad idea. Many test
scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
* Bugs in gcc triggered
- According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
We recommend that you upgrade gcc to as high a 3.x version as you can.
- According to multiple problem reports, some of our message digest
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
latter - SHA one.
The recomendation is to upgrade your compiler. This naturally applies to
other similar cases.
- There is a subtle Solaris x86-specific gcc run-time environment bug, which
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
manifests itself as Segmentation Fault upon early application start-up.
The problem can be worked around by patching the environment according to
http://www.openssl.org/~appro/values.c.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
As subject suggests SHA-1 might perform poorly (4 times slower)
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
this seems to be the fact that compiler emits multiplication to
perform shift operations:-( To work the problem around configure
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
* Problems with hp-parisc2-cc target when used with "no-asm" flag
When using the hp-parisc2-cc target, wrong bignum code is generated.
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
aggressive optimization.
The problem manifests itself by the BN_kronecker test hanging in an
endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
which itself hangs. The reason could be tracked down to the bn_mul_comba8()
function in bn_asm.c. At some occasions the higher 32bit value of r[7]
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
as no debugger support possible at +O3 and additional fprintf()'s
introduced fixed the bug, therefore it is most likely a bug in the
optimizer.
The bug was found in the BN_kronecker test but may also lead to
failures in other parts of the code.
(See Ticket #426.)
Workaround: modify the target to +O2 when building with no-asm.
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
The symptoms appear when running the test suite, more specifically
test/ectest, with the following result:
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
ectest.c:186: ABORT
The cause of the problem seems to be that isxdigit(), called from
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
investigation shows that any of the isxxx() macros return 0 on any
input. A direct look in the information array that the isxxx() use,
called __ctype, shows that it contains all zeroes...
Taking a look at the newly created libcrypto.so with nm, one can see
that the variable __ctype is defined in libcrypto's .bss (which
explains why it is filled with zeroes):
$ nm -Pg libcrypto.so | grep __ctype
__ctype B 0011659c
__ctype2 U
Curiously, __ctype2 is undefined, in spite of being declared in
/usr/include/ctype.h in exactly the same way as __ctype.
Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
* ULTRIX build fails with shell errors, such as "bad substitution"
and "test: argument expected"
The problem is caused by ULTRIX /bin/sh supporting only original
Bourne shell syntax/semantics, and the trouble is that the vast
majority is so accustomed to more modern syntax, that very few
people [if any] would recognize the ancient syntax even as valid.
This inevitably results in non-trivial scripts breaking on ULTRIX,
and OpenSSL isn't an exclusion. Fortunately there is workaround,
hire /bin/ksh to do the job /bin/sh fails to do.
1. Trick make(1) to use /bin/ksh by setting up following environ-
ment variables *prior* you execute ./Configure and make:
PROG_ENV=POSIX
MAKESHELL=/bin/ksh
export PROG_ENV MAKESHELL
or if your shell is csh-compatible:
setenv PROG_ENV POSIX
setenv MAKESHELL /bin/ksh
2. Trick /bin/sh to use alternative expression evaluator. Create
following 'test' script for example in /tmp:
#!/bin/ksh
${0##*/} "$@"
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
natively just replace system /bin/test and /bin/[ with the
above script.
* hpux64-ia64-cc fails blowfish test.
Compiler bug, presumably at particular patch level. It should be noted
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
* no-engines generates errors.
Unfortunately, the 'no-engines' configuration option currently doesn't
work properly. Use 'no-hw' and you'll will at least get no hardware
support. We'll see how we fix that on OpenSSL versions past 0.9.8.
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
if elder GNU binutils were deployed to link shared libcrypto.so.
As subject suggests the failure is caused by a bug in elder binutils,
either as or ld, and was observed on FreeBSD and Linux. There are two
options. First is naturally to upgrade binutils, the second one - to
reconfigure with additional no-sse2 [or 386] option passed to ./config.
* If configured with ./config no-dso, toolkit still gets linked with -ldl,
which most notably poses a problem when linking with dietlibc.
We don't have framework to associate -ldl with no-dso, therefore the only
way is to edit Makefile right after ./config no-dso and remove -ldl from
EX_LIBS line.
* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
Compiler bug, presumably at particular patch level. Remaining
hpux*-parisc*-cc configurations can be affected too. Drop optimization
level to +O2 when compiling bn_nist.o.
* solaris64-sparcv9-cc link failure
Solaris 8 ar can fail to maintain symbol table in .a, which results in
link failures. Apply 109147-09 or later or modify Makefile generated
by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
RANLIB= /usr/ccs/bin/ar rs

363
README
View File

@@ -1,101 +1,308 @@
OpenSSL 1.0.2q 20 Nov 2018
XZ Utils
========
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
0. Overview
1. Documentation
1.1. Overall documentation
1.2. Documentation for command-line tools
1.3. Documentation for liblzma
2. Version numbering
3. Reporting bugs
4. Translating the xz tool
5. Other implementations of the .xz format
6. Contact information
DESCRIPTION
-----------
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
well as a full-strength general purpose cryptograpic library. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
0. Overview
-----------
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license), which means that you are free to
get and use it for commercial and non-commercial purposes as long as you
fulfill the conditions of both licenses.
XZ Utils provide a general-purpose data-compression library plus
command-line tools. The native file format is the .xz format, but
also the legacy .lzma format is supported. The .xz format supports
multiple compression algorithms, which are called "filters" in the
context of XZ Utils. The primary filter is currently LZMA2. With
typical files, XZ Utils create about 30 % smaller files than gzip.
OVERVIEW
--------
To ease adapting support for the .xz format into existing applications
and scripts, the API of liblzma is somewhat similar to the API of the
popular zlib library. For the same reason, the command-line tool xz
has a command-line syntax similar to that of gzip.
The OpenSSL toolkit includes:
When aiming for the highest compression ratio, the LZMA2 encoder uses
a lot of CPU time and may use, depending on the settings, even
hundreds of megabytes of RAM. However, in fast modes, the LZMA2 encoder
competes with bzip2 in compression speed, RAM usage, and compression
ratio.
libssl.a:
Provides the client and server-side implementations for SSLv3 and TLS.
LZMA2 is reasonably fast to decompress. It is a little slower than
gzip, but a lot faster than bzip2. Being fast to decompress means
that the .xz format is especially nice when the same file will be
decompressed very many times (usually on different computers), which
is the case e.g. when distributing software packages. In such
situations, it's not too bad if the compression takes some time,
since that needs to be done only once to benefit many people.
libcrypto.a:
Provides general cryptographic and X.509 support needed by SSL/TLS but
not logically part of it.
With some file types, combining (or "chaining") LZMA2 with an
additional filter can improve the compression ratio. A filter chain may
contain up to four filters, although usually only one or two are used.
For example, putting a BCJ (Branch/Call/Jump) filter before LZMA2
in the filter chain can improve compression ratio of executable files.
openssl:
A command line tool that can be used for:
Creation of key parameters
Creation of X.509 certificates, CSRs and CRLs
Calculation of message digests
Encryption and decryption
SSL/TLS client and server tests
Handling of S/MIME signed or encrypted mail
And more...
Since the .xz format allows adding new filter IDs, it is possible that
some day there will be a filter that is, for example, much faster to
compress than LZMA2 (but probably with worse compression ratio).
Similarly, it is possible that some day there is a filter that will
compress better than LZMA2.
INSTALLATION
------------
XZ Utils doesn't support multithreaded compression or decompression
yet. It has been planned though and taken into account when designing
the .xz file format.
See the appropriate file:
INSTALL Linux, Unix, etc.
INSTALL.DJGPP DOS platform with DJGPP
INSTALL.NW Netware
INSTALL.OS2 OS/2
INSTALL.VMS VMS
INSTALL.W32 Windows (32bit)
INSTALL.W64 Windows (64bit)
INSTALL.WCE Windows CE
SUPPORT
-------
1. Documentation
----------------
See the OpenSSL website www.openssl.org for details on how to obtain
commercial technical support.
1.1. Overall documentation
If you have any problems with OpenSSL then please take the following steps
first:
README This file
- Download the latest version from the repository
to see if the problem has already been addressed
- Configure with no-asm
- Remove compiler optimisation flags
INSTALL.generic Generic install instructions for those not familiar
with packages using GNU Autotools
INSTALL Installation instructions specific to XZ Utils
PACKAGERS Information to packagers of XZ Utils
If you wish to report a bug then please include the following information
and create an issue on GitHub:
COPYING XZ Utils copyright and license information
COPYING.GPLv2 GNU General Public License version 2
COPYING.GPLv3 GNU General Public License version 3
COPYING.LGPLv2.1 GNU Lesser General Public License version 2.1
- On Unix systems:
Self-test report generated by 'make report'
- On other systems:
OpenSSL version: output of 'openssl version -a'
OS Name, Version, Hardware platform
Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
AUTHORS The main authors of XZ Utils
THANKS Incomplete list of people who have helped making
this software
NEWS User-visible changes between XZ Utils releases
ChangeLog Detailed list of changes (commit log)
TODO Known bugs and some sort of to-do list
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
Note that only some of the above files are included in binary
packages.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
See CONTRIBUTING
1.2. Documentation for command-line tools
LEGALITIES
----------
The command-line tools are documented as man pages. In source code
releases (and possibly also in some binary packages), the man pages
are also provided in plain text (ASCII only) and PDF formats in the
directory "doc/man" to make the man pages more accessible to those
whose operating system doesn't provide an easy way to view man pages.
1.3. Documentation for liblzma
The liblzma API headers include short docs about each function
and data type as Doxygen tags. These docs should be quite OK as
a quick reference.
I have planned to write a bunch of very well documented example
programs, which (due to comments) should work as a tutorial to
various features of liblzma. No such example programs have been
written yet.
For now, if you have never used liblzma, libbzip2, or zlib, I
recommend learning the *basics* of the zlib API. Once you know that,
it should be easier to learn liblzma.
http://zlib.net/manual.html
http://zlib.net/zlib_how.html
2. Version numbering
--------------------
The version number format of XZ Utils is X.Y.ZS:
- X is the major version. When this is incremented, the library
API and ABI break.
- Y is the minor version. It is incremented when new features
are added without breaking the existing API or ABI. An even Y
indicates a stable release and an odd Y indicates unstable
(alpha or beta version).
- Z is the revision. This has a different meaning for stable and
unstable releases:
* Stable: Z is incremented when bugs get fixed without adding
any new features. This is intended to be convenient for
downstream distributors that want bug fixes but don't want
any new features to minimize the risk of introducing new bugs.
* Unstable: Z is just a counter. API or ABI of features added
in earlier unstable releases having the same X.Y may break.
- S indicates stability of the release. It is missing from the
stable releases, where Y is an even number. When Y is odd, S
is either "alpha" or "beta" to make it very clear that such
versions are not stable releases. The same X.Y.Z combination is
not used for more than one stability level, i.e. after X.Y.Zalpha,
the next version can be X.Y.(Z+1)beta but not X.Y.Zbeta.
3. Reporting bugs
-----------------
Naturally it is easiest for me if you already know what causes the
unexpected behavior. Even better if you have a patch to propose.
However, quite often the reason for unexpected behavior is unknown,
so here are a few things to do before sending a bug report:
1. Try to create a small example how to reproduce the issue.
2. Compile XZ Utils with debugging code using configure switches
--enable-debug and, if possible, --disable-shared. If you are
using GCC, use CFLAGS='-O0 -ggdb3'. Don't strip the resulting
binaries.
3. Turn on core dumps. The exact command depends on your shell;
for example in GNU bash it is done with "ulimit -c unlimited",
and in tcsh with "limit coredumpsize unlimited".
4. Try to reproduce the suspected bug. If you get "assertion failed"
message, be sure to include the complete message in your bug
report. If the application leaves a coredump, get a backtrace
using gdb:
$ gdb /path/to/app-binary # Load the app to the debugger.
(gdb) core core # Open the coredump.
(gdb) bt # Print the backtrace. Copy & paste to bug report.
(gdb) quit # Quit gdb.
Report your bug via email or IRC (see Contact information below).
Don't send core dump files or any executables. If you have a small
example file(s) (total size less than 256 KiB), please include
it/them as an attachment. If you have bigger test files, put them
online somewhere and include a URL to the file(s) in the bug report.
Always include the exact version number of XZ Utils in the bug report.
If you are using a snapshot from the git repository, use "git describe"
to get the exact snapshot version. If you are using XZ Utils shipped
in an operating system distribution, mention the distribution name,
distribution version, and exact xz package version; if you cannot
repeat the bug with the code compiled from unpatched source code,
you probably need to report a bug to your distribution's bug tracking
system.
4. Translating the xz tool
--------------------------
The messages from the xz tool have been translated into a few
languages. Before starting to translate into a new language, ask
the author whether someone else hasn't already started working on it.
Test your translation. Testing includes comparing the translated
output to the original English version by running the same commands
in both your target locale and with LC_ALL=C. Ask someone to
proof-read and test the translation.
Testing can be done e.g. by installing xz into a temporary directory:
./configure --disable-shared --prefix=/tmp/xz-test
# <Edit the .po file in the po directory.>
make -C po update-po
make install
bash debug/translation.bash | less
bash debug/translation.bash | less -S # For --list outputs
Repeat the above as needed (no need to re-run configure though).
Note especially the following:
- The output of --help and --long-help must look nice on
an 80-column terminal. It's OK to add extra lines if needed.
- In contrast, don't add extra lines to error messages and such.
They are often preceded with e.g. a filename on the same line,
so you have no way to predict where to put a \n. Let the terminal
do the wrapping even if it looks ugly. Adding new lines will be
even uglier in the generic case even if it looks nice in a few
limited examples.
- Be careful with column alignment in tables and table-like output
(--list, --list --verbose --verbose, --info-memory, --help, and
--long-help):
* All descriptions of options in --help should start in the
same column (but it doesn't need to be the same column as
in the English messages; just be consistent if you change it).
Check that both --help and --long-help look OK, since they
share several strings.
* --list --verbose and --info-memory print lines that have
the format "Description: %s". If you need a longer
description, you can put extra space between the colon
and %s. Then you may need to add extra space to other
strings too so that the result as a whole looks good (all
values start at the same column).
* The columns of the actual tables in --list --verbose --verbose
should be aligned properly. Abbreviate if necessary. It might
be good to keep at least 2 or 3 spaces between column headings
and avoid spaces in the headings so that the columns stand out
better, but this is a matter of opinion. Do what you think
looks best.
- Be careful to put a period at the end of a sentence when the
original version has it, and don't put it when the original
doesn't have it. Similarly, be careful with \n characters
at the beginning and end of the strings.
- Read the TRANSLATORS comments that have been extracted from the
source code and included in xz.pot. If they suggest testing the
translation with some type of command, do it. If testing needs
input files, use e.g. tests/files/good-*.xz.
- When updating the translation, read the fuzzy (modified) strings
carefully, and don't mark them as updated before you actually
have updated them. Reading through the unchanged messages can be
good too; sometimes you may find a better wording for them.
- If you find language problems in the original English strings,
feel free to suggest improvements. Ask if something is unclear.
- The translated messages should be understandable (sometimes this
may be a problem with the original English messages too). Don't
make a direct word-by-word translation from English especially if
the result doesn't sound good in your language.
In short, take your time and pay attention to the details. Making
a good translation is not a quick and trivial thing to do. The
translated xz should look as polished as the English version.
5. Other implementations of the .xz format
------------------------------------------
7-Zip and the p7zip port of 7-Zip support the .xz format starting
from the version 9.00alpha.
http://7-zip.org/
http://p7zip.sourceforge.net/
XZ Embedded is a limited implementation written for use in the Linux
kernel, but it is also suitable for other embedded use.
http://tukaani.org/xz/embedded.html
6. Contact information
----------------------
If you have questions, bug reports, patches etc. related to XZ Utils,
contact Lasse Collin <lasse.collin@tukaani.org> (in Finnish or English).
I'm sometimes slow at replying. If you haven't got a reply within two
weeks, assume that your email has got lost and resend it or use IRC.
You can find me also from #tukaani on Freenode; my nick is Larhzu.
The channel tends to be pretty quiet, so just ask your question and
someone may wake up.
A number of nations restrict the use or export of cryptography. If you
are potentially subject to such restrictions you should seek competent
professional legal advice before attempting to develop or distribute
cryptographic code.

187
README.ASN1
View File

@@ -1,187 +0,0 @@
OpenSSL ASN1 Revision
=====================
This document describes some of the issues relating to the new ASN1 code.
Previous OpenSSL ASN1 problems
=============================
OK why did the OpenSSL ASN1 code need revising in the first place? Well
there are lots of reasons some of which are included below...
1. The code is difficult to read and write. For every single ASN1 structure
(e.g. SEQUENCE) four functions need to be written for new, free, encode and
decode operations. This is a very painful and error prone operation. Very few
people have ever written any OpenSSL ASN1 and those that have usually wish
they hadn't.
2. Partly because of 1. the code is bloated and takes up a disproportionate
amount of space. The SEQUENCE encoder is particularly bad: it essentially
contains two copies of the same operation, one to compute the SEQUENCE length
and the other to encode it.
3. The code is memory based: that is it expects to be able to read the whole
structure from memory. This is fine for small structures but if you have a
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
changing the tag to the expected one, attempting to read it, then changing it
back again. This means that decode buffers have to be writable even though they
are ultimately unchanged. This gets in the way of constification.
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
the decoder and encoder for every EXPLICIT tag.
6. APPLICATION and PRIVATE tags aren't even supported at all.
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
types that are not OPTIONAL.
8. Much of the code assumes that a tag will fit in a single octet. This is
only true if the tag is 30 or less (mercifully tags over 30 are rare).
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
macros that properly support it.
10. Encoders have no concept of OPTIONAL and have no error checking. If the
passed structure contains a NULL in a mandatory field it will not be encoded,
resulting in an invalid structure.
11. It is tricky to add ASN1 encoders and decoders to external applications.
Template model
==============
One of the major problems with revision is the sheer volume of the ASN1 code.
Attempts to change (for example) the IMPLICIT behaviour would result in a
modification of *every* single decode function.
I decided to adopt a template based approach. I'm using the term 'template'
in a manner similar to SNACC templates: it has nothing to do with C++
templates.
A template is a description of an ASN1 module as several constant C structures.
It describes in a machine readable way exactly how the ASN1 structure should
behave. If this template contains enough detail then it is possible to write
versions of new, free, encode, decode (and possibly others operations) that
operate on templates.
Instead of having to write code to handle each operation only a single
template needs to be written. If new operations are needed (such as a 'print'
operation) only a single new template based function needs to be written
which will then automatically handle all existing templates.
Plans for revision
==================
The revision will consist of the following steps. Other than the first two
these can be handled in any order.
o Design and write template new, free, encode and decode operations, initially
memory based. *DONE*
o Convert existing ASN1 code to template form. *IN PROGRESS*
o Convert an existing ASN1 compiler (probably SNACC) to output templates
in OpenSSL form.
o Add support for BIO based ASN1 encoders and decoders to handle large
structures, initially blocking I/O.
o Add support for non blocking I/O: this is quite a bit harder than blocking
I/O.
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
certificates etc etc.
Description of major changes
============================
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
absent. The meaning of absent depends on the context. If for example the
boolean type is DEFAULT FALSE (as in the case of the critical flag for
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
Usually the value will only ever be read via an API which will hide this from
an application.
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
old code would omit the structure if the STACK was NULL (which is fine) or if
it had zero elements (which is NOT OK). This causes problems because an empty
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
it is encoded it will be omitted resulting in different encodings. The new code
only omits the encoding if the STACK is NULL, if it contains zero elements it
is encoded and empty. There is an additional problem though: because an empty
STACK was omitted, sometimes the corresponding *_new() function would
initialize the STACK to empty so an application could immediately use it, if
this is done with the new code (i.e. a NULL) it wont work. Therefore a new
STACK should be allocated first. One instance of this is the X509_CRL list of
revoked certificates: a helper function X509_CRL_add0_revoked() has been added
for this purpose.
The X509_ATTRIBUTE structure used to have an element called 'set' which took
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
to the behaviour of CHOICE in the new code this has been changed to a field
called 'single' which is 0 for a SET OF and 1 for single. The old field has
been deleted to deliberately break source compatibility. Since this structure
is normally accessed via higher level functions this shouldn't break too much.
The X509_REQ_INFO certificate request info structure no longer has a field
called 'req_kludge'. This used to be set to 1 if the attributes field was
(incorrectly) omitted. You can check to see if the field is omitted now by
checking if the attributes field is NULL. Similarly if you need to omit
the field then free attributes and set it to NULL.
The top level 'detached' field in the PKCS7 structure is no longer set when
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
The behaviour of PKCS7_get_detached() is unaffected.
The values of 'type' in the GENERAL_NAME structure have changed. This is
because the old code use the ASN1 initial octet as the selector. The new
code uses the index in the ASN1_CHOICE template.
The DIST_POINT_NAME structure has changed to be a true CHOICE type.
typedef struct DIST_POINT_NAME_st {
int type;
union {
STACK_OF(GENERAL_NAME) *fullname;
STACK_OF(X509_NAME_ENTRY) *relativename;
} name;
} DIST_POINT_NAME;
This means that name.fullname or name.relativename should be set
and type reflects the option. That is if name.fullname is set then
type is 0 and if name.relativename is set type is 1.
With the old code using the i2d functions would typically involve:
unsigned char *buf, *p;
int len;
/* Find length of encoding */
len = i2d_SOMETHING(x, NULL);
/* Allocate buffer */
buf = OPENSSL_malloc(len);
if(buf == NULL) {
/* Malloc error */
}
/* Use temp variable because &p gets updated to point to end of
* encoding.
*/
p = buf;
i2d_SOMETHING(x, &p);
Using the new i2d you can also do:
unsigned char *buf = NULL;
int len;
len = i2d_SOMETHING(x, &buf);
if(len < 0) {
/* Malloc error */
}
and it will automatically allocate and populate a buffer with the
encoding. After this call 'buf' will point to the start of the
encoding which is len bytes long.

289
README.ENGINE
View File

@@ -1,289 +0,0 @@
ENGINE
======
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with external
crypto devices (eg. accelerator cards). This component is called ENGINE,
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
caused a little confusion as 0.9.6** releases were rolled in two
versions, a "standard" and an "engine" version. In development for 0.9.7,
the ENGINE code has been merged into the main branch and will be present
in the standard releases from 0.9.7 forwards.
There are currently built-in ENGINE implementations for the following
crypto devices:
o CryptoSwift
o Compaq Atalla
o nCipher CHIL
o Nuron
o Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
section below for details.
At this stage, a number of things are still needed and are being worked on:
1 Integration of EVP support.
2 Configuration support.
3 Documentation!
1 With respect to EVP, this relates to support for ciphers and digests in
the ENGINE model so that alternative implementations of existing
algorithms/modes (or previously unimplemented ones) can be provided by
ENGINE implementations.
2 Configuration support currently exists in the ENGINE API itself, in the
form of "control commands". These allow an application to expose to the
user/admin the set of commands and parameter types a given ENGINE
implementation supports, and for an application to directly feed string
based input to those ENGINEs, in the form of name-value pairs. This is an
extensible way for ENGINEs to define their own "configuration" mechanisms
that are specific to a given ENGINE (eg. for a particular hardware
device) but that should be consistent across *all* OpenSSL-based
applications when they use that ENGINE. Work is in progress (or at least
in planning) for supporting these control commands from the CONF (or
NCONF) code so that applications using OpenSSL's existing configuration
file format can have ENGINE settings specified in much the same way.
Presently however, applications must use the ENGINE API itself to provide
such functionality. To see first hand the types of commands available
with the various compiled-in ENGINEs (see further down for dynamic
ENGINEs), use the "engine" openssl utility with full verbosity, ie;
openssl engine -vvvv
3 Documentation? Volunteers welcome! The source code is reasonably well
self-documenting, but some summaries and usage instructions are needed -
moreover, they are needed in the same POD format the existing OpenSSL
documentation is provided in. Any complete or incomplete contributions
would help make this happen.
STABILITY & BUG-REPORTS
=======================
What already exists is fairly stable as far as it has been tested, but
the test base has been a bit small most of the time. For the most part,
the vendors of the devices these ENGINEs support have contributed to the
development and/or testing of the implementations, and *usually* (with no
guarantees) have experience in using the ENGINE support to drive their
devices from common OpenSSL-based applications. Bugs and/or inexplicable
behaviour in using a specific ENGINE implementation should be sent to the
author of that implementation (if it is mentioned in the corresponding C
file), and in the case of implementations for commercial hardware
devices, also through whatever vendor support channels are available. If
none of this is possible, or the problem seems to be something about the
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
implementation) then you should mail complete details to the relevant
OpenSSL mailing list. For a definition of "complete details", refer to
the OpenSSL "README" file. As for which list to send it to;
openssl-users: if you are *using* the ENGINE abstraction, either in an
pre-compiled application or in your own application code.
openssl-dev: if you are discussing problems with OpenSSL source code.
USAGE
=====
The default "openssl" ENGINE is always chosen when performing crypto
operations unless you specify otherwise. You must actively tell the
openssl utility commands to use anything else through a new command line
switch called "-engine". Also, if you want to use the ENGINE support in
your own code to do something similar, you must likewise explicitly
select the ENGINE implementation you want.
Depending on the type of hardware, system, and configuration, "settings"
may need to be applied to an ENGINE for it to function as expected/hoped.
The recommended way of doing this is for the application to support
ENGINE "control commands" so that each ENGINE implementation can provide
whatever configuration primitives it might require and the application
can allow the user/admin (and thus the hardware vendor's support desk
also) to provide any such input directly to the ENGINE implementation.
This way, applications do not need to know anything specific to any
device, they only need to provide the means to carry such user/admin
input through to the ENGINE in question. Ie. this connects *you* (and
your helpdesk) to the specific ENGINE implementation (and device), and
allows application authors to not get buried in hassle supporting
arbitrary devices they know (and care) nothing about.
A new "openssl" utility, "openssl engine", has been added in that allows
for testing and examination of ENGINE implementations. Basic usage
instructions are available by specifying the "-?" command line switch.
DYNAMIC ENGINES
===============
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
implementations that aren't pre-compiled and linked into OpenSSL-based
applications. This could be because existing compiled-in implementations
have known problems and you wish to use a newer version with an existing
application. It could equally be because the application (or OpenSSL
library) you are using simply doesn't have support for the ENGINE you
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
you with a self-contained implementation in the form of a shared-library.
The other use-case for "dynamic" is with applications that wish to
maintain the smallest foot-print possible and so do not link in various
ENGINE implementations from OpenSSL, but instead leaves you to provide
them, if you want them, in the form of "dynamic"-loadable
shared-libraries. It should be possible for hardware vendors to provide
their own shared-libraries to support arbitrary hardware to work with
applications based on OpenSSL 0.9.7 or later. If you're using an
application based on 0.9.7 (or later) and the support you desire is only
announced for versions later than the one you need, ask the vendor to
backport their ENGINE to the version you need.
How does "dynamic" work?
------------------------
The dynamic ENGINE has a special flag in its implementation such that
every time application code asks for the 'dynamic' ENGINE, it in fact
gets its own copy of it. As such, multi-threaded code (or code that
multiplexes multiple uses of 'dynamic' in a single application in any
way at all) does not get confused by 'dynamic' being used to do many
independent things. Other ENGINEs typically don't do this so there is
only ever 1 ENGINE structure of its type (and reference counts are used
to keep order). The dynamic ENGINE itself provides absolutely no
cryptographic functionality, and any attempt to "initialise" the ENGINE
automatically fails. All it does provide are a few "control commands"
that can be used to control how it will load an external ENGINE
implementation from a shared-library. To see these control commands,
use the command-line;
openssl engine -vvvv dynamic
The "SO_PATH" control command should be used to identify the
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
might possibly be useful if there is a minor version conflict and you
(or a vendor helpdesk) is convinced you can safely ignore it.
"ID" is probably only needed if a shared-library implements
multiple ENGINEs, but if you know the engine id you expect to be using,
it doesn't hurt to specify it (and this provides a sanity check if
nothing else). "LIST_ADD" is only required if you actually wish the
loaded ENGINE to be discoverable by application code later on using the
ENGINE's "id". For most applications, this isn't necessary - but some
application authors may have nifty reasons for using it. The "LOAD"
command is the only one that takes no parameters and is the command
that uses the settings from any previous commands to actually *load*
the shared-library ENGINE implementation. If this command succeeds, the
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
that has been loaded from the shared-library. As such, any control
commands supported by the loaded ENGINE could then be executed as per
normal. Eg. if ENGINE "foo" is implemented in the shared-library
"libfoo.so" and it supports some special control command "CMD_FOO", the
following code would load and use it (NB: obviously this code has no
error checking);
ENGINE *e = ENGINE_by_id("dynamic");
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
For testing, the "openssl engine" utility can be useful for this sort
of thing. For example the above code excerpt would achieve much the
same result as;
openssl engine dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD \
-pre "CMD_FOO:some input data"
Or to simply see the list of commands supported by the "foo" ENGINE;
openssl engine -vvvv dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD
Applications that support the ENGINE API and more specifically, the
"control commands" mechanism, will provide some way for you to pass
such commands through to ENGINEs. As such, you would select "dynamic"
as the ENGINE to use, and the parameters/commands you pass would
control the *actual* ENGINE used. Each command is actually a name-value
pair and the value can sometimes be omitted (eg. the "LOAD" command).
Whilst the syntax demonstrated in "openssl engine" uses a colon to
separate the command name from the value, applications may provide
their own syntax for making that separation (eg. a win32 registry
key-value pair may be used by some applications). The reason for the
"-pre" syntax in the "openssl engine" utility is that some commands
might be issued to an ENGINE *after* it has been initialised for use.
Eg. if an ENGINE implementation requires a smart-card to be inserted
during initialisation (or a PIN to be typed, or whatever), there may be
a control command you can issue afterwards to "forget" the smart-card
so that additional initialisation is no longer possible. In
applications such as web-servers, where potentially volatile code may
run on the same host system, this may provide some arguable security
value. In such a case, the command would be passed to the ENGINE after
it has been initialised for use, and so the "-post" switch would be
used instead. Applications may provide a different syntax for
supporting this distinction, and some may simply not provide it at all
("-pre" is almost always what you're after, in reality).
How do I build a "dynamic" ENGINE?
----------------------------------
This question is trickier - currently OpenSSL bundles various ENGINE
implementations that are statically built in, and any application that
calls the "ENGINE_load_builtin_engines()" function will automatically
have all such ENGINEs available (and occupying memory). Applications
that don't call that function have no ENGINEs available like that and
would have to use "dynamic" to load any such ENGINE - but on the other
hand such applications would only have the memory footprint of any
ENGINEs explicitly loaded using user/admin provided control commands.
The main advantage of not statically linking ENGINEs and only using
"dynamic" for hardware support is that any installation using no
"external" ENGINE suffers no unnecessary memory footprint from unused
ENGINEs. Likewise, installations that do require an ENGINE incur the
overheads from only *that* ENGINE once it has been loaded.
Sounds good? Maybe, but currently building an ENGINE implementation as
a shared-library that can be loaded by "dynamic" isn't automated in
OpenSSL's build process. It can be done manually quite easily however.
Such a shared-library can either be built with any OpenSSL code it
needs statically linked in, or it can link dynamically against OpenSSL
if OpenSSL itself is built as a shared library. The instructions are
the same in each case, but in the former (statically linked any
dependencies on OpenSSL) you must ensure OpenSSL is built with
position-independent code ("PIC"). The default OpenSSL compilation may
already specify the relevant flags to do this, but you should consult
with your compiler documentation if you are in any doubt.
This example will show building the "atalla" ENGINE in the
crypto/engine/ directory as a shared-library for use via the "dynamic"
ENGINE.
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
source tree.
2) Recompile at least one source file so you can see all the compiler
flags (and syntax) being used to build normally. Eg;
touch hw_atalla.c ; make
will rebuild "hw_atalla.o" using all such flags.
3) Manually enter the same compilation line to compile the
"hw_atalla.c" file but with the following two changes;
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
(b) change the output file from "hw_atalla.o" to something new,
eg. "tmp_atalla.o"
4) Link "tmp_atalla.o" into a shared-library using the top-level
OpenSSL libraries to resolve any dependencies. The syntax for doing
this depends heavily on your system/compiler and is a nightmare
known well to anyone who has worked with shared-library portability
before. 'gcc' on Linux, for example, would use the following syntax;
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
5) Test your shared library using "openssl engine" as explained in the
previous section. Eg. from the top-level directory, you might try;
apps/openssl engine -vvvv dynamic \
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
If the shared-library loads successfully, you will see both "-pre"
commands marked as "SUCCESS" and the list of control commands
displayed (because of "-vvvv") will be the control commands for the
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
the "-t" switch to the utility if you want it to try and initialise
the atalla ENGINE for use to test any possible hardware/driver
issues.
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.

2
README.md Normal file
View File

@@ -0,0 +1,2 @@
# cpython-source-deps
Source for packages that the cpython build process depends on

116
THANKS Normal file
View File

@@ -0,0 +1,116 @@
Thanks
======
Some people have helped more, some less, but nevertheless everyone's help
has been important. :-) In alphabetical order:
- Mark Adler
- H. Peter Anvin
- Jeff Bastian
- Nelson H. F. Beebe
- Karl Berry
- Anders F. Björklund
- Emmanuel Blot
- Martin Blumenstingl
- Jakub Bogusz
- Maarten Bosmans
- Trent W. Buck
- James Buren
- David Burklund
- Daniel Mealha Cabrita
- Milo Casagrande
- Marek Černocký
- Tomer Chachamu
- Gabi Davar
- Chris Donawa
- Andrew Dudman
- Markus Duft
- İsmail Dönmez
- Robert Elz
- Gilles Espinasse
- Denis Excoffier
- Michael Felt
- Michael Fox
- Mike Frysinger
- Daniel Richard G.
- Bill Glessner
- Jason Gorski
- Juan Manuel Guerrero
- Diederik de Haas
- Joachim Henke
- Christian Hesse
- Vincenzo Innocente
- Peter Ivanov
- Jouk Jansen
- Jun I Jin
- Per Øyvind Karlsen
- Thomas Klausner
- Richard Koch
- Ville Koskinen
- Jan Kratochvil
- Christian Kujau
- Stephan Kulow
- Peter Lawler
- James M Leddy
- Hin-Tak Leung
- Andraž 'ruskie' Levstik
- Cary Lewis
- Wim Lewis
- Lorenzo De Liso
- Bela Lubkin
- Gregory Margo
- Jim Meyering
- Arkadiusz Miskiewicz
- Conley Moorhous
- Rafał Mużyło
- Adrien Nader
- Hongbo Ni
- Jonathan Nieder
- Andre Noll
- Peter O'Gorman
- Peter Pallinger
- Rui Paulo
- Igor Pavlov
- Diego Elio Pettenò
- Elbert Pol
- Mikko Pouru
- Trần Ngọc Quân
- Pavel Raiskup
- Ole André Vadla Ravnås
- Robert Readman
- Bernhard Reutner-Fischer
- Eric S. Raymond
- Cristian Rodríguez
- Christian von Roques
- Torsten Rupp
- Jukka Salmi
- Alexandre Sauvé
- Benno Schulenberg
- Andreas Schwab
- Dan Shechter
- Stuart Shelton
- Brad Smith
- Jonathan Stott
- Dan Stromberg
- Vincent Torri
- Paul Townsend
- Mohammed Adnène Trojette
- Alexey Tourbin
- Patrick J. Volkerding
- Martin Väth
- Adam Walling
- Christian Weisgerber
- Bert Wesarg
- Fredrik Wikstrom
- Ralf Wildenhues
- Charles Wilson
- Lars Wirzenius
- Pilorz Wojciech
- Ryan Young
- Andreas Zieringer
Also thanks to all the people who have participated in the Tukaani project.
I have probably forgot to add some names to the above list. Sorry about
that and thanks for your help.

111
TODO Normal file
View File

@@ -0,0 +1,111 @@
XZ Utils To-Do List
===================
Known bugs
----------
The test suite is too incomplete.
If the memory usage limit is less than about 13 MiB, xz is unable to
automatically scale down the compression settings enough even though
it would be possible by switching from BT2/BT3/BT4 match finder to
HC3/HC4.
XZ Utils compress some files significantly worse than LZMA Utils.
This is due to faster compression presets used by XZ Utils, and
can often be worked around by using "xz --extreme". With some files
--extreme isn't enough though: it's most likely with files that
compress extremely well, so going from compression ratio of 0.003
to 0.004 means big relative increase in the compressed file size.
xz doesn't quote unprintable characters when it displays file names
given on the command line.
tuklib_exit() doesn't block signals => EINTR is possible.
SIGTSTP is not handled. If xz is stopped, the estimated remaining
time and calculated (de)compression speed won't make sense in the
progress indicator (xz --verbose).
If liblzma has created threads and fork() gets called, liblzma
code will break in the child process unless it calls exec() and
doesn't touch liblzma.
Missing features
----------------
Add support for storing metadata in .xz files. A preliminary
idea is to create a new Stream type for metadata. When both
metadata and data are wanted in the same .xz file, two or more
Streams would be concatenated.
The state stored in lzma_stream should be cloneable, which would
be mostly useful when using a preset dictionary in LZMA2, but
it may have other uses too. Compare to deflateCopy() in zlib.
Support LZMA_FINISH in raw decoder to indicate end of LZMA1 and
other streams that don't have an end of payload marker.
Adjust dictionary size when the input file size is known.
Maybe do this only if an option is given.
xz doesn't support copying extended attributes, access control
lists etc. from source to target file.
Multithreaded compression:
- Reduce memory usage of the current method.
- Implement threaded match finders.
- Implement pigz-style threading in LZMA2.
Multithreaded decompression
Buffer-to-buffer coding could use less RAM (especially when
decompressing LZMA1 or LZMA2).
I/O library is not implemented (similar to gzopen() in zlib).
It will be a separate library that supports uncompressed, .gz,
.bz2, .lzma, and .xz files.
Support changing lzma_options_lzma.mode with lzma_filters_update().
Support LZMA_FULL_FLUSH for lzma_stream_decoder() to stop at
Block and Stream boundaries.
lzma_strerror() to convert lzma_ret to human readable form?
This is tricky, because the same error codes are used with
slightly different meanings, and this cannot be fixed anymore.
Make it possible to adjust LZMA2 options in the middle of a Block
so that the encoding speed vs. compression ratio can be optimized
when the compressed data is streamed over network.
Improved BCJ filters. The current filters are small but they aren't
so great when compressing binary packages that contain various file
types. Specifically, they make things worse if there are static
libraries or Linux kernel modules. The filtering could also be
more effective (without getting overly complex), for example,
streamable variant BCJ2 from 7-Zip could be implemented.
Filter that autodetects specific data types in the input stream
and applies appropriate filters for the corrects parts of the input.
Perhaps combine this with the BCJ filter improvement point above.
Long-range LZ77 method as a separate filter or as a new LZMA2
match finder.
Documentation
-------------
More tutorial programs are needed for liblzma.
Document the LZMA1 and LZMA2 algorithms.
Miscellaneous
------------
Try to get the media type for .xz registered at IANA.

18
VMS/TODO
View File

@@ -1,18 +0,0 @@
TODO:
=====
There are a few things that need to be worked out in the VMS version of
OpenSSL, still:
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
There may be other things that I have missed and that may be desirable.
Please send mail to <openssl-users@openssl.org> or to me directly if you
have any ideas.
--
Richard Levitte <richard@levitte.org>
1999-05-24

34
VMS/VMSify-conf.pl
View File

@@ -1,34 +0,0 @@
#! /usr/bin/perl
use strict;
use warnings;
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
"crl", "private_key", "RANDFILE" );
while(<STDIN>) {
chomp;
foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
}
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
$_ = "$1.$3]$4";
}
}
foreach my $f (@file_vars) {
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
$_ = "$1.$3$4";
}
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
$_ = "$1]$3.$4";
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1]$3$4";
}
}
print $_,"\n";
}

4
VMS/WISHLIST.TXT
View File

@@ -1,4 +0,0 @@
* Have the building procedure contain a LINK-only possibility.
Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
One way to enable that is also to go over to DESCRIP.MMS files.

67
VMS/install-vms.com
View File

@@ -1,67 +0,0 @@
$! install-vms.com -- Installs the files in a given directory tree
$!
$! Author: Richard Levitte <richard@levitte.org>
$! Time of creation: 23-MAY-1998 19:22
$!
$! P1 root of the directory tree
$!
$!
$! Announce/identify.
$!
$ proc = f$environment( "procedure")
$ write sys$output "@@@ "+ -
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
$!
$ on error then goto tidy
$ on control_c then goto tidy
$!
$ if p1 .eqs. ""
$ then
$ write sys$output "First argument missing."
$ write sys$output -
"Should be the directory where you want things installed."
$ exit
$ endif
$
$ if (f$getsyi( "cpu") .lt. 128)
$ then
$ arch = "VAX"
$ else
$ arch = f$edit( f$getsyi( "arch_name"), "upcase")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$
$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
$ root_dev = f$parse( root, , , "device", "syntax_only")
$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
"[000000." - "][" - "[" - "]"
$ root = root_dev + "[" + root_dir
$
$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
$ define /nolog wrk_sslinclude wrk_sslroot:[include]
$
$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
create /directory /log wrk_sslroot:[000000]
$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
create /directory /log wrk_sslinclude:
$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
create /directory /log wrk_sslroot:[vms]
$!
$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
$!
$ tidy:
$!
$ call deass wrk_sslroot
$ call deass wrk_sslinclude
$!
$ exit
$!
$ deass: subroutine
$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
$ then
$ deassign /process 'p1'
$ endif
$ endsubroutine
$!

476
VMS/mkshared.com
View File

@@ -1,476 +0,0 @@
$! MKSHARED.COM -- Create shareable images.
$!
$! P1: "64" for 64-bit pointers.
$!
$! P2: Zlib object library path (optional).
$!
$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
$! [.CRYPTO.xxx]OPENSSLCONF.H
$! Output: [.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
$! [.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
$!
$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
$! ===========================================================================
$!
$! Announce/identify.
$!
$ proc = f$environment( "procedure")
$ write sys$output "@@@ "+ -
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
$!
$! Save the original default device:[directory].
$!
$ def_orig = f$environment( "default")
$ on error then goto tidy
$ on control_c then goto tidy
$!
$! SET DEFAULT to the main kit directory.
$!
$ proc = f$environment("procedure")
$ proc = f$parse( "A.;", proc)- "A.;"
$ set default 'proc'
$ set default [-]
$!
$! ----- Prepare info for processing: version number and file info
$ gosub read_version_info
$ if libver .eqs. ""
$ then
$ write sys$error "ERROR: Couldn't find any library version info..."
$ go to tidy:
$ endif
$
$ if (f$getsyi("cpu") .lt. 128)
$ then
$ arch_vax = 1
$ arch = "VAX"
$ else
$ arch_vax = 0
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$!
$ archd = arch
$ lib32 = "32"
$ shr = "SHR32"
$!
$ if (p1 .nes. "")
$ then
$ if (p1 .eqs. "64")
$ then
$ archd = arch+ "_64"
$ lib32 = ""
$ shr = "SHR"
$ else
$ if (p1 .nes. "32")
$ then
$ write sys$output "Second argument invalid."
$ write sys$output "It should be "32", "64", or nothing."
$ exit
$ endif
$ endif
$ endif
$!
$! ----- Prepare info for processing: disabled algorithms info
$ gosub read_disabled_algorithms_info
$!
$ ZLIB = p2
$ zlib_lib = ""
$ if (ZLIB .nes. "")
$ then
$ file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
$ if (f$search( file2) .eqs. "")
$ then
$ write sys$output ""
$ write sys$output "The Option ", ZLIB, " Is Invalid."
$ write sys$output " Can't find library: ''file2'"
$ write sys$output ""
$ goto tidy
$ endif
$ zlib_lib = ", ''file2' /library"
$ endif
$!
$ if (arch_vax)
$ then
$ libtit = "CRYPTO_TRANSFER_VECTOR"
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
$ libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
$ libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
$ libref = ""
$ libvec = "LIBCRYPTO"
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
$ libtit = "SSL_TRANSFER_VECTOR"
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.SSL]"
$ libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
$ libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
$ libvec = "LIBSSL"
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
$ else
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
$ libref = ""
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.SSL]"
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
$ endif
$!
$ tidy:
$!
$! Close any open files.
$!
$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close libnum
$!
$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close mar
$!
$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close opt
$!
$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close vf
$!
$! Restore the original default device:[directory].
$!
$ set default 'def_orig'
$ exit
$
$! ----- Subroutines to build the shareable libraries
$! For each supported architecture, there's a main shareable library
$! creator, which is called from the main code above.
$! The creator will define a number of variables to tell the next levels of
$! subroutines what routines to use to write to the option files, call the
$! main processor, read_func_num, and when that is done, it will write version
$! data at the end of the .opt file, close it, and link the library.
$!
$! read_func_num reads through a .num file and calls the writer routine for
$! each line. It's also responsible for checking that order is properly kept
$! in the .num file, check that each line applies to VMS and the architecture,
$! and to fill in "holes" with dummy entries.
$!
$! The creator routines depend on the following variables:
$! libnum The name of the .num file to use as input
$! libolb The name of the object library to build from
$! libid The identification string of the shareable library
$! libopt The name of the .opt file to write
$! libtit The title of the assembler transfer vector file (VAX only)
$! libmar The name of the assembler transfer vector file (VAX only)
$! libmap The name of the map file to write
$! libgoal The name of the shareable library to write
$! libref The name of a shareable library to link in
$!
$! read_func_num depends on the following variables from the creator:
$! libwriter The name of the writer routine to call for each .num file line
$! -----
$
$! ----- Subroutines for non-VAX
$! -----
$! The creator routine
$ create_nonvax_shr:
$ open /write opt 'libopt'
$ write opt "identification=""",libid," ",libverstr,""""
$ write opt libolb, " /library"
$ if libref .nes. "" then write opt libref,"/SHARE"
$ write opt "SYMBOL_VECTOR=(-"
$ libfirstentry := true
$ libwrch := opt
$ libwriter := write_nonvax_transfer_entry
$ textcount = 0
$ gosub read_func_num
$ write opt ")"
$ write opt "GSMATCH=",libvmatch,",",libver
$ close opt
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
'zlib_lib'
$ return
$
$! The record writer routine
$ write_nonvax_transfer_entry:
$ if libentry .eqs. ".dummy" then return
$ if info_kind .eqs. "VARIABLE"
$ then
$ pr:=DATA
$ else
$ pr:=PROCEDURE
$ endif
$ textcount_this = f$length(pr) + f$length(libentry) + 5
$ if textcount + textcount_this .gt. 1024
$ then
$ write opt ")"
$ write opt "SYMBOL_VECTOR=(-"
$ textcount = 16
$ libfirstentry := true
$ endif
$ if libfirstentry
$ then
$ write 'libwrch' " ",libentry,"=",pr," -"
$ else
$ write 'libwrch' " ,",libentry,"=",pr," -"
$ endif
$ libfirstentry := false
$ textcount = textcount + textcount_this
$ return
$
$! ----- Subroutines for VAX
$! -----
$! The creator routine
$ create_vax_shr:
$ open /write mar 'libmar'
$ type sys$input:/out=mar:
;
; Transfer vector for VAX shareable image
;
$ write mar " .TITLE ",libtit
$ write mar " .IDENT /",libid,"/"
$ type sys$input:/out=mar:
;
; Define macro to assist in building transfer vector entries. Each entry
; should take no more than 8 bytes.
;
.MACRO FTRANSFER_ENTRY routine
.ALIGN QUAD
.TRANSFER routine
.MASK routine
JMP routine+2
.ENDM FTRANSFER_ENTRY
;
; Place entries in own program section.
;
$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
$ write mar libvec,"_xfer:"
$ libwrch := mar
$ libwriter := write_vax_ftransfer_entry
$ gosub read_func_num
$ type sys$input:/out=mar:
;
; Allocate extra storage at end of vector to allow for expansion.
;
$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
$! libwriter := write_vax_vtransfer_entry
$! gosub read_func_num
$ write mar " .END"
$ close mar
$ open /write opt 'libopt'
$ write opt "identification=""",libid," ",libverstr,""""
$ write opt libobj
$ write opt libolb, " /library"
$ if libref .nes. "" then write opt libref,"/SHARE"
$ type sys$input:/out=opt:
!
! Ensure transfer vector is at beginning of image
!
CLUSTER=FIRST
$ write opt "COLLECT=FIRST,$$",libvec
$ write opt "GSMATCH=",libvmatch,",",libver
$ type sys$input:/out=opt:
!
! make psects nonshareable so image can be installed.
!
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
$ libwrch := opt
$ libwriter := write_vax_psect_attr
$ gosub read_func_num
$ close opt
$ macro/obj='libobj' 'libmar'
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
'zlib_lib'
$ return
$
$! The record writer routine for VAX functions
$ write_vax_ftransfer_entry:
$ if info_kind .nes. "FUNCTION" then return
$ if libentry .eqs ".dummy"
$ then
$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
$ else
$ write 'libwrch' " FTRANSFER_ENTRY ",libentry
$ endif
$ return
$! The record writer routine for VAX variables (should never happen!)
$ write_vax_psect_attr:
$ if info_kind .nes. "VARIABLE" then return
$ if libentry .eqs ".dummy" then return
$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
$ return
$
$! ----- Common subroutines
$! -----
$! The .num file reader. This one has great responsibility.
$ read_func_num:
$ open /read libnum 'libnum'
$ goto read_nums
$
$ read_nums:
$ libentrynum=0
$ liblastentry:=false
$ entrycount=0
$ loop:
$ read /end=loop_end /err=loop_end libnum line
$ lin = f$edit( line, "COMPRESS,TRIM")
$! Skip a "#" comment line.
$ if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
$ entrynum = f$int(f$element( 1, " ", lin))
$ entryinfo = f$element( 2, " ", lin)
$ curentry = f$element( 0, " ", lin)
$ info_exist = f$element( 0, ":", entryinfo)
$ info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
$ info_kind = f$element( 2, ":", entryinfo)
$ info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
$ if info_exist .eqs. "NOEXIST" then goto loop
$ truesum = 0
$ falsesum = 0
$ negatives = 1
$ plat_i = 0
$ loop1:
$ plat_entry = f$element( plat_i, ",", info_platforms)
$ plat_i = plat_i + 1
$ if plat_entry .eqs. "" then goto loop1
$ if plat_entry .nes. ","
$ then
$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
$ if (arch_vax)
$ then
$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
$ truesum = truesum + 1
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
$ falsesum = falsesum + 1
$ endif
$!
$ if ((plat_entry .eqs. "VMS") .or. -
((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
(arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
truesum = truesum + 1
$!
$ if ((plat_entry .eqs. "!VMS") .or. -
(arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
falsesum = falsesum + 1
$!
$ goto loop1
$ endif
$ endloop1:
$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
$!DEBUG!$ then
$!DEBUG!$ write sys$output line
$!DEBUG!$ write sys$output " truesum = ",truesum,-
$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum
$!DEBUG!$ endif
$ if falsesum .ne. 0 then goto loop
$ if truesum+negatives .eq. 0 then goto loop
$ alg_i = 0
$ loop2:
$ alg_entry = f$element(alg_i,",",info_algorithms)
$ alg_i = alg_i + 1
$ if alg_entry .eqs. "" then goto loop2
$ if alg_entry .nes. ","
$ then
$ if disabled_algorithms - ("," + alg_entry + ",") .nes disabled_algorithms then goto loop
$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
$ goto loop2
$ endif
$ endloop2:
$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
$ then
$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo
$ endif
$ redo:
$ next:=loop
$ tolibentry=curentry
$ if libentrynum .ne. entrynum
$ then
$ entrycount=entrycount+1
$ if entrycount .lt. entrynum
$ then
$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
$ tolibentry=".dummy"
$ next:=redo
$ endif
$ if entrycount .gt. entrynum
$ then
$ write sys$error "Decreasing library entry numbers! Can't continue"
$ write sys$error """",line,""""
$ close libnum
$ return
$ endif
$ libentry=tolibentry
$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo
$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
$ else
$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..."
$ endif
$ libentrynum=entrycount
$ goto 'next'
$ loop_end:
$ close libnum
$ return
$
$! The version number reader
$ read_version_info:
$ libver = ""
$ open /read vf [.CRYPTO]OPENSSLV.H
$ loop_rvi:
$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line
$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
goto loop_rvi
$ libverstr = f$element(1,"""",rvi_line)
$ libvmajor = f$element(0,".",libverstr)
$ libvminor = f$element(1,".",libverstr)
$ libvedit = f$element(2,".",libverstr)
$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
$ libvedit = f$extract(0,1,libvedit)
$ libver = f$string(f$int(libvmajor)*100)+","+-
f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
$ if libvmajor .eqs. "0"
$ then
$ libvmatch = "EQUAL"
$ else
$ ! Starting with the 1.0 release, backward compatibility should be
$ ! kept, so switch over to the following
$ libvmatch = "LEQUAL"
$ endif
$ endloop_rvi:
$ close vf
$ return
$
$! The disabled algorithms reader
$ read_disabled_algorithms_info:
$ disabled_algorithms = ","
$ open /read cf [.CRYPTO.'ARCH']OPENSSLCONF.H
$ loop_rci:
$ read/err=endloop_rci/end=endloop_rci cf rci_line
$ rci_line = f$edit(rci_line,"TRIM,COMPRESS")
$ rci_ei = 0
$ if f$extract(0,9,rci_line) .eqs. "# define " then rci_ei = 2
$ if f$extract(0,8,rci_line) .eqs. "#define " then rci_ei = 1
$ if rci_ei .eq. 0 then goto loop_rci
$ rci_e = f$element(rci_ei," ",rci_line)
$ if f$extract(0,11,rci_e) .nes. "OPENSSL_NO_" then goto loop_rci
$ disabled_algorithms = disabled_algorithms + f$extract(11,999,rci_e) + ","
$ goto loop_rci
$ endloop_rci:
$ close cf
$ return

1
VMS/multinet_shr.opt
View File

@@ -1 +0,0 @@
multinet:multinet_socket_library.exe/share

108
VMS/openssl_startup.com
View File

@@ -1,108 +0,0 @@
$!
$! Startup file for OpenSSL 1.x.
$!
$! 2011-03-05 SMS.
$!
$! This procedure must reside in the OpenSSL installation directory.
$! It will fail if it is copied to a different location.
$!
$! P1 qualifier(s) for DEFINE. For example, "/SYSTEM" to get the
$! logical names defined in the system logical name table.
$!
$! P2 "64", to use executables which were built with 64-bit pointers.
$!
$! Good (default) and bad status values.
$!
$ status = %x00010001 ! RMS$_NORMAL, normal successful completion.
$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
$!
$! Prepare for problems.
$!
$ orig_dev_dir = f$environment( "DEFAULT")
$ on control_y then goto clean_up
$ on error then goto clean_up
$!
$! Determine hardware architecture.
$!
$ if (f$getsyi( "cpu") .lt. 128)
$ then
$ arch_name = "VAX"
$ else
$ arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
$ if (arch_name .eqs. "") then arch_name = "UNK"
$ endif
$!
$ if (p2 .eqs. "64")
$ then
$ arch_name_exe = arch_name+ "_64"
$ else
$ arch_name_exe = arch_name
$ endif
$!
$! Derive the OpenSSL installation device:[directory] from the location
$! of this command procedure.
$!
$ proc = f$environment( "procedure")
$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
".][000000"- "[000000."- "]["- "["- "]"
$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
$ set default 'proc_dev_dir'
$ set default [-]
$ ossl_dev_dir = f$environment( "default")
$!
$! Check existence of expected directories (to see if this procedure has
$! been moved away from its proper place).
$!
$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
(f$search( "include.dir;1") .eqs. "") .or. -
(f$search( "private.dir;1") .eqs. "") .or. -
(f$search( "vms.dir;1") .eqs. ""))
$ then
$ write sys$output -
" Can't find expected common OpenSSL directories in:"
$ write sys$output " ''ossl_dev_dir'"
$ status = rms_e_fnf
$ goto clean_up
$ endif
$!
$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
(f$search( "''arch_name'_lib.dir;1") .eqs. ""))
$ then
$ write sys$output -
" Can't find expected architecture-specific OpenSSL directories in:"
$ write sys$output " ''ossl_dev_dir'"
$ status = rms_e_fnf
$ goto clean_up
$ endif
$!
$! All seems well (enough). Define the OpenSSL logical names.
$!
$ ossl_root = ossl_dev_dir- "]"+ ".]"
$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
$ define /nolog 'p1' SSLCERTS sslroot:[certs]
$ define /nolog 'p1' SSLINCLUDE sslroot:[include]
$ define /nolog 'p1' SSLPRIVATE sslroot:[private]
$ define /nolog 'p1' SSLEXE sslroot:['arch_name_exe'_exe]
$ define /nolog 'p1' SSLLIB sslroot:['arch_name'_lib]
$!
$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
$ define /nolog 'p1' OPENSSL SSLINCLUDE:
$!
$! Run a site-specific procedure, if it exists.
$!
$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
@ sslroot:[vms]openssl_systartup.com
$!
$! Restore the original default dev:[dir] (if known).
$!
$ clean_up:
$!
$ if (f$type( orig_dev_dir) .nes. "")
$ then
$ set default 'orig_dev_dir'
$ endif
$!
$ EXIT 'status'
$!

20
VMS/openssl_undo.com
View File

@@ -1,20 +0,0 @@
$!
$! Deassign OpenSSL logical names.
$!
$ call deass "OPENSSL" "''p1'"
$ call deass "SSLCERTS" "''p1'"
$ call deass "SSLEXE" "''p1'"
$ call deass "SSLINCLUDE" "''p1'"
$ call deass "SSLLIB" "''p1'"
$ call deass "SSLPRIVATE" "''p1'"
$ call deass "SSLROOT" "''p1'"
$!
$ exit
$!
$deass: subroutine
$ if (f$trnlnm( p1) .nes. "")
$ then
$ deassign 'p2' 'p1'
$ endif
$ endsubroutine
$!

46
VMS/openssl_utils.com
View File

@@ -1,46 +0,0 @@
$!
$! APPS.COM
$! Written By: Robert Byer
$! Vice-President
$! A-Com Computing, Inc.
$! byer@mail.all-net.net
$!
$!
$! Slightly modified by Richard Levitte <richard@levitte.org>
$!
$!
$! Always define OPENSSL. Others are optional (non-null P1).
$!
$ OPENSSL :== $SSLEXE:OPENSSL
$
$ IF (P1 .NES. "")
$ THEN
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
$! REQ could conflict with REQUEST.
$ OREQ :== $SSLEXE:OPENSSL REQ
$ DGST :== $SSLEXE:OPENSSL DGST
$ DH :== $SSLEXE:OPENSSL DH
$ ENC :== $SSLEXE:OPENSSL ENC
$ GENDH :== $SSLEXE:OPENSSL GENDH
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
$ CA :== $SSLEXE:OPENSSL CA
$ CRL :== $SSLEXE:OPENSSL CRL
$ RSA :== $SSLEXE:OPENSSL RSA
$ DSA :== $SSLEXE:OPENSSL DSA
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
$ X509 :== $SSLEXE:OPENSSL X509
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
$ GENDSA :== $SSLEXE:OPENSSL GENDSA
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
$ SPEED :== $SSLEXE:OPENSSL SPEED
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
$ VERSION :== $SSLEXE:OPENSSL VERSION
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
$ NSEQ :== $SSLEXE:OPENSSL NSEQ
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
$ ENDIF

1
VMS/socketshr_shr.opt
View File

@@ -1 +0,0 @@
socketshr/share

1
VMS/tcpip_shr_decc.opt
View File

@@ -1 +0,0 @@
sys$share:tcpip$ipc_shr.exe/share

28
VMS/test-includes.com
View File

@@ -1,28 +0,0 @@
$! Quick script to check how well including individual header files works
$! on VMS, even when the VMS macro isn't defined.
$
$ sav_def = f$env("DEFAULT")
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
$ set default 'here'
$ set default [-.include.openssl]
$ define openssl 'f$env("DEFAULT")'
$ set default [--]
$
$ loop:
$ f = f$search("openssl:*.h")
$ if f .eqs. "" then goto loop_end
$ write sys$output "Checking ",f
$ open/write foo foo.c
$ write foo "#undef VMS"
$ write foo "#include <stdio.h>"
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
$ write foo "main()"
$ write foo "{printf(""foo\n"");}"
$ close foo
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
$ delete foo.c;
$ goto loop
$ loop_end:
$ set default 'save_def'
$ exit

1
VMS/ucx_shr_decc.opt
View File

@@ -1 +0,0 @@
sys$share:ucx$ipc_shr.exe/share

1
VMS/ucx_shr_decc_log.opt
View File

@@ -1 +0,0 @@
ucx$ipc_shr/share

1
VMS/ucx_shr_vaxc.opt
View File

@@ -1 +0,0 @@
sys$library:ucx$ipc.olb/library

1228
aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

236
apps/CA.com
View File

@@ -1,236 +0,0 @@
$! CA - wrapper around ca to make it easier to use ... basically ca requires
$! some setup stuff to be done before you can use it and this makes
$! things easier between now and when Eric is convinced to fix it :-)
$!
$! CA -newca ... will setup the right stuff
$! CA -newreq ... will generate a certificate request
$! CA -sign ... will sign the generated request and output
$!
$! At the end of that grab newreq.pem and newcert.pem (one has the key
$! and the other the certificate) and cat them together and that is what
$! you want/need ... I'll make even this a little cleaner later.
$!
$!
$! 12-Jan-96 tjh Added more things ... including CA -signcert which
$! converts a certificate to a request and then signs it.
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
$! environment variable so this can be driven from
$! a script.
$! 25-Jul-96 eay Cleaned up filenames some more.
$! 11-Jun-96 eay Fixed a few filename missmatches.
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
$! 18-Apr-96 tjh Original hacking
$!
$! Tim Hudson
$! tjh@cryptsoft.com
$!
$!
$! default ssleay.cnf file has setup as per the following
$! demoCA ... where everything is stored
$
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
$
$ DAYS = "-days 365"
$ REQ = openssl + " req " + SSLEAY_CONFIG
$ CA = openssl + " ca " + SSLEAY_CONFIG
$ VERIFY = openssl + " verify"
$ X509 = openssl + " x509"
$ PKCS12 = openssl + " pkcs12"
$ echo = "write sys$Output"
$ RET = 1
$!
$! 2010-12-20 SMS.
$! Use a concealed logical name to reduce command line lengths, to
$! avoid DCL errors on VAX:
$! %DCL-W-TKNOVF, command element is too long - shorten
$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
$! quickly.)
$!
$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
$ define /translation_attributes = concealed CATOP 'CATOP'
$!
$ on error then goto clean_up
$ on control_y then goto clean_up
$!
$ CAKEY = "CATOP:[private]cakey.pem"
$ CACERT = "CATOP:[000000]cacert.pem"
$
$ __INPUT := SYS$COMMAND
$!
$ i = 1
$opt_loop:
$ if i .gt. 8 then goto opt_loop_end
$
$ prog_opt = F$EDIT(P'i',"lowercase")
$
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
$ THEN
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
$ goto clean_up
$ ENDIF
$!
$ IF (prog_opt .EQS. "-input")
$ THEN
$ ! Get input from somewhere other than SYS$COMMAND
$ i = i + 1
$ __INPUT = P'i'
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newcert")
$ THEN
$ ! Create a certificate.
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Certificate (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newreq")
$ THEN
$ ! Create a certificate request
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Request (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newca")
$ THEN
$ ! If explicitly asked for or it doesn't exist then setup the directory
$ ! structure that Eric likes to manage things.
$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
$ THEN
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
$
$ OPEN /WRITE ser_file CATOP:[000000]serial.
$ WRITE ser_file "01"
$ CLOSE ser_file
$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
$
$ ! The following is to make sure access() doesn't get confused. It
$ ! really needs one file in the directory to give correct answers...
$ COPY NLA0: CATOP:[certs].;
$ COPY NLA0: CATOP:[crl].;
$ COPY NLA0: CATOP:[newcerts].;
$ COPY NLA0: CATOP:[private].;
$ ENDIF
$!
$ IF F$SEARCH( CAKEY) .EQS. ""
$ THEN
$ READ '__INPUT' FILE -
/PROMPT="CA certificate filename (or enter to create): "
$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
$ THEN
$ COPY 'FILE' 'CAKEY'
$ RET=$STATUS
$ ELSE
$ echo "Making CA certificate ..."
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
$ RET=$STATUS
$ ENDIF
$ ENDIF
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-pkcs12")
$ THEN
$ i = i + 1
$ cname = P'i'
$ IF cname .EQS. "" THEN cname = "My certificate"
$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
-out newcert.p12 -export -name "''cname'"
$ RET=$STATUS
$ goto clean_up
$ ENDIF
$!
$ IF (prog_opt .EQS. "-xsign")
$ THEN
$!
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -infiles newreq.pem
$ RET=$STATUS
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
$ THEN
$!
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
$ RET=$STATUS
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-signcert")
$ THEN
$!
$ echo "Cert passphrase will be requested twice - bug?"
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
y
y
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-verify")
$ THEN
$!
$ i = i + 1
$ IF (p'i' .EQS. "")
$ THEN
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ VERIFY "-CAfile" 'CACERT' newcert.pem
$ ELSE
$ j = i
$ verify_opt_loop:
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
$ IF p'j' .NES. ""
$ THEN
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ __tmp = p'j'
$ VERIFY "-CAfile" 'CACERT' '__tmp'
$ tmp=$STATUS
$ IF tmp .NE. 0 THEN RET=tmp
$ ENDIF
$ j = j + 1
$ GOTO verify_opt_loop
$ verify_opt_loop_end:
$ ENDIF
$
$ GOTO opt_loop_end
$ ENDIF
$!
$ IF (prog_opt .NES. "")
$ THEN
$!
$ echo "Unknown argument ''prog_opt'"
$ RET = 3
$ goto clean_up
$ ENDIF
$
$opt_loop_continue:
$ i = i + 1
$ GOTO opt_loop
$
$opt_loop_end:
$!
$clean_up:
$!
$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
deassign /process CATOP
$!
$ EXIT 'RET'

188
apps/CA.pl
View File

@@ -1,188 +0,0 @@
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

188
apps/CA.pl.bak
View File

@@ -1,188 +0,0 @@
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

188
apps/CA.pl.in
View File

@@ -1,188 +0,0 @@
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

198
apps/CA.sh
View File

@@ -1,198 +0,0 @@
#!/bin/sh
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
cp_pem() {
infile=$1
outfile=$2
bound=$3
flag=0
exec <$infile;
while read line; do
if [ $flag -eq 1 ]; then
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ] ; then
echo $line >>$outfile
break
else
echo $line >>$outfile
fi
fi
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
echo $line >$outfile
flag=1
fi
done
}
usage() {
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
}
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
RET=0
while [ "$1" != "" ] ; do
case $1 in
-\?|-h|-help)
usage
exit 0
;;
-newcert)
# create a certificate
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newreq-nodes)
# create a certificate request
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
# create the directory hierarchy
mkdir -p ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
echo "CA certificate filename (or enter to create)"
read FILE
# ask user for existing CA certificate
if [ "$FILE" ]; then
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
RET=$?
if [ ! -f "${CATOP}/serial" ]; then
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-out ${CATOP}/serial
fi
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
;;
-xsign)
$CA -policy policy_anything -infiles newreq.pem
RET=$?
;;
-pkcs12)
if [ -z "$2" ] ; then
CNAME="My Certificate"
else
CNAME="$2"
fi
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-out newcert.p12 -export -name "$CNAME"
RET=$?
exit $RET
;;
-sign|-signreq)
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-signCA)
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
RET=$?
echo "Signed CA certificate is in newcert.pem"
;;
-signcert)
echo "Cert passphrase will be requested twice - bug?"
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-verify)
shift
if [ -z "$1" ]; then
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
RET=$?
else
for j
do
$VERIFY -CAfile $CATOP/$CACERT $j
if [ $? != 0 ]; then
RET=$?
fi
done
fi
exit $RET
;;
*)
echo "Unknown arg $i" >&2
usage
exit 1
;;
esac
shift
done
exit $RET

1059
apps/Makefile
View File

File diff suppressed because it is too large Load Diff

217
apps/app_rand.c
View File

@@ -1,217 +0,0 @@
/* apps/app_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#include <openssl/bio.h>
#include <openssl/rand.h>
static int seeded = 0;
static int egdsocket = 0;
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
RAND_screen();
#endif
if (file == NULL)
file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
* write anything back to the file.
*/
egdsocket = 1;
return 1;
}
if (file == NULL || !RAND_load_file(file, -1)) {
if (RAND_status() == 0) {
if (!dont_warn) {
BIO_printf(bio_e, "unable to load 'random state'\n");
BIO_printf(bio_e,
"This means that the random number generator has not been seeded\n");
BIO_printf(bio_e, "with much random data.\n");
if (consider_randfile) { /* explanation does not apply when a
* file is explicitly named */
BIO_printf(bio_e,
"Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,
"'random' data can be kept in (the file will be overwritten).\n");
}
}
return 0;
}
}
seeded = 1;
return 1;
}
long app_RAND_load_files(char *name)
{
char *p, *n;
int last;
long tot = 0;
int egd;
for (;;) {
last = 0;
for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
if (*p == '\0')
last = 1;
*p = '\0';
n = name;
name = p + 1;
if (*n == '\0')
break;
egd = RAND_egd(n);
if (egd > 0)
tot += egd;
else
tot += RAND_load_file(n, -1);
if (last)
break;
}
if (tot > 512)
app_RAND_allow_write_file();
return (tot);
}
int app_RAND_write_file(const char *file, BIO *bio_e)
{
char buffer[200];
if (egdsocket || !seeded)
/*
* If we did not manage to read the seed file, we should not write a
* low-entropy seed file back -- it would suppress a crucial warning
* the next time we want to use it.
*/
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;
}
return 1;
}
void app_RAND_allow_write_file(void)
{
seeded = 1;
}

3284
apps/apps.c
View File

File diff suppressed because it is too large Load Diff

389
apps/apps.h
View File

@@ -1,389 +0,0 @@
/* apps/apps.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_APPS_H
# define HEADER_APPS_H
# include "e_os.h"
# include <openssl/bio.h>
# include <openssl/x509.h>
# include <openssl/lhash.h>
# include <openssl/conf.h>
# include <openssl/txt_db.h>
# ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
# endif
# ifndef OPENSSL_NO_OCSP
# include <openssl/ocsp.h>
# endif
# include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
/*
* When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR
* (see e_os.h). The string is
* destroyed! */
# ifndef MONOLITH
# define MAIN(a,v) main(a,v)
# ifndef NON_MAIN
CONF *config = NULL;
BIO *bio_err = NULL;
# else
extern CONF *config;
extern BIO *bio_err;
# endif
# else
# define MAIN(a,v) PROG(a,v)
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
# endif
# ifndef OPENSSL_SYS_NETWARE
# include <signal.h>
# endif
# ifdef SIGPIPE
# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
# else
# define do_pipe_sig()
# endif
# ifdef OPENSSL_NO_COMP
# define zlib_cleanup()
# else
# define zlib_cleanup() COMP_zlib_cleanup()
# endif
# if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
do_pipe_sig()
# define apps_shutdown()
# else
# ifndef OPENSSL_NO_ENGINE
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
# endif
# if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
# endif
typedef struct args_st {
char **data;
int count;
} ARGS;
# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in, char *out, int size);
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, BIO *err,
X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
const STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
# define DB_type 0
# define DB_exp_date 1
# define DB_rev_date 2
# define DB_serial 3 /* index - unique */
# define DB_file 4
# define DB_name 5 /* index - unique when active and not
* disabled */
# define DB_NUMBER 6
# define DB_TYPE_REV 'R'
# define DB_TYPE_EXP 'E'
# define DB_TYPE_VAL 'V'
typedef struct db_attr_st {
int unique_subject;
} DB_ATTR;
typedef struct ca_db_st {
DB_ATTR attributes;
TXT_DB *db;
} CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix,
const char *old_suffix);
void free_index(CA_DB *db);
# define index_name_cmp_noconst(a, b) \
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
# endif
# ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
# endif
# ifndef OPENSSL_NO_TLSEXT
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
# endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,
const char *checkemail, const char *checkip);
void store_setup_crl_download(X509_STORE *st);
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
# define FORMAT_PEM 3
# define FORMAT_NETSCAPE 4
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7
# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
* adding yet another param to load_*key() */
# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
# define EXT_COPY_ALL 2
# define NETSCAPE_CERT_HDR "certificate"
# define APP_PASS_LEN 1024
# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
# define TM_START 0
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
# define OPENSSL_NO_SSL_INTERN
#endif

430
apps/asn1pars.c
View File

@@ -1,430 +0,0 @@
/* apps/asn1pars.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
* -strparse option which parses nested binary structures
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
/*-
* -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin
* -i - indent the details by depth
* -offset - where in the file to start
* -length - how many bytes to use
* -oid file - extra oid description file
*/
#undef PROG
#define PROG asn1parse_main
int MAIN(int, char **);
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv)
{
int i, badops = 0, offset = 0, ret = 1, j;
unsigned int length = 0;
long num, tmplen;
BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
int informat, indent = 0, noout = 0, dump = 0;
char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
char *genstr = NULL, *genconf = NULL;
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
ASN1_TYPE *at = NULL;
informat = FORMAT_PEM;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
prog = argv[0];
argc--;
argv++;
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
derfile = *(++argv);
} else if (strcmp(*argv, "-i") == 0) {
indent = 1;
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-oid") == 0) {
if (--argc < 1)
goto bad;
oidfile = *(++argv);
} else if (strcmp(*argv, "-offset") == 0) {
if (--argc < 1)
goto bad;
offset = atoi(*(++argv));
} else if (strcmp(*argv, "-length") == 0) {
if (--argc < 1)
goto bad;
length = atoi(*(++argv));
if (length == 0)
goto bad;
} else if (strcmp(*argv, "-dump") == 0) {
dump = -1;
} else if (strcmp(*argv, "-dlimit") == 0) {
if (--argc < 1)
goto bad;
dump = atoi(*(++argv));
if (dump <= 0)
goto bad;
} else if (strcmp(*argv, "-strparse") == 0) {
if (--argc < 1)
goto bad;
sk_OPENSSL_STRING_push(osk, *(++argv));
} else if (strcmp(*argv, "-genstr") == 0) {
if (--argc < 1)
goto bad;
genstr = *(++argv);
} else if (strcmp(*argv, "-genconf") == 0) {
if (--argc < 1)
goto bad;
genconf = *(++argv);
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err,
" -out arg output file (output format is always DER\n");
BIO_printf(bio_err, " -noout arg don't produce any output\n");
BIO_printf(bio_err, " -offset arg offset into file\n");
BIO_printf(bio_err, " -length arg length of section in file\n");
BIO_printf(bio_err, " -i indent entries\n");
BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
BIO_printf(bio_err,
" -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
BIO_printf(bio_err, " -strparse offset\n");
BIO_printf(bio_err,
" a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err, " ASN1 blob wrappings\n");
BIO_printf(bio_err,
" -genstr str string to generate ASN1 structure from\n");
BIO_printf(bio_err,
" -genconf file file to generate ASN1 structure from\n");
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
if (oidfile != NULL) {
if (BIO_read_filename(in, oidfile) <= 0) {
BIO_printf(bio_err, "problems opening %s\n", oidfile);
ERR_print_errors(bio_err);
goto end;
}
OBJ_create_objects(in);
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (derfile) {
if (!(derout = BIO_new_file(derfile, "wb"))) {
BIO_printf(bio_err, "problems opening %s\n", derfile);
ERR_print_errors(bio_err);
goto end;
}
}
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(bio_err, genstr, genconf, buf);
if (num < 0) {
ERR_print_errors(bio_err);
goto end;
}
}
else {
if (informat == FORMAT_PEM) {
BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64, in);
tmp = in;
in = b64;
b64 = tmp;
}
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
num += i;
}
}
str = buf->data;
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) {
tmpbuf = (unsigned char *)str;
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
tmpbuf += j;
tmplen -= j;
atmp = at;
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ASN1_TYPE_free(atmp);
if (!at) {
BIO_printf(bio_err, "Error parsing structure\n");
ERR_print_errors(bio_err);
goto end;
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
/* hmm... this is a little evil but it works */
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
str = (char *)tmpbuf;
num = tmplen;
}
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout &&
!ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free(derout);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (b64 != NULL)
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
if (buf != NULL)
BUF_MEM_free(buf);
if (at != NULL)
ASN1_TYPE_free(at);
if (osk != NULL)
sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf) {
cnf = NCONF_new(NULL);
if (!NCONF_load(cnf, genconf, &errline))
goto conferr;
if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr) {
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (!atyp)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf, len))
goto err;
p = (unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
conferr:
if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
errline, genconf);
else
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

1
apps/ca-cert.srl
View File

@@ -1 +0,0 @@
07

15
apps/ca-key.pem
View File

@@ -1,15 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----

11
apps/ca-req.pem
View File

@@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
-----END CERTIFICATE REQUEST-----

2941
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

11
apps/cert.pem
View File

@@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----

239
apps/ciphers.c
View File

@@ -1,239 +0,0 @@
/* apps/ciphers.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_NO_STDIO
# define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG ciphers_main
static const char *ciphers_usage[] = {
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
" -V - even more verbose\n",
" -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0, Verbose = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
const char **pp;
const char *p;
int badops = 0;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char *ciphers = NULL;
const SSL_METHOD *meth = NULL;
STACK_OF(SSL_CIPHER) *sk;
char buf[512];
BIO *STDout = NULL;
meth = SSLv23_server_method();
apps_startup();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-V") == 0)
verbose = Verbose = 1;
#ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv, "-stdname") == 0)
stdname = verbose = 1;
#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv, "-ssl2") == 0)
meth = SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv, "-ssl3") == 0)
meth = SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method();
#endif
else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
badops = 1;
break;
} else {
ciphers = *argv;
}
argc--;
argv++;
}
if (badops) {
for (pp = ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (!verbose) {
for (i = 0;; i++) {
p = SSL_get_cipher_list(ssl, i);
if (p == NULL)
break;
if (i != 0)
BIO_printf(STDout, ":");
BIO_printf(STDout, "%s", p);
}
BIO_printf(STDout, "\n");
} else { /* verbose */
sk = SSL_get_ciphers(ssl);
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L) {
/* SSL2 cipher */
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1,
id2, id3);
} else if ((id & 0xff000000L) == 0x03000000L) {
/* SSL3 cipher */
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
id3);
} else {
/* whatever */
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
id1, id2, id3);
}
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(STDout, "%s - ", nm);
}
#endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
ret = 0;
if (0) {
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (ctx != NULL)
SSL_CTX_free(ctx);
if (ssl != NULL)
SSL_free(ssl);
if (STDout != NULL)
BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}

52
apps/client.pem
View File

@@ -1,52 +0,0 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
-----END RSA PRIVATE KEY-----

1358
apps/cms.c
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More